From 88bc45dec511772f52531b9ff3578d9088f5ddcf Mon Sep 17 00:00:00 2001 From: Scott Winkler Date: Thu, 20 Jul 2023 17:39:15 -0700 Subject: [PATCH 1/3] external table grant --- pkg/resources/grant_privileges_to_role.go | 6 +- ...rant_privileges_to_role_acceptance_test.go | 51 ++++- pkg/sdk/grants.go | 11 +- pkg/sdk/grants_integration_test.go | 40 ++++ pkg/sdk/object_types.go | 189 ++++++++++++------ 5 files changed, 227 insertions(+), 70 deletions(-) diff --git a/pkg/resources/grant_privileges_to_role.go b/pkg/resources/grant_privileges_to_role.go index 410d747b47..04197db89a 100644 --- a/pkg/resources/grant_privileges_to_role.go +++ b/pkg/resources/grant_privileges_to_role.go @@ -140,6 +140,7 @@ var grantPrivilegesToRoleSchema = map[string]*schema.Schema{ "STAGE", "STREAM", "TABLE", + "EXTERNAL TABLE", "TASK", "VIEW", "MATERIALIZED VIEW", @@ -183,6 +184,7 @@ var grantPrivilegesToRoleSchema = map[string]*schema.Schema{ "STAGES", "STREAMS", "TABLES", + "EXTERNAL TABLES", "TASKS", "VIEWS", "MATERIALIZED VIEWS", @@ -235,6 +237,7 @@ var grantPrivilegesToRoleSchema = map[string]*schema.Schema{ "STAGES", "STREAMS", "TABLES", + "EXTERNAL TABLES", "TASKS", "VIEWS", "MATERIALIZED VIEWS", @@ -842,7 +845,8 @@ func readAccountRoleGrantPrivileges(ctx context.Context, client *sdk.Client, gra if !id.Future && grant.GrantedBy.Name() == "" { continue } - if grantedOn == grant.GrantedOn { + // grant_on is for future grants, granted_on is for current grants. They function the same way though in a test for matching the object type + if grantedOn == grant.GrantedOn || grantedOn == grant.GrantOn { privileges = append(privileges, grant.Privilege) } } diff --git a/pkg/resources/grant_privileges_to_role_acceptance_test.go b/pkg/resources/grant_privileges_to_role_acceptance_test.go index 749880c633..c6f1f35232 100644 --- a/pkg/resources/grant_privileges_to_role_acceptance_test.go +++ b/pkg/resources/grant_privileges_to_role_acceptance_test.go @@ -763,13 +763,13 @@ func grantPrivilegesToRole_onSchemaObject_futureInSchema(name string, privileges func TestAccGrantPrivilegesToRole_onSchemaObject_futureInDatabase(t *testing.T) { name := strings.ToUpper(acctest.RandStringFromCharSet(10, acctest.CharSetAlpha)) - + objectType := "TABLES" resource.ParallelTest(t, resource.TestCase{ Providers: providers(), CheckDestroy: nil, Steps: []resource.TestStep{ { - Config: grantPrivilegesToRole_onSchemaObject_futureInDatabase(name, []string{"SELECT", "REFERENCES"}), + Config: grantPrivilegesToRole_onSchemaObject_futureInDatabase(name, objectType, []string{"SELECT", "REFERENCES"}), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("snowflake_grant_privileges_to_role.g", "role_name", name), resource.TestCheckResourceAttr("snowflake_grant_privileges_to_role.g", "on_schema_object.#", "1"), @@ -783,7 +783,7 @@ func TestAccGrantPrivilegesToRole_onSchemaObject_futureInDatabase(t *testing.T) }, // REMOVE PRIVILEGE { - Config: grantPrivilegesToRole_onSchemaObject_futureInDatabase(name, []string{"SELECT"}), + Config: grantPrivilegesToRole_onSchemaObject_futureInDatabase(name, objectType, []string{"SELECT"}), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("snowflake_grant_privileges_to_role.g", "role_name", name), resource.TestCheckResourceAttr("snowflake_grant_privileges_to_role.g", "privileges.