From 7753454cf3c5fd1cf676a569eecabd7f5a005d89 Mon Sep 17 00:00:00 2001
From: Josh Elser <joshelser@gmail.com>
Date: Fri, 9 Dec 2022 12:16:41 -0500
Subject: [PATCH] fix: Don't throw an error on unhandled Role Grants

Some preview functionality to Snowflake can result in extra role grants
which can break this provider, e.g. `unknown grantee type ...`. While
it's not a great idea to update this provider with non-public
role grants, it's very helpful to simply ignore the roles that the
provider doesn't currently handle.
---
 pkg/resources/role_grants.go      |  2 +-
 pkg/resources/role_grants_test.go | 36 +++++++++++++++++++++++++++++++
 2 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/pkg/resources/role_grants.go b/pkg/resources/role_grants.go
index 61bb5fb0b6..90de5ccb1a 100644
--- a/pkg/resources/role_grants.go
+++ b/pkg/resources/role_grants.go
@@ -145,7 +145,7 @@ func ReadRoleGrants(d *schema.ResourceData, meta interface{}) error {
 				}
 			}
 		default:
-			return fmt.Errorf("unknown grant type %s", grant.GrantedTo.String)
+			log.Printf("[WARN] Ignoring unknown grant type %s", grant.GrantedTo.String)
 		}
 	}
 
diff --git a/pkg/resources/role_grants_test.go b/pkg/resources/role_grants_test.go
index da09fa9b78..ab8ed61cae 100644
--- a/pkg/resources/role_grants_test.go
+++ b/pkg/resources/role_grants_test.go
@@ -107,3 +107,39 @@ func TestRoleGrantsReadLegacyId(t *testing.T) {
 		r.Len(d.Get("roles").(*schema.Set).List(), 2)
 	})
 }
+
+func expectReadUnhandledRoleGrants(mock sqlmock.Sqlmock) {
+	rows := sqlmock.NewRows([]string{
+		"created_on",
+		"role",
+		"granted_to",
+		"grantee_name",
+		"granted_by",
+	}).
+		AddRow("_", "good_name", "ROLE", "role1", "").
+		AddRow("_", "good_name", "ROLE", "role2", "").
+		AddRow("_", "good_name", "OTHER", "other1", "").
+		AddRow("_", "good_name", "OTHER", "other2", "").
+		AddRow("_", "good_name", "USER", "user1", "").
+		AddRow("_", "good_name", "USER", "user2", "")
+	mock.ExpectQuery(`SHOW GRANTS OF ROLE "good_name"`).WillReturnRows(rows)
+}
+
+func TestIgnoreUnknownRoleGrants(t *testing.T) {
+	r := require.New(t)
+
+	d := roleGrants(t, "good_name||||role1,role2|false", map[string]interface{}{
+		"role_name": "good_name",
+		"roles":     []interface{}{"role1", "role2"},
+		"users":     []interface{}{"user1", "user2"},
+	})
+
+	WithMockDb(t, func(db *sql.DB, mock sqlmock.Sqlmock) {
+		// Make sure that extraneous grants are ignored.
+		expectReadUnhandledRoleGrants(mock)
+		err := resources.ReadRoleGrants(d, db)
+		r.NoError(err)
+		r.Len(d.Get("users").(*schema.Set).List(), 2)
+		r.Len(d.Get("roles").(*schema.Set).List(), 2)
+	})
+}