fix: add permissions (#1464)

* add permissions * add permissions
Snowflake-Labs · Jan 10, 2023 · e2d249a · e2d249a
1 parent 5d966fd
commit e2d249a
Show file tree

Hide file tree

Showing 2 changed files with 74 additions and 61 deletions.
diff --git a/pkg/resources/account_grant.go b/pkg/resources/account_grant.go
@@ -13,9 +13,12 @@ var validAccountPrivileges = NewPrivilegeSet(
 	privilegeApplySessionPolicy,
 	privilegeApplyTag,
 	privilegeAttachPolicy,
+	privilegeAudit,
 	privilegeCreateAccount,
+	privilegeCreateCredential,
 	privilegeCreateDatabase,
 	privilegeCreateDataExchangeListing,
+	privilegeCreateFailoverGroup,
 	privilegeCreateIntegration,
 	privilegeCreateNetworkPolicy,
 	privilegeCreateRole,
@@ -25,11 +28,15 @@ var validAccountPrivileges = NewPrivilegeSet(
 	privilegeExecuteTask,
 	privilegeImportShare,
 	privilegeManageGrants,
+	privilegeMonitor,
 	privilegeMonitorUsage,
 	privilegeMonitorExecution,
+	privilegeMonitorSecurity,
 	privilegeOverrideShareRestrictions,
 	privilegeExecuteManagedTask,
 	privilegeOrganizationSupportCases,
+	privilegeProvisionApplication,
+	privilegePurchaseDataExchangeListing,
 	privilegeAccountSupportCases,
 	privilegeUserSupportCases,
 )

diff --git a/pkg/resources/privileges.go b/pkg/resources/privileges.go
@@ -7,67 +7,73 @@ func (p Privilege) String() string {
 }
 