#", "1"), @@ -800,7 +800,7 @@ func TestAccGrantPrivilegesToRole_onSchemaObject_futureInDatabase(t *testing.T) }) } -func grantPrivilegesToRole_onSchemaObject_futureInDatabase(name string, privileges []string) string { +func grantPrivilegesToRole_onSchemaObject_futureInDatabase(name string, objectType string, privileges []string) string { doubleQuotePrivileges := make([]string, len(privileges)) for i, p := range privileges { doubleQuotePrivileges[i] = fmt.Sprintf(`"%v"`, p) @@ -826,12 +826,12 @@ func grantPrivilegesToRole_onSchemaObject_futureInDatabase(name string, privileg privileges = [%s] on_schema_object { future { - object_type_plural = "TABLES" + object_type_plural = "%s" in_database = snowflake_database.d.name } } } - `, name, name, name, privilegesString) + `, name, name, name, privilegesString, objectType) } func TestAccGrantPrivilegesToRole_multipleResources(t *testing.T) { @@ -901,3 +901,42 @@ func grantPrivilegesToRole_multipleResources(name string, privileges1, privilege } `, name, privilegesString1, privilegesString2) } + +func TestAccGrantPrivilegesToRole_onSchemaObject_futureInDatabase_externalTable(t *testing.T) { + name := strings.ToUpper(acctest.RandStringFromCharSet(10, acctest.CharSetAlpha)) + objectType := "EXTERNAL TABLES" + resource.ParallelTest(t, resource.TestCase{ + Providers: providers(), + CheckDestroy: nil, + Steps: []resource.TestStep{ + { + Config: grantPrivilegesToRole_onSchemaObject_futureInDatabase(name, objectType, []string{"SELECT", "REFERENCES"}), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("snowflake_grant_privileges_to_role.g", "role_name", name), + resource.TestCheckResourceAttr("snowflake_grant_privileges_to_role.g", "on_schema_object.#", "1"), + resource.TestCheckResourceAttr("snowflake_grant_privileges_to_role.g", "on_schema_object.0.future.#", "1"), + resource.TestCheckResourceAttr("snowflake_grant_privileges_to_role.g", "on_schema_object.0.future.0.object_type_plural", "EXTERNAL TABLES"), + resource.TestCheckResourceAttr("snowflake_grant_privileges_to_role.g", "on_schema_object.0.future.0.in_database", name), + resource.TestCheckResourceAttr("snowflake_grant_privileges_to_role.g", "privileges.#", "2"), + resource.TestCheckResourceAttr("snowflake_grant_privileges_to_role.g", "privileges.0", "REFERENCES"), + resource.TestCheckResourceAttr("snowflake_grant_privileges_to_role.g", "privileges.1", "SELECT"), + ), + }, + // REMOVE PRIVILEGE + { + Config: grantPrivilegesToRole_onSchemaObject_futureInDatabase(name, objectType, []string{"SELECT"}), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("snowflake_grant_privileges_to_role.g", "role_name", name), + resource.TestCheckResourceAttr("snowflake_grant_privileges_to_role.g", "privileges.#", "1"), + resource.TestCheckResourceAttr("snowflake_grant_privileges_to_role.g", "privileges.0", "SELECT"), + ), + }, + // IMPORT + { + ResourceName: "snowflake_grant_privileges_to_role.g", + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} diff --git a/pkg/sdk/grants.go b/pkg/sdk/grants.go index c6977940b6..5bc3f9e9b9 100644 --- a/pkg/sdk/grants.go +++ b/pkg/sdk/grants.go @@ -26,6 +26,7 @@ type Grant struct { CreatedOn time.Time Privilege string GrantedOn ObjectType + GrantOn ObjectType Name ObjectIdentifier GrantedTo ObjectType GranteeName AccountObjectIdentifier @@ -50,7 +51,7 @@ type grantRow struct { } func (row *grantRow) toGrant() (*Grant, error) { - grantedTo := ObjectType(row.GrantedTo) + grantedTo := ObjectType(strings.ReplaceAll(row.GrantedTo, "_", " ")) granteeName := NewAccountObjectIdentifier(row.GranteeName) if grantedTo == ObjectTypeShare { parts := strings.Split(row.GranteeName, ".") @@ -60,16 +61,20 @@ func (row *grantRow) toGrant() (*Grant, error) { grant := &Grant{ CreatedOn: row.CreatedOn, Privilege: row.Privilege, - GrantedOn: ObjectType(row.GrantedOn), GrantedTo: grantedTo, Name: NewAccountObjectIdentifier(strings.Trim(row.Name, "\"")), GranteeName: granteeName, GrantOption: row.GrantOption, GrantedBy: NewAccountObjectIdentifier(row.GrantedBy), } + + // true for current grants + if row.GrantedOn != "" { + grant.GrantedOn = ObjectType(strings.ReplaceAll(row.GrantedOn, "_", " ")) + } // true for future grants if row.GrantOn != "" { - grant.GrantedOn = ObjectType(row.GrantOn) + grant.GrantOn = ObjectType(strings.ReplaceAll(row.GrantOn, "_", " ")) } return grant, nil } diff --git a/pkg/sdk/grants_integration_test.go b/pkg/sdk/grants_integration_test.go