Add more tests

Snowflake-Labs · Jan 26, 2024 · 4e9fdc8 · 4e9fdc8
1 parent 4823bf3
commit 4e9fdc8
Show file tree

Hide file tree

Showing 9 changed files with 158 additions and 28 deletions.
diff --git a/pkg/resources/row_access_policy.go b/pkg/resources/row_access_policy.go
@@ -31,13 +31,13 @@ var rowAccessPolicySchema = map[string]*schema.Schema{
 		Description: "The schema in which to create the row access policy.",
 		ForceNew:    true,
 	},
+	// TODO [SNOW-1020074]: Implement DiffSuppressFunc and test after https://github.com/hashicorp/terraform-plugin-sdk/issues/477 is solved.
 	"signature": {
 		Type:        schema.TypeMap,
 		Elem:        &schema.Schema{Type: schema.TypeString},
 		Required:    true,
 		ForceNew:    true,
 		Description: "Specifies signature (arguments) for the row access policy (uppercase and sorted to avoid recreation of resource). A signature specifies a set of attributes that must be considered to determine whether the row is accessible. The attribute values come from the database object (e.g. table or view) to be protected by the row access policy.",
-		// Implement DiffSuppressFunc after https://github.com/hashicorp/terraform-plugin-sdk/issues/477 is solved
 	},
 	"row_access_expression": {
 		Type:        schema.TypeString,
@@ -145,7 +145,7 @@ func ReadRowAccessPolicy(d *schema.ResourceData, meta interface{}) error {
 		return err
 	}
 
-	if err := d.Set("signature", ParseSignature(rowAccessPolicyDescription.Signature)); err != nil {
+	if err := d.Set("signature", parseSignature(rowAccessPolicyDescription.Signature)); err != nil {
 		return err
 	}
 
@@ -202,8 +202,8 @@ func DeleteRowAccessPolicy(d *schema.ResourceData, meta interface{}) error {
 	return nil
 }
 
-// TODO []: should we put signature parsing to the SDK?
-func ParseSignature(signature string) map[string]interface{} {
+// TODO [SNOW-1020074]: should we put signature parsing to the SDK?
+func parseSignature(signature string) map[string]interface{} {
 	// Format in database is `(column <data_type>)`
 	plainSignature := strings.ReplaceAll(signature, "(", "")
 	plainSignature = strings.ReplaceAll(plainSignature, ")", "")

diff --git a/pkg/resources/row_access_policy_acceptance_test.go b/pkg/resources/row_access_policy_acceptance_test.go
@@ -1,32 +1,45 @@
 package resources_test
 
 import (
+	"context"
+	"database/sql"
 	"fmt"
-	"os"
 	"strings"
 	"testing"
 
 	acc "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance"
+
+	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk"
+	"github.com/hashicorp/terraform-plugin-testing/config"
 	"github.com/hashicorp/terraform-plugin-testing/helper/acctest"
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-plugin-testing/terraform"
+	"github.com/hashicorp/terraform-plugin-testing/tfversion"
 )
 
 func TestAcc_RowAccessPolicy(t *testing.T) {
-	if _, ok := os.LookupEnv("SKIP_ROW_ACCESS_POLICY_TESTS"); ok {
-		t.Skip("Skipping TestAcc_RowAccessPolicy")
+	name := strings.ToUpper(acctest.RandStringFromCharSet(10, acctest.CharSetAlpha))
+	m := func() map[string]config.Variable {
+		return map[string]config.Variable{
+			"name":     config.StringVariable(name),
+			"database": config.StringVariable(acc.TestDatabaseName),
+			"schema":   config.StringVariable(acc.TestSchemaName),
+		}
 	}
 
