Skip to content

Commit

Permalink
wip
Browse files Browse the repository at this point in the history
  • Loading branch information
@sfc-gh-jcieslak
sfc-gh-jcieslak committed Jan 29, 2024
1 parent 5385cec commit eac1825
Show file tree
Hide file tree
Showing 18 changed files with 857 additions and 159 deletions.
1 change: 1 addition & 0 deletions pkg/provider/provider.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -448,6 +448,7 @@ func getResources() map[string]*schema.Resource {
"snowflake_grant_privileges_to_role": resources.GrantPrivilegesToRole(),
"snowflake_grant_privileges_to_account_role": resources.GrantPrivilegesToAccountRole(),
"snowflake_grant_privileges_to_database_role": resources.GrantPrivilegesToDatabaseRole(),
"snowflake_grant_privileges_to_share": resources.GrantPrivilegesToShare(),
"snowflake_managed_account": resources.ManagedAccount(),
"snowflake_masking_policy": resources.MaskingPolicy(),
"snowflake_materialized_view": resources.MaterializedView(),
Expand Down
2 changes: 1 addition & 1 deletion pkg/resources/grant_privileges_to_account_role.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -656,7 +656,7 @@ func DeleteGrantPrivilegesToAccountRole(ctx context.Context, d *schema.ResourceD
diag.Diagnostic{
Severity: diag.Error,
Summary: "An error occurred when revoking privileges from account role",
Detail: fmt.Sprintf("Id: %s\nAccount role name: %s\nError: %s", d.Id(), id.RoleName, err.Error()),
Detail: fmt.Sprintf("Id: %s\nAccount role name: %s\nError: %s", d.Id(), id.RoleName.FullyQualifiedName(), err.Error()),
},
}
}
Expand Down
30 changes: 15 additions & 15 deletions pkg/resources/grant_privileges_to_database_role_acceptance_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_OnDatabase(t *testing.T) {
Steps: []resource.TestStep{
{
PreConfig: func() { createDatabaseRoleOutsideTerraform(t, name) },
ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnDatabase"),
ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnDatabaseShareGrantKind"),
ConfigVariables: configVariables,
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr(resourceName, "database_role_name", databaseRoleName),
Expand All @@ -56,11 +56,11 @@ func TestAcc_GrantPrivilegesToDatabaseRole_OnDatabase(t *testing.T) {
resource.TestCheckResourceAttr(resourceName, "privileges.2", string(sdk.AccountObjectPrivilegeUsage)),
resource.TestCheckResourceAttr(resourceName, "on_database", databaseName),
resource.TestCheckResourceAttr(resourceName, "with_grant_option", "true"),
resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|true|false|CREATE SCHEMA,MODIFY,USAGE|OnDatabase|%s", databaseRoleName, databaseName)),
resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|true|false|CREATE SCHEMA,MODIFY,USAGE|OnDatabaseShareGrantKind|%s", databaseRoleName, databaseName)),
),
},
{
ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnDatabase"),
ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnDatabaseShareGrantKind"),
ConfigVariables: configVariables,
ResourceName: resourceName,
ImportState: true,
Expand Down Expand Up @@ -97,7 +97,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_OnDatabase_PrivilegesReversed(t *test
Steps: []resource.TestStep{
{
PreConfig: func() { createDatabaseRoleOutsideTerraform(t, name) },
ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnDatabase"),
ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnDatabaseShareGrantKind"),
ConfigVariables: configVariables,
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr(resourceName, "database_role_name", databaseRoleName),
Expand All @@ -107,11 +107,11 @@ func TestAcc_GrantPrivilegesToDatabaseRole_OnDatabase_PrivilegesReversed(t *test
resource.TestCheckResourceAttr(resourceName, "privileges.2", string(sdk.AccountObjectPrivilegeUsage)),
resource.TestCheckResourceAttr(resourceName, "on_database", databaseName),
resource.TestCheckResourceAttr(resourceName, "with_grant_option", "true"),
resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|true|false|CREATE SCHEMA,MODIFY,USAGE|OnDatabase|%s", databaseRoleName, databaseName)),
resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|true|false|CREATE SCHEMA,MODIFY,USAGE|OnDatabaseShareGrantKind|%s", databaseRoleName, databaseName)),
),
},
{
ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnDatabase"),
ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnDatabaseShareGrantKind"),
ConfigVariables: configVariables,
ResourceName: resourceName,
ImportState: true,
Expand Down Expand Up @@ -524,7 +524,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges(t *testing.T) {
resource.TestCheckResourceAttr(resourceName, "privileges.#", "2"),
resource.TestCheckResourceAttr(resourceName, "privileges.0", string(sdk.AccountObjectPrivilegeCreateSchema)),