index 15ab065d40..e011ebc042 100644 --- a/pkg/sdk/grants_integration_test.go +++ b/pkg/sdk/grants_integration_test.go @@ -174,6 +174,46 @@ func TestInt_GrantAndRevokePrivilegesToAccountRole(t *testing.T) { require.NoError(t, err) assert.Equal(t, 0, len(grants)) }) + + t.Run("on future schema object", func(t *testing.T) { + roleTest, roleCleanup := createRole(t, client) + t.Cleanup(roleCleanup) + databaseTest, databaseCleanup := createDatabase(t, client) + t.Cleanup(databaseCleanup) + privileges := &AccountRoleGrantPrivileges{ + SchemaObjectPrivileges: []SchemaObjectPrivilege{SchemaObjectPrivilegeSelect}, + } + on := &AccountRoleGrantOn{ + SchemaObject: &GrantOnSchemaObject{ + Future: &GrantOnSchemaObjectIn{ + PluralObjectType: PluralObjectTypeExternalTables, + InDatabase: Pointer(databaseTest.ID()), + }, + }, + } + err := client.Grants.GrantPrivilegesToAccountRole(ctx, privileges, on, roleTest.ID(), nil) + require.NoError(t, err) + grants, err := client.Grants.Show(ctx, &ShowGrantOptions{ + Future: Bool(true), + To: &ShowGrantsTo{ + Role: roleTest.ID(), + }, + }) + require.NoError(t, err) + assert.Equal(t, 1, len(grants)) + assert.Equal(t, SchemaObjectPrivilegeSelect.String(), grants[0].Privilege) + + // now revoke and verify that the grant(s) are gone + err = client.Grants.RevokePrivilegesFromAccountRole(ctx, privileges, on, roleTest.ID(), nil) + require.NoError(t, err) + grants, err = client.Grants.Show(ctx, &ShowGrantOptions{ + To: &ShowGrantsTo{ + Role: roleTest.ID(), + }, + }) + require.NoError(t, err) + assert.Equal(t, 0, len(grants)) + }) } func TestInt_GrantPrivilegeToShare(t *testing.T) { diff --git a/pkg/sdk/object_types.go b/pkg/sdk/object_types.go index 72798cbdb1..eabf7a1a02 100644 --- a/pkg/sdk/object_types.go +++ b/pkg/sdk/object_types.go @@ -16,27 +16,48 @@ type Object struct { type ObjectType string const ( - ObjectTypeAccount ObjectType = "ACCOUNT" - ObjectTypeAlert ObjectType = "ALERT" - ObjectTypeAccountParameter ObjectType = "ACCOUNT PARAMETER" - ObjectTypeDatabase ObjectType = "DATABASE" - ObjectTypeFailoverGroup ObjectType = "FAILOVER GROUP" - ObjectTypeFileFormat ObjectType = "FILE FORMAT" - ObjectTypeIntegration ObjectType = "INTEGRATION" - ObjectTypeMaskingPolicy ObjectType = "MASKING POLICY" - ObjectTypeNetworkPolicy ObjectType = "NETWORK POLICY" - ObjectTypePasswordPolicy ObjectType = "PASSWORD POLICY" - ObjectTypeReplicationGroup ObjectType = "REPLICATION GROUP" - ObjectTypeResourceMonitor ObjectType = "RESOURCE MONITOR" - ObjectTypeRole ObjectType = "ROLE" - ObjectTypeSchema ObjectType = "SCHEMA" - ObjectTypeSessionPolicy ObjectType = "SESSION POLICY" - ObjectTypeShare ObjectType = "SHARE" - ObjectTypeTable ObjectType = "TABLE" - ObjectTypeTag ObjectType = "TAG" - ObjectTypeTask ObjectType = "TASK" - ObjectTypeUser ObjectType = "USER" - ObjectTypeWarehouse ObjectType = "WAREHOUSE" + ObjectTypeAccount ObjectType = "ACCOUNT" + ObjectTypeManagedAccount ObjectType = "MANAGED ACCOUNT" + ObjectTypeUser ObjectType = "USER" + ObjectTypeDatabaseRole ObjectType = "DATABASE ROLE" + ObjectTypeRole ObjectType = "ROLE" + ObjectTypeIntegration ObjectType = "INTEGRATION" + ObjectTypeNetworkPolicy ObjectType = "NETWORK POLICY" + ObjectTypePasswordPolicy ObjectType = "PASSWORD POLICY" + ObjectTypeSessionPolicy ObjectType = "SESSION POLICY" + ObjectTypeReplicationGroup ObjectType = "REPLICATION GROUP" + ObjectTypeFailoverGroup ObjectType = "FAILOVER GROUP" + ObjectTypeConnection ObjectType = "CONNECTION" + ObjectTypeParameter ObjectType = "PARAMETER" + ObjectTypeWarehouse ObjectType = "WAREHOUSE" + ObjectTypeResourceMonitor ObjectType = "RESOURCE MONITOR" + ObjectTypeDatabase ObjectType = "DATABASE" + ObjectTypeSchema ObjectType = "SCHEMA" + ObjectTypeShare ObjectType = "SHARE" + ObjectTypeTable ObjectType = "TABLE" + ObjectTypeDynamicTable ObjectType = "DYNAMIC TABLE" + ObjectTypeExternalTable