-	accName := strings.ToUpper(acctest.RandStringFromCharSet(10, acctest.CharSetAlpha))
-
-	resource.ParallelTest(t, resource.TestCase{
-		Providers:    acc.TestAccProviders(),
-		PreCheck:     func() { acc.TestAccPreCheck(t) },
-		CheckDestroy: nil,
+	resource.Test(t, resource.TestCase{
+		ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories,
+		PreCheck:                 func() { acc.TestAccPreCheck(t) },
+		TerraformVersionChecks: []tfversion.TerraformVersionCheck{
+			tfversion.RequireAbove(tfversion.Version1_5_0),
+		},
+		CheckDestroy: testAccCheckRowAccessPolicyDestroy,
 		Steps: []resource.TestStep{
 			{
-				Config: rowAccessPolicyConfig(accName, acc.TestDatabaseName, acc.TestSchemaName),
+				ConfigDirectory: config.TestStepDirectory(),
+				ConfigVariables: m(),
 				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr("snowflake_row_access_policy.test", "name", accName),
+					resource.TestCheckResourceAttr("snowflake_row_access_policy.test", "name", name),
 					resource.TestCheckResourceAttr("snowflake_row_access_policy.test", "database", acc.TestDatabaseName),
 					resource.TestCheckResourceAttr("snowflake_row_access_policy.test", "schema", acc.TestSchemaName),
 					resource.TestCheckResourceAttr("snowflake_row_access_policy.test", "comment", "Terraform acceptance test"),
@@ -35,22 +48,58 @@ func TestAcc_RowAccessPolicy(t *testing.T) {
 					resource.TestCheckResourceAttr("snowflake_row_access_policy.test", "signature.V", "VARCHAR"),
 				),
 			},
+			// change comment and expression
+			{
+				ConfigDirectory: config.TestStepDirectory(),
+				ConfigVariables: m(),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("snowflake_row_access_policy.test", "name", name),
+					resource.TestCheckResourceAttr("snowflake_row_access_policy.test", "database", acc.TestDatabaseName),
+					resource.TestCheckResourceAttr("snowflake_row_access_policy.test", "schema", acc.TestSchemaName),
+					resource.TestCheckResourceAttr("snowflake_row_access_policy.test", "comment", "Terraform acceptance test - changed comment"),
+					resource.TestCheckResourceAttr("snowflake_row_access_policy.test", "row_access_expression", "case when current_role() in ('ANALYST') then false else true end"),
+					resource.TestCheckResourceAttr("snowflake_row_access_policy.test", "signature.N", "VARCHAR"),
+					resource.TestCheckResourceAttr("snowflake_row_access_policy.test", "signature.V", "VARCHAR"),
+				),
+			},
+			// change signature
+			{
+				ConfigDirectory: config.TestStepDirectory(),
+				ConfigVariables: m(),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("snowflake_row_access_policy.test", "name", name),
+					resource.TestCheckResourceAttr("snowflake_row_access_policy.test", "database", acc.TestDatabaseName),
+					resource.TestCheckResourceAttr("snowflake_row_access_policy.test", "schema", acc.TestSchemaName),
+					resource.TestCheckResourceAttr("snowflake_row_access_policy.test", "comment", "Terraform acceptance test - changed comment"),
+					resource.TestCheckResourceAttr("snowflake_row_access_policy.test", "row_access_expression", "case when current_role() in ('ANALYST') then false else true end"),
+					resource.TestCheckResourceAttr("snowflake_row_access_policy.test", "signature.V", "BOOLEAN"),
+					resource.TestCheckResourceAttr("snowflake_row_access_policy.test", "signature.X", "TIMESTAMP_NTZ"),
+				),
+			},
+			// IMPORT
+			{
+				ConfigVariables:   m(),
+				ResourceName:      "snowflake_row_access_policy.test",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
 
