diff --git a/docs/resources/grant_privileges_to_database_role.md b/docs/resources/grant_privileges_to_database_role.md index f0510c0a30c..067ee9caea3 100644 --- a/docs/resources/grant_privileges_to_database_role.md +++ b/docs/resources/grant_privileges_to_database_role.md @@ -301,6 +301,9 @@ On future contains inner types for all options. #### Grant list of privileges OnAllSchemasInDatabase `terraform import "\"test_db\".\"test_db_role\"|false|false|CREATE TAG,CREATE TABLE|OnSchema|OnAllSchemasInDatabase|\"test_db\""` +#### Grant list of privileges on table +`terraform import "\"test_db\".\"test_db_role\"|false|false|SELECT,DELETE,INSERT|OnSchemaObject|OnObject|TABLE|\"test_db\".\"test_schema\".\"test_table\""` + #### Grant list of privileges OnAll tables in schema -`terraform import "\"test_db\".\"test_db_role\"|false|false|SELECT|OnSchemaObject|OnAll|TABLES|InSchema|\"test_db\".\"test_schema\""` +`terraform import "\"test_db\".\"test_db_role\"|false|false|SELECT,DELETE,INSERT|OnSchemaObject|OnAll|TABLES|InSchema|\"test_db\".\"test_schema\""` diff --git a/pkg/resources/grant_privileges_to_database_role.go b/pkg/resources/grant_privileges_to_database_role.go index 0c4e2ff57e5..8f4b9f0cb38 100644 --- a/pkg/resources/grant_privileges_to_database_role.go +++ b/pkg/resources/grant_privileges_to_database_role.go @@ -12,7 +12,6 @@ import ( "github.com/hashicorp/go-uuid" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" ) // TODO: Handle IMPORTED PRIVILEGES privilege (after second account will be added - SNOW-976501) @@ -156,32 +155,7 @@ var grantPrivilegesToDatabaseRoleSchema = map[string]*schema.Schema{ "on_schema_object.0.all", "on_schema_object.0.future", }, - ValidateFunc: validation.StringInSlice([]string{ - sdk.ObjectTypeAlert.String(), - sdk.ObjectTypeDynamicTable.String(), - sdk.ObjectTypeEventTable.String(), - sdk.ObjectTypeFileFormat.String(), - sdk.ObjectTypeFunction.String(), - sdk.ObjectTypeProcedure.String(), - sdk.ObjectTypeSecret.String(), - sdk.ObjectTypeSequence.String(), - sdk.ObjectTypePipe.String(), - sdk.ObjectTypeMaskingPolicy.String(), - sdk.ObjectTypePasswordPolicy.String(), - sdk.ObjectTypeRowAccessPolicy.String(), - sdk.ObjectTypeSessionPolicy.String(), - sdk.ObjectTypeTag.String(), - sdk.ObjectTypeStage.String(), - sdk.ObjectTypeStream.String(), - sdk.ObjectTypeTable.String(), - sdk.ObjectTypeExternalTable.String(), - sdk.ObjectTypeTask.String(), - sdk.ObjectTypeView.String(), - sdk.ObjectTypeMaterializedView.String(), - sdk.ObjectTypeNetworkRule.String(), - sdk.ObjectTypePackagesPolicy.String(), - sdk.ObjectTypeIcebergTable.String(), - }, true), + ValidateDiagFunc: ValidObjectType(), }, "object_name": { Type: schema.TypeString, @@ -241,36 +215,11 @@ var grantPrivilegesToDatabaseRoleSchema = map[string]*schema.Schema{ var grantPrivilegesOnDatabaseRoleBulkOperationSchema = map[string]*schema.Schema{ "object_type_plural": { - Type: schema.TypeString, - Required: true, - ForceNew: true, - Description: "The plural object type of the schema object on which privileges will be granted. Valid values are: ALERTS | DYNAMIC TABLES | EVENT TABLES | FILE FORMATS | FUNCTIONS | PROCEDURES | SECRETS | SEQUENCES | PIPES | MASKING POLICIES | PASSWORD POLICIES | ROW ACCESS POLICIES | SESSION POLICIES | TAGS | STAGES | STREAMS | TABLES | EXTERNAL TABLES | TASKS | VIEWS | MATERIALIZED VIEWS | NETWORK RULES | PACKAGES POLICIES | ICEBERG TABLES", - ValidateFunc: validation.StringInSlice([]string{ - sdk.PluralObjectTypeAlerts.String(), - sdk.PluralObjectTypeDynamicTables.String(), - sdk.PluralObjectTypeEventTables.String(), - sdk.PluralObjectTypeFileFormats.String(), - sdk.PluralObjectTypeFunctions.String(), - sdk.PluralObjectTypeProcedures.String(), - sdk.PluralObjectTypeSecrets.String(), - sdk.PluralObjectTypeSequences.String(), - sdk.PluralObjectTypePipes.String(), - sdk.PluralObjectTypeMaskingPolicies.String(), - sdk.PluralObjectTypePasswordPolicies.String(), - sdk.PluralObjectTypeRowAccessPolicies.String(), - sdk.PluralObjectTypeSessionPolicies.String(), - sdk.PluralObjectTypeTags.String(), - sdk.PluralObjectTypeStages.String(), - sdk.PluralObjectTypeStreams.String(), - sdk.PluralObjectTypeTables.String(), - sdk.PluralObjectTypeExternalTables.String(), - sdk.PluralObjectTypeTasks.String(), - sdk.PluralObjectTypeViews.String(), - sdk.PluralObjectTypeMaterializedViews.String(), - sdk.PluralObjectTypeNetworkRules.String(), - sdk.PluralObjectTypePackagesPolicies.String(), - sdk.PluralObjectTypeIcebergTables.String(), - }, true), + Type: schema.TypeString, + Required: true, + ForceNew: true, + Description: "The plural object type of the schema object on which privileges will be granted. Valid values are: ALERTS | DYNAMIC TABLES | EVENT TABLES | FILE FORMATS | FUNCTIONS | PROCEDURES | SECRETS | SEQUENCES | PIPES | MASKING POLICIES | PASSWORD POLICIES | ROW ACCESS POLICIES | SESSION POLICIES | TAGS | STAGES | STREAMS | TABLES | EXTERNAL TABLES | TASKS | VIEWS | MATERIALIZED VIEWS | NETWORK RULES | PACKAGES POLICIES | ICEBERG TABLES", + ValidateDiagFunc: ValidPluralObjectType(), }, "in_database": { Type: schema.TypeString, diff --git a/pkg/resources/grant_privileges_to_database_role_acceptance_test.go b/pkg/resources/grant_privileges_to_database_role_acceptance_test.go