resource.TestCheckResourceAttr(resourceName, "privileges.1", string(sdk.AccountObjectPrivilegeModify)),
resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|CREATE SCHEMA,MODIFY|OnDatabase|%s", databaseRoleName, databaseName)),
resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|CREATE SCHEMA,MODIFY|OnDatabaseShareGrantKind|%s", databaseRoleName, databaseName)),
),
},
{
Expand All @@ -540,7 +540,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges(t *testing.T) {
resource.TestCheckResourceAttr(resourceName, "privileges.0", string(sdk.AccountObjectPrivilegeCreateSchema)),
resource.TestCheckResourceAttr(resourceName, "privileges.1", string(sdk.AccountObjectPrivilegeMonitor)),
resource.TestCheckResourceAttr(resourceName, "privileges.2", string(sdk.AccountObjectPrivilegeUsage)),
resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|CREATE SCHEMA,USAGE,MONITOR|OnDatabase|%s", databaseRoleName, databaseName)),
resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|CREATE SCHEMA,USAGE,MONITOR|OnDatabaseShareGrantKind|%s", databaseRoleName, databaseName)),
),
},
{
Expand All @@ -549,7 +549,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges(t *testing.T) {
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr(resourceName, "all_privileges", "true"),
resource.TestCheckResourceAttr(resourceName, "privileges.#", "0"),
resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|ALL|OnDatabase|%s", databaseRoleName, databaseName)),
resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|ALL|OnDatabaseShareGrantKind|%s", databaseRoleName, databaseName)),
),
},
{
Expand All @@ -563,7 +563,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges(t *testing.T) {
resource.TestCheckResourceAttr(resourceName, "privileges.#", "2"),
resource.TestCheckResourceAttr(resourceName, "privileges.0", string(sdk.AccountObjectPrivilegeModify)),
resource.TestCheckResourceAttr(resourceName, "privileges.1", string(sdk.AccountObjectPrivilegeMonitor)),
resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|MODIFY,MONITOR|OnDatabase|%s", databaseRoleName, databaseName)),
resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|MODIFY,MONITOR|OnDatabaseShareGrantKind|%s", databaseRoleName, databaseName)),
),
},
},
Expand Down Expand Up @@ -691,15 +691,15 @@ func TestAcc_GrantPrivilegesToDatabaseRole_AlwaysApply(t *testing.T) {
},
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr(resourceName, "always_apply", "false"),
resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|ALL|OnDatabase|%s", databaseRoleName, databaseName)),
resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|ALL|OnDatabaseShareGrantKind|%s", databaseRoleName, databaseName)),
),
},
{
ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/AlwaysApply"),
ConfigVariables: configVariables(true),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr(resourceName, "always_apply", "true"),
resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|true|ALL|OnDatabase|%s", databaseRoleName, databaseName)),
resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|true|ALL|OnDatabaseShareGrantKind|%s", databaseRoleName, databaseName)),
),
ExpectNonEmptyPlan: true,
},
Expand All @@ -713,7 +713,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_AlwaysApply(t *testing.T) {
},
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr(resourceName, "always_apply", "true"),
resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|true|ALL|OnDatabase|%s", databaseRoleName, databaseName)),
resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|true|ALL|OnDatabaseShareGrantKind|%s", databaseRoleName, databaseName)),
),
ExpectNonEmptyPlan: true,
},
Expand All @@ -727,7 +727,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_AlwaysApply(t *testing.T) {
},
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr(resourceName, "always_apply", "true"),
resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|true|ALL|OnDatabase|%s", databaseRoleName, databaseName)),
resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|true|ALL|OnDatabaseShareGrantKind|%s", databaseRoleName, databaseName)),
),
ExpectNonEmptyPlan: true,
},
Expand All @@ -741,7 +741,7 @@ func TestAcc_GrantPrivilegesToDatabaseRole_AlwaysApply(t *testing.T) {
},
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr(resourceName, "always_apply", "false"),
resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|ALL|OnDatabase|%s", databaseRoleName, databaseName)),
resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|ALL|OnDatabaseShareGrantKind|%s", databaseRoleName, databaseName)),
),
},
},
Expand Down
2 changes: 1 addition & 1 deletion pkg/resources/grant_privileges_to_database_role_identifier.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ import (
type DatabaseRoleGrantKind string

