From 9d882fe27332d4e49e1596721cba54ca0eb33b07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Cie=C5=9Blak?= Date: Fri, 26 Jul 2024 12:32:55 +0200 Subject: [PATCH] fix: external function header parsing and add missing privileges (#2961) Changes: - Add CREATE NOTEBOOK privilege for on all/future grants (and other missing privileges based on the [Snowflake documentation](https://docs.snowflake.com/en/sql-reference/sql/grant-privilege)): #2960 - Fix header parsing in external function --- .../grant_privileges_to_account_role.md | 6 +- .../grant_privileges_to_database_role.md | 6 +- pkg/resources/external_function.go | 21 +++-- .../external_function_acceptance_test.go | 82 +++++++++++++++++++ ...ileges_to_database_role_acceptance_test.go | 40 +++++++++ pkg/sdk/grants_validations.go | 2 + pkg/sdk/object_types.go | 6 ++ pkg/sdk/privileges.go | 17 +++- 8 files changed, 163 insertions(+), 17 deletions(-) diff --git a/docs/resources/grant_privileges_to_account_role.md b/docs/resources/grant_privileges_to_account_role.md index d81fcba923..d9fb537172 100644 --- a/docs/resources/grant_privileges_to_account_role.md +++ b/docs/resources/grant_privileges_to_account_role.md @@ -300,14 +300,14 @@ Optional: - `all` (Block List, Max: 1) Configures the privilege to be granted on all objects in either a database or schema. (see [below for nested schema](#nestedblock--on_schema_object--all)) - `future` (Block List, Max: 1) Configures the privilege to be granted on future objects in either a database or schema. (see [below for nested schema](#nestedblock--on_schema_object--future)) - `object_name` (String) The fully qualified name of the object on which privileges will be granted. -- `object_type` (String) The object type of the schema object on which privileges will be granted. Valid values are: AGGREGATION POLICY | ALERT | AUTHENTICATION POLICY | CORTEX SEARCH SERVICE | DATA METRIC FUNCTION | DYNAMIC TABLE | EVENT TABLE | EXTERNAL TABLE | FILE FORMAT | FUNCTION | GIT REPOSITORY | HYBRID TABLE | IMAGE REPOSITORY | ICEBERG TABLE | MASKING POLICY | MATERIALIZED VIEW | MODEL | NETWORK RULE | PACKAGES POLICY | PASSWORD POLICY | PIPE | PROCEDURE | PROJECTION POLICY | ROW ACCESS POLICY | SECRET | SERVICE | SESSION POLICY | SEQUENCE | STAGE | STREAM | TABLE | TAG | TASK | VIEW | STREAMLIT +- `object_type` (String) The object type of the schema object on which privileges will be granted. Valid values are: AGGREGATION POLICY | ALERT | AUTHENTICATION POLICY | CORTEX SEARCH SERVICE | DATA METRIC FUNCTION | DYNAMIC TABLE | EVENT TABLE | EXTERNAL TABLE | FILE FORMAT | FUNCTION | GIT REPOSITORY | HYBRID TABLE | IMAGE REPOSITORY | ICEBERG TABLE | MASKING POLICY | MATERIALIZED VIEW | MODEL | NETWORK RULE | NOTEBOOK | PACKAGES POLICY | PASSWORD POLICY | PIPE | PROCEDURE | PROJECTION POLICY | ROW ACCESS POLICY | SECRET | SERVICE | SESSION POLICY | SEQUENCE | SNAPSHOT | STAGE | STREAM | TABLE | TAG | TASK | VIEW | STREAMLIT ### Nested Schema for `on_schema_object.all` Required: -- `object_type_plural` (String) The plural object type of the