wip

pkg/resources/grant_privileges_to_database_role_acceptance_test.go

@@ -46,7 +46,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_OnDatabase(t *testing.T) {
 		Steps: []resource.TestStep{
 			{
 				PreConfig:       func() { createDatabaseRoleOutsideTerraform(t, name) },
-				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnDatabaseShareGrantKind"),
+				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnDatabase"),
 				ConfigVariables: configVariables,
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr(resourceName, "database_role_name", databaseRoleName),
@@ -56,11 +56,11 @@ func TestAcc_GrantPrivilegesToDatabaseRole_OnDatabase(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "privileges.2", string(sdk.AccountObjectPrivilegeUsage)),
 					resource.TestCheckResourceAttr(resourceName, "on_database", databaseName),
 					resource.TestCheckResourceAttr(resourceName, "with_grant_option", "true"),
-					resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|true|false|CREATE SCHEMA,MODIFY,USAGE|OnDatabaseShareGrantKind|%s", databaseRoleName, databaseName)),
+					resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|true|false|CREATE SCHEMA,MODIFY,USAGE|OnDatabase|%s", databaseRoleName, databaseName)),
 				),
 			},
 			{
-				ConfigDirectory:   acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnDatabaseShareGrantKind"),
+				ConfigDirectory:   acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnDatabase"),
 				ConfigVariables:   configVariables,
 				ResourceName:      resourceName,
 				ImportState:       true,
@@ -97,7 +97,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_OnDatabase_PrivilegesReversed(t *test
 		Steps: []resource.TestStep{
 			{
 				PreConfig:       func() { createDatabaseRoleOutsideTerraform(t, name) },
-				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnDatabaseShareGrantKind"),
+				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnDatabase"),
 				ConfigVariables: configVariables,
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr(resourceName, "database_role_name", databaseRoleName),
@@ -107,11 +107,11 @@ func TestAcc_GrantPrivilegesToDatabaseRole_OnDatabase_PrivilegesReversed(t *test
 					resource.TestCheckResourceAttr(resourceName, "privileges.2", string(sdk.AccountObjectPrivilegeUsage)),
 					resource.TestCheckResourceAttr(resourceName, "on_database", databaseName),
 					resource.TestCheckResourceAttr(resourceName, "with_grant_option", "true"),
-					resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|true|false|CREATE SCHEMA,MODIFY,USAGE|OnDatabaseShareGrantKind|%s", databaseRoleName, databaseName)),
+					resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|true|false|CREATE SCHEMA,MODIFY,USAGE|OnDatabase|%s", databaseRoleName, databaseName)),
 				),
 			},
 			{
-				ConfigDirectory:   acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnDatabaseShareGrantKind"),
+				ConfigDirectory:   acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnDatabase"),
 				ConfigVariables:   configVariables,
 				ResourceName:      resourceName,
 				ImportState:       true,
@@ -524,7 +524,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "privileges.#", "2"),
 					resource.TestCheckResourceAttr(resourceName, "privileges.0", string(sdk.AccountObjectPrivilegeCreateSchema)),
 					resource.TestCheckResourceAttr(resourceName, "privileges.1", string(sdk.AccountObjectPrivilegeModify)),
-					resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|CREATE SCHEMA,MODIFY|OnDatabaseShareGrantKind|%s", databaseRoleName, databaseName)),
+					resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|CREATE SCHEMA,MODIFY|OnDatabase|%s", databaseRoleName, databaseName)),
 				),
 			},
 			{
@@ -540,7 +540,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "privileges.0", string(sdk.AccountObjectPrivilegeCreateSchema)),
 					resource.TestCheckResourceAttr(resourceName, "privileges.1", string(sdk.AccountObjectPrivilegeMonitor)),
