diff --git a/MIGRATION_GUIDE.md b/MIGRATION_GUIDE.md
index 9a933195c29..0fd26a42236 100644
--- a/MIGRATION_GUIDE.md
+++ b/MIGRATION_GUIDE.md
@@ -5,6 +5,22 @@ describe deprecations or breaking changes and help you to change your configurat
across different versions.
## v0.95.0 ➞ v0.96.0
+### snowflake_row_access_policies data source changes
+New filtering options:
+- `in`
+- `limit`
+- `with_describe`
+
+New output fields
+- `show_output`
+- `describe_output`
+
+Breaking changes:
+- `database` and `schema` are right now under `in` field
+- `row_access_policies` field now organizes output of show under `show_output` field and the output of describe under `describe_output` field.
+
+Please adjust your Terraform configuration files.
+
### snowflake_row_access_policy resource changes
New fields:
- `show_output` field that holds the response from SHOW ROW ACCESS POLICIES.
diff --git a/docs/data-sources/row_access_policies.md b/docs/data-sources/row_access_policies.md
index e07aed2fa38..076c8b87f9c 100644
--- a/docs/data-sources/row_access_policies.md
+++ b/docs/data-sources/row_access_policies.md
@@ -2,41 +2,170 @@
page_title: "snowflake_row_access_policies Data Source - terraform-provider-snowflake"
subcategory: ""
description: |-
-
+ Datasource used to get details of filtered row access policies. Filtering is aligned with the current possibilities for SHOW ROW ACCESS POLICIES https://docs.snowflake.com/en/sql-reference/sql/show-row-access-policies query. The results of SHOW and DESCRIBE are encapsulated in one output collection row_access_policies.
---
-# snowflake_row_access_policies (Data Source)
+!> **V1 release candidate** This data source was reworked and is a release candidate for the V1. We do not expect significant changes in it before the V1. We will welcome any feedback and adjust the data source if needed. Any errors reported will be resolved with a higher priority. We encourage checking this data source out before the V1 release. Please follow the [migration guide](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md#v0950--v0960) to use it.
+# snowflake_row_access_policies (Data Source)
+Datasource used to get details of filtered row access policies. Filtering is aligned with the current possibilities for [SHOW ROW ACCESS POLICIES](https://docs.snowflake.com/en/sql-reference/sql/show-row-access-policies) query. The results of SHOW and DESCRIBE are encapsulated in one output collection `row_access_policies`.
## Example Usage
```terraform
-data "snowflake_row_access_policies" "current" {
- database = "MYDB"
- schema = "MYSCHEMA"
+# Simple usage
+data "snowflake_row_access_policies" "simple" {
+}
+
+output "simple_output" {
+ value = data.snowflake_row_access_policies.simple.row_access_policies
+}
+
+# Filtering (like)
+data "snowflake_row_access_policies" "like" {
+ like = "row-access-policy-name"
+}
+
+output "like_output" {
+ value = data.snowflake_row_access_policies.like.row_access_policies
+}
+
+# Filtering by prefix (like)
+data "snowflake_row_access_policies" "like_prefix" {
+ like = "prefix%"
+}
+
+output "like_prefix_output" {
+ value = data.snowflake_row_access_policies.like_prefix.row_access_policies
+}
+
+# Filtering (limit)
+data "snowflake_row_access_policies" "limit" {
+ limit {
+ rows = 10
+ from = "prefix-"
+ }
+}
+
+output "limit_output" {
+ value = data.snowflake_row_access_policies.limit.row_access_policies
+}
+
+# Filtering (in)
+data "snowflake_row_access_policies" "in" {
+ in {
+ database = "database"
+ }
+}
+
+output "in_output" {
+ value = data.snowflake_row_access_policies.in.row_access_policies
+}
+
+# Without additional data (to limit the number of calls make for every found row access policy)
+data "snowflake_row_access_policies" "only_show" {
+ # with_describe is turned on by default and it calls DESCRIBE ROW ACCESS POLICY for every row access policy found and attaches its output to row_access_policies.*.describe_output field
+ with_describe = false
+}
+
+output "only_show_output" {
+ value = data.snowflake_row_access_policies.only_show.row_access_policies
+}
+
+# Ensure the number of row access policies is equal to at least one element (with the use of postcondition)
+data "snowflake_row_access_policies" "assert_with_postcondition" {
+ like = "row-access-policy-name%"
+ lifecycle {
+ postcondition {
+ condition = length(self.row_access_policies) > 0
+ error_message = "there should be at least one row access policy"
+ }
+ }
+}
+
+# Ensure the number of row access policies is equal to at exactly one element (with the use of check block)
+check "row_access_policy_check" {
+ data "snowflake_row_access_policies" "assert_with_check_block" {
+ like = "row-access-policy-name"
+ }
+
+ assert {
+ condition = length(data.snowflake_row_access_policies.assert_with_check_block.row_access_policies) == 1
+ error_message = "row access policies filtered by '${data.snowflake_row_access_policies.assert_with_check_block.like}' returned ${length(data.snowflake_row_access_policies.assert_with_check_block.row_access_policies)} row access policies where one was expected"
+ }
}
```
## Schema
-### Required
+### Optional
-- `database` (String) The database from which to return the schemas from.
-- `schema` (String) The schema from which to return the row access policy from.
+- `in` (Block List, Max: 1) IN clause to filter the list of row access policies (see [below for nested schema](#nestedblock--in))
+- `like` (String) Filters the output with **case-insensitive** pattern, with support for SQL wildcard characters (`%` and `_`).
+- `limit` (Block List, Max: 1) Limits the number of rows returned. If the `limit.from` is set, then the limit wll start from the first element matched by the expression. The expression is only used to match with the first element, later on the elements are not matched by the prefix, but you can enforce a certain pattern with `starts_with` or `like`. (see [below for nested schema](#nestedblock--limit))
+- `with_describe` (Boolean) Runs DESC ROW ACCESS POLICY for each row access policy returned by SHOW ROW ACCESS POLICIES. The output of describe is saved to the description field. By default this value is set to true.
### Read-Only
- `id` (String) The ID of this resource.
-- `row_access_policies` (List of Object) The row access policy in the schema (see [below for nested schema](#nestedatt--row_access_policies))
+- `row_access_policies` (List of Object) Holds the aggregated output of all views details queries. (see [below for nested schema](#nestedatt--row_access_policies))
+
+
+### Nested Schema for `in`
+
+Optional:
+
+- `account` (Boolean) Returns records for the entire account.
+- `application` (String) Returns records for the specified application.
+- `application_package` (String) Returns records for the specified application package.
+- `database` (String) Returns records for the current database in use or for a specified database.
+- `schema` (String) Returns records for the current schema in use or a specified schema. Use fully qualified name.
+
+
+
+### Nested Schema for `limit`
+
+Required:
+
+- `rows` (Number) The maximum number of rows to return.