 const (
-	privilegeAccountSupportCases       Privilege = "MANAGE ACCOUNT SUPPORT CASES"
-	privilegeAddSearchOptimization     Privilege = "ADD SEARCH OPTIMIZATION"
-	privilegeApply                     Privilege = "APPLY"
-	privilegeApplyMaskingPolicy        Privilege = "APPLY MASKING POLICY"
-	privilegeApplyPasswordPolicy       Privilege = "APPLY PASSWORD POLICY"
-	privilegeApplyRowAccessPolicy      Privilege = "APPLY ROW ACCESS POLICY"
-	privilegeApplySessionPolicy        Privilege = "APPLY SESSION POLICY"
-	privilegeApplyTag                  Privilege = "APPLY TAG"
-	privilegeAttachPolicy              Privilege = "ATTACH POLICY"
-	privilegeCreateAccount             Privilege = "CREATE ACCOUNT"
-	privilegeCreateDatabase            Privilege = "CREATE DATABASE"
-	privilegeCreateDataExchangeListing Privilege = "CREATE DATA EXCHANGE LISTING"
-	privilegeCreateExternalTable       Privilege = "CREATE EXTERNAL TABLE"
-	privilegeCreateFileFormat          Privilege = "CREATE FILE FORMAT"
-	privilegeCreateFunction            Privilege = "CREATE FUNCTION"
-	privilegeCreateIntegration         Privilege = "CREATE INTEGRATION"
-	privilegeCreateMaskingPolicy       Privilege = "CREATE MASKING POLICY"
-	privilegeCreateMaterializedView    Privilege = "CREATE MATERIALIZED VIEW"
-	privilegeCreateNetworkPolicy       Privilege = "CREATE NETWORK POLICY"
-	privilegeCreatePipe                Privilege = "CREATE PIPE"
-	privilegeCreateProcedure           Privilege = "CREATE PROCEDURE"
-	privilegeCreateRole                Privilege = "CREATE ROLE"
-	privilegeCreateRowAccessPolicy     Privilege = "CREATE ROW ACCESS POLICY"
-	privilegeCreateSchema              Privilege = "CREATE SCHEMA"
-	privilegeCreateSequence            Privilege = "CREATE SEQUENCE"
-	privilegeCreateSessionPolicy       Privilege = "CREATE SESSION POLICY"
-	privilegeCreateShare               Privilege = "CREATE SHARE"
-	privilegeCreateStage               Privilege = "CREATE STAGE"
-	privilegeCreateStream              Privilege = "CREATE STREAM"
-	privilegeCreateTable               Privilege = "CREATE TABLE"
-	privilegeCreateTag                 Privilege = "CREATE TAG"
-	privilegeCreateTask                Privilege = "CREATE TASK"
-	privilegeCreateTemporaryTable      Privilege = "CREATE TEMPORARY TABLE"
-	privilegeCreateUser                Privilege = "CREATE USER"
-	privilegeCreateView                Privilege = "CREATE VIEW"
-	privilegeCreateWarehouse           Privilege = "CREATE WAREHOUSE"
-	privilegeDelete                    Privilege = "DELETE"
-	privilegeExecuteManagedTask        Privilege = "EXECUTE MANAGED TASK"
-	privilegeExecuteTask               Privilege = "EXECUTE TASK"
-	privilegeImportedPrivileges        Privilege = "IMPORTED PRIVILEGES"
-	privilegeImportShare               Privilege = "IMPORT SHARE"
-	privilegeInsert                    Privilege = "INSERT"
-	privilegeManageGrants              Privilege = "MANAGE GRANTS"
-	privilegeModify                    Privilege = "MODIFY"
-	privilegeMonitor                   Privilege = "MONITOR"
-	privilegeMonitorExecution          Privilege = "MONITOR EXECUTION"
-	privilegeMonitorUsage              Privilege = "MONITOR USAGE"
-	privilegeOperate                   Privilege = "OPERATE"
-	privilegeOrganizationSupportCases  Privilege = "MANAGE ORGANIZATION SUPPORT CASES"
-	privilegeOverrideShareRestrictions Privilege = "OVERRIDE SHARE RESTRICTIONS"
-	privilegeOwnership                 Privilege = "OWNERSHIP"
-	privilegeRead                      Privilege = "READ"
-	privilegeRebuild                   Privilege = "REBUILD"
-	privilegeReferences                Privilege = "REFERENCES"
-	privilegeReferenceUsage            Privilege = "REFERENCE_USAGE"
-	privilegeSelect                    Privilege = "SELECT"
-	privilegeTruncate                  Privilege = "TRUNCATE"
-	privilegeUpdate                    Privilege = "UPDATE"
-	privilegeUsage                     Privilege = "USAGE"
-	privilegeUserSupportCases          Privilege = "MANAGE USER SUPPORT CASES"
-	privilegeWrite                     Privilege = "WRITE"
+	privilegeAccountSupportCases         Privilege = "MANAGE ACCOUNT SUPPORT CASES"
+	privilegeAddSearchOptimization       Privilege = "ADD SEARCH OPTIMIZATION"
+	privilegeApply                       Privilege = "APPLY"
+	privilegeApplyMaskingPolicy          Privilege = "APPLY MASKING POLICY"