 					resource.TestCheckResourceAttr(resourceName, "privileges.2", string(sdk.AccountObjectPrivilegeUsage)),
-					resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|CREATE SCHEMA,USAGE,MONITOR|OnDatabaseShareGrantKind|%s", databaseRoleName, databaseName)),
+					resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|CREATE SCHEMA,USAGE,MONITOR|OnDatabase|%s", databaseRoleName, databaseName)),
 				),
 			},
 			{
@@ -549,7 +549,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr(resourceName, "all_privileges", "true"),
 					resource.TestCheckResourceAttr(resourceName, "privileges.#", "0"),
-					resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|ALL|OnDatabaseShareGrantKind|%s", databaseRoleName, databaseName)),
+					resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|ALL|OnDatabase|%s", databaseRoleName, databaseName)),
 				),
 			},
 			{
@@ -563,7 +563,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "privileges.#", "2"),
 					resource.TestCheckResourceAttr(resourceName, "privileges.0", string(sdk.AccountObjectPrivilegeModify)),
 					resource.TestCheckResourceAttr(resourceName, "privileges.1", string(sdk.AccountObjectPrivilegeMonitor)),
-					resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|MODIFY,MONITOR|OnDatabaseShareGrantKind|%s", databaseRoleName, databaseName)),
+					resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|MODIFY,MONITOR|OnDatabase|%s", databaseRoleName, databaseName)),
 				),
 			},
 		},
@@ -691,15 +691,15 @@ func TestAcc_GrantPrivilegesToDatabaseRole_AlwaysApply(t *testing.T) {
 				},
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr(resourceName, "always_apply", "false"),
-					resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|ALL|OnDatabaseShareGrantKind|%s", databaseRoleName, databaseName)),
+					resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|ALL|OnDatabase|%s", databaseRoleName, databaseName)),
 				),
 			},
 			{
 				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/AlwaysApply"),
 				ConfigVariables: configVariables(true),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr(resourceName, "always_apply", "true"),
-					resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|true|ALL|OnDatabaseShareGrantKind|%s", databaseRoleName, databaseName)),
+					resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|true|ALL|OnDatabase|%s", databaseRoleName, databaseName)),
 				),
 				ExpectNonEmptyPlan: true,
 			},
@@ -713,7 +713,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_AlwaysApply(t *testing.T) {
 				},
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr(resourceName, "always_apply", "true"),
-					resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|true|ALL|OnDatabaseShareGrantKind|%s", databaseRoleName, databaseName)),
+					resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|true|ALL|OnDatabase|%s", databaseRoleName, databaseName)),
 				),
 				ExpectNonEmptyPlan: true,
 			},
@@ -727,7 +727,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_AlwaysApply(t *testing.T) {
 				},
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr(resourceName, "always_apply", "true"),
-					resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|true|ALL|OnDatabaseShareGrantKind|%s", databaseRoleName, databaseName)),
+					resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|true|ALL|OnDatabase|%s", databaseRoleName, databaseName)),
 				),
 				ExpectNonEmptyPlan: true,
 			},
@@ -741,7 +741,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_AlwaysApply(t *testing.T) {
 				},
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr(resourceName, "always_apply", "false"),
-					resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|ALL|OnDatabaseShareGrantKind|%s", databaseRoleName, databaseName)),
+					resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|ALL|OnDatabase|%s", databaseRoleName, databaseName)),
 				),
 			},
 		},