+
+Optional:
+
+- `from` (String) Specifies a **case-sensitive** pattern that is used to match object name. After the first match, the limit on the number of rows will be applied.
+
### Nested Schema for `row_access_policies`
Read-Only:
+- `describe_output` (List of Object) (see [below for nested schema](#nestedobjatt--row_access_policies--describe_output))
+- `show_output` (List of Object) (see [below for nested schema](#nestedobjatt--row_access_policies--show_output))
+
+
+### Nested Schema for `row_access_policies.describe_output`
+
+Read-Only:
+
+- `body` (String)
+- `name` (String)
+- `return_type` (String)
+- `signature` (String)
+
+
+
+### Nested Schema for `row_access_policies.show_output`
+
+Read-Only:
+
- `comment` (String)
-- `database` (String)
+- `created_on` (String)
+- `database_name` (String)
+- `kind` (String)
- `name` (String)
-- `schema` (String)
+- `options` (String)
+- `owner` (String)
+- `owner_role_type` (String)
+- `schema_name` (String)
diff --git a/docs/data-sources/views.md b/docs/data-sources/views.md
index 9c61f6d351b..589ef476b74 100644
--- a/docs/data-sources/views.md
+++ b/docs/data-sources/views.md
@@ -12,9 +12,86 @@ Datasource used to get details of filtered views. Filtering is aligned with the
## Example Usage
```terraform
-data "snowflake_views" "current" {
- database = "MYDB"
- schema = "MYSCHEMA"
+# Simple usage
+data "snowflake_views" "simple" {
+}
+
+output "simple_output" {
+ value = data.snowflake_views.simple.views
+}
+
+# Filtering (like)
+data "snowflake_views" "like" {
+ like = "view-name"
+}
+
+output "like_output" {
+ value = data.snowflake_views.like.views
+}
+
+# Filtering by prefix (like)
+data "snowflake_views" "like_prefix" {
+ like = "prefix%"
+}
+
+output "like_prefix_output" {
+ value = data.snowflake_views.like_prefix.views
+}
+
+# Filtering (limit)
+data "snowflake_views" "limit" {
+ limit {
+ rows = 10
+ from = "prefix-"
+ }
+}
+
+output "limit_output" {
+ value = data.snowflake_views.limit.views
+}
+
+# Filtering (in)
+data "snowflake_views" "in" {
+ in {
+ database = "database"
+ }
+}
+
+output "in_output" {
+ value = data.snowflake_views.in.views
+}
+
+# Without additional data (to limit the number of calls make for every found view)
+data "snowflake_views" "only_show" {
+ # with_describe is turned on by default and it calls DESCRIBE VIEW for every view found and attaches its output to views.*.describe_output field
+ with_describe = false
+}
+
+output "only_show_output" {
+ value = data.snowflake_views.only_show.views
+}
+
+# Ensure the number of views is equal to at least one element (with the use of postcondition)
+data "snowflake_views" "assert_with_postcondition" {
+ like = "view-name%"
+ lifecycle {
+ postcondition {
+ condition = length(self.views) > 0
+ error_message = "there should be at least one view"
+ }
+ }
+}
+
+# Ensure the number of views is equal to at exactly one element (with the use of check block)
+check "view_check" {
+ data "snowflake_views" "assert_with_check_block" {
+ like = "view-name"
+ }
+
+ assert {
+ condition = length(data.snowflake_views.assert_with_check_block.views) == 1
+ error_message = "views filtered by '${data.snowflake_views.assert_with_check_block.like}' returned ${length(data.snowflake_views.assert_with_check_block.views)} views where one was expected"
+ }
}
```
diff --git a/docs/resources/row_access_policy.md b/docs/resources/row_access_policy.md
index 17173abf53b..c11557428e3 100644
--- a/docs/resources/row_access_policy.md
+++ b/docs/resources/row_access_policy.md
@@ -2,14 +2,14 @@
page_title: "snowflake_row_access_policy Resource - terraform-provider-snowflake"
subcategory: ""
description: |-
-
+ Resource used to manage row access policy objects. For more information, check row access policy documentation https://docs.snowflake.com/en/sql-reference/sql/create-row-access-policy.
---
!> **V1 release candidate** This resource was reworked and is a release candidate for the V1. We do not expect significant changes in it before the V1. We will welcome any feedback and adjust the resource if needed. Any errors reported will be resolved with a higher priority. We encourage checking this resource out before the V1 release. Please follow the [migration guide](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md#v0950--v0960) to use it.
# snowflake_row_access_policy (Resource)
-
+Resource used to manage row access policy objects. For more information, check [row access policy documentation](https://docs.snowflake.com/en/sql-reference/sql/create-row-access-policy).
## Example Usage
diff --git a/examples/data-sources/snowflake_row_access_policies/data-source.tf b/examples/data-sources/snowflake_row_access_policies/data-source.tf
index c51e2bbcc4f..97239051019 100644
--- a/examples/data-sources/snowflake_row_access_policies/data-source.tf
+++ b/examples/data-sources/snowflake_row_access_policies/data-source.tf
@@ -1,4 +1,81 @@
-data "snowflake_row_access_policies" "current" {
- database = "MYDB"
- schema = "MYSCHEMA"
-}
\ No newline at end of file
+# Simple usage
+data "snowflake_row_access_policies" "simple" {
+}
+
+output "simple_output" {
+ value = data.snowflake_row_access_policies.simple.row_access_policies
+}
+
+# Filtering (like)
+data "snowflake_row_access_policies" "like" {
+ like = "row-access-policy-name"
+}
+
+output "like_output" {
+ value = data.snowflake_row_access_policies.like.row_access_policies
+}
+
+# Filtering by prefix (like)
+data "snowflake_row_access_policies" "like_prefix" {
+ like = "prefix%"
+}
+
+output "like_prefix_output" {
+ value = data.snowflake_row_access_policies.like_prefix.row_access_policies
+}
+
+# Filtering (limit)
+data "snowflake_row_access_policies" "limit" {
+ limit {
+ rows = 10
+ from = "prefix-"
+ }
+}
+
+output "limit_output" {
+ value = data.snowflake_row_access_policies.limit.row_access_policies
+}
+
+# Filtering (in)
+data "snowflake_row_access_policies" "in" {
+ in {
+ database = "database"
+ }
+}
+
+output "in_output" {
+ value = data.snowflake_row_access_policies.in.row_access_policies
+}
+
+# Without additional data (to limit the number of calls make for every found row access policy)
+data "snowflake_row_access_policies" "only_show" {