index 7d9e335edad..451c66f0486 100644 --- a/pkg/resources/grant_privileges_to_database_role_acceptance_test.go +++ b/pkg/resources/grant_privileges_to_database_role_acceptance_test.go @@ -45,7 +45,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_OnDatabase(t *testing.T) { Steps: []resource.TestStep{ { PreConfig: func() { createDatabaseRoleOutsideTerraform(t, name) }, - ConfigDirectory: config.TestNameDirectory(), + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnDatabase"), ConfigVariables: configVariables, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(resourceName, "database_role_name", databaseRoleName), @@ -59,7 +59,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_OnDatabase(t *testing.T) { ), }, { - ConfigDirectory: config.TestNameDirectory(), + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnDatabase"), ConfigVariables: configVariables, ResourceName: resourceName, ImportState: true, @@ -96,7 +96,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_OnDatabase_PrivilegesReversed(t *test Steps: []resource.TestStep{ { PreConfig: func() { createDatabaseRoleOutsideTerraform(t, name) }, - ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole_OnDatabase"), + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnDatabase"), ConfigVariables: configVariables, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(resourceName, "database_role_name", databaseRoleName), @@ -110,7 +110,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_OnDatabase_PrivilegesReversed(t *test ), }, { - ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole_OnDatabase"), + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnDatabase"), ConfigVariables: configVariables, ResourceName: resourceName, ImportState: true, @@ -147,7 +147,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_OnSchema(t *testing.T) { Steps: []resource.TestStep{ { PreConfig: func() { createDatabaseRoleOutsideTerraform(t, name) }, - ConfigDirectory: config.TestNameDirectory(), + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnSchema"), ConfigVariables: configVariables, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(resourceName, "database_role_name", databaseRoleName), @@ -161,7 +161,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_OnSchema(t *testing.T) { ), }, { - ConfigDirectory: config.TestNameDirectory(), + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnSchema"), ConfigVariables: configVariables, ResourceName: resourceName, ImportState: true, @@ -181,7 +181,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_OnSchema_ExactlyOneOf(t *testing.T) { CheckDestroy: testAccCheckDatabaseRolePrivilegesRevoked, Steps: []resource.TestStep{ { - ConfigDirectory: config.TestNameDirectory(), + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnSchema_ExactlyOneOf"), PlanOnly: true, ExpectError: regexp.MustCompile("Error: Invalid combination of arguments"), }, @@ -215,7 +215,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_OnAllSchemasInDatabase(t *testing.T) Steps: []resource.TestStep{ { PreConfig: func() { createDatabaseRoleOutsideTerraform(t, name) }, - ConfigDirectory: config.TestNameDirectory(), + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnAllSchemasInDatabase"), ConfigVariables: configVariables, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(resourceName, "database_role_name", databaseRoleName), @@ -229,7 +229,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_OnAllSchemasInDatabase(t *testing.T) ), }, { - ConfigDirectory: config.TestNameDirectory(), + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnAllSchemasInDatabase"), ConfigVariables: configVariables, ResourceName: resourceName, ImportState: true, @@ -265,7 +265,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_OnFutureSchemasInDatabase(t *testing. Steps: []resource.TestStep{ { PreConfig: func() { createDatabaseRoleOutsideTerraform(t, name) }, - ConfigDirectory: config.TestNameDirectory(), + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnFutureSchemasInDatabase"), ConfigVariables: configVariables, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(resourceName, "database_role_name", databaseRoleName), @@ -279,7 +279,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_OnFutureSchemasInDatabase(t *testing. ), }, { - ConfigDirectory: config.TestNameDirectory(), + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnFutureSchemasInDatabase"), ConfigVariables: configVariables, ResourceName: resourceName, ImportState: true, @@ -318,7 +318,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_OnSchemaObject_OnObject(t *testing.T) Steps: []resource.TestStep{ { PreConfig: func() { createDatabaseRoleOutsideTerraform(t, name) }, - ConfigDirectory: config.TestNameDirectory(), + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnSchemaObject_OnObject"), ConfigVariables: configVariables, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(resourceName, "database_role_name", databaseRoleName), @@ -333,7 +333,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_OnSchemaObject_OnObject(t *testing.T) ), }, { - ConfigDirectory: config.TestNameDirectory(), + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnSchemaObject_OnObject"), ConfigVariables: configVariables, ResourceName: resourceName, ImportState: true, @@ -367,7 +367,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_OnSchemaObject_OnObject_OwnershipPriv Steps: []resource.TestStep{ { PreConfig: func() { createDatabaseRoleOutsideTerraform(t, name) }, - ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole_OnSchemaObject_OnObject"), + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnSchemaObject_OnObject"), ConfigVariables: configVariables, ExpectError: regexp.MustCompile("Unsupported privilege 'OWNERSHIP'"), }, @@ -401,7 +401,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_OnSchemaObject_OnAll_InDatabase(t *te Steps: []resource.TestStep{ { PreConfig: func() { createDatabaseRoleOutsideTerraform(t, name) }, - ConfigDirectory: config.TestNameDirectory(), + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnSchemaObject_OnAll_InDatabase"), ConfigVariables: configVariables, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(resourceName, "database_role_name", databaseRoleName), @@ -417,7 +417,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_OnSchemaObject_OnAll_InDatabase(t *te ), }, { - ConfigDirectory: config.TestNameDirectory(), + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnSchemaObject_OnAll_InDatabase"), ConfigVariables: configVariables, ResourceName: resourceName, ImportState: true, @@ -453,7 +453,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_OnSchemaObject_OnFuture_InDatabase(t Steps: []resource.TestStep{ { PreConfig: func() { createDatabaseRoleOutsideTerraform(t, name) }, - ConfigDirectory: config.TestNameDirectory(), + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnSchemaObject_OnFuture_InDatabase"), ConfigVariables: configVariables, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(resourceName, "database_role_name", databaseRoleName), @@ -469,7 +469,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_OnSchemaObject_OnFuture_InDatabase(t ), }, { - ConfigDirectory: config.TestNameDirectory(), + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnSchemaObject_OnFuture_InDatabase"), ConfigVariables: configVariables, ResourceName: resourceName, ImportState: true, @@ -513,7 +513,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges(t *testing.T) { Steps: []resource.TestStep{ { PreConfig: func() { createDatabaseRoleOutsideTerraform(t, name) }, - ConfigDirectory: acc.ConfigurationInnerDirectory("privileges"), + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/UpdatePrivileges/privileges"), ConfigVariables: configVariables(false, []sdk.AccountObjectPrivilege{ sdk.AccountObjectPrivilegeCreateSchema, sdk.AccountObjectPrivilegeModify, @@ -527,7 +527,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges(t *testing.T) { ), }, { - ConfigDirectory: acc.ConfigurationInnerDirectory("privileges"), + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/UpdatePrivileges/privileges"), ConfigVariables: configVariables(false, []sdk.AccountObjectPrivilege{ sdk.AccountObjectPrivilegeCreateSchema, sdk.AccountObjectPrivilegeMonitor, @@ -543,7 +543,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges(t *testing.T) { ), }, { - ConfigDirectory: acc.ConfigurationInnerDirectory("all_privileges"), + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/UpdatePrivileges/all_privileges"), ConfigVariables: configVariables(true, []sdk.AccountObjectPrivilege{}), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(resourceName, "all_privileges", "true"), @@ -552,7 +552,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges(t *testing.T) { ), }, { - ConfigDirectory: acc.ConfigurationInnerDirectory("privileges"), + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/UpdatePrivileges/privileges"), ConfigVariables: configVariables(false, []sdk.AccountObjectPrivilege{ sdk.AccountObjectPrivilegeModify, sdk.AccountObjectPrivilegeMonitor, @@ -605,7 +605,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges_SnowflakeChecked(t * Steps: []resource.TestStep{ { PreConfig: func() { createDatabaseRoleOutsideTerraform(t, name) }, - ConfigDirectory: acc.ConfigurationInnerDirectory("privileges"), + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/UpdatePrivileges_SnowflakeChecked/privileges"), ConfigVariables: configVariables(false, []string{ sdk.AccountObjectPrivilegeCreateSchema.String(), sdk.AccountObjectPrivilegeModify.String(), @@ -617,7 +617,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges_SnowflakeChecked(t * ), }, { - ConfigDirectory: acc.ConfigurationInnerDirectory("all_privileges"), + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/UpdatePrivileges_SnowflakeChecked/all_privileges"), ConfigVariables: configVariables(true, []string{}, ""), Check: queriedPrivilegesContainAtLeast( databaseRoleName, @@ -629,7 +629,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges_SnowflakeChecked(t * ), }, { - ConfigDirectory: acc.ConfigurationInnerDirectory("privileges"), + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/UpdatePrivileges_SnowflakeChecked/privileges"), ConfigVariables: configVariables(false, []string{ sdk.AccountObjectPrivilegeModify.String(), sdk.AccountObjectPrivilegeMonitor.String(), @@ -641,7 +641,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges_SnowflakeChecked(t * ), }, { - ConfigDirectory: acc.ConfigurationInnerDirectory("on_schema"), + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/UpdatePrivileges_SnowflakeChecked/on_schema"), ConfigVariables: configVariables(false, []string{ sdk.SchemaPrivilegeCreateTask.String(), sdk.SchemaPrivilegeCreateExternalTable.String(), @@ -681,7 +681,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_AlwaysApply(t *testing.T) { Steps: []resource.TestStep{ { PreConfig: func() { createDatabaseRoleOutsideTerraform(t, name) }, - ConfigDirectory: config.TestNameDirectory(), + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/AlwaysApply"), ConfigVariables: configVariables(false), ConfigPlanChecks: resource.ConfigPlanChecks{ PostApplyPostRefresh: []plancheck.PlanCheck{ @@ -694,7 +694,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_AlwaysApply(t *testing.T) { ), }, { - ConfigDirectory: config.TestNameDirectory(), + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/AlwaysApply"), ConfigVariables: configVariables(true), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(resourceName, "always_apply", "true"), @@ -703,7 +703,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_AlwaysApply(t *testing.T) { ExpectNonEmptyPlan: true, }, { - ConfigDirectory: config.TestNameDirectory(), + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/AlwaysApply"), ConfigVariables: configVariables(true), ConfigPlanChecks: resource.ConfigPlanChecks{ PreApply: []plancheck.PlanCheck{ @@ -717,7 +717,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_AlwaysApply(t *testing.T) { ExpectNonEmptyPlan: true, }, { - ConfigDirectory: config.TestNameDirectory(), + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/AlwaysApply"), ConfigVariables: configVariables(true), ConfigPlanChecks: resource.ConfigPlanChecks{ PreApply: []plancheck.PlanCheck{ @@ -731,7 +731,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_AlwaysApply(t *testing.T) { ExpectNonEmptyPlan: true, }, { - ConfigDirectory: config.TestNameDirectory(), + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/AlwaysApply"), ConfigVariables: configVariables(false), ConfigPlanChecks: resource.ConfigPlanChecks{ PostApplyPostRefresh: []plancheck.PlanCheck{ diff --git a/pkg/resources/grant_privileges_to_role.go b/pkg/resources/grant_privileges_to_role.go index 9e2eca57caa..25deef01bc9 100644 --- a/pkg/resources/grant_privileges_to_role.go +++ b/pkg/resources/grant_privileges_to_role.go @@ -123,36 +123,13 @@ var grantPrivilegesToRoleSchema = map[string]*schema.Schema{ Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "object_type": { - Type: schema.TypeString, - Optional: true, - Description: "The object type of the schema object on which privileges will be granted. Valid values are: ALERT | DYNAMIC TABLE | EVENT TABLE | FILE FORMAT | FUNCTION | ICEBERG TABLE | PROCEDURE | SECRET | SEQUENCE | PIPE | MASKING POLICY | PASSWORD POLICY | ROW ACCESS POLICY | SESSION POLICY | TAG | STAGE | STREAM | TABLE | EXTERNAL TABLE | TASK | VIEW | MATERIALIZED VIEW", - RequiredWith: []string{"on_schema_object.0.object_name"}, - ConflictsWith: []string{"on_schema_object.0.all", "on_schema_object.0.future"}, - ForceNew: true, - ValidateFunc: validation.StringInSlice([]string{ - "ALERT", - "DYNAMIC TABLE", - "EVENT TABLE", - "FILE FORMAT", - "FUNCTION", - "ICEBERG TABLE", - "PROCEDURE", - "SECRET", - "SEQUENCE", - "PIPE", - "MASKING POLICY", - "PASSWORD POLICY", - "ROW ACCESS POLICY", - "SESSION POLICY", - "TAG", - "STAGE", - "STREAM", - "TABLE", - "EXTERNAL TABLE", - "TASK", - "VIEW", - "MATERIALIZED VIEW", - }, true), + Type: schema.TypeString, + Optional: true, + Description: "The object type of the schema object on which privileges will be granted. Valid values are: ALERT | DYNAMIC TABLE | EVENT TABLE | FILE FORMAT | FUNCTION | ICEBERG TABLE | PROCEDURE | SECRET | SEQUENCE | PIPE | MASKING POLICY | PASSWORD POLICY | ROW ACCESS POLICY | SESSION POLICY | TAG | STAGE | STREAM | TABLE | EXTERNAL TABLE | TASK | VIEW | MATERIALIZED VIEW", + RequiredWith: []string{"on_schema_object.0.object_name"}, + ConflictsWith: []string{"on_schema_object.0.all", "on_schema_object.0.future"}, + ForceNew: true, + ValidateDiagFunc: ValidObjectType(), }, "object_name": { Type: schema.TypeString, @@ -172,34 +149,11 @@ var grantPrivilegesToRoleSchema = map[string]*schema.Schema{ Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "object_type_plural": { - Type: schema.TypeString, - Required: true, - Description: "The plural object type of the schema object on which privileges will be granted. Valid values are: ALERTS | DYNAMIC TABLES | EVENT TABLES | FILE FORMATS | FUNCTIONS | ICEBERG TABLES | PROCEDURES | SECRETS | SEQUENCES | PIPES | MASKING POLICIES | PASSWORD POLICIES | ROW ACCESS POLICIES | SESSION POLICIES | TAGS | STAGES | STREAMS | TABLES | EXTERNAL TABLES | TASKS | VIEWS | MATERIALIZED VIEWS", - ForceNew: true, - ValidateFunc: validation.StringInSlice([]string{ - "ALERTS", - "DYNAMIC TABLES", - "EVENT TABLES", - "FILE FORMATS", - "FUNCTIONS", - "ICEBERG TABLES", - "PROCEDURES", - "SECRETS", - "SEQUENCES", - "PIPES", - "MASKING POLICIES", - "PASSWORD POLICIES", - "ROW ACCESS POLICIES", - "SESSION