diff --git a/pkg/resources/grant_privileges_to_database_role_acceptance_test.go b/pkg/resources/grant_privileges_to_database_role_acceptance_test.go index 55ad93a035c..2a704dd7c3f 100644 --- a/pkg/resources/grant_privileges_to_database_role_acceptance_test.go +++ b/pkg/resources/grant_privileges_to_database_role_acceptance_test.go @@ -46,7 +46,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_OnDatabase(t *testing.T) { Steps: []resource.TestStep{ { PreConfig: func() { createDatabaseRoleOutsideTerraform(t, name) }, - ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnDatabaseShareGrantKind"), + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnDatabase"), ConfigVariables: configVariables, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(resourceName, "database_role_name", databaseRoleName), @@ -56,11 +56,11 @@ func TestAcc_GrantPrivilegesToDatabaseRole_OnDatabase(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "privileges.2", string(sdk.AccountObjectPrivilegeUsage)), resource.TestCheckResourceAttr(resourceName, "on_database", databaseName), resource.TestCheckResourceAttr(resourceName, "with_grant_option", "true"), - resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|true|false|CREATE SCHEMA,MODIFY,USAGE|OnDatabaseShareGrantKind|%s", databaseRoleName, databaseName)), + resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|true|false|CREATE SCHEMA,MODIFY,USAGE|OnDatabase|%s", databaseRoleName, databaseName)), ), }, { - ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnDatabaseShareGrantKind"), + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnDatabase"), ConfigVariables: configVariables, ResourceName: resourceName, ImportState: true, @@ -97,7 +97,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_OnDatabase_PrivilegesReversed(t *test Steps: []resource.TestStep{ { PreConfig: func() { createDatabaseRoleOutsideTerraform(t, name) }, - ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnDatabaseShareGrantKind"), + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnDatabase"), ConfigVariables: configVariables, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(resourceName, "database_role_name", databaseRoleName), @@ -107,11 +107,11 @@ func TestAcc_GrantPrivilegesToDatabaseRole_OnDatabase_PrivilegesReversed(t *test resource.TestCheckResourceAttr(resourceName, "privileges.2", string(sdk.AccountObjectPrivilegeUsage)), resource.TestCheckResourceAttr(resourceName, "on_database", databaseName), resource.TestCheckResourceAttr(resourceName, "with_grant_option", "true"), - resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|true|false|CREATE SCHEMA,MODIFY,USAGE|OnDatabaseShareGrantKind|%s", databaseRoleName, databaseName)), + resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|true|false|CREATE SCHEMA,MODIFY,USAGE|OnDatabase|%s", databaseRoleName, databaseName)), ), }, { - ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnDatabaseShareGrantKind"), + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnDatabase"), ConfigVariables: configVariables, ResourceName: resourceName, ImportState: true, @@ -524,7 +524,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "privileges.#", "2"), resource.TestCheckResourceAttr(resourceName, "privileges.0", string(sdk.AccountObjectPrivilegeCreateSchema)), resource.TestCheckResourceAttr(resourceName, "privileges.1", string(sdk.AccountObjectPrivilegeModify)), - resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|CREATE SCHEMA,MODIFY|OnDatabaseShareGrantKind|%s", databaseRoleName, databaseName)), + resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|CREATE SCHEMA,MODIFY|OnDatabase|%s", databaseRoleName, databaseName)), ), }, { @@ -540,7 +540,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "privileges.0", string(sdk.AccountObjectPrivilegeCreateSchema)), resource.TestCheckResourceAttr(resourceName, "privileges.1", string(sdk.AccountObjectPrivilegeMonitor)), resource.TestCheckResourceAttr(resourceName, "privileges.2", string(sdk.AccountObjectPrivilegeUsage)), - resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|CREATE SCHEMA,USAGE,MONITOR|OnDatabaseShareGrantKind|%s", databaseRoleName, databaseName)), + resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|CREATE SCHEMA,USAGE,MONITOR|OnDatabase|%s", databaseRoleName, databaseName)), ), }, { @@ -549,7 +549,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges(t *testing.T) { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(resourceName, "all_privileges", "true"), resource.TestCheckResourceAttr(resourceName, "privileges.