feat: Add support for default_secondary_roles (#1030)

* Adding support for default_secondary_roles

* Fixing create user

* Docs update

* Fixing acceptance tests

* Fixing unnecessary json unmarshalling

* Refactoring default_secondary_roles

* Code styling

docs/data-sources/users.md

@@ -38,6 +38,7 @@ Read-Only:
 - `comment` (String)
 - `default_namespace` (String)
 - `default_role` (String)
+- `default_secondary_roles` (Set of String)
 - `default_warehouse` (String)
 - `disabled` (Boolean)
 - `display_name` (String)

docs/resources/user.md

@@ -25,6 +25,7 @@ resource snowflake_user user {
   last_name    = "User"
 
   default_warehouse = "warehouse"
+  default_secondary_roles = ['ALL']
   default_role      = "role1"
 
   rsa_public_key   = "..."
@@ -46,6 +47,7 @@ resource snowflake_user user {
 - `comment` (String)
 - `default_namespace` (String) Specifies the namespace (database only or database and schema) that is active by default for the user’s session upon login.
 - `default_role` (String) Specifies the role that is active by default for the user’s session upon login.
+- `default_secondary_roles` (Set of String) Specifies the set of secondary roles that are active for the user’s session upon login.
 - `default_warehouse` (String) Specifies the virtual warehouse that is active by default for the user’s session upon login.
 - `disabled` (Boolean)
 - `display_name` (String) Name displayed for the user in the Snowflake web interface.

examples/resources/snowflake_user/resource.tf

@@ -10,6 +10,7 @@ resource snowflake_user user {
   last_name    = "User"
 
   default_warehouse = "warehouse"
+  default_secondary_roles = ['ALL']
   default_role      = "role1"
 
   rsa_public_key   = "..."

pkg/datasources/users.go

@@ -4,6 +4,9 @@ import (
 	"database/sql"
 	"fmt"
 	"log"
+	"strings"
+
+	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/helpers"
 
 	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/snowflake"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
@@ -56,6 +59,12 @@ var usersSchema = map[string]*schema.Schema{
 					Optional: true,
 					Computed: true,
 				},
+				"default_secondary_roles": {
+					Type:     schema.TypeSet,
+					Elem:     &schema.Schema{Type: schema.TypeString},
+					Optional: true,
+					Computed: true,
+				},
 				"has_rsa_public_key": {
 					Type:     schema.TypeBool,
 					Computed: true,
@@ -124,14 +133,15 @@ func ReadUsers(d *schema.ResourceData, meta interface{}) error {
 
 	for _, user := range currentUsers {
 		userMap := map[string]interface{}{}
-
 		userMap["name"] = user.Name.String
 		userMap["login_name"] = user.LoginName.String
 		userMap["comment"] = user.Comment.String
 		userMap["disabled"] = user.Disabled
 		userMap["default_warehouse"] = user.DefaultWarehouse.String
 		userMap["default_namespace"] = user.DefaultNamespace.String
 		userMap["default_role"] = user.DefaultRole.String
+		userMap["default_secondary_roles"] = strings.Split(
+			helpers.ListContentToString(user.DefaultSecondaryRoles.String), ",")
 		userMap["has_rsa_public_key"] = user.HasRsaPublicKey
 		userMap["email"] = user.Email.String
 		userMap["display_name"] = user.DisplayName.String

pkg/datasources/users_acceptance_test.go

@@ -40,6 +40,7 @@ func users(userName string) string {
 		disabled = false
 		default_warehouse="foo"
 		default_role="foo"
+		default_secondary_roles = ["ALL"]
 		default_namespace="foo"
 	}
 

pkg/helpers/list_to_string_helpers.go

@@ -2,6 +2,7 @@ package helpers
 
 import (
 	"fmt"
+	"regexp"
 	"strings"
 )
 