+ # with_describe is turned on by default and it calls DESCRIBE ROW ACCESS POLICY for every row access policy found and attaches its output to row_access_policies.*.describe_output field
+ with_describe = false
+}
+
+output "only_show_output" {
+ value = data.snowflake_row_access_policies.only_show.row_access_policies
+}
+
+# Ensure the number of row access policies is equal to at least one element (with the use of postcondition)
+data "snowflake_row_access_policies" "assert_with_postcondition" {
+ like = "row-access-policy-name%"
+ lifecycle {
+ postcondition {
+ condition = length(self.row_access_policies) > 0
+ error_message = "there should be at least one row access policy"
+ }
+ }
+}
+
+# Ensure the number of row access policies is equal to at exactly one element (with the use of check block)
+check "row_access_policy_check" {
+ data "snowflake_row_access_policies" "assert_with_check_block" {
+ like = "row-access-policy-name"
+ }
+
+ assert {
+ condition = length(data.snowflake_row_access_policies.assert_with_check_block.row_access_policies) == 1
+ error_message = "row access policies filtered by '${data.snowflake_row_access_policies.assert_with_check_block.like}' returned ${length(data.snowflake_row_access_policies.assert_with_check_block.row_access_policies)} row access policies where one was expected"
+ }
+}
diff --git a/examples/data-sources/snowflake_views/data-source.tf b/examples/data-sources/snowflake_views/data-source.tf
index 3380c745076..56503661be0 100644
--- a/examples/data-sources/snowflake_views/data-source.tf
+++ b/examples/data-sources/snowflake_views/data-source.tf
@@ -1,4 +1,81 @@
-data "snowflake_views" "current" {
- database = "MYDB"
- schema = "MYSCHEMA"
-}
\ No newline at end of file
+# Simple usage
+data "snowflake_views" "simple" {
+}
+
+output "simple_output" {
+ value = data.snowflake_views.simple.views
+}
+
+# Filtering (like)
+data "snowflake_views" "like" {
+ like = "view-name"
+}
+
+output "like_output" {
+ value = data.snowflake_views.like.views
+}
+
+# Filtering by prefix (like)
+data "snowflake_views" "like_prefix" {
+ like = "prefix%"
+}
+
+output "like_prefix_output" {
+ value = data.snowflake_views.like_prefix.views
+}
+
+# Filtering (limit)
+data "snowflake_views" "limit" {
+ limit {
+ rows = 10
+ from = "prefix-"
+ }
+}
+
+output "limit_output" {
+ value = data.snowflake_views.limit.views
+}
+
+# Filtering (in)
+data "snowflake_views" "in" {
+ in {
+ database = "database"
+ }
+}
+
+output "in_output" {
+ value = data.snowflake_views.in.views
+}
+
+# Without additional data (to limit the number of calls make for every found view)
+data "snowflake_views" "only_show" {
+ # with_describe is turned on by default and it calls DESCRIBE VIEW for every view found and attaches its output to views.*.describe_output field
+ with_describe = false
+}
+
+output "only_show_output" {
+ value = data.snowflake_views.only_show.views
+}
+
+# Ensure the number of views is equal to at least one element (with the use of postcondition)
+data "snowflake_views" "assert_with_postcondition" {
+ like = "view-name%"
+ lifecycle {
+ postcondition {
+ condition = length(self.views) > 0
+ error_message = "there should be at least one view"
+ }
+ }
+}
+
+# Ensure the number of views is equal to at exactly one element (with the use of check block)
+check "view_check" {
+ data "snowflake_views" "assert_with_check_block" {
+ like = "view-name"
+ }
+
+ assert {
+ condition = length(data.snowflake_views.assert_with_check_block.views) == 1
+ error_message = "views filtered by '${data.snowflake_views.assert_with_check_block.like}' returned ${length(data.snowflake_views.assert_with_check_block.views)} views where one was expected"
+ }
+}
diff --git a/pkg/acceptance/bettertestspoc/assert/resourceshowoutputassert/row_access_policy_show_output_ext.go b/pkg/acceptance/bettertestspoc/assert/resourceshowoutputassert/row_access_policy_show_output_ext.go
index a63b1e3b237..d8a013f58cc 100644
--- a/pkg/acceptance/bettertestspoc/assert/resourceshowoutputassert/row_access_policy_show_output_ext.go
+++ b/pkg/acceptance/bettertestspoc/assert/resourceshowoutputassert/row_access_policy_show_output_ext.go
@@ -1,6 +1,8 @@
package resourceshowoutputassert
import (
+ "testing"
+
"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance/bettertestspoc/assert"
)
@@ -8,3 +10,14 @@ func (r *RowAccessPolicyShowOutputAssert) HasCreatedOnNotEmpty() *RowAccessPolic
r.AddAssertion(assert.ResourceShowOutputValuePresent("created_on"))
return r
}
+
+// RowAccessPoliciesDatasourceShowOutput is a temporary workaround to have better show output assertions in data source acceptance tests.
+func RowAccessPoliciesDatasourceShowOutput(t *testing.T, name string) *RowAccessPolicyShowOutputAssert {
+ t.Helper()
+
+ r := RowAccessPolicyShowOutputAssert{
+ ResourceAssert: assert.NewDatasourceAssert("data."+name, "show_output", "row_access_policies.0."),
+ }
+ r.AddAssertion(assert.ValueSet("show_output.#", "1"))
+ return &r
+}
diff --git a/pkg/datasources/row_access_policies.go b/pkg/datasources/row_access_policies.go
index 9cc4e26d9ba..eb6196b584a 100644
--- a/pkg/datasources/row_access_policies.go
+++ b/pkg/datasources/row_access_policies.go
@@ -2,89 +2,206 @@ package datasources
import (
"context"
- "log"
"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/internal/provider"
+ "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/resources"
+ "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/schemas"
- "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/helpers"
"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk"
+ "github.com/hashicorp/terraform-plugin-sdk/v2/diag"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
)
var rowAccessPoliciesSchema = map[string]*schema.Schema{
- "database": {
- Type: schema.TypeString,
- Required: true,
- Description: "The database from which to return the schemas from.",
- },
- "schema": {
- Type: schema.TypeString,
- Required: true,
- Description: "The schema from which to return the row access policy from.",
+ "with_describe": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Default: true,
+ Description: "Runs DESC ROW ACCESS POLICY for each row access policy returned by SHOW ROW ACCESS POLICIES. The output of describe is saved to the description field. By default this value is set to true.",