ObjectType = "EXTERNAL TABLE" + ObjectTypeEventTable ObjectType = "EVENT TABLE" + ObjectTypeView ObjectType = "VIEW" + ObjectTypeMaterializedView ObjectType = "MATERIALIZED VIEW" + ObjectTypeSequence ObjectType = "SEQUENCE" + ObjectTypeFunction ObjectType = "FUNCTION" + ObjectTypeExternalFunction ObjectType = "EXTERNAL FUNCTION" + ObjectTypeProcedure ObjectType = "PROCEDURE" + ObjectTypeStream ObjectType = "STREAM" + ObjectTypeTask ObjectType = "TASK" + ObjectTypeMaskingPolicy ObjectType = "MASKING POLICY" + ObjectTypeRowAccessPolicy ObjectType = "ROW ACCESS POLICY" + ObjectTypeTag ObjectType = "TAG" + ObjectTypeSecret ObjectType = "SECRET" + ObjectTypeStage ObjectType = "STAGE" + ObjectTypeFileFormat ObjectType = "FILE FORMAT" + ObjectTypePipe ObjectType = "PIPE" + ObjectTypeAlert ObjectType = "ALERT" + ObjectTypeApplication ObjectType = "APPLICATION" + ObjectTypeApplicationPackage ObjectType = "APPLICATION PACKAGE" + ObjectTypeApplicationRole ObjectType = "APPLICATION ROLE" + ObjectTypeStreamlit ObjectType = "STREAMLIT" ) func (o ObjectType) String() string { @@ -45,24 +66,48 @@ func (o ObjectType) String() string { func objectTypeSingularToPluralMap() map[ObjectType]PluralObjectType { return map[ObjectType]PluralObjectType{ - ObjectTypeAccountParameter: PluralObjectTypeAccountParameters, - ObjectTypeDatabase: PluralObjectTypeDatabases, - ObjectTypeFailoverGroup: PluralObjectTypeTypeFailoverGroups, - ObjectTypeIntegration: PluralObjectTypeIntegrations, - ObjectTypeMaskingPolicy: PluralObjectTypeMaskingPolicies, - ObjectTypeNetworkPolicy: PluralObjectTypeNetworkPolicies, - ObjectTypePasswordPolicy: PluralObjectTypePasswordPolicies, - ObjectTypeReplicationGroup: PluralObjectTypeReplicationGroups, - ObjectTypeResourceMonitor: PluralObjectTypeResourceMonitors, - ObjectTypeRole: PluralObjectTypeRoles, - ObjectTypeSchema: PluralObjectTypeSchemas, - ObjectTypeSessionPolicy: PluralObjectTypeSessionPolicies, - ObjectTypeShare: PluralObjectTypeShares, - ObjectTypeTable: PluralObjectTypeTables, - ObjectTypeTag: PluralObjectTypeTags, - ObjectTypeTask: PluralObjectTypeTasks, - ObjectTypeUser: PluralObjectTypeUsers, - ObjectTypeWarehouse: PluralObjectTypeWarehouses, + ObjectTypeAccount: PluralObjectTypeAccounts, + ObjectTypeManagedAccount: PluralObjectTypeManagedAccounts, + ObjectTypeUser: PluralObjectTypeUsers, + ObjectTypeDatabaseRole: PluralObjectTypeDatabaseRoles, + ObjectTypeRole: PluralObjectTypeRoles, + ObjectTypeIntegration: PluralObjectTypeIntegrations, + ObjectTypeNetworkPolicy: PluralObjectTypeNetworkPolicies, + ObjectTypePasswordPolicy: PluralObjectTypePasswordPolicies, + ObjectTypeSessionPolicy: PluralObjectTypeSessionPolicies, + ObjectTypeReplicationGroup: PluralObjectTypeReplicationGroups, + ObjectTypeFailoverGroup: PluralObjectTypeFailoverGroups, + ObjectTypeConnection: PluralObjectTypeConnections, + ObjectTypeParameter: PluralObjectTypeParameters, + ObjectTypeWarehouse: PluralObjectTypeWarehouses, + ObjectTypeResourceMonitor: PluralObjectTypeResourceMonitors, + ObjectTypeDatabase: PluralObjectTypeDatabases, + ObjectTypeSchema: PluralObjectTypeSchemas, + ObjectTypeShare: PluralObjectTypeShares, + ObjectTypeTable: PluralObjectTypeTables, + ObjectTypeDynamicTable: PluralObjectTypeDynamicTables, + ObjectTypeExternalTable: PluralObjectTypeExternalTables, + ObjectTypeEventTable: PluralObjectTypeEventTables, + ObjectTypeView: PluralObjectTypeViews, + ObjectTypeMaterializedView: PluralObjectTypeMaterializedViews, + ObjectTypeSequence: PluralObjectTypeSequences, + ObjectTypeFunction: PluralObjectTypeFunctions, + ObjectTypeExternalFunction: PluralObjectTypeExternalFunctions, + ObjectTypeProcedure: PluralObjectTypeProcedures, + ObjectTypeStream: PluralObjectTypeStreams, + ObjectTypeTask: PluralObjectTypeTasks, + ObjectTypeMaskingPolicy: PluralObjectTypeMaskingPolicies, + ObjectTypeRowAccessPolicy: PluralObjectTypeRowAccessPolicies, + ObjectTypeTag: PluralObjectTypeTags, + ObjectTypeSecret: PluralObjectTypeSecrets, + ObjectTypeStage: PluralObjectTypeStages, + ObjectTypeFileFormat: PluralObjectTypeFileFormats, + ObjectTypePipe: PluralObjectTypePipes, + ObjectTypeAlert: PluralObjectTypeAlerts, + ObjectTypeApplication: PluralObjectTypeApplications, + ObjectTypeApplicationPackage: PluralObjectTypeApplicationPackages, + ObjectTypeApplicationRole: PluralObjectTypeApplicationRoles, + ObjectTypeStreamlit: PluralObjectTypeStreamlits, } } @@ -83,8 +128,8 @@ func (o ObjectType) Plural() PluralObjectType { // GetObjectIdentifier returns the ObjectIdentifier for the ObjectType and fully qualified name. func (o ObjectType) GetObjectIdentifier(fullyQualifiedName string) ObjectIdentifier { - accountIdentifiers := []ObjectType{ - ObjectTypeAccountParameter, + accountObjectIdentifiers := []ObjectType{ + ObjectTypeParameter, ObjectTypeDatabase, ObjectTypeFailoverGroup, ObjectTypeIntegration, @@ -94,7 +139,7 @@ func (o ObjectType) GetObjectIdentifier(fullyQualifiedName string) ObjectIdentif ObjectTypeUser, ObjectTypeWarehouse, } - if slices.Contains(accountIdentifiers, o) { + if slices.Contains(accountObjectIdentifiers, o) { return NewAccountObjectIdentifier(fullyQualifiedName) } parts := strings.Split(fullyQualifiedName, ".") @@ -111,24 +156,48 @@ func (o ObjectType) GetObjectIdentifier(fullyQualifiedName string) ObjectIdentif type PluralObjectType string const ( - PluralObjectTypeAccountParameters PluralObjectType = "ACCOUNT PARAMETERS" - PluralObjectTypeDatabases PluralObjectType = "DATABASES" - PluralObjectTypeTypeFailoverGroups PluralObjectType = "FAILOVER GROUPS" - PluralObjectTypeIntegrations PluralObjectType = "INTEGRATIONS" - PluralObjectTypeMaskingPolicies PluralObjectType = "MASKING POLICIES" - PluralObjectTypeNetworkPolicies PluralObjectType = "NETWORK POLICIES" - PluralObjectTypePasswordPolicies PluralObjectType = "PASSWORD POLICIES" - PluralObjectTypeReplicationGroups PluralObjectType = "REPLICATION GROUPS" - PluralObjectTypeResourceMonitors PluralObjectType = "RESOURCE MONITORS" - PluralObjectTypeRoles PluralObjectType = "ROLES" - PluralObjectTypeSchemas PluralObjectType = "SCHEMAS" - PluralObjectTypeSessionPolicies PluralObjectType = "SESSION POLICIES" - PluralObjectTypeShares PluralObjectType = "SHARES" - PluralObjectTypeTables PluralObjectType = "TABLES" - PluralObjectTypeTags PluralObjectType = "TAGS" - PluralObjectTypeTasks PluralObjectType = "TASKS" - PluralObjectTypeUsers PluralObjectType = "USERS" - PluralObjectTypeWarehouses PluralObjectType = "WAREHOUSES" + PluralObjectTypeAccounts = "ACCOUNTS" + PluralObjectTypeManagedAccounts = "MANAGED ACCOUNTS" + PluralObjectTypeUsers = "USERS" + PluralObjectTypeDatabaseRoles = "DATABASE ROLES" + PluralObjectTypeRoles = "ROLES" + PluralObjectTypeIntegrations = "INTEGRATIONS" + PluralObjectTypeNetworkPolicies = "NETWORK POLICIES" + PluralObjectTypePasswordPolicies = "PASSWORD POLICIES" + PluralObjectTypeSessionPolicies = "SESSION POLICIES" + PluralObjectTypeReplicationGroups = "REPLICATION GROUPS" + PluralObjectTypeFailoverGroups = "FAILOVER GROUPS" + PluralObjectTypeConnections = "CONNECTIONS" + PluralObjectTypeParameters = "PARAMETERS" + PluralObjectTypeWarehouses = "WAREHOUSES" + PluralObjectTypeResourceMonitors = "RESOURCE MONITORS" + PluralObjectTypeDatabases = "DATABASES" + PluralObjectTypeSchemas = "SCHEMAS" + PluralObjectTypeShares = "SHARES" + PluralObjectTypeTables = "TABLES" + PluralObjectTypeDynamicTables = "DYNAMIC TABLES" + PluralObjectTypeExternalTables = "EXTERNAL TABLES" + PluralObjectTypeEventTables = "EVENT TABLES" + PluralObjectTypeViews = "VIEWS" + PluralObjectTypeMaterializedViews = "MATERIALIZED VIEWS" + PluralObjectTypeSequences = "SEQUENCES" + PluralObjectTypeFunctions = "FUNCTIONS" + PluralObjectTypeExternalFunctions = "EXTERNAL