Skip to content

Commit

Permalink
wip
Browse files Browse the repository at this point in the history
  • Loading branch information
@sfc-gh-jcieslak
sfc-gh-jcieslak committed Jan 30, 2024
1 parent eac1825 commit 7592e77
Show file tree
Hide file tree
Showing 32 changed files with 1,205 additions and 73 deletions.
127 changes: 106 additions & 21 deletions pkg/resources/grant_privileges_to_share.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,11 +24,11 @@ var grantPrivilegesToShareGrantExactlyOneOfValidation = []string{

var grantPrivilegesToShareSchema = map[string]*schema.Schema{
"share_name": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
Description: "The fully qualified name of the share on which privileges will be granted.",
ValidateDiagFunc: IsValidIdentifier[sdk.AccountObjectIdentifier](),
Type: schema.TypeString,
Required: true,
ForceNew: true,
Description: "The fully qualified name of the share on which privileges will be granted.",
//ValidateDiagFunc: IsValidIdentifier[sdk.AccountObjectIdentifier](),

Check failure on line 31 in pkg/resources/grant_privileges_to_share.go

View workflow job for this annotation

GitHub Actions / reviewdog 

[golangci] reported by reviewdog 🐶
File is not `gofumpt`-ed (gofumpt)

Raw Output:
pkg/resources/grant_privileges_to_share.go:31: File is not `gofumpt`-ed (gofumpt)
		//ValidateDiagFunc: IsValidIdentifier[sdk.AccountObjectIdentifier](),
},
"privileges": {
Type: schema.TypeSet,
Expand Down Expand Up @@ -82,7 +82,7 @@ var grantPrivilegesToShareSchema = map[string]*schema.Schema{
Optional: true,
ForceNew: true,
Description: "TODO",
ValidateDiagFunc: IsValidIdentifier[sdk.AccountObjectIdentifier](),
ValidateDiagFunc: IsValidIdentifier[sdk.SchemaObjectIdentifier](),
ExactlyOneOf: grantPrivilegesToShareGrantExactlyOneOfValidation,
},
"view_name": {
Expand Down Expand Up @@ -124,17 +124,17 @@ func ImportGrantPrivilegesToShare() func(ctx context.Context, d *schema.Resource

switch id.Kind {
case OnDatabaseShareGrantKind:
if err := d.Set("database_name", id.Identifier.FullyQualifiedName()); err != nil {
if err := d.Set("database_name", id.Identifier.Name()); err != nil {
return nil, err
}
case OnSchemaShareGrantKind:
if err := d.Set("schema_name", id.Identifier.FullyQualifiedName()); err != nil {
return nil, err
}
case OnFunctionShareGrantKind:
if err := d.Set("function_name", id.Identifier.FullyQualifiedName()); err != nil {
return nil, err
}
//case OnFunctionShareGrantKind:
// if err := d.Set("function_name", id.Identifier.FullyQualifiedName()); err != nil {
// return nil, err
// }
case OnTableShareGrantKind:
if err := d.Set("table_name", id.Identifier.FullyQualifiedName()); err != nil {
return nil, err
Expand Down Expand Up @@ -163,7 +163,7 @@ func CreateGrantPrivilegesToShare(ctx context.Context, d *schema.ResourceData, m
id := createGrantPrivilegesToShareIdFromSchema(d)
log.Printf("[DEBUG] created identifier from schema: %s", id.String())

err := client.Grants.GrantPrivilegeToShare(ctx, getObjectPrivilegesFromSchema(d), getShareGrantOn(d), id.ShareName)
err := client.Grants.GrantPrivilegeToShare(ctx, getObjectPrivilegesFromSchema(d), getShareGrantOn(d), sdk.NewAccountObjectIdentifier(id.ShareName.Name()))
if err != nil {
return diag.Diagnostics{
diag.Diagnostic{
Expand All @@ -180,6 +180,82 @@ func CreateGrantPrivilegesToShare(ctx context.Context, d *schema.ResourceData, m
}

func UpdateGrantPrivilegesToShare(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics {
db := meta.(*sql.DB)
client := sdk.NewClientFromDB(db)

id, err := ParseGrantPrivilegesToShareId(d.Id())
if err != nil {
return diag.Diagnostics{
diag.Diagnostic{
Severity: diag.Error,
Summary: "Failed to parse internal identifier",
Detail: fmt.Sprintf("Id: %s\nError: %s", d.Id(), err.Error()),
},
}
}