},
- "row_access_policies": {
+ "in": {
Type: schema.TypeList,
- Computed: true,
- Description: "The row access policy in the schema",
+ Optional: true,
+ Description: "IN clause to filter the list of row access policies",
+ MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
- "name": {
- Type: schema.TypeString,
- Computed: true,
+ "account": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Description: "Returns records for the entire account.",
+ ExactlyOneOf: []string{"in.0.account", "in.0.database", "in.0.schema", "in.0.application", "in.0.application_package"},
},
"database": {
- Type: schema.TypeString,
- Computed: true,
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Returns records for the current database in use or for a specified database.",
+ ExactlyOneOf: []string{"in.0.account", "in.0.database", "in.0.schema", "in.0.application", "in.0.application_package"},
},
"schema": {
- Type: schema.TypeString,
- Computed: true,
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Returns records for the current schema in use or a specified schema. Use fully qualified name.",
+ ExactlyOneOf: []string{"in.0.account", "in.0.database", "in.0.schema", "in.0.application", "in.0.application_package"},
+ },
+ "application": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Returns records for the specified application.",
+ ExactlyOneOf: []string{"in.0.account", "in.0.database", "in.0.schema", "in.0.application", "in.0.application_package"},
+ },
+ "application_package": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Returns records for the specified application package.",
+ ExactlyOneOf: []string{"in.0.account", "in.0.database", "in.0.schema", "in.0.application", "in.0.application_package"},
+ },
+ },
+ },
+ },
+ "limit": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: "Limits the number of rows returned. If the `limit.from` is set, then the limit wll start from the first element matched by the expression. The expression is only used to match with the first element, later on the elements are not matched by the prefix, but you can enforce a certain pattern with `starts_with` or `like`.",
+ MaxItems: 1,
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "rows": {
+ Type: schema.TypeInt,
+ Required: true,
+ Description: "The maximum number of rows to return.",
+ },
+ "from": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Specifies a **case-sensitive** pattern that is used to match object name. After the first match, the limit on the number of rows will be applied.",
+ },
+ },
+ },
+ },
+ "row_access_policies": {
+ Type: schema.TypeList,
+ Computed: true,
+ Description: "Holds the aggregated output of all views details queries.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ resources.ShowOutputAttributeName: {
+ Type: schema.TypeList,
+ Computed: true,
+ Description: "Holds the output of SHOW ROW ACCESS POLICIES.",
+ Elem: &schema.Resource{
+ Schema: schemas.ShowRowAccessPolicySchema,
+ },
},
- "comment": {
- Type: schema.TypeString,
- Optional: true,
- Computed: true,
+ resources.DescribeOutputAttributeName: {
+ Type: schema.TypeList,
+ Computed: true,
+ Description: "Holds the output of DESCRIBE ROW ACCESS POLICY.",
+ Elem: &schema.Resource{
+ Schema: schemas.RowAccessPolicyDescribeSchema,
+ },
},
},
},
},
+ "like": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Filters the output with **case-insensitive** pattern, with support for SQL wildcard characters (`%` and `_`).",
+ },
}
func RowAccessPolicies() *schema.Resource {
return &schema.Resource{
- Read: ReadRowAccessPolicies,
- Schema: rowAccessPoliciesSchema,
+ ReadContext: ReadRowAccessPolicies,
+ Schema: rowAccessPoliciesSchema,
+ Description: "Datasource used to get details of filtered row access policies. Filtering is aligned with the current possibilities for [SHOW ROW ACCESS POLICIES](https://docs.snowflake.com/en/sql-reference/sql/show-row-access-policies) query. The results of SHOW and DESCRIBE are encapsulated in one output collection `row_access_policies`.",
}
}
-func ReadRowAccessPolicies(d *schema.ResourceData, meta interface{}) error {
+func ReadRowAccessPolicies(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics {
client := meta.(*provider.Context).Client
- ctx := context.Background()
+ req := sdk.NewShowRowAccessPolicyRequest()
- databaseName := d.Get("database").(string)
- schemaName := d.Get("schema").(string)
+ if v, ok := d.GetOk("in"); ok {
+ in := v.([]any)[0].(map[string]any)
+ if v, ok := in["account"]; ok && v.(bool) {
+ req.WithIn(&sdk.ExtendedIn{In: sdk.In{Account: sdk.Bool(true)}})
+ }
+ if v, ok := in["database"]; ok {
+ database := v.(string)
+ if database != "" {
+ req.WithIn(&sdk.ExtendedIn{In: sdk.In{Database: sdk.NewAccountObjectIdentifier(database)}})
+ }
+ }
+ if v, ok := in["schema"]; ok {
+ schema := v.(string)
+ if schema != "" {
+ schemaId, err := sdk.ParseDatabaseObjectIdentifier(schema)
+ if err != nil {
+ return diag.FromErr(err)
+ }
+ req.WithIn(&sdk.ExtendedIn{In: sdk.In{Schema: schemaId}})
+ }
+ }
+ if v, ok := in["application"]; ok {
+ if application := v.(string); application != "" {
+ req.In = &sdk.ExtendedIn{Application: sdk.NewAccountObjectIdentifier(application)}
+ }
+ }
+ if v, ok := in["application_package"]; ok {
+ if applicationPackage := v.(string); applicationPackage != "" {
+ req.In = &sdk.ExtendedIn{ApplicationPackage: sdk.NewAccountObjectIdentifier(applicationPackage)}
+ }
+ }
+ }
- schemaId := sdk.NewDatabaseObjectIdentifier(databaseName, schemaName)
- extractedRowAccessPolicies, err := client.RowAccessPolicies.Show(ctx, sdk.NewShowRowAccessPolicyRequest().WithIn(
- &sdk.In{Schema: schemaId},
- ))
+ if likePattern, ok := d.GetOk("like"); ok {
+ req.WithLike(&sdk.Like{
+ Pattern: sdk.String(likePattern.(string)),
+ })
+ }
+
+ if v, ok := d.GetOk("limit"); ok {
+ l := v.([]any)[0].(map[string]any)
+ limit := &sdk.LimitFrom{}
+ if v, ok := l["rows"]; ok {
+ rows := v.(int)
+ limit.Rows = sdk.Int(rows)
+ }
+ if v, ok := l["from"]; ok {
+ from := v.(string)
+ limit.From = sdk.String(from)
+ }
+ req.WithLimit(limit)
+ }
+
+ rowAccessPolicies, err := client.RowAccessPolicies.Show(ctx, req)
if err != nil {
- log.Printf("[DEBUG] failed when searching row access policies in schema (%s), err = %s", schemaId.FullyQualifiedName(), err.Error())
