wip

docs/data-sources/account_roles.md

@@ -0,0 +1,43 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "snowflake_account_roles Data Source - terraform-provider-snowflake"
+subcategory: ""
+description: |-
+  
+---
+
+# snowflake_account_roles (Data Source)
+
+
+
+## Example Usage
+
+```terraform
+data "snowflake_account_roles" "all" {
+}
+
+data "snowflake_account_roles" "by_pattern" {
+  pattern = "some_prefix_%"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `pattern` (String) Filters the command output by object name.
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+- `roles` (List of Object) List of all the roles which you can view across your entire account, including the system-defined roles and any custom roles that exist. (see [below for nested schema](#nestedatt--roles))
+
+<a id="nestedatt--roles"></a>
+### Nested Schema for `roles`
+
+Read-Only:
+
+- `comment` (String)
+- `name` (String)
+- `owner` (String)

docs/resources/account_role.md

@@ -0,0 +1,57 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "snowflake_account_role Resource - terraform-provider-snowflake"
+subcategory: ""
+description: |-
+  
+---
+
+# snowflake_account_role (Resource)
+
+
+
+## Example Usage
+
+```terraform
+resource "snowflake_account_role" "role" {
+  name    = "role_name"
+  comment = "comment"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String)
+
+### Optional
+
+- `comment` (String)
+- `tag` (Block List, Deprecated) Definitions of a tag to associate with the resource. (see [below for nested schema](#nestedblock--tag))
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+<a id="nestedblock--tag"></a>
+### Nested Schema for `tag`
+
+Required:
+
+- `name` (String) Tag name, e.g. department.
+- `value` (String) Tag value, e.g. marketing_info.
+
+Optional:
+
+- `database` (String) Name of the database that the tag was created in.
+- `schema` (String) Name of the schema that the tag was created in.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import snowflake_account_role.example roleName
+```

examples/data-sources/snowflake_account_roles/data-source.tf

@@ -0,0 +1,6 @@
+data "snowflake_account_roles" "all" {
+}
+
+data "snowflake_account_roles" "by_pattern" {
+  pattern = "some_prefix_%"
+}

examples/resources/snowflake_account_role/import.sh

@@ -0,0 +1 @@
+terraform import snowflake_account_role.example roleName

examples/resources/snowflake_account_role/resource.tf

@@ -0,0 +1,4 @@
+resource "snowflake_account_role" "role" {
+  name    = "role_name"
+  comment = "comment"
+}

pkg/datasources/account_roles.go

@@ -0,0 +1,95 @@
+package datasources
+
+import (
+	"context"
+	"database/sql"
+	"fmt"
+
+	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+var accountRolesSchema = map[string]*schema.Schema{
+	"pattern": {
+		Type:        schema.TypeString,
+		Optional:    true,
+		Description: "Filters the command output by object name.",
+	},
+	"roles": {
+		Type:        schema.TypeList,
+		Computed:    true,
+		Description: "List of all the roles which you can view across your entire account, including the system-defined roles and any custom roles that exist.",
+		Elem: &schema.Resource{
+			Schema: map[string]*schema.Schema{
+				"name": {
+					Type:        schema.TypeString,
+					Computed:    true,
+					Description: "Identifier for the role.",
+				},
+				"comment": {
+					Type:        schema.TypeString,
+					Computed:    true,
+					Description: "The comment on the role",
+				},
+				"owner": {
+					Type:        schema.TypeString,
+					Computed:    true,
+					Description: "The owner of the role",
+				},
+			},
+		},
+	},
+}
+
+func AccountRoles() *schema.Resource {
+	return &schema.Resource{
+		ReadContext: ReadAccountRoles,
+		Schema:      accountRolesSchema,
+	}
+}
+
+func ReadAccountRoles(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics {
+	db := meta.(*sql.DB)
+	client := sdk.NewClientFromDB(db)
+
+	req := sdk.NewShowRoleRequest()
+	if pattern, ok := d.GetOk("pattern"); ok {
+		req.WithLike(sdk.NewLikeRequest(pattern.(string)))
+	}
+
+	roles, err := client.Roles.Show(ctx, req)
+	if err != nil {
+		d.SetId("")
+		return diag.Diagnostics{
+			diag.Diagnostic{
+				Severity: diag.Error,
+				Summary:  "Failed to show account roles",
+				Detail:   fmt.Sprintf("Search pattern: %v, err: %s", d.Get("pattern").(string), err),
+			},
+		}
+	}
+
+	mappedRoles := make([]map[string]any, len(roles))
+	for i, role := range roles {
+		mappedRoles[i] = map[string]any{
+			"name":    role.Name,
+			"comment": role.Comment,
+			"owner":   role.Owner,
+		}
+	}
+
+	if err := d.Set("roles", mappedRoles); err != nil {
+		return diag.Diagnostics{
+			diag.Diagnostic{
+				Severity: diag.Error,
+				Summary:  "Failed to set roles",
+				Detail:   fmt.Sprintf("Search pattern: %v, err: %s", d.Get("pattern").(string), err),
+			},
+		}
+	}
+
+	d.SetId("roles_read")
+
+	return nil
+}