POLICIES", - "TAGS", - "STAGES", - "STREAMS", - "TABLES", - "EXTERNAL TABLES", - "TASKS", - "VIEWS", - "MATERIALIZED VIEWS", - }, true), + Type: schema.TypeString, + Required: true, + Description: "The plural object type of the schema object on which privileges will be granted. Valid values are: ALERTS | DYNAMIC TABLES | EVENT TABLES | FILE FORMATS | FUNCTIONS | ICEBERG TABLES | PROCEDURES | SECRETS | SEQUENCES | PIPES | MASKING POLICIES | PASSWORD POLICIES | ROW ACCESS POLICIES | SESSION POLICIES | TAGS | STAGES | STREAMS | TABLES | EXTERNAL TABLES | TASKS | VIEWS | MATERIALIZED VIEWS", + ForceNew: true, + ValidateDiagFunc: ValidPluralObjectType(), }, "in_database": { Type: schema.TypeString, @@ -229,34 +183,11 @@ var grantPrivilegesToRoleSchema = map[string]*schema.Schema{ Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "object_type_plural": { - Type: schema.TypeString, - Required: true, - Description: "The plural object type of the schema object on which privileges will be granted. Valid values are: ALERTS | DYNAMIC TABLES | EVENT TABLES | FILE FORMATS | FUNCTIONS | ICEBERG TABLES | PROCEDURES | SECRETS | SEQUENCES | PIPES | MASKING POLICIES | PASSWORD POLICIES | ROW ACCESS POLICIES | SESSION POLICIES | TAGS | STAGES | STREAMS | TABLES | EXTERNAL TABLES | TASKS | VIEWS | MATERIALIZED VIEWS", - ForceNew: true, - ValidateFunc: validation.StringInSlice([]string{ - "ALERTS", - "DYNAMIC TABLES", - "EVENT TABLES", - "FILE FORMATS", - "FUNCTIONS", - "ICEBERG TABLES", - "PROCEDURES", - "SECRETS", - "SEQUENCES", - "PIPES", - "MASKING POLICIES", - "PASSWORD POLICIES", - "ROW ACCESS POLICIES", - "SESSION POLICIES", - "TAGS", - "STAGES", - "STREAMS", - "TABLES", - "EXTERNAL TABLES", - "TASKS", - "VIEWS", - "MATERIALIZED VIEWS", - }, true), + Type: schema.TypeString, + Required: true, + Description: "The plural object type of the schema object on which privileges will be granted. Valid values are: ALERTS | DYNAMIC TABLES | EVENT TABLES | FILE FORMATS | FUNCTIONS | ICEBERG TABLES | PROCEDURES | SECRETS | SEQUENCES | PIPES | MASKING POLICIES | PASSWORD POLICIES | ROW ACCESS POLICIES | SESSION POLICIES | TAGS | STAGES | STREAMS | TABLES | EXTERNAL TABLES | TASKS | VIEWS | MATERIALIZED VIEWS", + ForceNew: true, + ValidateDiagFunc: ValidPluralObjectType(), }, "in_database": { Type: schema.TypeString, diff --git a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnFutureSchemasInDatabase/test.tf b/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole/OnFutureSchemasInDatabase/test.tf similarity index 100% rename from pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnFutureSchemasInDatabase/test.tf rename to pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole/OnFutureSchemasInDatabase/test.tf diff --git a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnAllSchemasInDatabase/variables.tf b/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole/OnFutureSchemasInDatabase/variables.tf similarity index 100% rename from pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnAllSchemasInDatabase/variables.tf rename to pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole/OnFutureSchemasInDatabase/variables.tf diff --git a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnSchema/test.tf b/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole/OnSchema/test.tf similarity index 100% rename from pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnSchema/test.tf rename to pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole/OnSchema/test.tf diff --git a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnSchema/variables.tf b/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole/OnSchema/variables.tf similarity index 100% rename from pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnSchema/variables.tf rename to pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole/OnSchema/variables.tf diff --git a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnSchemaObject_OnObject/test.tf b/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole/OnSchemaObject_OnObject/test.tf similarity index 100% rename from pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnSchemaObject_OnObject/test.tf rename to pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole/OnSchemaObject_OnObject/test.tf diff --git a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnSchemaObject_OnObject/variables.tf b/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole/OnSchemaObject_OnObject/variables.tf similarity index 100% rename from pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnSchemaObject_OnObject/variables.tf rename to pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole/OnSchemaObject_OnObject/variables.tf diff --git a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnSchema_ExactlyOneOf/test.tf b/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole/OnSchema_ExactlyOneOf/test.tf similarity index 100% rename from pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnSchema_ExactlyOneOf/test.tf rename to pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole/OnSchema_ExactlyOneOf/test.tf diff --git a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_AlwaysApply/test.tf b/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_AlwaysApply/test.tf deleted file mode 100644 index 4b855bb7088..00000000000 --- a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_AlwaysApply/test.tf +++ /dev/null @@ -1,6 +0,0 @@ -resource "snowflake_grant_privileges_to_database_role" "test" { - database_role_name = "${var.database}.