pkg/resources/grant_privileges_to_database_role_identifier.go

@@ -12,7 +12,7 @@ import (
 type DatabaseRoleGrantKind string
 
 const (
-	OnDatabaseDatabaseRoleGrantKind     DatabaseRoleGrantKind = "OnDatabaseShareGrantKind"
+	OnDatabaseDatabaseRoleGrantKind     DatabaseRoleGrantKind = "OnDatabase"
 	OnSchemaDatabaseRoleGrantKind       DatabaseRoleGrantKind = "OnSchema"
 	OnSchemaObjectDatabaseRoleGrantKind DatabaseRoleGrantKind = "OnSchemaObject"
 )

pkg/resources/grant_privileges_to_database_role_identifier_test.go

@@ -16,7 +16,7 @@ func TestParseGrantPrivilegesToDatabaseRoleId(t *testing.T) {
 	}{
 		{
 			Name:       "grant database role on database",
-			Identifier: `"database-name"."database-role"|false|false|CREATE SCHEMA,USAGE,MONITOR|OnDatabaseShareGrantKind|"on-database-name"`,
+			Identifier: `"database-name"."database-role"|false|false|CREATE SCHEMA,USAGE,MONITOR|OnDatabase|"on-database-name"`,
 			Expected: GrantPrivilegesToDatabaseRoleId{
 				DatabaseRoleName: sdk.NewDatabaseObjectIdentifier("database-name", "database-role"),
 				WithGrantOption:  false,
@@ -29,7 +29,7 @@ func TestParseGrantPrivilegesToDatabaseRoleId(t *testing.T) {
 		},
 		{
 			Name:       "grant database role on database - always apply with grant option",
-			Identifier: `"database-name"."database-role"|true|true|CREATE SCHEMA,USAGE,MONITOR|OnDatabaseShareGrantKind|"on-database-name"`,
+			Identifier: `"database-name"."database-role"|true|true|CREATE SCHEMA,USAGE,MONITOR|OnDatabase|"on-database-name"`,
 			Expected: GrantPrivilegesToDatabaseRoleId{
 				DatabaseRoleName: sdk.NewDatabaseObjectIdentifier("database-name", "database-role"),
 				WithGrantOption:  true,
@@ -43,7 +43,7 @@ func TestParseGrantPrivilegesToDatabaseRoleId(t *testing.T) {
 		},
 		{
 			Name:       "grant database role on database - all privileges",
-			Identifier: `"database-name"."database-role"|false|false|ALL|OnDatabaseShareGrantKind|"on-database-name"`,
+			Identifier: `"database-name"."database-role"|false|false|ALL|OnDatabase|"on-database-name"`,
 			Expected: GrantPrivilegesToDatabaseRoleId{
 				DatabaseRoleName: sdk.NewDatabaseObjectIdentifier("database-name", "database-role"),
 				WithGrantOption:  false,
@@ -224,8 +224,8 @@ func TestParseGrantPrivilegesToDatabaseRoleId(t *testing.T) {
 			Error:      "database role identifier should hold at least 6 parts",
 		},
 		{
-			Name:       "validation: grant database role not enough parts for OnDatabaseShareGrantKind kind",
-			Identifier: `"database-name"."role-name"|false|false|CREATE SCHEMA,USAGE,MONITOR|OnDatabaseShareGrantKind`,
+			Name:       "validation: grant database role not enough parts for OnDatabase kind",
+			Identifier: `"database-name"."role-name"|false|false|CREATE SCHEMA,USAGE,MONITOR|OnDatabase`,
 			Error:      "database role identifier should hold at least 6 parts",
 		},
 		{
@@ -265,22 +265,22 @@ func TestParseGrantPrivilegesToDatabaseRoleId(t *testing.T) {
 		},
 		{
 			Name:       "validation: grant database role empty privileges",
-			Identifier: `"database-name"."database-role"|false|false||OnDatabaseShareGrantKind|"on-database-name"`,
+			Identifier: `"database-name"."database-role"|false|false||OnDatabase|"on-database-name"`,
 			Error:      `invalid Privileges value: , should be either a comma separated list of privileges or "ALL" / "ALL PRIVILEGES" for all privileges`,
 		},
 		{
 			Name:       "validation: grant database role empty with grant option",
-			Identifier: `"database-name"."database-role"||false|ALL PRIVILEGES|OnDatabaseShareGrantKind|"on-database-name"`,
+			Identifier: `"database-name"."database-role"||false|ALL PRIVILEGES|OnDatabase|"on-database-name"`,
 			Error:      `invalid WithGrantOption value: , should be either "true" or "false"`,
 		},
 		{
 			Name:       "validation: grant database role empty always apply",
-			Identifier: `"database-name"."database-role"|false||ALL PRIVILEGES|OnDatabaseShareGrantKind|"on-database-name"`,
+			Identifier: `"database-name"."database-role"|false||ALL PRIVILEGES|OnDatabase|"on-database-name"`,
 			Error:      `invalid AlwaysApply value: , should be either "true" or "false"`,
 		},
 		{
 			Name:       "validation: grant database role empty database role name",
-			Identifier: `|false|false|ALL PRIVILEGES|OnDatabaseShareGrantKind|"on-database-name"`,
+			Identifier: `|false|false|ALL PRIVILEGES|OnDatabase|"on-database-name"`,
 			Error:      "invalid DatabaseRoleName value: , should be a fully qualified name of database object <database_name>.<name>",
 		},
 		{
@@ -323,7 +323,7 @@ func TestGrantPrivilegesToDatabaseRoleIdString(t *testing.T) {
 					DatabaseName: sdk.NewAccountObjectIdentifier("database-name"),
 				},
 			},
-			Expected: `"database-name"."role-name"|true|true|ALL|OnDatabaseShareGrantKind|"database-name"`,
+			Expected: `"database-name"."role-name"|true|true|ALL|OnDatabase|"database-name"`,
 		},
 		{
 			Name: "grant database role on schema on schema",