- d.SetId("")
- return nil
+ return diag.FromErr(err)
}
- rowAccessPolicies := make([]map[string]any, len(extractedRowAccessPolicies))
+ d.SetId("row_access_policies_read")
- for i, rowAccessPolicy := range extractedRowAccessPolicies {
- rowAccessPolicies[i] = map[string]any{
- "name": rowAccessPolicy.Name,
- "database": rowAccessPolicy.DatabaseName,
- "schema": rowAccessPolicy.SchemaName,
- "comment": rowAccessPolicy.Comment,
+ flattenedRowAccessPolicies := make([]map[string]any, len(rowAccessPolicies))
+ for i, policy := range rowAccessPolicies {
+ policy := policy
+ var policyDescriptions []map[string]any
+ if d.Get("with_describe").(bool) {
+ describeOutput, err := client.RowAccessPolicies.Describe(ctx, policy.ID())
+ if err != nil {
+ return diag.FromErr(err)
+ }
+ policyDescriptions = []map[string]any{schemas.RowAccessPolicyDescriptionToSchema(*describeOutput)}
}
- }
- d.SetId(helpers.EncodeSnowflakeID(databaseName, schemaName))
- return d.Set("row_access_policies", rowAccessPolicies)
+ flattenedRowAccessPolicies[i] = map[string]any{
+ resources.ShowOutputAttributeName: []map[string]any{schemas.RowAccessPolicyToSchema(&policy)},
+ resources.DescribeOutputAttributeName: policyDescriptions,
+ }
+ }
+ if err := d.Set("row_access_policies", flattenedRowAccessPolicies); err != nil {
+ return diag.FromErr(err)
+ }
+ return nil
}
diff --git a/pkg/datasources/row_access_policies_acceptance_test.go b/pkg/datasources/row_access_policies_acceptance_test.go
index 066a792dc39..eff2a614f95 100644
--- a/pkg/datasources/row_access_policies_acceptance_test.go
+++ b/pkg/datasources/row_access_policies_acceptance_test.go
@@ -1,70 +1,191 @@
package datasources_test
import (
- "fmt"
+ "maps"
+ "regexp"
"testing"
acc "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance"
+ "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance/bettertestspoc/assert"
+ "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance/bettertestspoc/assert/resourceshowoutputassert"
+ tfconfig "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance/bettertestspoc/config"
+ "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance/bettertestspoc/config/model"
+ "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance/helpers/random"
+ "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/internal/snowflakeroles"
+ "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/provider/resources"
+ "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk"
+ "github.com/hashicorp/terraform-plugin-testing/config"
"github.com/hashicorp/terraform-plugin-testing/helper/resource"
"github.com/hashicorp/terraform-plugin-testing/tfversion"
)
func TestAcc_RowAccessPolicies(t *testing.T) {
- databaseName := acc.TestClient().Ids.Alpha()
- schemaName := acc.TestClient().Ids.Alpha()
- rowAccessPolicyName := acc.TestClient().Ids.Alpha()
+ id := acc.TestClient().Ids.RandomSchemaObjectIdentifier()
+ body := "case when current_role() in ('ANALYST') then true else false end"
+ policyModel := model.RowAccessPolicy("test", []sdk.RowAccessPolicyArgument{
+ {
+ Name: "a",
+ Type: string(sdk.DataTypeVARCHAR),
+ },
+ {
+ Name: "b",
+ Type: string(sdk.DataTypeVARCHAR),
+ },
+ }, body, id.DatabaseName(), id.Name(), id.SchemaName()).WithComment("foo")
+
+ dsName := "data.snowflake_row_access_policies.test"
resource.Test(t, resource.TestCase{
ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories,
PreCheck: func() { acc.TestAccPreCheck(t) },
TerraformVersionChecks: []tfversion.TerraformVersionCheck{
tfversion.RequireAbove(tfversion.Version1_5_0),
},
- CheckDestroy: nil,
+ CheckDestroy: acc.CheckDestroy(t, resources.RowAccessPolicy),
Steps: []resource.TestStep{
{
- Config: rowAccessPolicies(databaseName, schemaName, rowAccessPolicyName),
- Check: resource.ComposeTestCheckFunc(
- resource.TestCheckResourceAttr("data.snowflake_row_access_policies.v", "database", databaseName),
- resource.TestCheckResourceAttr("data.snowflake_row_access_policies.v", "schema", schemaName),
- resource.TestCheckResourceAttrSet("data.snowflake_row_access_policies.v", "row_access_policies.#"),
- resource.TestCheckResourceAttr("data.snowflake_row_access_policies.v", "row_access_policies.#", "1"),
- resource.TestCheckResourceAttr("data.snowflake_row_access_policies.v", "row_access_policies.0.name", rowAccessPolicyName),
+ ConfigDirectory: acc.ConfigurationDirectory("TestAcc_RowAccessPolicies/optionals_set"),
+ ConfigVariables: tfconfig.ConfigVariablesFromModel(t, policyModel),
+ Check: assert.AssertThat(t,
+ assert.Check(resource.TestCheckResourceAttr(dsName, "row_access_policies.#", "1")),
+
+ resourceshowoutputassert.RowAccessPoliciesDatasourceShowOutput(t, "snowflake_row_access_policies.test").
+ HasCreatedOnNotEmpty().
+ HasDatabaseName(id.DatabaseName()).
+ HasKind(string(sdk.PolicyKindRowAccessPolicy)).
+ HasName(id.Name()).
+ HasOptions("").
+ HasOwner(snowflakeroles.Accountadmin.Name()).
+ HasOwnerRoleType("ROLE").
+ HasSchemaName(id.SchemaName()).
+ HasComment("foo"),
+
+ assert.Check(resource.TestCheckResourceAttr(dsName, "row_access_policies.0.describe_output.0.body", "case when current_role() in ('ANALYST') then true else false end")),
+ assert.Check(resource.TestCheckResourceAttr(dsName, "row_access_policies.0.describe_output.0.name", id.Name())),
+ assert.Check(resource.TestCheckResourceAttr(dsName, "row_access_policies.0.describe_output.0.return_type", "BOOLEAN")),
+ assert.Check(resource.TestCheckResourceAttr(dsName, "row_access_policies.0.describe_output.0.signature", "(a VARCHAR, b VARCHAR)")),
+ ),
+ },
+ {
+ ConfigDirectory: acc.ConfigurationDirectory("TestAcc_RowAccessPolicies/optionals_unset"),
+ ConfigVariables: tfconfig.ConfigVariablesFromModel(t, policyModel),
+
+ Check: assert.AssertThat(t,
+ assert.Check(resource.TestCheckResourceAttr(dsName, "row_access_policies.#", "1")),
+
+ resourceshowoutputassert.RowAccessPoliciesDatasourceShowOutput(t, "snowflake_row_access_policies.test").
+ HasCreatedOnNotEmpty().
+ HasDatabaseName(id.DatabaseName()).
+ HasKind(string(sdk.PolicyKindRowAccessPolicy)).
+ HasName(id.Name()).
+ HasOptions("").
+ HasOwner(snowflakeroles.Accountadmin.Name()).
+ HasOwnerRoleType("ROLE").
+ HasSchemaName(id.SchemaName()).
