wip

Snowflake-Labs · Jan 26, 2024 · 4e9f226 · 4e9f226
1 parent dec7cd9
commit 4e9f226
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 6 deletions.
diff --git a/pkg/resources/grant_privileges_to_role.go b/pkg/resources/grant_privileges_to_role.go
@@ -844,7 +844,7 @@ func readRoleGrantPrivileges(ctx context.Context, client *sdk.Client, grantedOn
 		if !slices.Contains(id.Privileges, grant.Privilege) {
 			continue
 		}
-		if grant.GrantOption == withGrantOption && grant.GranteeName.Name() == roleName {
+		if grant.GrantOption == withGrantOption && grant.GranteeName.Name() == sdk.NewAccountObjectIdentifier(roleName).Name() {
 			// future grants do not have grantedBy, only current grants do. If grantedby
 			// is an empty string it means the grant could not have been created by terraform
 			if !id.Future && grant.GrantedBy.Name() == "" {

diff --git a/pkg/resources/grant_privileges_to_role_acceptance_test.go b/pkg/resources/grant_privileges_to_role_acceptance_test.go
@@ -59,6 +59,9 @@ func TestAcc_GrantPrivilegesToRole_onAccount(t *testing.T) {
 // contains escaped identifier, it won't match in the comparison grant.GranteeName == role_name. This results in
 // setting privileges to an empty array, which causes infinite plan.
 func TestAcc_GrantPrivilegesToRole_OnSchema_InfinitePlan(t *testing.T) {
+	name := strings.ToUpper(acctest.RandStringFromCharSet(10, acctest.CharSetAlpha))
+	databaseName := strings.ToUpper(acctest.RandStringFromCharSet(10, acctest.CharSetAlpha))
+
 	resource.Test(t, resource.TestCase{
 		ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories,
 		PreCheck:                 func() { acc.TestAccPreCheck(t) },
@@ -67,25 +70,25 @@ func TestAcc_GrantPrivilegesToRole_OnSchema_InfinitePlan(t *testing.T) {
 		},
 		Steps: []resource.TestStep{
 			{
-				Config: `
+				Config: fmt.Sprintf(`
 				 resource "snowflake_role" "r" {
-					  name = "some.role-123"
+					  name = "%s"
 				 }
 
 				 resource "snowflake_database" "db" {
-					  name = "infinite_plan_grants_db"
+					  name = "%s"
 				 }
 
 				 resource "snowflake_grant_privileges_to_role" "g" {
 					  depends_on = [snowflake_role.r, snowflake_database.db]
 					  privileges = ["CREATE SCHEMA"]
-					  role_name  = "\"some.role-123\""
+					  role_name  = "\"${snowflake_role.r.name}\""
 					  on_account_object {
 						object_type = "DATABASE"
 						object_name = snowflake_database.db.name
 					  }
 				   }
-				 `,
+				 `, name, databaseName),
 				ConfigPlanChecks: resource.ConfigPlanChecks{
 					PostApplyPostRefresh: []plancheck.PlanCheck{
 						plancheck.ExpectEmptyPlan(),