schema object on which privileges will be granted. Valid values are: AGGREGATION POLICIES | ALERTS | AUTHENTICATION POLICIES | CORTEX SEARCH SERVICES | DATA METRIC FUNCTIONS | DYNAMIC TABLES | EVENT TABLES | EXTERNAL TABLES | FILE FORMATS | FUNCTIONS | GIT REPOSITORIES | HYBRID TABLES | IMAGE REPOSITORIES | ICEBERG TABLES | MASKING POLICIES | MATERIALIZED VIEWS | MODELS | NETWORK RULES | PACKAGES POLICIES | PASSWORD POLICIES | PIPES | PROCEDURES | PROJECTION POLICIES | ROW ACCESS POLICIES | SECRETS | SERVICES | SESSION POLICIES | SEQUENCES | STAGES | STREAMS | TABLES | TAGS | TASKS | VIEWS | STREAMLITS. +- `object_type_plural` (String) The plural object type of the schema object on which privileges will be granted. Valid values are: AGGREGATION POLICIES | ALERTS | AUTHENTICATION POLICIES | CORTEX SEARCH SERVICES | DATA METRIC FUNCTIONS | DYNAMIC TABLES | EVENT TABLES | EXTERNAL TABLES | FILE FORMATS | FUNCTIONS | GIT REPOSITORIES | HYBRID TABLES | IMAGE REPOSITORIES | ICEBERG TABLES | MASKING POLICIES | MATERIALIZED VIEWS | MODELS | NETWORK RULES | NOTEBOOKS | PACKAGES POLICIES | PASSWORD POLICIES | PIPES | PROCEDURES | PROJECTION POLICIES | ROW ACCESS POLICIES | SECRETS | SERVICES | SESSION POLICIES | SEQUENCES | SNAPSHOTS | STAGES | STREAMS | TABLES | TAGS | TASKS | VIEWS | STREAMLITS. Optional: @@ -320,7 +320,7 @@ Optional: Required: -- `object_type_plural` (String) The plural object type of the schema object on which privileges will be granted. Valid values are: ALERTS | AUTHENTICATION POLICIES | DATA METRIC FUNCTIONS | DYNAMIC TABLES | EVENT TABLES | EXTERNAL TABLES | FILE FORMATS | FUNCTIONS | GIT REPOSITORIES | HYBRID TABLES | ICEBERG TABLES | MATERIALIZED VIEWS | MODELS | NETWORK RULES | PASSWORD POLICIES | PIPES | PROCEDURES | SECRETS | SERVICES | SEQUENCES | STAGES | STREAMS | TABLES | TASKS | VIEWS. +- `object_type_plural` (String) The plural object type of the schema object on which privileges will be granted. Valid values are: ALERTS | AUTHENTICATION POLICIES | DATA METRIC FUNCTIONS | DYNAMIC TABLES | EVENT TABLES | EXTERNAL TABLES | FILE FORMATS | FUNCTIONS | GIT REPOSITORIES | HYBRID TABLES | ICEBERG TABLES | MATERIALIZED VIEWS | MODELS | NETWORK RULES | NOTEBOOKS | PASSWORD POLICIES | PIPES | PROCEDURES | SECRETS | SERVICES | SEQUENCES | SNAPSHOTS | STAGES | STREAMS | TABLES | TASKS | VIEWS. Optional: diff --git a/docs/resources/grant_privileges_to_database_role.md b/docs/resources/grant_privileges_to_database_role.md index bb24088293..711cddcd8b 100644 --- a/docs/resources/grant_privileges_to_database_role.md +++ b/docs/resources/grant_privileges_to_database_role.md @@ -204,14 +204,14 @@ Optional: - `all` (Block List, Max: 1) Configures the privilege to be granted on all objects in either a database or schema. (see [below for nested schema](#nestedblock--on_schema_object--all)) - `future` (Block List, Max: 1) Configures the privilege to be granted on future objects in either a database or schema. (see [below for nested schema](#nestedblock--on_schema_object--future)) - `object_name` (String) The