+	privilegeApplyPasswordPolicy         Privilege = "APPLY PASSWORD POLICY"
+	privilegeApplyRowAccessPolicy        Privilege = "APPLY ROW ACCESS POLICY"
+	privilegeApplySessionPolicy          Privilege = "APPLY SESSION POLICY"
+	privilegeApplyTag                    Privilege = "APPLY TAG"
+	privilegeAttachPolicy                Privilege = "ATTACH POLICY"
+	privilegeAudit                       Privilege = "AUDIT"
+	privilegeCreateAccount               Privilege = "CREATE ACCOUNT"
+	privilegeCreateCredential            Privilege = "CREATE CREDENTIAL" //#nosec G101-- This is a false positive.
+	privilegeCreateDatabase              Privilege = "CREATE DATABASE"
+	privilegeCreateDataExchangeListing   Privilege = "CREATE DATA EXCHANGE LISTING"
+	privilegeCreateExternalTable         Privilege = "CREATE EXTERNAL TABLE"
+	privilegeCreateFailoverGroup         Privilege = "CREATE FAILOVER GROUP"
+	privilegeCreateFileFormat            Privilege = "CREATE FILE FORMAT"
+	privilegeCreateFunction              Privilege = "CREATE FUNCTION"
+	privilegeCreateIntegration           Privilege = "CREATE INTEGRATION"
+	privilegeCreateMaskingPolicy         Privilege = "CREATE MASKING POLICY"
+	privilegeCreateMaterializedView      Privilege = "CREATE MATERIALIZED VIEW"
+	privilegeCreateNetworkPolicy         Privilege = "CREATE NETWORK POLICY"
+	privilegeCreatePipe                  Privilege = "CREATE PIPE"
+	privilegeCreateProcedure             Privilege = "CREATE PROCEDURE"
+	privilegeCreateRole                  Privilege = "CREATE ROLE"
+	privilegeCreateRowAccessPolicy       Privilege = "CREATE ROW ACCESS POLICY"
+	privilegeCreateSchema                Privilege = "CREATE SCHEMA"
+	privilegeCreateSequence              Privilege = "CREATE SEQUENCE"
+	privilegeCreateSessionPolicy         Privilege = "CREATE SESSION POLICY"
+	privilegeCreateShare                 Privilege = "CREATE SHARE"
+	privilegeCreateStage                 Privilege = "CREATE STAGE"
+	privilegeCreateStream                Privilege = "CREATE STREAM"
+	privilegeCreateTable                 Privilege = "CREATE TABLE"
+	privilegeCreateTag                   Privilege = "CREATE TAG"
+	privilegeCreateTask                  Privilege = "CREATE TASK"
+	privilegeCreateTemporaryTable        Privilege = "CREATE TEMPORARY TABLE"
+	privilegeCreateUser                  Privilege = "CREATE USER"
+	privilegeCreateView                  Privilege = "CREATE VIEW"
+	privilegeCreateWarehouse             Privilege = "CREATE WAREHOUSE"
+	privilegeDelete                      Privilege = "DELETE"
+	privilegeExecuteManagedTask          Privilege = "EXECUTE MANAGED TASK"
+	privilegeExecuteTask                 Privilege = "EXECUTE TASK"
+	privilegeImportedPrivileges          Privilege = "IMPORTED PRIVILEGES"
+	privilegeImportShare                 Privilege = "IMPORT SHARE"
+	privilegeInsert                      Privilege = "INSERT"
+	privilegeManageGrants                Privilege = "MANAGE GRANTS"
+	privilegeModify                      Privilege = "MODIFY"
+	privilegeMonitor                     Privilege = "MONITOR"
+	privilegeMonitorExecution            Privilege = "MONITOR EXECUTION"
+	privilegeMonitorSecurity             Privilege = "MONITOR SECURITY"
+	privilegeMonitorUsage                Privilege = "MONITOR USAGE"
+	privilegeOperate                     Privilege = "OPERATE"
+	privilegeOrganizationSupportCases    Privilege = "MANAGE ORGANIZATION SUPPORT CASES"
+	privilegeOverrideShareRestrictions   Privilege = "OVERRIDE SHARE RESTRICTIONS"
+	privilegeOwnership                   Privilege = "OWNERSHIP"
+	privilegeProvisionApplication        Privilege = "PROVISION APPLICATION"
+	privilegePurchaseDataExchangeListing Privilege = "PURCHASE DATA EXCHANGE LISTING"
+	privilegeRead                        Privilege = "READ"
+	privilegeRebuild                     Privilege = "REBUILD"
+	privilegeReferences                  Privilege = "REFERENCES"
+	privilegeReferenceUsage              Privilege = "REFERENCE_USAGE"
+	privilegeSelect                      Privilege = "SELECT"
+	privilegeTruncate                    Privilege = "TRUNCATE"
+	privilegeUpdate                      Privilege = "UPDATE"
+	privilegeUsage                       Privilege = "USAGE"
+	privilegeUserSupportCases            Privilege = "MANAGE USER SUPPORT CASES"
+	privilegeWrite                       Privilege = "WRITE"
 )
 
 type PrivilegeSet map[Privilege]struct{}