pkg/datasources/account_roles_acceptance_test.go

@@ -0,0 +1,86 @@
+package datasources_test
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+	"testing"
+
+	acc "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance"
+	"github.com/hashicorp/terraform-plugin-testing/config"
+	"github.com/hashicorp/terraform-plugin-testing/terraform"
+	"github.com/hashicorp/terraform-plugin-testing/tfversion"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+)
+
+func TestAcc_AccountRoles_basic(t *testing.T) {
+	accountRoleNamePrefix := "account_roles_test_prefix_"
+	accountRoleName1 := accountRoleNamePrefix + strings.ToUpper(acctest.RandStringFromCharSet(10, acctest.CharSetAlpha))
+	accountRoleName2 := accountRoleNamePrefix + strings.ToUpper(acctest.RandStringFromCharSet(10, acctest.CharSetAlpha))
+	accountRoleName3 := strings.ToUpper(acctest.RandStringFromCharSet(10, acctest.CharSetAlpha))
+	comment := strings.ToUpper(acctest.RandStringFromCharSet(10, acctest.CharSetAlpha))
+
+	configVariables := config.Variables{
+		"account_role_name_1": config.StringVariable(accountRoleName1),
+		"account_role_name_2": config.StringVariable(accountRoleName2),
+		"account_role_name_3": config.StringVariable(accountRoleName3),
+		"pattern":             config.StringVariable(accountRoleNamePrefix + "%"),
+		"comment":             config.StringVariable(comment),
+	}
+
+	resource.Test(t, resource.TestCase{
+		ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories,
+		PreCheck:                 func() { acc.TestAccPreCheck(t) },
+		TerraformVersionChecks: []tfversion.TerraformVersionCheck{
+			tfversion.RequireAbove(tfversion.Version1_5_0),
+		},
+		Steps: []resource.TestStep{
+			{
+				ConfigDirectory: config.TestNameDirectory(),
+				ConfigVariables: configVariables,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("data.snowflake_account_roles.test", "roles.#", "2"),
+					containsAccountRole(accountRoleName1, comment),
+					containsAccountRole(accountRoleName2, comment),
+					func(state *terraform.State) error {
+						err := containsAccountRole(accountRoleName3, comment)(state)
+						if err.Error() == fmt.Sprintf("role %s not found", accountRoleName3) {
+							return nil
+						}
+						return fmt.Errorf("expected %s not to be present", accountRoleName3)
+					},
+				),
+			},
+		},
+	})
+}
+
+func containsAccountRole(name string, comment string) func(s *terraform.State) error {
+	return func(s *terraform.State) error {
+		for _, rs := range s.RootModule().Resources {
+			if rs.Type != "snowflake_account_roles" {
+				continue
+			}
+
+			iter, err := strconv.ParseInt(rs.Primary.Attributes["roles.#"], 10, 32)
+			if err != nil {
+				return err
+			}
+
+			for i := 0; i < int(iter); i++ {
+				if rs.Primary.Attributes[fmt.Sprintf("roles.%d.name", i)] == name {
+					actualComment := rs.Primary.Attributes[fmt.Sprintf("roles.%d.comment", i)]
+					if actualComment != comment {
+						return fmt.Errorf("expected comment: %s, but got: %s", comment, actualComment)
+					}
+
+					return nil
+				}
+			}
+		}
+
+		return fmt.Errorf("role %s not found", name)
+	}
+}

pkg/datasources/role.go

@@ -25,8 +25,9 @@ var roleSchema = map[string]*schema.Schema{
 // Role Snowflake Role resource.
 func Role() *schema.Resource {
 	return &schema.Resource{
-		Read:   ReadRole,
-		Schema: roleSchema,
+		Read:               ReadRole,
+		Schema:             roleSchema,
+		DeprecationMessage: "This resource is deprecated and will be removed in a future major version release. Please use snowflake_account_roles instead.",
 		Importer: &schema.ResourceImporter{
 			StateContext: schema.ImportStatePassthroughContext,
 		},