fix: function not exist and integration grant

pkg/resources/function.go

@@ -272,8 +272,11 @@ func ReadFunction(d *schema.ResourceData, meta interface{}) error {
 		return err
 	}
 	rows, err := snowflake.Query(db, stmt)
-	if err != nil {
-		return err
+	if err != nil && snowflake.IsResourceNotExistOrNotAuthorized(err.Error(), "Function") {
+		// If not found, mark resource to be removed from statefile during apply or refresh
+		log.Printf("[DEBUG] function (%s) not found or we are not authorized.Err:\n%s", d.Id(), err.Error())
+		d.SetId("")
+		return nil
 	}
 	defer rows.Close()
 	descPropValues, err := snowflake.ScanFunctionDescription(rows)

pkg/resources/grant_helpers.go

@@ -229,15 +229,29 @@ func readGenericGrant(
 		}
 		return err
 	}
+
 	priv := d.Get("privilege").(string)
 	grantOption := d.Get("with_grant_option").(bool)
 
+	var relevantGrants []*grant
+	for _, grant := range grants {
+		if grant.Privilege == priv && grant.GrantOption == grantOption {
+			relevantGrants = append(relevantGrants, grant)
+		}
+	}
+
+	// If no relevant grants, set id to blank and return
+	if len(relevantGrants) == 0 {
+		d.SetId("")
+		return nil
+	}
+
 	// Map of roles to privileges
 	rolePrivileges := map[string]PrivilegeSet{}
 	sharePrivileges := map[string]PrivilegeSet{}
 
 	// List of all grants for each schema_database
-	for _, grant := range grants {
+	for _, grant := range relevantGrants {
 		switch grant.GranteeType {
 		case "ROLE":
 			roleName := grant.GranteeName
@@ -273,6 +287,7 @@ func readGenericGrant(
 	existingRoles := d.Get("roles").(*schema.Set)
 	multipleGrantFeatureFlag := d.Get("enable_multiple_grants").(bool)
 	var roles, shares []string
+
 	// Now see which roles have our privilege
 	for roleName, privileges := range rolePrivileges {
 		// Where priv is not all so it should match exactly
@@ -312,6 +327,7 @@ func readGenericGrant(
 	if err != nil {
 		return err
 	}
+
 	return nil
 }
 

pkg/resources/user.go

@@ -3,7 +3,6 @@ package resources
 import (
 	"database/sql"
 	"log"
-	"regexp"
 	"strings"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
@@ -141,11 +140,6 @@ var userSchema = map[string]*schema.Schema{
 	//    MINS_TO_BYPASS_NETWORK POLICY = <integer>
 }
 
-func isUserNotExistOrNotAuthorized(errorString string) bool {
-	var userNotExistOrNotAuthorizedRegEx, _ = regexp.Compile("SQL compilation error:User '.*' does not exist or not authorized.")
-	return userNotExistOrNotAuthorizedRegEx.MatchString(strings.ReplaceAll(errorString, "\n", ""))
-}
-
 func User() *schema.Resource {
 	return &schema.Resource{
 		Create: CreateUser,
@@ -173,7 +167,7 @@ func ReadUser(d *schema.ResourceData, meta interface{}) error {
 	stmt := snowflake.User(id).Describe()
 	rows, err := snowflake.Query(db, stmt)
 
-	if err != nil && isUserNotExistOrNotAuthorized(err.Error()) {
+	if err != nil && snowflake.IsResourceNotExistOrNotAuthorized(err.Error(), "User") {
 		// If not found, mark resource to be removed from statefile during apply or refresh
 		log.Printf("[DEBUG] user (%s) not found or we are not authorized.Err:\n%s", d.Id(), err.Error())
 		d.SetId("")

pkg/snowflake/errors.go

@@ -1,6 +1,18 @@
 package snowflake
 
+import (
+	"fmt"
+	"regexp"
+	"strings"
+)
+
 // Generic Errors
 var (
 	ErrNoRowInRS = "sql: no rows in result set"
 )
+
+func IsResourceNotExistOrNotAuthorized(errorString string, resourceType string) bool {
+	regexStr := fmt.Sprintf("SQL compilation error:%s '.*' does not exist or not authorized.", resourceType)
+	var userNotExistOrNotAuthorizedRegEx, _ = regexp.Compile(regexStr)
+	return userNotExistOrNotAuthorizedRegEx.MatchString(strings.ReplaceAll(errorString, "\n", ""))
+}