#", "0"), - resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|ALL|OnDatabaseShareGrantKind|%s", databaseRoleName, databaseName)), + resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|ALL|OnDatabase|%s", databaseRoleName, databaseName)), ), }, { @@ -563,7 +563,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "privileges.#", "2"), resource.TestCheckResourceAttr(resourceName, "privileges.0", string(sdk.AccountObjectPrivilegeModify)), resource.TestCheckResourceAttr(resourceName, "privileges.1", string(sdk.AccountObjectPrivilegeMonitor)), - resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|MODIFY,MONITOR|OnDatabaseShareGrantKind|%s", databaseRoleName, databaseName)), + resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|MODIFY,MONITOR|OnDatabase|%s", databaseRoleName, databaseName)), ), }, }, @@ -691,7 +691,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_AlwaysApply(t *testing.T) { }, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(resourceName, "always_apply", "false"), - resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|ALL|OnDatabaseShareGrantKind|%s", databaseRoleName, databaseName)), + resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|ALL|OnDatabase|%s", databaseRoleName, databaseName)), ), }, { @@ -699,7 +699,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_AlwaysApply(t *testing.T) { ConfigVariables: configVariables(true), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(resourceName, "always_apply", "true"), - resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|true|ALL|OnDatabaseShareGrantKind|%s", databaseRoleName, databaseName)), + resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|true|ALL|OnDatabase|%s", databaseRoleName, databaseName)), ), ExpectNonEmptyPlan: true, }, @@ -713,7 +713,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_AlwaysApply(t *testing.T) { }, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(resourceName, "always_apply", "true"), - resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|true|ALL|OnDatabaseShareGrantKind|%s", databaseRoleName, databaseName)), + resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|true|ALL|OnDatabase|%s", databaseRoleName, databaseName)), ), ExpectNonEmptyPlan: true, }, @@ -727,7 +727,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_AlwaysApply(t *testing.T) { }, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(resourceName, "always_apply", "true"), - resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|true|ALL|OnDatabaseShareGrantKind|%s", databaseRoleName, databaseName)), + resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|true|ALL|OnDatabase|%s", databaseRoleName, databaseName)), ), ExpectNonEmptyPlan: true, }, @@ -741,7 +741,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_AlwaysApply(t *testing.T) { }, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(resourceName, "always_apply", "false"), - resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|ALL|OnDatabaseShareGrantKind|%s", databaseRoleName, databaseName)), + resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|ALL|OnDatabase|%s", databaseRoleName, databaseName)), ), }, }, diff --git a/pkg/resources/grant_privileges_to_database_role_identifier.go b/pkg/resources/grant_privileges_to_database_role_identifier.go index f42f0a260e7..56e4ec2044c 100644 --- a/pkg/resources/grant_privileges_to_database_role_identifier.go +++ b/pkg/resources/grant_privileges_to_database_role_identifier.go @@ -12,7 +12,7 @@ import ( type DatabaseRoleGrantKind string const ( - OnDatabaseDatabaseRoleGrantKind DatabaseRoleGrantKind = "OnDatabaseShareGrantKind" + OnDatabaseDatabaseRoleGrantKind DatabaseRoleGrantKind = "OnDatabase" OnSchemaDatabaseRoleGrantKind DatabaseRoleGrantKind = "OnSchema" OnSchemaObjectDatabaseRoleGrantKind DatabaseRoleGrantKind = "OnSchemaObject" ) diff --git a/pkg/resources/grant_privileges_to_database_role_identifier_test.go b/pkg/resources/grant_privileges_to_database_role_identifier_test.go index d80a25d63ce..ea8cd4404b5 100644 --- a/pkg/resources/grant_privileges_to_database_role_identifier_test.go +++ b/pkg/resources/grant_privileges_to_database_role_identifier_test.go @@ -16,7 +16,7 @@ func TestParseGrantPrivilegesToDatabaseRoleId(t *testing.T) { }{ { Name: "grant database role on database", - Identifier: `"database-name"."database-role"|false|false|CREATE SCHEMA,USAGE,MONITOR|OnDatabaseShareGrantKind|"on-database-name"`, + Identifier: `"database-name"."database-role"|false|false|CREATE SCHEMA,USAGE,MONITOR|OnDatabase|"on-database-name"`, Expected: GrantPrivilegesToDatabaseRoleId{ DatabaseRoleName: sdk.NewDatabaseObjectIdentifier("database-name", "database-role"), WithGrantOption: false, @@ -29,7 +29,7 @@ func TestParseGrantPrivilegesToDatabaseRoleId(t *testing.T) { }, { Name: "grant database role on database - always apply with grant option", - Identifier: `"database-name"."database-role"|true|true|CREATE SCHEMA,USAGE,MONITOR|OnDatabaseShareGrantKind|"on-database-name"`, + Identifier: `"database-name"."database-role"|true|true|CREATE SCHEMA,USAGE,MONITOR|OnDatabase|"on-database-name"`, Expected: GrantPrivilegesToDatabaseRoleId{ DatabaseRoleName: sdk.NewDatabaseObjectIdentifier("database-name", "database-role"), WithGrantOption: true, @@ -43,7 +43,7 @@ func TestParseGrantPrivilegesToDatabaseRoleId(t *testing.T) { }, { Name: "grant database role on database - all privileges", - Identifier: `"database-name"."database-role"|false|false|ALL|OnDatabaseShareGrantKind|"on-database-name"`, + Identifier: `"database-name"."database-role"|false|false|ALL|OnDatabase|"on-database-name"`, Expected: GrantPrivilegesToDatabaseRoleId{ DatabaseRoleName: sdk.NewDatabaseObjectIdentifier("database-name", "database-role"), WithGrantOption: false, @@ -224,8 +224,8 @@ func TestParseGrantPrivilegesToDatabaseRoleId(t *testing.T) { Error: "database role identifier should hold at least 6 parts", }, { - Name: "validation: grant database role not enough parts for OnDatabaseShareGrantKind kind", - Identifier: `"database-name"."role-name"|false|false|CREATE SCHEMA,USAGE,MONITOR|OnDatabaseShareGrantKind`, + Name: "validation: grant database role not enough parts for OnDatabase kind", + Identifier: `"database-name"."role-name"|false|false|CREATE SCHEMA,USAGE,MONITOR|OnDatabase`, Error: "database role identifier should hold at least 6 parts", }, { @@ -265,22 +265,22 @@ func TestParseGrantPrivilegesToDatabaseRoleId(t *testing.T) { }, { Name: "validation: grant database role empty privileges", - Identifier: `"database-name"."database-role"|false|false||OnDatabaseShareGrantKind|"on-database-name"`, + Identifier: `"database-name"."database-role"|false|false||OnDatabase|"on-database-name"`, Error: `invalid Privileges value: , should be either a comma separated list of privileges or "ALL" / "ALL PRIVILEGES" for all privileges`, }, { Name: "validation: grant database role empty with grant option", - Identifier: `"database-name"."database-role"||false|ALL PRIVILEGES|OnDatabaseShareGrantKind|"on-database-name"`, + Identifier: `"database-name"."database-role"||false|ALL PRIVILEGES|OnDatabase|"on-database-name"`, Error: `invalid WithGrantOption value: , should be either "true" or "false"`, }, { Name: "validation: grant database role empty always apply", - Identifier: `"database-name"."database-role"|false||ALL PRIVILEGES|OnDatabaseShareGrantKind|"on-database-name"`, + Identifier: `"database-name"."database-role"|false||ALL PRIVILEGES|OnDatabase|"on-database-name"`, Error: `invalid AlwaysApply value: , should be either "true" or "false"`, }, { Name: "validation: grant database role empty database role name", - Identifier: `|false|false|ALL PRIVILEGES|OnDatabaseShareGrantKind|"on-database-name"`, + Identifier: `|false|false|ALL PRIVILEGES|OnDatabase|"on-database-name"`, Error: "invalid DatabaseRoleName value: , should be a fully qualified name of database object .", }, { @@ -323,7 +323,7 @@ func