${var.name}" - all_privileges = var.all_privileges - on_database = var.database - always_apply = var.always_apply -} diff --git a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_AlwaysApply/variables.tf b/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_AlwaysApply/variables.tf deleted file mode 100644 index 563945ecc7d..00000000000 --- a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_AlwaysApply/variables.tf +++ /dev/null @@ -1,15 +0,0 @@ -variable "name" { - type = string -} - -variable "all_privileges" { - type = bool -} - -variable "database" { - type = string -} - -variable "always_apply" { - type = bool -} diff --git a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnAllSchemasInDatabase/test.tf b/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnAllSchemasInDatabase/test.tf deleted file mode 100644 index ebde56ec07b..00000000000 --- a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnAllSchemasInDatabase/test.tf +++ /dev/null @@ -1,9 +0,0 @@ -resource "snowflake_grant_privileges_to_database_role" "test" { - database_role_name = "\"${var.database}\".\"${var.name}\"" - privileges = var.privileges - with_grant_option = var.with_grant_option - - on_schema { - all_schemas_in_database = "\"${var.database}\"" - } -} diff --git a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnDatabase/test.tf b/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnDatabase/test.tf deleted file mode 100644 index 83113802bea..00000000000 --- a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnDatabase/test.tf +++ /dev/null @@ -1,6 +0,0 @@ -resource "snowflake_grant_privileges_to_database_role" "test" { - database_role_name = "\"${var.database}\".\"${var.name}\"" - privileges = var.privileges - on_database = "\"${var.database}\"" - with_grant_option = var.with_grant_option -} diff --git a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnDatabase/variables.tf b/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnDatabase/variables.tf deleted file mode 100644 index 0e22e903d7d..00000000000 --- a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnDatabase/variables.tf +++ /dev/null @@ -1,15 +0,0 @@ -variable "name" { - type = string -} - -variable "privileges" { - type = list(string) -} - -variable "database" { - type = string -} - -variable "with_grant_option" { - type = bool -} diff --git a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnFutureSchemasInDatabase/variables.tf b/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnFutureSchemasInDatabase/variables.tf deleted file mode 100644 index 0e22e903d7d..00000000000 --- a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnFutureSchemasInDatabase/variables.tf +++ /dev/null @@ -1,15 +0,0 @@ -variable "name" { - type = string -} - -variable "privileges" { - type = list(string) -} - -variable "database" { - type = string -} - -variable "with_grant_option" { - type = bool -} diff --git a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnSchemaObject_OnAll_InDatabase/test.tf b/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnSchemaObject_OnAll_InDatabase/test.tf deleted file mode 100644 index 230a702d236..00000000000 --- a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnSchemaObject_OnAll_InDatabase/test.tf +++ /dev/null @@ -1,12 +0,0 @@ -resource "snowflake_grant_privileges_to_database_role" "test" { - database_role_name = "\"${var.database}\".\"${var.name}\"" - privileges = var.privileges - with_grant_option = var.with_grant_option - - on_schema_object { - all { - object_type_plural = "TABLES" - in_database = "\"${var.database}\"" - } - } -} diff --git a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnSchemaObject_OnAll_InDatabase/variables.tf b/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnSchemaObject_OnAll_InDatabase/variables.tf deleted file mode 100644 index 0e22e903d7d..00000000000 --- a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnSchemaObject_OnAll_InDatabase/variables.tf +++ /dev/null @@ -1,15 +0,0 @@ -variable "name" { - type = string -} - -variable "privileges" { - type = list(string) -} - -variable "database" { - type = string -} - -variable "with_grant_option" { - type = bool -} diff --git a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnSchemaObject_OnFuture_InDatabase/test.tf b/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnSchemaObject_OnFuture_InDatabase/test.tf deleted file mode 100644 index 3463a24a8ff..00000000000 --- a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnSchemaObject_OnFuture_InDatabase/test.tf +++ /dev/null @@ -1,12 +0,0 @@ -resource "snowflake_grant_privileges_to_database_role" "test" { - database_role_name = "\"${var.database}\".