From 55d4d2678bbc5892b0be4ef69cbad747ffed97a2 Mon Sep 17 00:00:00 2001 From: Harsimran Singh Maan Date: Wed, 17 Mar 2021 12:19:51 -0700 Subject: [PATCH] Fix athena db reader The current athena database implements a query on read. This means that the terraform plan needs the permission to execute queries against athena as well as permission to write to the s3 bucket where the execution results are stored. This makes it hard to run plan in an environment where we don't want it to modify any aws resources. The StartQueryExecution also does not have a way to restrict the queries. This means that it is possible to use the permissions set up for a terraform plan to run any queries against athena. The fix here is to read the database name from the AwsDataCatalog. In the future, this can be extended to include other catalogs as the support for creating athena catalogs is added to the provider --- aws/resource_aws_athena_database.go | 32 ++++------------------------- 1 file changed, 4 insertions(+), 28 deletions(-) diff --git a/aws/resource_aws_athena_database.go b/aws/resource_aws_athena_database.go index 001fa4598561..a7d4b5cc68e0 100644 --- a/aws/resource_aws_athena_database.go +++ b/aws/resource_aws_athena_database.go @@ -112,19 +112,14 @@ func resourceAwsAthenaDatabaseCreate(d *schema.ResourceData, meta interface{}) e func resourceAwsAthenaDatabaseRead(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).athenaconn - input := &athena.StartQueryExecutionInput{ - QueryString: aws.String("show databases;"), - ResultConfiguration: expandAthenaResultConfiguration(d.Get("bucket").(string), d.Get("encryption_configuration").([]interface{})), + input := &athena.GetDatabaseInput{ + DatabaseName: aws.String(d.Get("name").(string)), + CatalogName: aws.String("AwsDataCatalog"), } - - resp, err := conn.StartQueryExecution(input) + _, err := conn.GetDatabase(input) if err != nil { return err } - - if err := executeAndExpectMatchingRow(*resp.QueryExecutionId, d.Get("name").(string), conn); err != nil { - return err - } return nil } @@ -170,25 +165,6 @@ func executeAndExpectNoRowsWhenCreate(qeid string, conn *athena.Athena) error { return nil } -func executeAndExpectMatchingRow(qeid string, dbName string, conn *athena.Athena) error { - rs, err := queryExecutionResult(qeid, conn) - if err != nil { - return err - } - for _, row := range rs.Rows { - for _, datum := range row.Data { - if datum == nil { - continue - } - - if aws.StringValue(datum.VarCharValue) == dbName { - return nil - } - } - } - return fmt.Errorf("Athena not found database: %s, query result: %s", dbName, flattenAthenaResultSet(rs)) -} - func executeAndExpectNoRowsWhenDrop(qeid string, conn *athena.Athena) error { rs, err := queryExecutionResult(qeid, conn) if err != nil {