Skip to content

aws_glue_catalog_database: when create_table_default_permission is present, but empty, create default LF permissions, not IAM_ALLOWED_PRINCIPALS (legacy/hybrid) permissions #43226

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

aws_glue_catalog_database: when create_table_default_permission is present, but empty, create default LF permissions, not IAM_ALLOWED_PRINCIPALS (legacy/hybrid) permissions #43226

wants to merge 5 commits into from
+146 −10

Conversation

psantus
Copy link
Contributor

@psantus psantus commented Jun 30, 2025

Description

As described in #27295, this resource would always create a glue database with IAM_ALLOWED_PRINCIPALS group in the permissions (i.e. IAM-only or Hybrid permissions, not Lake Formation permissions).

This PR makes it possible to create a database with Lake Formation permissions.

Relations

Closes #27295

References

https://docs.aws.amazon.com/glue/latest/webapi/API_DatabaseInput.html#Glue-Type-DatabaseInput-CreateTableDefaultPermissions

Output from Acceptance Testing

 
2025/06/30 09:44:32 Creating Terraform AWS Provider (SDKv2-style)...
2025/06/30 09:46:08 Initializing Terraform AWS Provider (SDKv2-style)...
=== RUN   TestAccGlueCatalogDatabase_full
=== PAUSE TestAccGlueCatalogDatabase_full
=== RUN   TestAccGlueCatalogDatabase_createTablePermissionTransition
=== PAUSE TestAccGlueCatalogDatabase_createTablePermissionTransition
=== RUN   TestAccGlueCatalogDatabase_createTablePermission
=== PAUSE TestAccGlueCatalogDatabase_createTablePermission
=== RUN   TestAccGlueCatalogDatabase_targetDatabase
=== PAUSE TestAccGlueCatalogDatabase_targetDatabase
=== RUN   TestAccGlueCatalogDatabase_targetDatabaseWithRegion
=== PAUSE TestAccGlueCatalogDatabase_targetDatabaseWithRegion
=== RUN   TestAccGlueCatalogDatabase_federatedDatabase
=== PAUSE TestAccGlueCatalogDatabase_federatedDatabase
=== RUN   TestAccGlueCatalogDatabase_tags
=== PAUSE TestAccGlueCatalogDatabase_tags
=== RUN   TestAccGlueCatalogDatabase_disappears
=== PAUSE TestAccGlueCatalogDatabase_disappears
=== CONT  TestAccGlueCatalogDatabase_full
=== CONT  TestAccGlueCatalogDatabase_targetDatabaseWithRegion
=== CONT  TestAccGlueCatalogDatabase_tags
=== CONT  TestAccGlueCatalogDatabase_createTablePermissionTransition
=== CONT  TestAccGlueCatalogDatabase_disappears
=== CONT  TestAccGlueCatalogDatabase_targetDatabase
=== CONT  TestAccGlueCatalogDatabase_createTablePermission
=== CONT  TestAccGlueCatalogDatabase_federatedDatabase
--- PASS: TestAccGlueCatalogDatabase_disappears (27.06s)
--- PASS: TestAccGlueCatalogDatabase_createTablePermissionTransition (37.98s)
--- PASS: TestAccGlueCatalogDatabase_targetDatabaseWithRegion (42.18s)
--- PASS: TestAccGlueCatalogDatabase_createTablePermission (47.08s)
--- PASS: TestAccGlueCatalogDatabase_targetDatabase (49.45s)
--- PASS: TestAccGlueCatalogDatabase_full (61.77s)
--- PASS: TestAccGlueCatalogDatabase_tags (61.88s)
--- PASS: TestAccGlueCatalogDatabase_federatedDatabase (361.69s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/glue       365.925s

...

@psantus psantus requested a review from a team as a code owner June 30, 2025 07:56
@github-actions GitHub Actions
Copy link
Contributor

Community Guidelines

This comment is added to every new Pull Request to provide quick reference to how the Terraform AWS Provider is maintained. Please review the information below, and thank you for contributing to the community that keeps the provider thriving! 🚀

Voting for Prioritization

  • Please vote on this Pull Request by adding a 👍 reaction to the original post to help the community and maintainers prioritize it.
  • Please see our prioritization guide for additional information on how the maintainers handle prioritization.
  • Please do not leave +1 or other comments that do not add relevant new information or questions; they generate extra noise for others following the Pull Request and do not help prioritize the request.