+ HasComment("foo"),
+ assert.Check(resource.TestCheckResourceAttr(dsName, "row_access_policies.0.describe_output.#", "0")),
),
},
},
})
}
-func rowAccessPolicies(databaseName string, schemaName string, rowAccessPolicyName string) string {
- return fmt.Sprintf(`
-
- resource snowflake_database "test" {
- name = "%v"
+func TestAcc_RowAccessPolicies_Filtering(t *testing.T) {
+ prefix := random.AlphaN(4)
+ idOne := acc.TestClient().Ids.RandomAccountObjectIdentifierWithPrefix(prefix)
+ idTwo := acc.TestClient().Ids.RandomAccountObjectIdentifierWithPrefix(prefix)
+ idThree := acc.TestClient().Ids.RandomAccountObjectIdentifier()
+ databaseId := acc.TestClient().Ids.DatabaseId()
+ schemaId := acc.TestClient().Ids.SchemaId()
+ commonVariables := config.Variables{
+ "name_1": config.StringVariable(idOne.Name()),
+ "name_2": config.StringVariable(idTwo.Name()),
+ "name_3": config.StringVariable(idThree.Name()),
+ "schema": config.StringVariable(schemaId.Name()),
+ "database": config.StringVariable(databaseId.Name()),
+ "arguments": config.SetVariable(
+ config.MapVariable(map[string]config.Variable{
+ "name": config.StringVariable("a"),
+ "type": config.StringVariable("VARCHAR"),
+ }),
+ ),
+ "body": config.StringVariable("case when current_role() in ('ANALYST') then true else false end"),
}
- resource snowflake_schema "test"{
- name = "%v"
- database = snowflake_database.test.name
+ likeConfig := config.Variables{
+ "like": config.StringVariable(idOne.Name()),
}
+ maps.Copy(likeConfig, commonVariables)
- resource "snowflake_row_access_policy" "test" {
- name = "%v"
- database = snowflake_database.test.name
- schema = snowflake_schema.test.name
- signature = {
- N = "VARCHAR"
- V = "VARCHAR",
- }
- row_access_expression = "case when current_role() in ('ANALYST') then true else false end"
- comment = "Terraform acceptance test"
+ likeConfig2 := config.Variables{
+ "like": config.StringVariable(prefix + "%"),
}
+ maps.Copy(likeConfig2, commonVariables)
- data snowflake_row_access_policies "v" {
- database = snowflake_row_access_policy.test.database
- schema = snowflake_row_access_policy.test.schema
- depends_on = [snowflake_row_access_policy.test]
- }
- `, databaseName, schemaName, rowAccessPolicyName)
+ resource.Test(t, resource.TestCase{
+ ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories,
+ TerraformVersionChecks: []tfversion.TerraformVersionCheck{
+ tfversion.RequireAbove(tfversion.Version1_5_0),
+ },
+ CheckDestroy: acc.CheckDestroy(t, resources.RowAccessPolicy),
+ PreCheck: func() { acc.TestAccPreCheck(t) },
+ Steps: []resource.TestStep{
+ {
+ ConfigDirectory: acc.ConfigurationDirectory("TestAcc_RowAccessPolicies/like"),
+ ConfigVariables: likeConfig,
+ Check: resource.ComposeTestCheckFunc(
+ resource.TestCheckResourceAttr("data.snowflake_row_access_policies.test", "row_access_policies.#", "1"),
+ ),
+ },
+ {
+ ConfigDirectory: acc.ConfigurationDirectory("TestAcc_RowAccessPolicies/like"),
+ ConfigVariables: likeConfig2,
+ Check: resource.ComposeTestCheckFunc(
+ resource.TestCheckResourceAttr("data.snowflake_row_access_policies.test", "row_access_policies.#", "2"),
+ ),
+ },
+ },
+ })
+}
+
+func TestAcc_RowAccessPolicies_emptyIn(t *testing.T) {
+ resource.Test(t, resource.TestCase{
+ ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories,
+ PreCheck: func() { acc.TestAccPreCheck(t) },
+ TerraformVersionChecks: []tfversion.TerraformVersionCheck{
+ tfversion.RequireAbove(tfversion.Version1_5_0),
+ },
+ CheckDestroy: nil,
+ Steps: []resource.TestStep{
+ {
+ Config: rowAccessPoliciesDatasourceEmptyIn(),
+ ExpectError: regexp.MustCompile("Invalid combination of arguments"),
+ },
+ },
+ })
+}
+
+func rowAccessPoliciesDatasourceEmptyIn() string {
+ return `
+data "snowflake_row_access_policies" "test" {
+ in {
+ }
+}
+`
+}
+
+func TestAcc_RowAccessPolicies_NotFound_WithPostConditions(t *testing.T) {
+ resource.Test(t, resource.TestCase{
+ ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories,
+ TerraformVersionChecks: []tfversion.TerraformVersionCheck{
+ tfversion.RequireAbove(tfversion.Version1_5_0),
+ },
+ Steps: []resource.TestStep{
+ {
+ ConfigDirectory: acc.ConfigurationDirectory("TestAcc_RowAccessPolicies/non_existing"),
+ ExpectError: regexp.MustCompile("there should be at least one row access policy"),
+ },
+ },
+ })
}
diff --git a/pkg/datasources/testdata/TestAcc_RowAccessPolicies/like/test.tf b/pkg/datasources/testdata/TestAcc_RowAccessPolicies/like/test.tf
new file mode 100644
index 00000000000..4edb188f551
--- /dev/null
+++ b/pkg/datasources/testdata/TestAcc_RowAccessPolicies/like/test.tf
@@ -0,0 +1,48 @@
+resource "snowflake_row_access_policy" "test_1" {
+ name = var.name_1
+ database = var.database
+ schema = var.schema
+ dynamic "argument" {
+ for_each = var.arguments
+ content {
+ name = argument.value["name"]
+ type = argument.value["type"]
+ }
+ }
+ body = var.body
+}
+
+resource "snowflake_row_access_policy" "test_2" {
+ name = var.name_2
+ database = var.database
+ schema = var.schema
+ dynamic "argument" {
+ for_each = var.arguments
+ content {
+ name = argument.value["name"]
+ type = argument.value["type"]
+ }
+ }
+ body = var.body
+}
+
+resource "snowflake_row_access_policy" "test_3" {
+ name = var.name_3
+ database = var.database
+ schema = var.schema
+ dynamic "argument" {
+ for_each = var.arguments
+ content {
+ name = argument.value["name"]
+ type = argument.value["type"]
+ }
+ }
+ body = var.body
+}
+
+
+data "snowflake_row_access_policies" "test" {
+ depends_on = [snowflake_row_access_policy.test_1, snowflake_row_access_policy.test_2, snowflake_row_access_policy.test_3]
+
+ like = var.like
+}
diff --git a/pkg/datasources/testdata/TestAcc_RowAccessPolicies/like/variables.tf b/pkg/datasources/testdata/TestAcc_RowAccessPolicies/like/variables.tf
new file mode 100644
index 00000000000..af205d63191
--- /dev/null
+++ b/pkg/datasources/testdata/TestAcc_RowAccessPolicies/like/variables.tf
@@ -0,0 +1,31 @@
+variable "name_1" {
+ type = string
+}
+
+variable "name_2" {
+ type = string
+}
+
+variable "name_3" {
+ type = string
+}
+
+variable "like" {
+ type = string
+}
+
+variable "database" {
+ type = string
+}
+
+variable "schema" {