if d.HasChange("privileges") {
before, after := d.GetChange("privileges")
privilegesBeforeChange := expandStringList(before.(*schema.Set).List())
privilegesAfterChange := expandStringList(after.(*schema.Set).List())

var privilegesToAdd, privilegesToRemove []sdk.ObjectPrivilege

for _, privilegeBeforeChange := range privilegesBeforeChange {
if !slices.Contains(privilegesAfterChange, privilegeBeforeChange) {
privilegesToRemove = append(privilegesToRemove, sdk.ObjectPrivilege(privilegeBeforeChange))
}
}

for _, privilegeAfterChange := range privilegesAfterChange {
if !slices.Contains(privilegesBeforeChange, privilegeAfterChange) {
privilegesToAdd = append(privilegesToAdd, sdk.ObjectPrivilege(privilegeAfterChange))
}
}

grantOn := getShareGrantOn(d)

if len(privilegesToAdd) > 0 {
err = client.Grants.GrantPrivilegeToShare(
ctx,
privilegesToAdd,
grantOn,
sdk.NewAccountObjectIdentifier(id.ShareName.Name()),
)
if err != nil {
return diag.Diagnostics{
diag.Diagnostic{
Severity: diag.Error,
Summary: "Failed to grant added privileges",
Detail: fmt.Sprintf("Id: %s\nPrivileges to add: %v\nError: %s", d.Id(), privilegesToAdd, err.Error()),
},
}
}
}

if len(privilegesToRemove) > 0 {
logging.DebugLogger.Printf("[DEBUG] Revoking privileges: %v", privilegesToRemove)
err = client.Grants.RevokePrivilegeFromShare(
ctx,
privilegesToRemove,
grantOn,
sdk.NewAccountObjectIdentifier(id.ShareName.Name()),
)
if err != nil {
return diag.Diagnostics{
diag.Diagnostic{
Severity: diag.Error,
Summary: "Failed to revoke removed privileges",
Detail: fmt.Sprintf("Id: %s\nPrivileges to remove: %v\nError: %s", d.Id(), privilegesToRemove, err.Error()),
},
}
}
}

id.Privileges = privilegesAfterChange
d.SetId(id.String())
}

return ReadGrantPrivilegesToShare(ctx, d, meta)
}

Expand All @@ -198,7 +274,7 @@ func DeleteGrantPrivilegesToShare(ctx context.Context, d *schema.ResourceData, m
}
}

err = client.Grants.RevokePrivilegeFromShare(ctx, getObjectPrivilegesFromSchema(d), getShareGrantOn(d), id.ShareName)
err = client.Grants.RevokePrivilegeFromShare(ctx, getObjectPrivilegesFromSchema(d), getShareGrantOn(d), sdk.NewAccountObjectIdentifier(id.ShareName.Name()))
if err != nil {
return diag.Diagnostics{
diag.Diagnostic{
Expand Down Expand Up @@ -244,10 +320,7 @@ func ReadGrantPrivilegesToShare(ctx context.Context, d *schema.ResourceData, met
}
}

// TODO: Read for
var privileges []string

logging.DebugLogger.Printf("[DEBUG] Filtering grants to be set on account: count = %d", len(grants))
for _, grant := range grants {
if grant.GrantedTo != sdk.ObjectTypeShare {
continue
Expand All @@ -264,7 +337,11 @@ func ReadGrantPrivilegesToShare(ctx context.Context, d *schema.ResourceData, met
}
}

logging.DebugLogger.Printf("[DEBUG] Setting privileges: %v", privileges)
// It's a pseudo-role, so we have to append it whenever it's specified in the configuration
if slices.Contains(id.Privileges, sdk.ObjectPrivilegeReferenceUsage.String()) {
privileges = append(privileges, sdk.ObjectPrivilegeReferenceUsage.String())
}

if err := d.Set("privileges", privileges); err != nil {
return diag.Diagnostics{
diag.Diagnostic{
Expand All @@ -280,11 +357,12 @@ func ReadGrantPrivilegesToShare(ctx context.Context, d *schema.ResourceData, met

func createGrantPrivilegesToShareIdFromSchema(d *schema.ResourceData) *GrantPrivilegesToShareId {
id := new(GrantPrivilegesToShareId)
id.ShareName = sdk.NewAccountObjectIdentifier(d.Get("share_name").(string))
id.ShareName = sdk.NewExternalObjectIdentifierFromFullyQualifiedName(d.Get("share_name").(string))
id.Privileges = expandStringList(d.Get("privileges").(*schema.Set).List())

