@@ -75,7 +75,7 @@ resource "postgresql_role" "role_ro" {
7575 statement_timeout = 0
7676}
7777
78- resource "postgresql_default_privileges" "role_ro " {
78+ resource "postgresql_default_privileges" "role_ro_table " {
7979 for_each =
8080 for database_writer in local . databases_writers : " ${ database_writer . database } .${ database_writer . role } " => database_writer
8181 }
@@ -88,6 +88,19 @@ resource "postgresql_default_privileges" "role_ro" {
8888 privileges = . privileges_ro
8989}
9090
91+ resource "postgresql_default_privileges" "role_ro_sequence" {
92+ for_each =
93+ for database_writer in local . databases_writers : " ${ database_writer . database } .${ database_writer . role } " => database_writer
94+ }
95+
96+ role = . role_ro [each . value . database ]. name
97+ database = . value . database
98+ owner = . value . role
99+ schema = " public"
100+ object_type = " sequence"
101+ privileges = . privileges_ro
102+ }
103+
91104resource "postgresql_grant" "role_ro_table" {
92105 for_each = . databases
93106
@@ -100,6 +113,18 @@ resource "postgresql_grant" "role_ro_table" {
100113 with_grant_option = false
101114}
102115
116+ resource "postgresql_grant" "role_ro_sequence" {
117+ for_each = . databases
118+
119+ role = . role_ro [each . value ]. name
120+ database = . value
121+ schema = " public"
122+ object_type = " sequence"
123+ privileges = . privileges_ro
124+ objects =
125+ with_grant_option = false
126+ }
127+
103128resource "postgresql_grant" "role_ro_schema" {
104129 for_each = . databases
105130
@@ -133,7 +158,7 @@ resource "postgresql_role" "role_rw" {
133158 statement_timeout = 0
134159}
135160
136- resource "postgresql_default_privileges" "role_rw " {
161+ resource "postgresql_default_privileges" "role_rw_table " {
137162 for_each =
138163 for database_writer in local . databases_writers : " ${ database_writer . database } .${ database_writer . role } " => database_writer
139164 }
@@ -143,7 +168,20 @@ resource "postgresql_default_privileges" "role_rw" {
143168 owner = . value . role
144169 schema = " public"
145170 object_type = " table"
146- privileges = . privileges_rw
171+ privileges = . privileges_rw_tables
172+ }
173+
174+ resource "postgresql_default_privileges" "role_rw_sequence" {
175+ for_each =
176+ for database_writer in local . databases_writers : " ${ database_writer . database } .${ database_writer . role } " => database_writer
177+ }
178+
179+ role = . role_rw [each . value . database ]. name
180+ database = . value . database
181+ owner = . value . role
182+ schema = " public"
183+ object_type = " sequence"
184+ privileges = . privileges_rw_sequences
147185}
148186
149187resource "postgresql_grant" "role_rw_table" {
@@ -153,7 +191,19 @@ resource "postgresql_grant" "role_rw_table" {
153191 database = . value
154192 schema = " public"
155193 object_type = " table"
156- privileges = . privileges_rw
194+ privileges = . privileges_rw_tables
195+ objects =
196+ with_grant_option = false
197+ }
198+
199+ resource "postgresql_grant" "role_rw_sequence" {
200+ for_each = . databases
201+
202+ role = . role_rw [each . value ]. name
203+ database = . value
204+ schema = " public"
205+ object_type = " sequence"
206+ privileges = . privileges_rw_sequences
157207 objects =
158208 with_grant_option = false
159209}
@@ -168,3 +218,14 @@ resource "postgresql_grant" "role_rw_schema" {
168218 privileges = " CREATE" " USAGE"
169219 with_grant_option = false
170220}
221+
222+
223+ moved {
224+ from = . role_ro
225+ to = . role_ro_table
226+ }
227+
228+ moved {
229+ from = . role_rw
230+ to = . role_rw_table
231+ }
0 commit comments