+ type = string
+}
+
+variable "arguments" {
+ type = set(map(string))
+}
+
+variable "body" {
+ type = string
+}
diff --git a/pkg/datasources/testdata/TestAcc_RowAccessPolicies/non_existing/test.tf b/pkg/datasources/testdata/TestAcc_RowAccessPolicies/non_existing/test.tf
new file mode 100644
index 00000000000..8ef6c31fc37
--- /dev/null
+++ b/pkg/datasources/testdata/TestAcc_RowAccessPolicies/non_existing/test.tf
@@ -0,0 +1,10 @@
+data "snowflake_row_access_policies" "test" {
+ like = "non-existing-row-access-policy"
+
+ lifecycle {
+ postcondition {
+ condition = length(self.row_access_policies) > 0
+ error_message = "there should be at least one row access policy"
+ }
+ }
+}
diff --git a/pkg/datasources/testdata/TestAcc_RowAccessPolicies/optionals_set/test.tf b/pkg/datasources/testdata/TestAcc_RowAccessPolicies/optionals_set/test.tf
new file mode 100644
index 00000000000..7e0b60680ae
--- /dev/null
+++ b/pkg/datasources/testdata/TestAcc_RowAccessPolicies/optionals_set/test.tf
@@ -0,0 +1,24 @@
+resource "snowflake_row_access_policy" "test" {
+ name = var.name
+ database = var.database
+ schema = var.schema
+ dynamic "argument" {
+ for_each = var.argument
+ content {
+ name = argument.value["name"]
+ type = argument.value["type"]
+ }
+ }
+ body = var.body
+ comment = var.comment
+}
+
+data "snowflake_row_access_policies" "test" {
+ depends_on = [snowflake_row_access_policy.test]
+
+ like = var.name
+ limit {
+ rows = 10
+ from = snowflake_row_access_policy.test.name
+ }
+}
diff --git a/pkg/datasources/testdata/TestAcc_RowAccessPolicies/optionals_set/variables.tf b/pkg/datasources/testdata/TestAcc_RowAccessPolicies/optionals_set/variables.tf
new file mode 100644
index 00000000000..c1ee6963640
--- /dev/null
+++ b/pkg/datasources/testdata/TestAcc_RowAccessPolicies/optionals_set/variables.tf
@@ -0,0 +1,23 @@
+variable "name" {
+ type = string
+}
+
+variable "database" {
+ type = string
+}
+
+variable "schema" {
+ type = string
+}
+
+variable "argument" {
+ type = set(map(string))
+}
+
+variable "body" {
+ type = string
+}
+
+variable "comment" {
+ type = string
+}
diff --git a/pkg/datasources/testdata/TestAcc_RowAccessPolicies/optionals_unset/test.tf b/pkg/datasources/testdata/TestAcc_RowAccessPolicies/optionals_unset/test.tf
new file mode 100644
index 00000000000..55151f14983
--- /dev/null
+++ b/pkg/datasources/testdata/TestAcc_RowAccessPolicies/optionals_unset/test.tf
@@ -0,0 +1,21 @@
+resource "snowflake_row_access_policy" "test" {
+ name = var.name
+ database = var.database
+ schema = var.schema
+ dynamic "argument" {
+ for_each = var.argument
+ content {
+ name = argument.value["name"]
+ type = argument.value["type"]
+ }
+ }
+ body = var.body
+ comment = var.comment
+}
+
+data "snowflake_row_access_policies" "test" {
+ depends_on = [snowflake_row_access_policy.test]
+
+ with_describe = false
+ like = var.name
+}
diff --git a/pkg/datasources/testdata/TestAcc_RowAccessPolicies/optionals_unset/variables.tf b/pkg/datasources/testdata/TestAcc_RowAccessPolicies/optionals_unset/variables.tf
new file mode 100644
index 00000000000..c1ee6963640
--- /dev/null
+++ b/pkg/datasources/testdata/TestAcc_RowAccessPolicies/optionals_unset/variables.tf
@@ -0,0 +1,23 @@
+variable "name" {
+ type = string
+}
+
+variable "database" {
+ type = string
+}
+
+variable "schema" {
+ type = string
+}
+
+variable "argument" {
+ type = set(map(string))
+}
+
+variable "body" {
+ type = string
+}
+
+variable "comment" {
+ type = string
+}
diff --git a/pkg/resources/row_access_policy.go b/pkg/resources/row_access_policy.go
index c9fd812af31..afe4d7ba12f 100644
--- a/pkg/resources/row_access_policy.go
+++ b/pkg/resources/row_access_policy.go
@@ -101,6 +101,7 @@ func RowAccessPolicy() *schema.Resource {
ReadContext: ReadRowAccessPolicy,
UpdateContext: UpdateRowAccessPolicy,
DeleteContext: DeleteRowAccessPolicy,
+ Description: "Resource used to manage row access policy objects. For more information, check [row access policy documentation](https://docs.snowflake.com/en/sql-reference/sql/create-row-access-policy).",
Schema: rowAccessPolicySchema,
Importer: &schema.ResourceImporter{
diff --git a/pkg/sdk/row_access_policies_def.go b/pkg/sdk/row_access_policies_def.go
index cd6e24553f0..02d42c0dbb7 100644
--- a/pkg/sdk/row_access_policies_def.go
+++ b/pkg/sdk/row_access_policies_def.go
@@ -87,7 +87,8 @@ var RowAccessPoliciesDef = g.NewInterface(
Show().
SQL("ROW ACCESS POLICIES").
OptionalLike().
- OptionalIn(),
+ OptionalExtendedIn().
+ OptionalLimitFrom(),
).
ShowByIdOperation().
DescribeOperation(
diff --git a/pkg/sdk/row_access_policies_dto_builders_gen.go b/pkg/sdk/row_access_policies_dto_builders_gen.go
index db5e787d4b0..ffdc0454dd8 100644
--- a/pkg/sdk/row_access_policies_dto_builders_gen.go
+++ b/pkg/sdk/row_access_policies_dto_builders_gen.go
@@ -105,11 +105,16 @@ func (s *ShowRowAccessPolicyRequest) WithLike(Like *Like) *ShowRowAccessPolicyRe
return s
}
-func (s *ShowRowAccessPolicyRequest) WithIn(In *In) *ShowRowAccessPolicyRequest {
+func (s *ShowRowAccessPolicyRequest) WithIn(In *ExtendedIn) *ShowRowAccessPolicyRequest {
s.In = In
return s
}
+func (s *ShowRowAccessPolicyRequest) WithLimit(Limit *LimitFrom) *ShowRowAccessPolicyRequest {
+ s.Limit = Limit
+ return s
+}
+
func NewDescribeRowAccessPolicyRequest(
name SchemaObjectIdentifier,
) *DescribeRowAccessPolicyRequest {
diff --git a/pkg/sdk/row_access_policies_dto_gen.go b/pkg/sdk/row_access_policies_dto_gen.go
index 5b028c12d0e..3a6e894eed8 100644
--- a/pkg/sdk/row_access_policies_dto_gen.go
+++ b/pkg/sdk/row_access_policies_dto_gen.go
@@ -40,8 +40,9 @@ type DropRowAccessPolicyRequest struct {
}
type ShowRowAccessPolicyRequest struct {
- Like *Like
- In *In
+ Like *Like
+ In *ExtendedIn
+ Limit *LimitFrom
}
type DescribeRowAccessPolicyRequest struct {
diff --git a/pkg/sdk/row_access_policies_gen.go b/pkg/sdk/row_access_policies_gen.go
index 6fdb9af2fb0..df9d720e11b 100644
--- a/pkg/sdk/row_access_policies_gen.go
+++ b/pkg/sdk/row_access_policies_gen.go
@@ -58,10 +58,11 @@ type DropRowAccessPolicyOptions struct {
// ShowRowAccessPolicyOptions is based on https://docs.snowflake.com/en/sql-reference/sql/show-row-access-policies.