databaseName, databaseNameOk := d.GetOk("database_name")
schemaName, schemaNameOk := d.GetOk("schema_name")
//functionName, functionNameOk := d.GetOk("function_name")
tableName, tableNameOk := d.GetOk("table_name")
allTablesInSchema, allTablesInSchemaOk := d.GetOk("all_tables_in_schema")
tagName, tagNameOk := d.GetOk("tag_name")
Expand All @@ -297,6 +375,9 @@ func createGrantPrivilegesToShareIdFromSchema(d *schema.ResourceData) *GrantPriv
case schemaNameOk:
id.Kind = OnSchemaShareGrantKind
id.Identifier = sdk.NewDatabaseObjectIdentifierFromFullyQualifiedName(schemaName.(string))
//case functionNameOk:
// id.Kind = OnFunctionShareGrantKind
// id.Identifier = sdk.NewSchemaObjectIdentifierFromFullyQualifiedName(functionName.(string))
case tableNameOk:
id.Kind = OnTableShareGrantKind
id.Identifier = sdk.NewSchemaObjectIdentifierFromFullyQualifiedName(tableName.(string))
Expand All @@ -305,7 +386,7 @@ func createGrantPrivilegesToShareIdFromSchema(d *schema.ResourceData) *GrantPriv
id.Identifier = sdk.NewDatabaseObjectIdentifierFromFullyQualifiedName(allTablesInSchema.(string))
case tagNameOk:
id.Kind = OnTagShareGrantKind
id.Identifier = sdk.NewAccountObjectIdentifierFromFullyQualifiedName(tagName.(string))
id.Identifier = sdk.NewSchemaObjectIdentifierFromFullyQualifiedName(tagName.(string))
case viewNameOk:
id.Kind = OnViewShareGrantKind
id.Identifier = sdk.NewSchemaObjectIdentifierFromFullyQualifiedName(viewName.(string))
Expand All @@ -328,6 +409,7 @@ func getShareGrantOn(d *schema.ResourceData) *sdk.ShareGrantOn {

databaseName, databaseNameOk := d.GetOk("database_name")
schemaName, schemaNameOk := d.GetOk("schema_name")
//functionName, functionNameOk := d.GetOk("table_name")
tableName, tableNameOk := d.GetOk("table_name")
allTablesInSchema, allTablesInSchemaOk := d.GetOk("all_tables_in_schema")
tagName, tagNameOk := d.GetOk("tag_name")
Expand All @@ -338,6 +420,8 @@ func getShareGrantOn(d *schema.ResourceData) *sdk.ShareGrantOn {
grantOn.Database = sdk.NewAccountObjectIdentifierFromFullyQualifiedName(databaseName.(string))
case len(schemaName.(string)) > 0 && schemaNameOk:
grantOn.Schema = sdk.NewDatabaseObjectIdentifierFromFullyQualifiedName(schemaName.(string))
//case len(functionName.(string)) > 0 && functionNameOk:
// grantOn.Function = sdk.NewSchemaObjectIdentifierFromFullyQualifiedName(functionName.(string))
case len(tableName.(string)) > 0 && tableNameOk:
grantOn.Table = &sdk.OnTable{
Name: sdk.NewSchemaObjectIdentifierFromFullyQualifiedName(tableName.(string)),
Expand All @@ -347,7 +431,7 @@ func getShareGrantOn(d *schema.ResourceData) *sdk.ShareGrantOn {
AllInSchema: sdk.NewDatabaseObjectIdentifierFromFullyQualifiedName(allTablesInSchema.(string)),
}
case len(tagName.(string)) > 0 && tagNameOk:
grantOn.Tag = sdk.NewAccountObjectIdentifierFromFullyQualifiedName(tagName.(string))
grantOn.Tag = sdk.NewSchemaObjectIdentifierFromFullyQualifiedName(tagName.(string))
case len(viewName.(string)) > 0 && viewNameOk:
grantOn.View = sdk.NewSchemaObjectIdentifierFromFullyQualifiedName(viewName.(string))
}
Expand Down Expand Up @@ -387,5 +471,6 @@ func prepareShowGrantsRequestForShare(id GrantPrivilegesToShareId) (*sdk.ShowGra
Name: id.Identifier,
},
}
return opts, "", nil

return opts, objectType, nil
}
Loading

0 comments on commit 7592e77

Please sign in to comment.