-func rowAccessPolicyConfig(n string, databaseName string, schemaName string) string {
-	return fmt.Sprintf(`
-resource "snowflake_row_access_policy" "test" {
-	name = "%v"
-	database = "%s"
-	schema = "%s"
-	signature = {
-		N = "VARCHAR"
-		V = "VARCHAR",
+func testAccCheckRowAccessPolicyDestroy(s *terraform.State) error {
+	db := acc.TestAccProvider.Meta().(*sql.DB)
+	client := sdk.NewClientFromDB(db)
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "snowflake_row_access_policy" {
+			continue
+		}
+		ctx := context.Background()
+		id := sdk.NewSchemaObjectIdentifier(rs.Primary.Attributes["database"], rs.Primary.Attributes["schema"], rs.Primary.Attributes["name"])
+		existingRowAccessPolicy, err := client.RowAccessPolicies.ShowByID(ctx, id)
+		if err == nil {
+			return fmt.Errorf("row access policy %v still exists", existingRowAccessPolicy.ID().FullyQualifiedName())
+		}
 	}
-	row_access_expression = "case when current_role() in ('ANALYST') then true else false end"
-	comment = "Terraform acceptance test"
-}
-`, n, databaseName, schemaName)
+	return nil
 }
diff --git a/pkg/resources/testdata/TestAcc_RowAccessPolicy/1/test.tf b/pkg/resources/testdata/TestAcc_RowAccessPolicy/1/test.tf
@@ -0,0 +1,11 @@
+resource "snowflake_row_access_policy" "test" {
+  name     = var.name
+  database = var.database
+  schema   = var.schema
+  signature = {
+    N = "VARCHAR"
+    V = "VARCHAR",
+  }
+  row_access_expression = "case when current_role() in ('ANALYST') then true else false end"
+  comment               = "Terraform acceptance test"
+}
diff --git a/pkg/resources/testdata/TestAcc_RowAccessPolicy/1/variables.tf b/pkg/resources/testdata/TestAcc_RowAccessPolicy/1/variables.tf
@@ -0,0 +1,11 @@
+variable "name" {
+  type = string
+}
+
+variable "database" {
+  type = string
+}
+
+variable "schema" {
+  type = string
+}
diff --git a/pkg/resources/testdata/TestAcc_RowAccessPolicy/2/test.tf b/pkg/resources/testdata/TestAcc_RowAccessPolicy/2/test.tf
@@ -0,0 +1,11 @@
+resource "snowflake_row_access_policy" "test" {
+  name     = var.name
+  database = var.database
+  schema   = var.schema
+  signature = {
+    N = "VARCHAR"
+    V = "VARCHAR",
+  }
+  row_access_expression = "case when current_role() in ('ANALYST') then false else true end"
+  comment               = "Terraform acceptance test - changed comment"
+}
diff --git a/pkg/resources/testdata/TestAcc_RowAccessPolicy/2/variables.tf b/pkg/resources/testdata/TestAcc_RowAccessPolicy/2/variables.tf
@@ -0,0 +1,11 @@
+variable "name" {
+  type = string
+}
+
+variable "database" {
+  type = string
+}
+
+variable "schema" {
+  type = string
+}
diff --git a/pkg/resources/testdata/TestAcc_RowAccessPolicy/3/test.tf b/pkg/resources/testdata/TestAcc_RowAccessPolicy/3/test.tf
@@ -0,0 +1,11 @@
+resource "snowflake_row_access_policy" "test" {
+  name     = var.name
+  database = var.database
+  schema   = var.schema
+  signature = {
+    V = "BOOLEAN",
+    X = "TIMESTAMP_NTZ"
+  }
+  row_access_expression = "case when current_role() in ('ANALYST') then false else true end"
+  comment               = "Terraform acceptance test - changed comment"
+}
diff --git a/pkg/resources/testdata/TestAcc_RowAccessPolicy/3/variables.tf b/pkg/resources/testdata/TestAcc_RowAccessPolicy/3/variables.tf
@@ -0,0 +1,11 @@
+variable "name" {
+  type = string
+}
+
+variable "database" {
+  type = string
+}
+
+variable "schema" {
+  type = string
+}
diff --git a/pkg/sdk/testint/row_access_policies_gen_integration_test.go b/pkg/sdk/testint/row_access_policies_gen_integration_test.go
@@ -276,6 +276,21 @@ func TestInt_RowAccessPolicies(t *testing.T) {
 		assertRowAccessPolicyDescription(t, returnedRowAccessPolicyDescription, rowAccessPolicy.ID(), fmt.Sprintf("(%s %s)", strings.ToUpper(argName), argType), body)
 	})
 
+	t.Run("describe row access policy: with data type normalization", func(t *testing.T) {
+		argName := random.AlphaN(5)
+		argType := sdk.DataTypeTimestamp
+		args := sdk.NewCreateRowAccessPolicyArgsRequest(argName, argType)
+		body := "true"
+
+		request := createRowAccessPolicyRequest(t, []sdk.CreateRowAccessPolicyArgsRequest{*args}, body)
+		rowAccessPolicy := createRowAccessPolicyWithRequest(t, request)
+
+		returnedRowAccessPolicyDescription, err := client.RowAccessPolicies.Describe(ctx, rowAccessPolicy.ID())
+		require.NoError(t, err)
+
+		assertRowAccessPolicyDescription(t, returnedRowAccessPolicyDescription, rowAccessPolicy.ID(), fmt.Sprintf("(%s %s)", strings.ToUpper(argName), sdk.DataTypeTimestampNTZ), body)
+	})
+
 	t.Run("describe row access policy: non-existing", func(t *testing.T) {
 		id := sdk.NewSchemaObjectIdentifier(testDb(t).Name, testSchema(t).Name, "does_not_exist")