@@ -24,3 +25,9 @@ func IpListToSnowflakeString(ips []string) string {
 
 	return fmt.Sprintf("(%v)", strings.Join(ips, ", "))
 }
+
+// ListContentToString strips list elements of double quotes or brackets
+func ListContentToString(listString string) string {
+	re := regexp.MustCompile(`[\"\[\]]`)
+	return re.ReplaceAllString(listString, "")
+}

pkg/resources/resource.go

@@ -35,6 +35,10 @@ func CreateResource(
 				case schema.TypeInt:
 					valInt := val.(int)
 					qb.SetInt(field, valInt)
+				case schema.TypeSet:
+					valList := expandStringList(val.(*schema.Set).List())
+					qb.SetStringList(field, valList)
+
 				}
 			}
 		}
@@ -100,7 +104,11 @@ func UpdateResource(
 				case schema.TypeInt:
 					valInt := val.(int)
 					qb.SetInt(field, valInt)
+				case schema.TypeSet:
+					valList := expandStringList(val.(*schema.Set).List())
+					qb.SetStringList(field, valList)
 				}
+
 			}
 			if d.HasChange("tag") {
 				log.Printf("[DEBUG] updating tags")

pkg/resources/user.go

@@ -17,6 +17,7 @@ var userProperties = []string{
 	"disabled",
 	"default_namespace",
 	"default_role",
+	"default_secondary_roles",
 	"default_warehouse",
 	"rsa_public_key",
 	"rsa_public_key_2",
@@ -78,6 +79,12 @@ var userSchema = map[string]*schema.Schema{
 		Computed:    true,
 		Description: "Specifies the role that is active by default for the user’s session upon login.",
 	},
+	"default_secondary_roles": {
+		Type:        schema.TypeSet,
+		Elem:        &schema.Schema{Type: schema.TypeString},
+		Optional:    true,
+		Description: "Specifies the set of secondary roles that are active for the user’s session upon login.",
+	},
 	"rsa_public_key": {
 		Type:        schema.TypeString,
 		Optional:    true,
@@ -207,6 +214,15 @@ func ReadUser(d *schema.ResourceData, meta interface{}) error {
 		return err
 	}
 
+	var defaultSecondaryRoles []string
+	if len(u.DefaultSecondaryRoles.String) > 0 {
+		defaultSecondaryRoles = strings.Split(u.DefaultSecondaryRoles.String, ",")
+	}
+	err = d.Set("default_secondary_roles", defaultSecondaryRoles)
+	if err != nil {
+		return err
+	}
+
 	err = d.Set("default_namespace", u.DefaultNamespace.String)
 	if err != nil {
 		return err

pkg/resources/user_acceptance_test.go

@@ -56,6 +56,7 @@ func TestAcc_User(t *testing.T) {
 					checkBool("snowflake_user.w", "disabled", false),
 					resource.TestCheckResourceAttr("snowflake_user.w", "default_warehouse", "foo"),
 					resource.TestCheckResourceAttr("snowflake_user.w", "default_role", "foo"),
+					resource.TestCheckResourceAttr("snowflake_user.w", "default_secondary_roles.0", "ALL"),
 					resource.TestCheckResourceAttr("snowflake_user.w", "default_namespace", "FOO"),
 					checkBool("snowflake_user.w", "has_rsa_public_key", true),
 					checkBool("snowflake_user.w", "must_change_password", true),
@@ -75,6 +76,7 @@ func TestAcc_User(t *testing.T) {
 					checkBool("snowflake_user.w", "disabled", false),
 					resource.TestCheckResourceAttr("snowflake_user.w", "default_warehouse", "foo"),
 					resource.TestCheckResourceAttr("snowflake_user.w", "default_role", "foo"),
+					resource.TestCheckResourceAttr("snowflake_user.w", "default_secondary_roles.0", "ALL"),
 					resource.TestCheckResourceAttr("snowflake_user.w", "default_namespace", "FOO"),
 				),
 			},
@@ -93,6 +95,7 @@ func TestAcc_User(t *testing.T) {
 					checkBool("snowflake_user.w", "disabled", true),
 					resource.TestCheckResourceAttr("snowflake_user.w", "default_warehouse", "bar"),
 					resource.TestCheckResourceAttr("snowflake_user.w", "default_role", "bar"),
+					resource.TestCheckResourceAttr("snowflake_user.w", "default_secondary_roles.#", "0"),
 					resource.TestCheckResourceAttr("snowflake_user.w", "default_namespace", "BAR"),
 					checkBool("snowflake_user.w", "has_rsa_public_key", false),
 				),
@@ -121,6 +124,7 @@ resource "snowflake_user" "w" {
 	disabled = false
 	default_warehouse="foo"
 	default_role="foo"
+	default_secondary_roles=["ALL"]
 	default_namespace="foo"
 	rsa_public_key = <<KEY
 %s
@@ -150,6 +154,7 @@ resource "snowflake_user" "w" {
 	disabled = true
 	default_warehouse="bar"
 	default_role="bar"
+	default_secondary_roles=[]
 	default_namespace="bar"
 }
 `