\"${var.name}\"" - privileges = var.privileges - with_grant_option = var.with_grant_option - - on_schema_object { - future { - object_type_plural = "TABLES" - in_database = "\"${var.database}\"" - } - } -} diff --git a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnSchemaObject_OnFuture_InDatabase/variables.tf b/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnSchemaObject_OnFuture_InDatabase/variables.tf deleted file mode 100644 index 0e22e903d7d..00000000000 --- a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnSchemaObject_OnFuture_InDatabase/variables.tf +++ /dev/null @@ -1,15 +0,0 @@ -variable "name" { - type = string -} - -variable "privileges" { - type = list(string) -} - -variable "database" { - type = string -} - -variable "with_grant_option" { - type = bool -} diff --git a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges/all_privileges/test.tf b/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges/all_privileges/test.tf deleted file mode 100644 index 3fc26c3028f..00000000000 --- a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges/all_privileges/test.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "snowflake_grant_privileges_to_database_role" "test" { - database_role_name = "\"${var.database}\".\"${var.name}\"" - all_privileges = var.all_privileges - on_database = "\"${var.database}\"" -} diff --git a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges/all_privileges/variables.tf b/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges/all_privileges/variables.tf deleted file mode 100644 index cb4441bfce4..00000000000 --- a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges/all_privileges/variables.tf +++ /dev/null @@ -1,11 +0,0 @@ -variable "name" { - type = string -} - -variable "all_privileges" { - type = bool -} - -variable "database" { - type = string -} diff --git a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges/privileges/test.tf b/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges/privileges/test.tf deleted file mode 100644 index c1ea0cb24f8..00000000000 --- a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges/privileges/test.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "snowflake_grant_privileges_to_database_role" "test" { - database_role_name = "\"${var.database}\".\"${var.name}\"" - privileges = var.privileges - on_database = "\"${var.database}\"" -} diff --git a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges/privileges/variables.tf b/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges/privileges/variables.tf deleted file mode 100644 index 27eccc78836..00000000000 --- a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges/privileges/variables.tf +++ /dev/null @@ -1,11 +0,0 @@ -variable "name" { - type = string -} - -variable "privileges" { - type = list(string) -} - -variable "database" { - type = string -} diff --git a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges_SnowflakeChecked/all_privileges/test.tf b/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges_SnowflakeChecked/all_privileges/test.tf deleted file mode 100644 index 3fc26c3028f..00000000000 --- a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges_SnowflakeChecked/all_privileges/test.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "snowflake_grant_privileges_to_database_role" "test" { - database_role_name = "\"${var.database}\".\"${var.name}\"" - all_privileges = var.all_privileges - on_database = "\"${var.database}\"" -} diff --git a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges_SnowflakeChecked/all_privileges/variables.tf b/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges_SnowflakeChecked/all_privileges/variables.tf deleted file mode 100644 index cb4441bfce4..00000000000 --- a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges_SnowflakeChecked/all_privileges/variables.tf +++ /dev/null @@ -1,11 +0,0 @@ -variable "name" { - type = string -} - -variable "all_privileges" { - type = bool -} - -variable "database" { - type = string -} diff --git a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges_SnowflakeChecked/on_schema/test.tf b/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges_SnowflakeChecked/on_schema/test.tf deleted file mode 100644 index f7bd4d9f190..00000000000 --- a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges_SnowflakeChecked/on_schema/test.tf +++ /dev/null @@ -1,13 +0,0 @@ -resource "snowflake_schema" "test" { - database = var.database - name = var.schema_name -} - -resource "snowflake_grant_privileges_to_database_role" "test" { - depends_on = [snowflake_schema.test] - database_role_name = "\"${var.database}\".\"${var.name}\"" - privileges = var.privileges - on_schema { - schema_name = "${var.database}.${var.schema_name}" - } -} diff --git a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges_SnowflakeChecked/on_schema/variables.tf b/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges_SnowflakeChecked/on_schema/variables.tf deleted file mode 100644 index 90d9c044484..00000000000 --- a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges_SnowflakeChecked/on_schema/variables.tf +++ /dev/null @@ -1,15 +0,0 @@ -variable "name" { - type = string -} - -variable "privileges" { - type = list(string) -} - -variable "database" { - type = string -} - -variable "schema_name" { - type = string -} diff --git a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges_SnowflakeChecked/privileges/test.tf b/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges_SnowflakeChecked/privileges/test.tf deleted file mode 100644 index c1ea0cb24f8..00000000000 --- a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges_SnowflakeChecked/privileges/test.