fully qualified name of the object on which privileges will be granted. -- `object_type` (String) The object type of the schema object on which privileges will be granted. Valid values are: AGGREGATION POLICY | ALERT | AUTHENTICATION POLICY | CORTEX SEARCH SERVICE | DATA METRIC FUNCTION | DYNAMIC TABLE | EVENT TABLE | EXTERNAL TABLE | FILE FORMAT | FUNCTION | GIT REPOSITORY | HYBRID TABLE | IMAGE REPOSITORY | ICEBERG TABLE | MASKING POLICY | MATERIALIZED VIEW | MODEL | NETWORK RULE | PACKAGES POLICY | PASSWORD POLICY | PIPE | PROCEDURE | PROJECTION POLICY | ROW ACCESS POLICY | SECRET | SERVICE | SESSION POLICY | SEQUENCE | STAGE | STREAM | TABLE | TAG | TASK | VIEW | STREAMLIT +- `object_type` (String) The object type of the schema object on which privileges will be granted. Valid values are: AGGREGATION POLICY | ALERT | AUTHENTICATION POLICY | CORTEX SEARCH SERVICE | DATA METRIC FUNCTION | DYNAMIC TABLE | EVENT TABLE | EXTERNAL TABLE | FILE FORMAT | FUNCTION | GIT REPOSITORY | HYBRID TABLE | IMAGE REPOSITORY | ICEBERG TABLE | MASKING POLICY | MATERIALIZED VIEW | MODEL | NETWORK RULE | NOTEBOOK | PACKAGES POLICY | PASSWORD POLICY | PIPE | PROCEDURE | PROJECTION POLICY | ROW ACCESS POLICY | SECRET | SERVICE | SESSION POLICY | SEQUENCE | SNAPSHOT | STAGE | STREAM | TABLE | TAG | TASK | VIEW | STREAMLIT ### Nested Schema for `on_schema_object.all` Required: -- `object_type_plural` (String) The plural object type of the schema object on which privileges will be granted. Valid values are: AGGREGATION POLICIES | ALERTS | AUTHENTICATION POLICIES | CORTEX SEARCH SERVICES | DATA METRIC FUNCTIONS | DYNAMIC TABLES | EVENT TABLES | EXTERNAL TABLES | FILE FORMATS | FUNCTIONS | GIT REPOSITORIES | HYBRID TABLES | IMAGE REPOSITORIES | ICEBERG TABLES | MASKING POLICIES | MATERIALIZED VIEWS | MODELS | NETWORK RULES | PACKAGES POLICIES | PASSWORD POLICIES | PIPES | PROCEDURES | PROJECTION POLICIES | ROW ACCESS POLICIES | SECRETS | SERVICES | SESSION POLICIES | SEQUENCES | STAGES | STREAMS | TABLES | TAGS | TASKS | VIEWS | STREAMLITS. +- `object_type_plural` (String) The plural object type of the schema object on which privileges will be granted. Valid values are: AGGREGATION POLICIES | ALERTS | AUTHENTICATION POLICIES | CORTEX SEARCH SERVICES | DATA METRIC FUNCTIONS | DYNAMIC TABLES | EVENT TABLES | EXTERNAL TABLES | FILE FORMATS | FUNCTIONS | GIT REPOSITORIES | HYBRID TABLES | IMAGE REPOSITORIES | ICEBERG TABLES | MASKING POLICIES | MATERIALIZED VIEWS | MODELS | NETWORK RULES | NOTEBOOKS | PACKAGES POLICIES | PASSWORD POLICIES | PIPES | PROCEDURES | PROJECTION POLICIES | ROW ACCESS POLICIES | SECRETS | SERVICES | SESSION POLICIES | SEQUENCES | SNAPSHOTS | STAGES | STREAMS | TABLES | TAGS | TASKS | VIEWS | STREAMLITS. Optional: @@ -224,7 +224,7 @@ Optional: Required: -- `object_type_plural` (String) The plural object type of the schema object on which privileges will be granted. Valid values are: ALERTS | AUTHENTICATION POLICIES | DATA METRIC FUNCTIONS | DYNAMIC TABLES | EVENT TABLES | EXTERNAL TABLES | FILE FORMATS | FUNCTIONS | GIT REPOSITORIES | HYBRID TABLES | ICEBERG TABLES | MATERIALIZED VIEWS | MODELS | NETWORK RULES | PASSWORD POLICIES | PIPES | PROCEDURES | SECRETS | SERVICES | SEQUENCES | STAGES | STREAMS | TABLES | TASKS | VIEWS. +- `object_type_plural` (String) The plural object type of the schema object on which privileges will be granted. Valid values are: ALERTS | AUTHENTICATION POLICIES | DATA METRIC FUNCTIONS | DYNAMIC TABLES | EVENT TABLES | EXTERNAL TABLES | FILE FORMATS | FUNCTIONS | GIT REPOSITORIES | HYBRID TABLES | ICEBERG TABLES | MATERIALIZED VIEWS | MODELS | NETWORK RULES | NOTEBOOKS | PASSWORD POLICIES | PIPES | PROCEDURES | SECRETS | SERVICES | SEQUENCES | SNAPSHOTS | STAGES | STREAMS | TABLES | TASKS | VIEWS. Optional: diff --git a/pkg/resources/external_function.go b/pkg/resources/external_function.go index 5028dac4fb..5bdff6e3b3 100644 --- a/pkg/resources/external_function.go +++ b/pkg/resources/external_function.go @@ -2,6 +2,7 @@ package resources import ( "context" + "encoding/json" "log" "regexp" "strconv" @@ -414,16 +415,18 @@ func ReadContextExternalFunction(ctx context.Context, d *schema.ResourceData, me case "headers": if row.Value != "" && row.Value != "null" { // Format in Snowflake DB is: {"head1":"val1","head2":"val2"} - headerPairs := strings.Split(strings.ReplaceAll(strings.ReplaceAll(strings.ReplaceAll(row.Value, "{", ""), "}", ""), "\"", ""), ",") - headers := []interface{}{} - - for _, headerPair := range headerPairs { - headerItem := strings.Split(headerPair, ":") + var jsonHeaders map[string]string + err := json.Unmarshal([]byte(row.Value), &jsonHeaders) + if err != nil { + return diag.Errorf("error unmarshalling headers: %v", err) + } - header := map[string]interface{}{} - header["name"] = headerItem[0] - header["value"] = headerItem[1] - headers = append(headers, header) + headers := make([]any, 0, len(jsonHeaders)) + for key, value := range jsonHeaders { + headers = append(headers, map[string]any{ + "name": key, + "value": value, + }) } if err := d.Set("header", headers); err != nil { diff --git a/pkg/resources/external_function_acceptance_test.go b/pkg/resources/external_function_acceptance_test.go index 779bff1e00..66513f390d 100644 --- a/pkg/resources/external_function_acceptance_test.go +++ b/pkg/resources/external_function_acceptance_test.go @@ -391,6 +391,53 @@ func TestAcc_ExternalFunction_issue2528(t *testing.T) { }) } +// Proves that header parsing handles values wrapped in curly braces, e.g. `value = "{1}"` +func TestAcc_ExternalFunction_HeaderParsing(t *testing.T) { + id := acc.TestClient().Ids.RandomSchemaObjectIdentifier() + + resourceName := "snowflake_external_function.f" + + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + TerraformVersionChecks: []tfversion.TerraformVersionCheck{ + tfversion.RequireAbove(tfversion.Version1_5_0), + }, + CheckDestroy: acc.CheckDestroy(t, resources.ExternalFunction), + Steps: []resource.TestStep{ + { + ExternalProviders: map[string]resource.ExternalProvider{ + "snowflake": { + VersionConstraint: "=0.93.0", + Source: "Snowflake-Labs/snowflake", + }, + }, + Config: externalFunctionConfigIssueCurlyHeader(id), + // Previous implementation produces a plan with the following changes + // + // - header { # forces replacement + // - name = "name" -> null + // - value = "0" -> null + // } + // + // + header { # forces replacement + // + name = "name" + // + value = "{0}" + // } + ExpectNonEmptyPlan: true, + }, + { + ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories, + Config: externalFunctionConfigIssueCurlyHeader(id), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(resourceName, "header.#", "1"), + resource.TestCheckResourceAttr(resourceName, "header.0.name", "name"), + resource.TestCheckResourceAttr(resourceName, "header.0.value", "{0}"), + ), + }, + }, + }) +} + func externalFunctionConfig(database string, schema string, name string) string { return externalFunctionConfigWithReturnNullAllowed(database, schema, name, nil) } @@ -478,3 +525,38 @@ resource "snowflake_external_function" "f2" { } `, database, schema, name, schema2) } + +func externalFunctionConfigIssueCurlyHeader(id sdk.SchemaObjectIdentifier) string { + return fmt.Sprintf(` +resource "snowflake_api_integration" "test_api_int" { + name = "%[3]s" + api_provider = "aws_api_gateway" + api_aws_role_arn = "arn:aws:iam::000000000001:/role/test" + api_allowed_prefixes = ["https://123456.execute-api.us-west-2.amazonaws.com/prod/"] + enabled = true +} + +resource "snowflake_external_function" "f" { + name = "%[3]s" + database = "%[1]s" + schema = "%[2]s" + arg { + name = "ARG1" + type = "VARCHAR" + } + arg { + name = "ARG2" + type = "VARCHAR" + } + header { + name = "name" + value = "{0}" + } + return_type = "VARIANT" + return_behavior = "IMMUTABLE" + api_integration = snowflake_api_integration.test_api_int.name + url_of_proxy_and_resource = "https://123456.execute-api.us-west-2.amazonaws.com/prod/test_func" +} + +`, id.DatabaseName(), id.SchemaName(), id.Name()) +} diff --git a/pkg/resources/grant_privileges_to_database_role_acceptance_test.go b/pkg/resources/grant_privileges_to_database_role_acceptance_test.go index 9a9ed72871..e00b5c842c 100644 --- a/pkg/resources/grant_privileges_to_database_role_acceptance_test.go +++ b/pkg/resources/grant_privileges_to_database_role_acceptance_test.go @@ -1185,6 +1185,46 @@ func TestAcc_GrantPrivilegesToDatabaseRole_AlwaysApply_SetAfterCreate(t *testing }) } +// proves https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2960 +func TestAcc_GrantPrivilegesToDatabaseRole_CreateNotebooks(t *testing.T) { + databaseRoleId := acc.TestClient().Ids.RandomDatabaseObjectIdentifier() + + configVariables := config.Variables{ + "name": config.StringVariable(databaseRoleId.Name()), + "privileges": config.ListVariable( + config.StringVariable(string(sdk.SchemaPrivilegeCreateNotebook)), + ), + "database": config.StringVariable(acc.TestDatabaseName), + "with_grant_option": config.BoolVariable(false), + } + resourceName := "snowflake_grant_privileges_to_database_role.test" + + resource.Test(t, resource.TestCase{ + ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories, + PreCheck: func() { acc.TestAccPreCheck(t) }, + TerraformVersionChecks: []tfversion.TerraformVersionCheck{ + tfversion.RequireAbove(tfversion.Version1_5_0), + }, + CheckDestroy: acc.CheckDatabaseRolePrivilegesRevoked(t), + Steps: []resource.TestStep{ + { + PreConfig: func() { + _, databaseRoleCleanup := acc.TestClient().DatabaseRole.CreateDatabaseRoleWithName(t, databaseRoleId.Name()) + t.Cleanup(databaseRoleCleanup) + }, + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnAllSchemasInDatabase"), + ConfigVariables: configVariables, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(resourceName, "database_role_name", databaseRoleId.FullyQualifiedName()), + resource.TestCheckResourceAttr(resourceName, "privileges.#", "1"), + resource.TestCheckResourceAttr(resourceName, "privileges.0", string(sdk.SchemaPrivilegeCreateNotebook)), + resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|CREATE NOTEBOOK|OnSchema|OnAllSchemasInDatabase|%s", databaseRoleId.FullyQualifiedName(), acc.TestClient().Ids.DatabaseId().FullyQualifiedName())), + ), + }, + }, + }) +} + func queriedPrivilegesToDatabaseRoleEqualTo(databaseRoleName sdk.DatabaseObjectIdentifier, privileges ...string) func(s *terraform.State) error { return queriedPrivilegesEqualTo(func(client *sdk.Client, ctx context.Context) ([]sdk.Grant, error) { return client.Grants.Show(ctx, &sdk.ShowGrantOptions{ diff --git a/pkg/sdk/grants_validations.go b/pkg/sdk/grants_validations.go index cece6ac1d2..cb1d20a617 100644 --- a/pkg/sdk/grants_validations.go +++ b/pkg/sdk/grants_validations.go @@ -84,6 +84,7 @@ var validGrantToObjectTypes = []ObjectType{ ObjectTypeMaterializedView, ObjectTypeModel, ObjectTypeNetworkRule, + ObjectTypeNotebook, ObjectTypePackagesPolicy, ObjectTypePasswordPolicy, ObjectTypePipe, @@ -94,6 +95,7 @@ var validGrantToObjectTypes = []ObjectType{ ObjectTypeService, ObjectTypeSessionPolicy, ObjectTypeSequence, + ObjectTypeSnapshot, ObjectTypeStage, ObjectTypeStream, ObjectTypeTable, diff --git a/pkg/sdk/object_types.go b/pkg/sdk/object_types.go index 89ca35fadf..e22da6e9b2 100644 --- a/pkg/sdk/object_types.go +++ b/pkg/sdk/object_types.go @@ -41,6 +41,7 @@ const ( ObjectTypeView ObjectType = "VIEW" ObjectTypeMaterializedView ObjectType = "MATERIALIZED VIEW" ObjectTypeSequence ObjectType = "SEQUENCE" + ObjectTypeSnapshot ObjectType = "SNAPSHOT" ObjectTypeFunction ObjectType = "FUNCTION" ObjectTypeExternalFunction ObjectType = "EXTERNAL FUNCTION" ObjectTypeProcedure ObjectType = "PROCEDURE" @@ -62,6 +63,7 @@ const ( ObjectTypeIcebergTable ObjectType = "ICEBERG TABLE" ObjectTypeExternalVolume ObjectType = "EXTERNAL VOLUME" ObjectTypeNetworkRule ObjectType = "NETWORK RULE" + ObjectTypeNotebook ObjectType = "NOTEBOOK" ObjectTypePackagesPolicy ObjectType = "PACKAGES POLICY" ObjectTypeComputePool ObjectType = "COMPUTE POOL" ObjectTypeAggregationPolicy ObjectType = "AGGREGATION POLICY" @@ -107,6 +109,7 @@ func objectTypeSingularToPluralMap() map[ObjectType]PluralObjectType { ObjectTypeView: PluralObjectTypeViews, ObjectTypeMaterializedView: PluralObjectTypeMaterializedViews, ObjectTypeSequence: PluralObjectTypeSequences, + ObjectTypeSnapshot: PluralObjectTypeSnapshots, ObjectTypeFunction: PluralObjectTypeFunctions, ObjectTypeExternalFunction: PluralObjectTypeExternalFunctions, ObjectTypeProcedure: PluralObjectTypeProcedures, @@ -127,6 +130,7 @@ func objectTypeSingularToPluralMap() map[ObjectType]PluralObjectType { ObjectTypeIcebergTable: PluralObjectTypeIcebergTables, ObjectTypeExternalVolume: PluralObjectTypeExternalVolumes, ObjectTypeNetworkRule: PluralObjectTypeNetworkRules, + ObjectTypeNotebook: PluralObjectTypeNotebooks, ObjectTypePackagesPolicy: PluralObjectTypePackagesPolicies, ObjectTypeComputePool: PluralObjectTypeComputePool, ObjectTypeAggregationPolicy: PluralObjectTypeAggregationPolicies, @@ -212,6 +216,7 @@ const ( PluralObjectTypeViews PluralObjectType = "VIEWS" PluralObjectTypeMaterializedViews PluralObjectType = "MATERIALIZED VIEWS" PluralObjectTypeSequences PluralObjectType = "SEQUENCES" + PluralObjectTypeSnapshots PluralObjectType = "SNAPSHOTS" PluralObjectTypeFunctions PluralObjectType = "FUNCTIONS" PluralObjectTypeExternalFunctions PluralObjectType = "EXTERNAL FUNCTIONS" PluralObjectTypeProcedures PluralObjectType = "PROCEDURES" @@ -232,6 +237,7 @@ const ( PluralObjectTypeIcebergTables PluralObjectType = "ICEBERG TABLES" PluralObjectTypeExternalVolumes PluralObjectType = "EXTERNAL VOLUMES" PluralObjectTypeNetworkRules PluralObjectType = "NETWORK RULES" + PluralObjectTypeNotebooks PluralObjectType = "NOTEBOOKS" PluralObjectTypePackagesPolicies PluralObjectType = "PACKAGES POLICIES" PluralObjectTypeComputePool PluralObjectType = "COMPUTE POOLS" PluralObjectTypeAggregationPolicies PluralObjectType = "AGGREGATION POLICIES" diff --git a/pkg/sdk/privileges.go b/pkg/sdk/privileges.go index 1e2eafdb4b..8b2d792ee6 100644 --- a/pkg/sdk/privileges.go +++ b/pkg/sdk/privileges.go @@ -4,6 +4,8 @@ type GlobalPrivilege string const ( GlobalPrivilegeCreateAccount GlobalPrivilege = "CREATE ACCOUNT" + GlobalPrivilegeCreateApplication GlobalPrivilege = "CREATE APPLICATION" + GlobalPrivilegeCreateApplicationPackage GlobalPrivilege = "CREATE APPLICATION PACKAGE" GlobalPrivilegeCreateComputePool GlobalPrivilege = "CREATE COMPUTE POOL" GlobalPrivilegeCreateDataExchangeListing GlobalPrivilege = "CREATE DATA EXCHANGE LISTING" GlobalPrivilegeCreateDatabase GlobalPrivilege = "CREATE DATABASE" @@ -33,11 +35,14 @@ const ( GlobalPrivilegeExecuteAlert GlobalPrivilege = "EXECUTE ALERT" GlobalPrivilegeExecuteDataMetricFunction GlobalPrivilege = "EXECUTE DATA METRIC FUNCTION" + GlobalPrivilegeExecuteDataManagedAlert GlobalPrivilege = "EXECUTE MANAGED ALERT" + GlobalPrivilegeExecuteDataManagedTask GlobalPrivilege = "EXECUTE MANAGED TASK" GlobalPrivilegeExecuteTask GlobalPrivilege = "EXECUTE TASK" GlobalPrivilegeImportShare GlobalPrivilege = "IMPORT SHARE" GlobalPrivilegeManageAccountSupportCases GlobalPrivilege = "MANAGE ACCOUNT SUPPORT CASES" + GlobalPrivilegeManageEventSharing GlobalPrivilege = "MANAGE EVENT SHARING" GlobalPrivilegeManageGrants