const (
OnDatabaseDatabaseRoleGrantKind DatabaseRoleGrantKind = "OnDatabase"
OnDatabaseDatabaseRoleGrantKind DatabaseRoleGrantKind = "OnDatabaseShareGrantKind"
OnSchemaDatabaseRoleGrantKind DatabaseRoleGrantKind = "OnSchema"
OnSchemaObjectDatabaseRoleGrantKind DatabaseRoleGrantKind = "OnSchemaObject"
)
Expand Down
20 changes: 10 additions & 10 deletions pkg/resources/grant_privileges_to_database_role_identifier_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ func TestParseGrantPrivilegesToDatabaseRoleId(t *testing.T) {
}{
{
Name: "grant database role on database",
Identifier: `"database-name"."database-role"|false|false|CREATE SCHEMA,USAGE,MONITOR|OnDatabase|"on-database-name"`,
Identifier: `"database-name"."database-role"|false|false|CREATE SCHEMA,USAGE,MONITOR|OnDatabaseShareGrantKind|"on-database-name"`,
Expected: GrantPrivilegesToDatabaseRoleId{
DatabaseRoleName: sdk.NewDatabaseObjectIdentifier("database-name", "database-role"),
WithGrantOption: false,
Expand All @@ -29,7 +29,7 @@ func TestParseGrantPrivilegesToDatabaseRoleId(t *testing.T) {
},
{
Name: "grant database role on database - always apply with grant option",
Identifier: `"database-name"."database-role"|true|true|CREATE SCHEMA,USAGE,MONITOR|OnDatabase|"on-database-name"`,
Identifier: `"database-name"."database-role"|true|true|CREATE SCHEMA,USAGE,MONITOR|OnDatabaseShareGrantKind|"on-database-name"`,
Expected: GrantPrivilegesToDatabaseRoleId{
DatabaseRoleName: sdk.NewDatabaseObjectIdentifier("database-name", "database-role"),
WithGrantOption: true,
Expand All @@ -43,7 +43,7 @@ func TestParseGrantPrivilegesToDatabaseRoleId(t *testing.T) {
},
{
Name: "grant database role on database - all privileges",
Identifier: `"database-name"."database-role"|false|false|ALL|OnDatabase|"on-database-name"`,
Identifier: `"database-name"."database-role"|false|false|ALL|OnDatabaseShareGrantKind|"on-database-name"`,
Expected: GrantPrivilegesToDatabaseRoleId{
DatabaseRoleName: sdk.NewDatabaseObjectIdentifier("database-name", "database-role"),
WithGrantOption: false,
Expand Down Expand Up @@ -224,8 +224,8 @@ func TestParseGrantPrivilegesToDatabaseRoleId(t *testing.T) {
Error: "database role identifier should hold at least 6 parts",
},
{
Name: "validation: grant database role not enough parts for OnDatabase kind",
Identifier: `"database-name"."role-name"|false|false|CREATE SCHEMA,USAGE,MONITOR|OnDatabase`,
Name: "validation: grant database role not enough parts for OnDatabaseShareGrantKind kind",
Identifier: `"database-name"."role-name"|false|false|CREATE SCHEMA,USAGE,MONITOR|OnDatabaseShareGrantKind`,
Error: "database role identifier should hold at least 6 parts",
},
{
Expand Down Expand Up @@ -265,22 +265,22 @@ func TestParseGrantPrivilegesToDatabaseRoleId(t *testing.T) {
},
{
Name: "validation: grant database role empty privileges",
Identifier: `"database-name"."database-role"|false|false||OnDatabase|"on-database-name"`,
Identifier: `"database-name"."database-role"|false|false||OnDatabaseShareGrantKind|"on-database-name"`,
Error: `invalid Privileges value: , should be either a comma separated list of privileges or "ALL" / "ALL PRIVILEGES" for all privileges`,
},
{
Name: "validation: grant database role empty with grant option",
Identifier: `"database-name"."database-role"||false|ALL PRIVILEGES|OnDatabase|"on-database-name"`,
Identifier: `"database-name"."database-role"||false|ALL PRIVILEGES|OnDatabaseShareGrantKind|"on-database-name"`,
Error: `invalid WithGrantOption value: , should be either "true" or "false"`,
},
{
Name: "validation: grant database role empty always apply",
Identifier: `"database-name"."database-role"|false||ALL PRIVILEGES|OnDatabase|"on-database-name"`,
Identifier: `"database-name"."database-role"|false||ALL PRIVILEGES|OnDatabaseShareGrantKind|"on-database-name"`,
Error: `invalid AlwaysApply value: , should be either "true" or "false"`,
},
{
Name: "validation: grant database role empty database role name",
Identifier: `|false|false|ALL PRIVILEGES|OnDatabase|"on-database-name"`,
Identifier: `|false|false|ALL PRIVILEGES|OnDatabaseShareGrantKind|"on-database-name"`,
Error: "invalid DatabaseRoleName value: , should be a fully qualified name of database object <database_name>.<name>",
},
{
Expand Down Expand Up @@ -323,7 +323,7 @@ func TestGrantPrivilegesToDatabaseRoleIdString(t *testing.T) {
DatabaseName: sdk.NewAccountObjectIdentifier("database-name"),
},
},
Expected: `"database-name"."role-name"|true|true|ALL|OnDatabase|"database-name"`,
Expected: `"database-name"."role-name"|true|true|ALL|OnDatabaseShareGrantKind|"database-name"`,
},
{
Name: "grant database role on schema on schema",
Expand Down
Loading

0 comments on commit eac1825

Please sign in to comment.