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "snowflake_grant_privileges_to_database_role" "test" { - database_role_name = "\"${var.database}\".\"${var.name}\"" - privileges = var.privileges - on_database = "\"${var.database}\"" -} diff --git a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges_SnowflakeChecked/privileges/variables.tf b/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges_SnowflakeChecked/privileges/variables.tf deleted file mode 100644 index 27eccc78836..00000000000 --- a/pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges_SnowflakeChecked/privileges/variables.tf +++ /dev/null @@ -1,11 +0,0 @@ -variable "name" { - type = string -} - -variable "privileges" { - type = list(string) -} - -variable "database" { - type = string -} diff --git a/pkg/resources/validators.go b/pkg/resources/validators.go index a517a7e0ab5..b14e122d7fa 100644 --- a/pkg/resources/validators.go +++ b/pkg/resources/validators.go @@ -3,6 +3,7 @@ package resources import ( "fmt" "reflect" + "strings" "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/helpers" "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk" @@ -108,3 +109,80 @@ func getExpectedIdentifierForm(id any) string { } return "" } + +func ValidObjectType() schema.SchemaValidateDiagFunc { + return StringInSlice([]string{ + sdk.ObjectTypeAlert.String(), + sdk.ObjectTypeDynamicTable.String(), + sdk.ObjectTypeEventTable.String(), + sdk.ObjectTypeFileFormat.String(), + sdk.ObjectTypeFunction.String(), + sdk.ObjectTypeProcedure.String(), + sdk.ObjectTypeSecret.String(), + sdk.ObjectTypeSequence.String(), + sdk.ObjectTypePipe.String(), + sdk.ObjectTypeMaskingPolicy.String(), + sdk.ObjectTypePasswordPolicy.String(), + sdk.ObjectTypeRowAccessPolicy.String(), + sdk.ObjectTypeSessionPolicy.String(), + sdk.ObjectTypeTag.String(), + sdk.ObjectTypeStage.String(), + sdk.ObjectTypeStream.String(), + sdk.ObjectTypeTable.String(), + sdk.ObjectTypeExternalTable.String(), + sdk.ObjectTypeTask.String(), + sdk.ObjectTypeView.String(), + sdk.ObjectTypeMaterializedView.String(), + sdk.ObjectTypeNetworkRule.String(), + sdk.ObjectTypePackagesPolicy.String(), + sdk.ObjectTypeIcebergTable.String(), + }, true) +} + +func ValidPluralObjectType() schema.SchemaValidateDiagFunc { + return StringInSlice( + []string{ + sdk.PluralObjectTypeAlerts.String(), + sdk.PluralObjectTypeDynamicTables.String(), + sdk.PluralObjectTypeEventTables.String(), + sdk.PluralObjectTypeFileFormats.String(), + sdk.PluralObjectTypeFunctions.String(), + sdk.PluralObjectTypeProcedures.String(), + sdk.PluralObjectTypeSecrets.String(), + sdk.PluralObjectTypeSequences.String(), + sdk.PluralObjectTypePipes.String(), + sdk.PluralObjectTypeMaskingPolicies.String(), + sdk.PluralObjectTypePasswordPolicies.String(), + sdk.PluralObjectTypeRowAccessPolicies.String(), + sdk.PluralObjectTypeSessionPolicies.String(), + sdk.PluralObjectTypeTags.String(), + sdk.PluralObjectTypeStages.String(), + sdk.PluralObjectTypeStreams.String(), + sdk.PluralObjectTypeTables.String(), + sdk.PluralObjectTypeExternalTables.String(), + sdk.PluralObjectTypeTasks.String(), + sdk.PluralObjectTypeViews.String(), + sdk.PluralObjectTypeMaterializedViews.String(), + sdk.PluralObjectTypeNetworkRules.String(), + sdk.PluralObjectTypePackagesPolicies.String(), + sdk.PluralObjectTypeIcebergTables.String(), + }, true) +} + +// StringInSlice has the same implementation as validation.StringInSlice, but adapted to schema.SchemaValidateDiagFunc +func StringInSlice(valid []string, ignoreCase bool) schema.SchemaValidateDiagFunc { + return func(i interface{}, path cty.Path) diag.Diagnostics { + v, ok := i.(string) + if !ok { + return diag.Errorf("expected type of %v to be string", path) + } + + for _, str := range valid { + if v == str || (ignoreCase && strings.EqualFold(v, str)) { + return nil + } + } + + return diag.Errorf("expected %v to be one of %q, got %s", path, valid, v) + } +} diff --git a/templates/resources/grant_privileges_to_database_role.md.tmpl b/templates/resources/grant_privileges_to_database_role.md.tmpl index a820281db94..6423a74cabf 100644 --- a/templates/resources/grant_privileges_to_database_role.md.tmpl +++ b/templates/resources/grant_privileges_to_database_role.md.tmpl @@ -91,6 +91,9 @@ On future contains inner types for all options. #### Grant list of privileges OnAllSchemasInDatabase `terraform import "\"test_db\".\"test_db_role\"|false|false|CREATE TAG,CREATE TABLE|OnSchema|OnAllSchemasInDatabase|\"test_db\""` +#### Grant list of privileges on table +`terraform import "\"test_db\".\"test_db_role\"|false|false|SELECT,DELETE,INSERT|OnSchemaObject|OnObject|TABLE|\"test_db\".\"test_schema\".\"test_table\""` + #### Grant list of privileges OnAll tables in schema -`terraform import "\"test_db\".\"test_db_role\"|false|false|SELECT|OnSchemaObject|OnAll|TABLES|InSchema|\"test_db\".\"test_schema\""` +`terraform import "\"test_db\".\"test_db_role\"|false|false|SELECT,DELETE,INSERT|OnSchemaObject|OnAll|TABLES|InSchema|\"test_db\".\"test_schema\""`