Pull Request Authors

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jun 30, 2025
edited
Loading

✅ Thank you for correcting the previously detected issues! The maintainers appreciate your efforts to make the review process as smooth as possible.

@github-actions github-actions bot added needs-triage Waiting for first response or review from a maintainer. documentation Introduces or discusses updates to documentation. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. service/glue Issues and PRs that pertain to the glue service. size/M Managed by automation to categorize the size of a PR. labels Jun 30, 2025
@psantus psantus changed the title aws_glue_catalog database: when create_table_default_permission is present, but empty, create default LF permissions, not IAM_ALLOWED_PRINCIPALS (legacy/hybrid) permissions aws_glue_catalog_database: when create_table_default_permission is present, but empty, create default LF permissions, not IAM_ALLOWED_PRINCIPALS (legacy/hybrid) permissions Jun 30, 2025
@github-actions github-actions bot added the size/L Managed by automation to categorize the size of a PR. label Jun 30, 2025
@psantus
Copy link
Contributor Author

psantus commented Jun 30, 2025

Refactored to better integrate @jar-b's comments here.

Tests results

2025/06/30 10:57:10 Creating Terraform AWS Provider (SDKv2-style)...
2025/06/30 10:57:10 Initializing Terraform AWS Provider (SDKv2-style)...
=== RUN   TestAccGlueCatalogDatabase_full
=== PAUSE TestAccGlueCatalogDatabase_full
=== RUN   TestAccGlueCatalogDatabase_createTablePermissionTransition
=== PAUSE TestAccGlueCatalogDatabase_createTablePermissionTransition
=== RUN   TestAccGlueCatalogDatabase_createTablePermission
=== PAUSE TestAccGlueCatalogDatabase_createTablePermission
=== RUN   TestAccGlueCatalogDatabase_targetDatabase
=== PAUSE TestAccGlueCatalogDatabase_targetDatabase
=== RUN   TestAccGlueCatalogDatabase_targetDatabaseWithRegion
=== PAUSE TestAccGlueCatalogDatabase_targetDatabaseWithRegion
=== RUN   TestAccGlueCatalogDatabase_federatedDatabase
=== PAUSE TestAccGlueCatalogDatabase_federatedDatabase
=== RUN   TestAccGlueCatalogDatabase_tags
=== PAUSE TestAccGlueCatalogDatabase_tags
=== RUN   TestAccGlueCatalogDatabase_disappears
=== PAUSE TestAccGlueCatalogDatabase_disappears
=== CONT  TestAccGlueCatalogDatabase_full
=== CONT  TestAccGlueCatalogDatabase_targetDatabaseWithRegion
=== CONT  TestAccGlueCatalogDatabase_tags
=== CONT  TestAccGlueCatalogDatabase_federatedDatabase
=== CONT  TestAccGlueCatalogDatabase_createTablePermission
=== CONT  TestAccGlueCatalogDatabase_targetDatabase
=== CONT  TestAccGlueCatalogDatabase_disappears
=== CONT  TestAccGlueCatalogDatabase_createTablePermissionTransition
--- PASS: TestAccGlueCatalogDatabase_disappears (25.14s)
--- PASS: TestAccGlueCatalogDatabase_targetDatabaseWithRegion (41.13s)
--- PASS: TestAccGlueCatalogDatabase_createTablePermission (44.27s)
--- PASS: TestAccGlueCatalogDatabase_targetDatabase (46.72s)
--- PASS: TestAccGlueCatalogDatabase_createTablePermissionTransition (51.77s)
--- PASS: TestAccGlueCatalogDatabase_full (58.65s)
--- PASS: TestAccGlueCatalogDatabase_tags (58.89s)
--- PASS: TestAccGlueCatalogDatabase_federatedDatabase (330.99s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/glue       335.144s

@justinretzolk justinretzolk added bug Addresses a defect in current functionality. and removed needs-triage Waiting for first response or review from a maintainer. labels Jun 30, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bug Addresses a defect in current functionality. documentation Introduces or discusses updates to documentation. service/glue Issues and PRs that pertain to the glue service. size/L Managed by automation to categorize the size of a PR. size/M Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Bug]: leaving empty create_table_default_permission in aws_glue_catalog_database does not remove the default IAM_ALLOWED_PRINCIPALS
2 participants
@psantus @justinretzolk