FUNCTIONS" + PluralObjectTypeProcedures = "PROCEDURES" + PluralObjectTypeStreams = "STREAMS" + PluralObjectTypeTasks = "TASKS" + PluralObjectTypeMaskingPolicies = "MASKING POLICIES" + PluralObjectTypeRowAccessPolicies = "ROW ACCESS POLICIES" + PluralObjectTypeTags = "TAGS" + PluralObjectTypeSecrets = "SECRETS" + PluralObjectTypeStages = "STAGES" + PluralObjectTypeFileFormats = "FILE FORMATS" + PluralObjectTypePipes = "PIPES" + PluralObjectTypeAlerts = "ALERTS" + PluralObjectTypeApplications = "APPLICATIONS" + PluralObjectTypeApplicationPackages = "APPLICATION PACKAGES" + PluralObjectTypeApplicationRoles = "APPLICATION ROLES" + PluralObjectTypeStreamlits = "STREAMLITS" ) func (p PluralObjectType) String() string { From 1456b9a4dd89c36d2a741642a3981e66655d5372 Mon Sep 17 00:00:00 2001 From: Scott Winkler Date: Tue, 25 Jul 2023 14:47:55 -0700 Subject: [PATCH 2/3] add type signature --- pkg/sdk/object_types.go | 84 ++++++++++++++++++++--------------------- 1 file changed, 42 insertions(+), 42 deletions(-) diff --git a/pkg/sdk/object_types.go b/pkg/sdk/object_types.go index eabf7a1a02..102c4f00c9 100644 --- a/pkg/sdk/object_types.go +++ b/pkg/sdk/object_types.go @@ -156,48 +156,48 @@ func (o ObjectType) GetObjectIdentifier(fullyQualifiedName string) ObjectIdentif type PluralObjectType string const ( - PluralObjectTypeAccounts = "ACCOUNTS" - PluralObjectTypeManagedAccounts = "MANAGED ACCOUNTS" - PluralObjectTypeUsers = "USERS" - PluralObjectTypeDatabaseRoles = "DATABASE ROLES" - PluralObjectTypeRoles = "ROLES" - PluralObjectTypeIntegrations = "INTEGRATIONS" - PluralObjectTypeNetworkPolicies = "NETWORK POLICIES" - PluralObjectTypePasswordPolicies = "PASSWORD POLICIES" - PluralObjectTypeSessionPolicies = "SESSION POLICIES" - PluralObjectTypeReplicationGroups = "REPLICATION GROUPS" - PluralObjectTypeFailoverGroups = "FAILOVER GROUPS" - PluralObjectTypeConnections = "CONNECTIONS" - PluralObjectTypeParameters = "PARAMETERS" - PluralObjectTypeWarehouses = "WAREHOUSES" - PluralObjectTypeResourceMonitors = "RESOURCE MONITORS" - PluralObjectTypeDatabases = "DATABASES" - PluralObjectTypeSchemas = "SCHEMAS" - PluralObjectTypeShares = "SHARES" - PluralObjectTypeTables = "TABLES" - PluralObjectTypeDynamicTables = "DYNAMIC TABLES" - PluralObjectTypeExternalTables = "EXTERNAL TABLES" - PluralObjectTypeEventTables = "EVENT TABLES" - PluralObjectTypeViews = "VIEWS" - PluralObjectTypeMaterializedViews = "MATERIALIZED VIEWS" - PluralObjectTypeSequences = "SEQUENCES" - PluralObjectTypeFunctions = "FUNCTIONS" - PluralObjectTypeExternalFunctions = "EXTERNAL FUNCTIONS" - PluralObjectTypeProcedures = "PROCEDURES" - PluralObjectTypeStreams = "STREAMS" - PluralObjectTypeTasks = "TASKS" - PluralObjectTypeMaskingPolicies = "MASKING POLICIES" - PluralObjectTypeRowAccessPolicies = "ROW ACCESS POLICIES" - PluralObjectTypeTags = "TAGS" - PluralObjectTypeSecrets = "SECRETS" - PluralObjectTypeStages = "STAGES" - PluralObjectTypeFileFormats = "FILE FORMATS" - PluralObjectTypePipes = "PIPES" - PluralObjectTypeAlerts = "ALERTS" - PluralObjectTypeApplications = "APPLICATIONS" - PluralObjectTypeApplicationPackages = "APPLICATION PACKAGES" - PluralObjectTypeApplicationRoles = "APPLICATION ROLES" - PluralObjectTypeStreamlits = "STREAMLITS" + PluralObjectTypeAccounts PluralObjectType = "ACCOUNTS" + PluralObjectTypeManagedAccounts PluralObjectType = "MANAGED ACCOUNTS" + PluralObjectTypeUsers PluralObjectType = "USERS" + PluralObjectTypeDatabaseRoles PluralObjectType = "DATABASE ROLES" + PluralObjectTypeRoles PluralObjectType = "ROLES" + PluralObjectTypeIntegrations PluralObjectType = "INTEGRATIONS" + PluralObjectTypeNetworkPolicies PluralObjectType = "NETWORK POLICIES" + PluralObjectTypePasswordPolicies PluralObjectType = "PASSWORD POLICIES" + PluralObjectTypeSessionPolicies PluralObjectType = "SESSION POLICIES" + PluralObjectTypeReplicationGroups PluralObjectType = "REPLICATION GROUPS" + PluralObjectTypeFailoverGroups PluralObjectType = "FAILOVER GROUPS" + PluralObjectTypeConnections PluralObjectType = "CONNECTIONS" + PluralObjectTypeParameters PluralObjectType = "PARAMETERS" + PluralObjectTypeWarehouses PluralObjectType = "WAREHOUSES" + PluralObjectTypeResourceMonitors PluralObjectType = "RESOURCE MONITORS" + PluralObjectTypeDatabases PluralObjectType = "DATABASES" + PluralObjectTypeSchemas PluralObjectType = "SCHEMAS" + PluralObjectTypeShares PluralObjectType = "SHARES" + PluralObjectTypeTables PluralObjectType = "TABLES" + PluralObjectTypeDynamicTables PluralObjectType = "DYNAMIC TABLES" + PluralObjectTypeExternalTables PluralObjectType = "EXTERNAL TABLES" + PluralObjectTypeEventTables PluralObjectType = "EVENT TABLES" + PluralObjectTypeViews PluralObjectType = "VIEWS" + PluralObjectTypeMaterializedViews PluralObjectType = "MATERIALIZED VIEWS" + PluralObjectTypeSequences PluralObjectType = "SEQUENCES" + PluralObjectTypeFunctions PluralObjectType = "FUNCTIONS" + PluralObjectTypeExternalFunctions PluralObjectType = "EXTERNAL FUNCTIONS" + PluralObjectTypeProcedures PluralObjectType = "PROCEDURES" + PluralObjectTypeStreams PluralObjectType = "STREAMS" + PluralObjectTypeTasks PluralObjectType = "TASKS" + PluralObjectTypeMaskingPolicies PluralObjectType = "MASKING POLICIES" + PluralObjectTypeRowAccessPolicies PluralObjectType = "ROW ACCESS POLICIES" + PluralObjectTypeTags PluralObjectType = "TAGS" + PluralObjectTypeSecrets PluralObjectType = "SECRETS" + PluralObjectTypeStages PluralObjectType = "STAGES" + PluralObjectTypeFileFormats PluralObjectType = "FILE FORMATS" + PluralObjectTypePipes PluralObjectType = "PIPES" + PluralObjectTypeAlerts PluralObjectType = "ALERTS" + PluralObjectTypeApplications PluralObjectType = "APPLICATIONS" + PluralObjectTypeApplicationPackages PluralObjectType = "APPLICATION PACKAGES" + PluralObjectTypeApplicationRoles PluralObjectType = "APPLICATION ROLES" + PluralObjectTypeStreamlits PluralObjectType = "STREAMLITS" ) func (p PluralObjectType) String() string { From 1b0045eded63c5519f31128f8ab07412aad62c10 Mon Sep 17 00:00:00 2001 From: Scott Winkler Date: Tue, 25 Jul 2023 16:00:25 -0700 Subject: [PATCH 3/3] update docs --- docs/resources/grant_privileges_to_role.md | 6 +++--- pkg/resources/grant_privileges_to_role.go | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/resources/grant_privileges_to_role.md b/docs/resources/grant_privileges_to_role.md index 930c7a5265..c3c0d320b6 100644 --- a/docs/resources/grant_privileges_to_role.md +++ b/docs/resources/grant_privileges_to_role.md @@ -219,14 +219,14 @@ Optional: - `all` (Block List, Max: 1) Configures the privilege to be granted on all objects in eihter a database or schema. (see [below for nested schema](#nestedblock--on_schema_object--all)) - `future` (Block List, Max: 1) Configures the privilege to be granted on future objects in eihter a database or schema. (see [below for nested schema](#nestedblock--on_schema_object--future)) - `object_name` (String) The fully qualified name of the object on which privileges will be granted. -- `object_type` (String) The object type of the schema object on which privileges will be granted. Valid values are: USER | RESOURCE MONITOR | WAREHOUSE | DATABASE | INTEGRATION | FAILOVER GROUP | REPLICATION GROUP +- `object_type` (String) The object type of the schema object on which privileges will be granted. Valid values are: ALERT | EVENT TABLE | FILE FORMAT | FUNCTION | PROCEDURE | SECRET | SEQUENCE | PIPE | MASKING POLICY | PASSWORD POLICY | ROW ACCESS POLICY | SESSION POLICY | TAG | STAGE | STREAM | TABLE | EXTERNAL TABLE | TASK | VIEW | MATERIALIZED VIEW ### Nested Schema for `on_schema_object.all` Required: -- `object_type_plural` (String) The plural object type of the schema object on which privileges will be granted. Valid values are: USER | RESOURCE MONITOR | WAREHOUSE | DATABASE | INTEGRATION | FAILOVER GROUP | REPLICATION GROUP +- `object_type_plural` (String) The plural object type of the schema object on which privileges will be granted. Valid values are: ALERTS | EVENT TABLES | FILE FORMATS | FUNCTIONS | PROCEDURES | SECRETS | SEQUENCES | PIPES | MASKING POLICIES | PASSWORD POLICIES | ROW ACCESS POLICIES | SESSION POLICIES | TAGS | STAGES | STREAMS | TABLES | EXTERNAL TABLES | TASKS | VIEWS | MATERIALIZED VIEWS Optional: @@ -239,7 +239,7 @@ Optional: Required: -- `object_type_plural` (String) The plural object type of the schema object on which privileges will be granted. Valid values are: USER | RESOURCE MONITOR | WAREHOUSE | DATABASE | INTEGRATION | FAILOVER GROUP | REPLICATION GROUP +- `object_type_plural` (String) The plural object type of the schema object on which privileges will be granted. Valid values are: ALERTS | EVENT TABLES | FILE FORMATS | FUNCTIONS | PROCEDURES | SECRETS | SEQUENCES | PIPES | MASKING POLICIES | PASSWORD POLICIES | ROW ACCESS POLICIES | SESSION POLICIES | TAGS | STAGES | STREAMS | TABLES | EXTERNAL TABLES | TASKS | VIEWS | MATERIALIZED VIEWS Optional: diff --git a/pkg/resources/grant_privileges_to_role.go b/pkg/resources/grant_privileges_to_role.go index 04197db89a..b19e4c59b6 100644 --- a/pkg/resources/grant_privileges_to_role.go +++ b/pkg/resources/grant_privileges_to_role.go @@ -119,7 +119,7 @@ var grantPrivilegesToRoleSchema = map[string]*schema.Schema{ "object_type": { Type: schema.TypeString, Optional: true, - Description: "The object type of the schema object on which privileges will be granted. Valid values are: USER | RESOURCE MONITOR | WAREHOUSE | DATABASE | INTEGRATION | FAILOVER GROUP | REPLICATION GROUP", + Description: "The object type of the schema object on which privileges will be granted. Valid values are: ALERT | EVENT TABLE | FILE FORMAT | FUNCTION | PROCEDURE | SECRET | SEQUENCE | PIPE | MASKING POLICY | PASSWORD POLICY | ROW ACCESS POLICY | SESSION POLICY | TAG | STAGE | STREAM | TABLE | EXTERNAL TABLE | TASK | VIEW | MATERIALIZED VIEW", RequiredWith: []string{"on_schema_object.0.object_name"}, ConflictsWith: []string{"on_schema_object.0.all", "on_schema_object.0.future"}, ForceNew: true, @@ -165,7 +165,7 @@ var grantPrivilegesToRoleSchema = map[string]*schema.Schema{ "object_type_plural": { Type: schema.TypeString, Required: true, - Description: "The plural object type of the schema object on which privileges will be granted. Valid values are: USER | RESOURCE MONITOR | WAREHOUSE | DATABASE | INTEGRATION | FAILOVER GROUP | REPLICATION GROUP", + Description: "The plural object type of the schema object on which privileges will be granted. Valid values are: ALERTS | EVENT TABLES | FILE FORMATS | FUNCTIONS | PROCEDURES | SECRETS | SEQUENCES | PIPES | MASKING POLICIES | PASSWORD POLICIES | ROW ACCESS POLICIES | SESSION POLICIES | TAGS | STAGES | STREAMS | TABLES | EXTERNAL TABLES | TASKS | VIEWS | MATERIALIZED VIEWS", ForceNew: true, ValidateFunc: validation.StringInSlice([]string{ "ALERTS", @@ -218,7 +218,7 @@ var grantPrivilegesToRoleSchema = map[string]*schema.Schema{ "object_type_plural": { Type: schema.TypeString, Required: true, - Description: "The plural object type of the schema object on which privileges will be granted. Valid values are: USER | RESOURCE MONITOR | WAREHOUSE | DATABASE | INTEGRATION | FAILOVER GROUP | REPLICATION GROUP", + Description: "The plural object type of the schema object on which privileges will be granted. Valid values are: ALERTS | EVENT TABLES | FILE FORMATS | FUNCTIONS | PROCEDURES | SECRETS | SEQUENCES | PIPES | MASKING POLICIES | PASSWORD POLICIES | ROW ACCESS POLICIES | SESSION POLICIES | TAGS | STAGES | STREAMS | TABLES | EXTERNAL TABLES | TASKS | VIEWS | MATERIALIZED VIEWS", ForceNew: true, ValidateFunc: validation.StringInSlice([]string{ "ALERTS",