type ShowRowAccessPolicyOptions struct {
- show bool `ddl:"static" sql:"SHOW"`
- rowAccessPolicies bool `ddl:"static" sql:"ROW ACCESS POLICIES"`
- Like *Like `ddl:"keyword" sql:"LIKE"`
- In *In `ddl:"keyword" sql:"IN"`
+ show bool `ddl:"static" sql:"SHOW"`
+ rowAccessPolicies bool `ddl:"static" sql:"ROW ACCESS POLICIES"`
+ Like *Like `ddl:"keyword" sql:"LIKE"`
+ In *ExtendedIn `ddl:"keyword" sql:"IN"`
+ Limit *LimitFrom `ddl:"keyword" sql:"LIMIT"`
}
type rowAccessPolicyDBRow struct {
diff --git a/pkg/sdk/row_access_policies_gen_test.go b/pkg/sdk/row_access_policies_gen_test.go
index 4363fac206c..f4590f3b9e9 100644
--- a/pkg/sdk/row_access_policies_gen_test.go
+++ b/pkg/sdk/row_access_policies_gen_test.go
@@ -214,10 +214,16 @@ func TestRowAccessPolicies_Show(t *testing.T) {
opts.Like = &Like{
Pattern: String("myaccount"),
}
- opts.In = &In{
- Account: Bool(true),
+ opts.In = &ExtendedIn{
+ In: In{
+ Account: Bool(true),
+ },
+ }
+ opts.Limit = &LimitFrom{
+ Rows: Pointer(10),
+ From: Pointer("foo"),
}
- assertOptsValidAndSQLEquals(t, opts, "SHOW ROW ACCESS POLICIES LIKE 'myaccount' IN ACCOUNT")
+ assertOptsValidAndSQLEquals(t, opts, "SHOW ROW ACCESS POLICIES LIKE 'myaccount' IN ACCOUNT LIMIT 10 FROM 'foo'")
})
}
diff --git a/pkg/sdk/row_access_policies_impl_gen.go b/pkg/sdk/row_access_policies_impl_gen.go
index 8f04e4eae2d..e008b5a62c2 100644
--- a/pkg/sdk/row_access_policies_impl_gen.go
+++ b/pkg/sdk/row_access_policies_impl_gen.go
@@ -38,7 +38,7 @@ func (v *rowAccessPolicies) Show(ctx context.Context, request *ShowRowAccessPoli
}
func (v *rowAccessPolicies) ShowByID(ctx context.Context, id SchemaObjectIdentifier) (*RowAccessPolicy, error) {
- request := NewShowRowAccessPolicyRequest().WithIn(&In{Schema: id.SchemaId()}).WithLike(&Like{String(id.Name())})
+ request := NewShowRowAccessPolicyRequest().WithIn(&ExtendedIn{In: In{Schema: id.SchemaId()}}).WithLike(&Like{String(id.Name())})
rowAccessPolicies, err := v.Show(ctx, request)
if err != nil {
return nil, err
@@ -99,8 +99,9 @@ func (r *DropRowAccessPolicyRequest) toOpts() *DropRowAccessPolicyOptions {
func (r *ShowRowAccessPolicyRequest) toOpts() *ShowRowAccessPolicyOptions {
opts := &ShowRowAccessPolicyOptions{
- Like: r.Like,
- In: r.In,
+ Like: r.Like,
+ In: r.In,
+ Limit: r.Limit,
}
return opts
}
diff --git a/pkg/sdk/testint/row_access_policies_gen_integration_test.go b/pkg/sdk/testint/row_access_policies_gen_integration_test.go
index 8e89b9ebf0d..87d1eb79fe9 100644
--- a/pkg/sdk/testint/row_access_policies_gen_integration_test.go
+++ b/pkg/sdk/testint/row_access_policies_gen_integration_test.go
@@ -228,7 +228,8 @@ func TestInt_RowAccessPolicies(t *testing.T) {
showRequest := sdk.NewShowRowAccessPolicyRequest().
WithLike(&sdk.Like{Pattern: &rowAccessPolicy1.Name}).
- WithIn(&sdk.In{Schema: testClientHelper().Ids.SchemaId()})
+ WithIn(&sdk.ExtendedIn{In: sdk.In{Schema: testClientHelper().Ids.SchemaId()}}).
+ WithLimit(&sdk.LimitFrom{Rows: sdk.Int(5)})
returnedRowAccessPolicies, err := client.RowAccessPolicies.Show(ctx, showRequest)
require.NoError(t, err)
diff --git a/templates/data-sources/row_access_policies.md.tmpl b/templates/data-sources/row_access_policies.md.tmpl
new file mode 100644
index 00000000000..abd91a8e36c
--- /dev/null
+++ b/templates/data-sources/row_access_policies.md.tmpl
@@ -0,0 +1,24 @@
+---
+page_title: "{{.Name}} {{.Type}} - {{.ProviderName}}"
+subcategory: ""
+description: |-
+{{ if gt (len (split .Description "")) 1 -}}
+{{ index (split .Description "") 1 | plainmarkdown | trimspace | prefixlines " " }}
+{{- else -}}
+{{ .Description | plainmarkdown | trimspace | prefixlines " " }}
+{{- end }}
+---
+
+!> **V1 release candidate** This data source was reworked and is a release candidate for the V1. We do not expect significant changes in it before the V1. We will welcome any feedback and adjust the data source if needed. Any errors reported will be resolved with a higher priority. We encourage checking this data source out before the V1 release. Please follow the [migration guide](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md#v0950--v0960) to use it.
+
+# {{.Name}} ({{.Type}})
+
+{{ .Description | trimspace }}
+
+{{ if .HasExample -}}
+## Example Usage
+
+{{ tffile (printf "examples/data-sources/%s/data-source.tf" .Name)}}
+{{- end }}
+
+{{ .SchemaMarkdown | trimspace }}