pkg/snowflake/user.go

@@ -5,9 +5,9 @@ import (
 	"fmt"
 	"log"
 
-	"github.com/pkg/errors"
-
+	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/helpers"
 	"github.com/jmoiron/sqlx"
+	"github.com/pkg/errors"
 )
 
 func User(name string) *Builder {
@@ -18,18 +18,19 @@ func User(name string) *Builder {
 }
 
 type user struct {
-	Comment          sql.NullString `db:"comment"`
-	DefaultNamespace sql.NullString `db:"default_namespace"`
-	DefaultRole      sql.NullString `db:"default_role"`
-	DefaultWarehouse sql.NullString `db:"default_warehouse"`
-	Disabled         bool           `db:"disabled"`
-	DisplayName      sql.NullString `db:"display_name"`
-	Email            sql.NullString `db:"email"`
-	FirstName        sql.NullString `db:"first_name"`
-	HasRsaPublicKey  bool           `db:"has_rsa_public_key"`
-	LastName         sql.NullString `db:"last_name"`
-	LoginName        sql.NullString `db:"login_name"`
-	Name             sql.NullString `db:"name"`
+	Comment               sql.NullString `db:"comment"`
+	DefaultNamespace      sql.NullString `db:"default_namespace"`
+	DefaultRole           sql.NullString `db:"default_role"`
+	DefaultSecondaryRoles sql.NullString `db:"default_secondary_roles"`
+	DefaultWarehouse      sql.NullString `db:"default_warehouse"`
+	Disabled              bool           `db:"disabled"`
+	DisplayName           sql.NullString `db:"display_name"`
+	Email                 sql.NullString `db:"email"`
+	FirstName             sql.NullString `db:"first_name"`
+	HasRsaPublicKey       bool           `db:"has_rsa_public_key"`
+	LastName              sql.NullString `db:"last_name"`
+	LoginName             sql.NullString `db:"login_name"`
+	Name                  sql.NullString `db:"name"`
 }
 
 func ScanUser(row *sqlx.Row) (*user, error) {
@@ -62,6 +63,13 @@ func ScanUserDescription(rows *sqlx.Rows) (*user, error) {
 			r.DefaultNamespace = userProp.Value
 		case "DEFAULT_ROLE":
 			r.DefaultRole = userProp.Value
+		case "DEFAULT_SECONDARY_ROLES":
+			if len(userProp.Value.String) > 0 {
+				defaultSecondaryRoles := helpers.ListContentToString(userProp.Value.String)
+				r.DefaultSecondaryRoles = sql.NullString{String: defaultSecondaryRoles, Valid: true}
+			} else {
+				r.DefaultSecondaryRoles = sql.NullString{Valid: false}
+			}
 		case "DEFAULT_WAREHOUSE":
 			r.DefaultWarehouse = userProp.Value
 		case "DISABLED":