-
Notifications
You must be signed in to change notification settings - Fork 427
/
Copy pathgrant_ownership_identifier.go
166 lines (147 loc) · 6.1 KB
/
grant_ownership_identifier.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
package resources
import (
"fmt"
"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/helpers"
"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk"
)
type GrantOwnershipTargetRoleKind string
const (
ToAccountGrantOwnershipTargetRoleKind GrantOwnershipTargetRoleKind = "ToAccountRole"
ToDatabaseGrantOwnershipTargetRoleKind GrantOwnershipTargetRoleKind = "ToDatabaseRole"
)
type OutboundPrivilegesBehavior string
const (
CopyOutboundPrivilegesBehavior OutboundPrivilegesBehavior = "COPY"
RevokeOutboundPrivilegesBehavior OutboundPrivilegesBehavior = "REVOKE"
)
func (o OutboundPrivilegesBehavior) ToOwnershipCurrentGrantsOutboundPrivileges() *sdk.OwnershipCurrentGrantsOutboundPrivileges {
switch o {
case CopyOutboundPrivilegesBehavior:
return sdk.Pointer(sdk.Copy)
case RevokeOutboundPrivilegesBehavior:
return sdk.Pointer(sdk.Revoke)
default:
return nil
}
}
type GrantOwnershipKind string
const (
OnObjectGrantOwnershipKind GrantOwnershipKind = "OnObject"
OnAllGrantOwnershipKind GrantOwnershipKind = "OnAll"
OnFutureGrantOwnershipKind GrantOwnershipKind = "OnFuture"
)
type GrantOwnershipId struct {
GrantOwnershipTargetRoleKind GrantOwnershipTargetRoleKind
AccountRoleName sdk.AccountObjectIdentifier
DatabaseRoleName sdk.DatabaseObjectIdentifier
OutboundPrivilegesBehavior *OutboundPrivilegesBehavior
Kind GrantOwnershipKind
Data fmt.Stringer
}
type OnObjectGrantOwnershipData struct {
ObjectType sdk.ObjectType
ObjectName sdk.ObjectIdentifier
}
func (g *OnObjectGrantOwnershipData) String() string {
var parts []string
parts = append(parts, g.ObjectType.String())
parts = append(parts, g.ObjectName.FullyQualifiedName())
return helpers.EncodeResourceIdentifier(parts...)
}
func (g *GrantOwnershipId) String() string {
var parts []string
parts = append(parts, string(g.GrantOwnershipTargetRoleKind))
switch g.GrantOwnershipTargetRoleKind {
case ToAccountGrantOwnershipTargetRoleKind:
parts = append(parts, g.AccountRoleName.FullyQualifiedName())
case ToDatabaseGrantOwnershipTargetRoleKind:
parts = append(parts, g.DatabaseRoleName.FullyQualifiedName())
}
if g.OutboundPrivilegesBehavior != nil {
parts = append(parts, string(*g.OutboundPrivilegesBehavior))
} else {
parts = append(parts, "")
}
parts = append(parts, string(g.Kind))
data := g.Data.String()
if len(data) > 0 {
parts = append(parts, data)
}
return helpers.EncodeResourceIdentifier(parts...)
}
func ParseGrantOwnershipId(id string) (*GrantOwnershipId, error) {
grantOwnershipId := new(GrantOwnershipId)
parts := helpers.ParseResourceIdentifier(id)
if len(parts) < 5 {
return grantOwnershipId, sdk.NewError(`grant ownership identifier should hold at least 5 parts "<target_role_kind>|<role_name>|<outbound_privileges_behavior>|<grant_type>|<grant_data>"`)
}
grantOwnershipId.GrantOwnershipTargetRoleKind = GrantOwnershipTargetRoleKind(parts[0])
switch grantOwnershipId.GrantOwnershipTargetRoleKind {
case ToAccountGrantOwnershipTargetRoleKind:
accountRoleId, err := sdk.ParseAccountObjectIdentifier(parts[1])
if err != nil {
return nil, err
}
grantOwnershipId.AccountRoleName = accountRoleId
case ToDatabaseGrantOwnershipTargetRoleKind:
databaseRoleId, err := sdk.ParseDatabaseObjectIdentifier(parts[1])
if err != nil {
return nil, err
}
grantOwnershipId.DatabaseRoleName = databaseRoleId
default:
return grantOwnershipId, sdk.NewError(fmt.Sprintf("unknown GrantOwnershipTargetRoleKind: %v, valid options are %v | %v", grantOwnershipId.GrantOwnershipTargetRoleKind, ToAccountGrantOwnershipTargetRoleKind, ToDatabaseGrantOwnershipTargetRoleKind))
}
if len(parts[2]) > 0 {
switch outboundPrivilegesBehavior := OutboundPrivilegesBehavior(parts[2]); outboundPrivilegesBehavior {
case CopyOutboundPrivilegesBehavior, RevokeOutboundPrivilegesBehavior:
grantOwnershipId.OutboundPrivilegesBehavior = sdk.Pointer(outboundPrivilegesBehavior)
default:
return grantOwnershipId, sdk.NewError(fmt.Sprintf("unknown OutboundPrivilegesBehavior: %v, valid options are %v | %v", outboundPrivilegesBehavior, CopyOutboundPrivilegesBehavior, RevokeOutboundPrivilegesBehavior))
}
}
grantOwnershipId.Kind = GrantOwnershipKind(parts[3])
switch grantOwnershipId.Kind {
case OnObjectGrantOwnershipKind:
if len(parts) != 6 {
return grantOwnershipId, sdk.NewError(`grant ownership identifier should consist of 6 parts "<target_role_kind>|<role_name>|<outbound_privileges_behavior>|OnObject|<object_type>|<object_name>"`)
}
objectType := sdk.ObjectType(parts[4])
objectName, err := GetOnObjectIdentifier(objectType, parts[5])
if err != nil {
return nil, err
}
grantOwnershipId.Data = &OnObjectGrantOwnershipData{
ObjectType: objectType,
ObjectName: objectName,
}
case OnAllGrantOwnershipKind, OnFutureGrantOwnershipKind:
bulkOperationGrantData := &BulkOperationGrantData{
ObjectNamePlural: sdk.PluralObjectType(parts[4]),
}
if len(parts) != 7 {
return grantOwnershipId, sdk.NewError(`grant ownership identifier should consist of 7 parts "<target_role_kind>|<role_name>|<outbound_privileges_behavior>|On[All or Future]|<object_type_plural>|In[Database or Schema]|<identifier>"`)
}
bulkOperationGrantData.Kind = BulkOperationGrantKind(parts[5])
switch bulkOperationGrantData.Kind {
case InDatabaseBulkOperationGrantKind:
databaseId, err := sdk.ParseAccountObjectIdentifier(parts[6])
if err != nil {
return nil, err
}
bulkOperationGrantData.Database = sdk.Pointer(databaseId)
case InSchemaBulkOperationGrantKind:
schemaId, err := sdk.ParseDatabaseObjectIdentifier(parts[6])
if err != nil {
return nil, err
}
bulkOperationGrantData.Schema = sdk.Pointer(schemaId)
default:
return grantOwnershipId, sdk.NewError(fmt.Sprintf("invalid BulkOperationGrantKind: %s, valid options are %v | %v", bulkOperationGrantData.Kind, InDatabaseBulkOperationGrantKind, InSchemaBulkOperationGrantKind))
}
grantOwnershipId.Data = bulkOperationGrantData
default:
return grantOwnershipId, sdk.NewError(fmt.Sprintf("unknown GrantOwnershipKind: %v", grantOwnershipId.Kind))
}
return grantOwnershipId, nil
}