TestGrantPrivilegesToDatabaseRoleIdString(t *testing.T) { DatabaseName: sdk.NewAccountObjectIdentifier("database-name"), }, }, - Expected: `"database-name"."role-name"|true|true|ALL|OnDatabaseShareGrantKind|"database-name"`, + Expected: `"database-name"."role-name"|true|true|ALL|OnDatabase|"database-name"`, }, { Name: "grant database role on schema on schema", diff --git a/pkg/resources/grant_privileges_to_share.go b/pkg/resources/grant_privileges_to_share.go index 821ae6775c2..ed56cf75957 100644 --- a/pkg/resources/grant_privileges_to_share.go +++ b/pkg/resources/grant_privileges_to_share.go @@ -4,7 +4,6 @@ import ( "context" "database/sql" "fmt" - "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/internal/logging" "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" @@ -28,7 +27,6 @@ var grantPrivilegesToShareSchema = map[string]*schema.Schema{ Required: true, ForceNew: true, Description: "The fully qualified name of the share on which privileges will be granted.", - //ValidateDiagFunc: IsValidIdentifier[sdk.AccountObjectIdentifier](), }, "privileges": { Type: schema.TypeSet, @@ -40,7 +38,7 @@ var grantPrivilegesToShareSchema = map[string]*schema.Schema{ Type: schema.TypeString, Optional: true, ForceNew: true, - Description: "TODO", + Description: "The fully qualified name of the database on which privileges will be granted.", ValidateDiagFunc: IsValidIdentifier[sdk.AccountObjectIdentifier](), ExactlyOneOf: grantPrivilegesToShareGrantExactlyOneOfValidation, }, @@ -48,7 +46,7 @@ var grantPrivilegesToShareSchema = map[string]*schema.Schema{ Type: schema.TypeString, Optional: true, ForceNew: true, - Description: "TODO", + Description: "The fully qualified name of the schema on which privileges will be granted.", ValidateDiagFunc: IsValidIdentifier[sdk.DatabaseObjectIdentifier](), ExactlyOneOf: grantPrivilegesToShareGrantExactlyOneOfValidation, }, @@ -57,7 +55,7 @@ var grantPrivilegesToShareSchema = map[string]*schema.Schema{ // Type: schema.TypeString, // Optional: true, // ForceNew: true, - // Description: "TODO", + // Description: "The fully qualified name of the function on which privileges will be granted.", // ValidateDiagFunc: IsValidIdentifier[sdk.FunctionIdentifier](), // ExactlyOneOf: grantPrivilegesToShareGrantExactlyOneOfValidation, //}, @@ -65,7 +63,7 @@ var grantPrivilegesToShareSchema = map[string]*schema.Schema{ Type: schema.TypeString, Optional: true, ForceNew: true, - Description: "TODO", + Description: "The fully qualified name of the table on which privileges will be granted.", ValidateDiagFunc: IsValidIdentifier[sdk.SchemaObjectIdentifier](), ExactlyOneOf: grantPrivilegesToShareGrantExactlyOneOfValidation, }, @@ -73,7 +71,7 @@ var grantPrivilegesToShareSchema = map[string]*schema.Schema{ Type: schema.TypeString, Optional: true, ForceNew: true, - Description: "TODO", + Description: "The fully qualified identifier for the schema for which the specified privilege will be granted for all tables.", ValidateDiagFunc: IsValidIdentifier[sdk.DatabaseObjectIdentifier](), ExactlyOneOf: grantPrivilegesToShareGrantExactlyOneOfValidation, }, @@ -81,7 +79,7 @@ var grantPrivilegesToShareSchema = map[string]*schema.Schema{ Type: schema.TypeString, Optional: true, ForceNew: true, - Description: "TODO", + Description: "The fully qualified name of the tag on which privileges will be granted.", ValidateDiagFunc: IsValidIdentifier[sdk.SchemaObjectIdentifier](), ExactlyOneOf: grantPrivilegesToShareGrantExactlyOneOfValidation, }, @@ -89,7 +87,7 @@ var grantPrivilegesToShareSchema = map[string]*schema.Schema{ Type: schema.TypeString, Optional: true, ForceNew: true, - Description: "TODO", + Description: "The fully qualified name of the view on which privileges will be granted.", ValidateDiagFunc: IsValidIdentifier[sdk.SchemaObjectIdentifier](), ExactlyOneOf: grantPrivilegesToShareGrantExactlyOneOfValidation, }, @@ -234,7 +232,6 @@ func UpdateGrantPrivilegesToShare(ctx context.Context, d *schema.ResourceData, m } if len(privilegesToRemove) > 0 { - logging.DebugLogger.Printf("[DEBUG] Revoking privileges: %v", privilegesToRemove) err = client.Grants.RevokePrivilegeFromShare( ctx, privilegesToRemove,