pkg/resources/grant_privileges_to_share.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"database/sql"
 	"fmt"
-	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/internal/logging"
 	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
@@ -28,7 +27,6 @@ var grantPrivilegesToShareSchema = map[string]*schema.Schema{
 		Required:    true,
 		ForceNew:    true,
 		Description: "The fully qualified name of the share on which privileges will be granted.",
-		//ValidateDiagFunc: IsValidIdentifier[sdk.AccountObjectIdentifier](),
 	},
 	"privileges": {
 		Type:        schema.TypeSet,
@@ -40,15 +38,15 @@ var grantPrivilegesToShareSchema = map[string]*schema.Schema{
 		Type:             schema.TypeString,
 		Optional:         true,
 		ForceNew:         true,
-		Description:      "TODO",
+		Description:      "The fully qualified name of the database on which privileges will be granted.",
 		ValidateDiagFunc: IsValidIdentifier[sdk.AccountObjectIdentifier](),
 		ExactlyOneOf:     grantPrivilegesToShareGrantExactlyOneOfValidation,
 	},
 	"schema_name": {
 		Type:             schema.TypeString,
 		Optional:         true,
 		ForceNew:         true,
-		Description:      "TODO",
+		Description:      "The fully qualified name of the schema on which privileges will be granted.",
 		ValidateDiagFunc: IsValidIdentifier[sdk.DatabaseObjectIdentifier](),
 		ExactlyOneOf:     grantPrivilegesToShareGrantExactlyOneOfValidation,
 	},
@@ -57,39 +55,39 @@ var grantPrivilegesToShareSchema = map[string]*schema.Schema{
 	//	Type:        schema.TypeString,
 	//	Optional:    true,
 	//	ForceNew:    true,
-	//	Description: "TODO",
+	//	Description: "The fully qualified name of the function on which privileges will be granted.",
 	//	ValidateDiagFunc: IsValidIdentifier[sdk.FunctionIdentifier](),
 	//	ExactlyOneOf: grantPrivilegesToShareGrantExactlyOneOfValidation,
 	//},
 	"table_name": {
 		Type:             schema.TypeString,
 		Optional:         true,
 		ForceNew:         true,
-		Description:      "TODO",
+		Description:      "The fully qualified name of the table on which privileges will be granted.",
 		ValidateDiagFunc: IsValidIdentifier[sdk.SchemaObjectIdentifier](),
 		ExactlyOneOf:     grantPrivilegesToShareGrantExactlyOneOfValidation,
 	},
 	"all_tables_in_schema": {
 		Type:             schema.TypeString,
 		Optional:         true,
 		ForceNew:         true,
-		Description:      "TODO",
+		Description:      "The fully qualified identifier for the schema for which the specified privilege will be granted for all tables.",
 		ValidateDiagFunc: IsValidIdentifier[sdk.DatabaseObjectIdentifier](),
 		ExactlyOneOf:     grantPrivilegesToShareGrantExactlyOneOfValidation,
 	},
 	"tag_name": {
 		Type:             schema.TypeString,
 		Optional:         true,
 		ForceNew:         true,
-		Description:      "TODO",
+		Description:      "The fully qualified name of the tag on which privileges will be granted.",
 		ValidateDiagFunc: IsValidIdentifier[sdk.SchemaObjectIdentifier](),
 		ExactlyOneOf:     grantPrivilegesToShareGrantExactlyOneOfValidation,
 	},
 	"view_name": {
 		Type:             schema.TypeString,
 		Optional:         true,
 		ForceNew:         true,
-		Description:      "TODO",
+		Description:      "The fully qualified name of the view on which privileges will be granted.",
 		ValidateDiagFunc: IsValidIdentifier[sdk.SchemaObjectIdentifier](),
 		ExactlyOneOf:     grantPrivilegesToShareGrantExactlyOneOfValidation,
 	},
@@ -234,7 +232,6 @@ func UpdateGrantPrivilegesToShare(ctx context.Context, d *schema.ResourceData, m
 		}
 
 		if len(privilegesToRemove) > 0 {
-			logging.DebugLogger.Printf("[DEBUG] Revoking privileges: %v", privilegesToRemove)
 			err = client.Grants.RevokePrivilegeFromShare(
 				ctx,
 				privilegesToRemove,