GlobalPrivilege = "MANAGE GRANTS" GlobalPrivilegeManageListingAutoFulfillment GlobalPrivilege = "MANAGE LISTING AUTO FULFILLMENT" GlobalPrivilegeManageOrganizationSupportCases GlobalPrivilege = "MANAGE ORGANIZATION SUPPORT CASES" @@ -123,13 +128,16 @@ const ( SchemaPrivilegeAddSearchOptimization SchemaPrivilege = "ADD SEARCH OPTIMIZATION" SchemaPrivilegeApplyBudget SchemaPrivilege = "APPLYBUDGET" SchemaPrivilegeCreateAlert SchemaPrivilege = "CREATE ALERT" + SchemaPrivilegeCreateCortexSearchService SchemaPrivilege = "CREATE CORTEX SEARCH SERVICE" SchemaPrivilegeCreateDataset SchemaPrivilege = "CREATE DATASET" + SchemaPrivilegeCreateEventTable SchemaPrivilege = "CREATE EVENT TABLE" SchemaPrivilegeCreateFileFormat SchemaPrivilege = "CREATE FILE FORMAT" SchemaPrivilegeCreateFunction SchemaPrivilege = "CREATE FUNCTION" SchemaPrivilegeCreateGitRepository SchemaPrivilege = "CREATE GIT REPOSITORY" SchemaPrivilegeCreateImageRepository SchemaPrivilege = "CREATE IMAGE REPOSITORY" SchemaPrivilegeCreateModel SchemaPrivilege = "CREATE MODEL" SchemaPrivilegeCreateNetworkRule SchemaPrivilege = "CREATE NETWORK RULE" + SchemaPrivilegeCreateNotebook SchemaPrivilege = "CREATE NOTEBOOK" SchemaPrivilegeCreatePipe SchemaPrivilege = "CREATE PIPE" SchemaPrivilegeCreateProcedure SchemaPrivilege = "CREATE PROCEDURE" SchemaPrivilegeCreateAggregationPolicy SchemaPrivilege = "CREATE AGGREGATION POLICY" @@ -151,7 +159,6 @@ const ( SchemaPrivilegeCreateSnowflakeMlAnomalyDetection SchemaPrivilege = "CREATE SNOWFLAKE.ML.ANOMALY_DETECTION" SchemaPrivilegeCreateSnowflakeMlForecast SchemaPrivilege = "CREATE SNOWFLAKE.ML.FORECAST" SchemaPrivilegeCreateDynamicTable SchemaPrivilege = "CREATE DYNAMIC TABLE" - SchemaPrivilegeCreateCortexSearchService SchemaPrivilege = "CREATE CORTEX SEARCH SERVICE" SchemaPrivilegeCreateExternalTable SchemaPrivilege = "CREATE EXTERNAL TABLE" SchemaPrivilegeCreateHybridTable SchemaPrivilege = "CREATE HYBRID TABLE" SchemaPrivilegeCreateIcebergTable SchemaPrivilege = "CREATE ICEBERG TABLE" @@ -163,7 +170,6 @@ const ( SchemaPrivilegeModify SchemaPrivilege = "MODIFY" SchemaPrivilegeMonitor SchemaPrivilege = "MONITOR" SchemaPrivilegeUsage SchemaPrivilege = "USAGE" - SchemaPrivilegeCreateNotebook SchemaPrivilege = "CREATE NOTEBOOK" ) func (p SchemaPrivilege) String() string { @@ -179,6 +185,13 @@ const ( // SchemaObjectPrivilegeMonitor SchemaObjectPrivilege = "MONITOR" (duplicate) SchemaObjectPrivilegeOperate SchemaObjectPrivilege = "OPERATE" + // For APPLICATION PACKAGE + SchemaObjectPrivilegeAttachListing SchemaObjectPrivilege = "ATTACH LISTING" + SchemaObjectPrivilegeDevelop SchemaObjectPrivilege = "DEVELOP" + SchemaObjectPrivilegeInstall SchemaObjectPrivilege = "INSTALL" + SchemaObjectPrivilegeManageVersions SchemaObjectPrivilege = "MANAGE VERSIONS" + SchemaObjectPrivilegeManageReleases SchemaObjectPrivilege = "MANAGE RELEASES" + // For DYNAMIC TABLE // SchemaObjectPrivilegeMonitor SchemaObjectPrivilege = "MONITOR" (duplicate) // SchemaObjectPrivilegeOperate SchemaObjectPrivilege = "OPERATE" (duplicate)