From 4e9f2264e265e13df0b11c73bedeafd08f512a00 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Cie=C5=9Blak?= <jan.cieslak@snowflake.com>
Date: Thu, 25 Jan 2024 15:37:50 +0100
Subject: [PATCH 1/2] wip

---
 pkg/resources/grant_privileges_to_role.go           |  2 +-
 .../grant_privileges_to_role_acceptance_test.go     | 13 ++++++++-----
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/pkg/resources/grant_privileges_to_role.go b/pkg/resources/grant_privileges_to_role.go
index 0d5a768519..2faf7c3f3c 100644
--- a/pkg/resources/grant_privileges_to_role.go
+++ b/pkg/resources/grant_privileges_to_role.go
@@ -844,7 +844,7 @@ func readRoleGrantPrivileges(ctx context.Context, client *sdk.Client, grantedOn
 		if !slices.Contains(id.Privileges, grant.Privilege) {
 			continue
 		}
-		if grant.GrantOption == withGrantOption && grant.GranteeName.Name() == roleName {
+		if grant.GrantOption == withGrantOption && grant.GranteeName.Name() == sdk.NewAccountObjectIdentifier(roleName).Name() {
 			// future grants do not have grantedBy, only current grants do. If grantedby
 			// is an empty string it means the grant could not have been created by terraform
 			if !id.Future && grant.GrantedBy.Name() == "" {
diff --git a/pkg/resources/grant_privileges_to_role_acceptance_test.go b/pkg/resources/grant_privileges_to_role_acceptance_test.go
index 6d6b28221c..a94b64a7f3 100644
--- a/pkg/resources/grant_privileges_to_role_acceptance_test.go
+++ b/pkg/resources/grant_privileges_to_role_acceptance_test.go
@@ -59,6 +59,9 @@ func TestAcc_GrantPrivilegesToRole_onAccount(t *testing.T) {
 // contains escaped identifier, it won't match in the comparison grant.GranteeName == role_name. This results in
 // setting privileges to an empty array, which causes infinite plan.
 func TestAcc_GrantPrivilegesToRole_OnSchema_InfinitePlan(t *testing.T) {
+	name := strings.ToUpper(acctest.RandStringFromCharSet(10, acctest.CharSetAlpha))
+	databaseName := strings.ToUpper(acctest.RandStringFromCharSet(10, acctest.CharSetAlpha))
+
 	resource.Test(t, resource.TestCase{
 		ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories,
 		PreCheck:                 func() { acc.TestAccPreCheck(t) },
@@ -67,25 +70,25 @@ func TestAcc_GrantPrivilegesToRole_OnSchema_InfinitePlan(t *testing.T) {
 		},
 		Steps: []resource.TestStep{
 			{
-				Config: `
+				Config: fmt.Sprintf(`
 				 resource "snowflake_role" "r" {
-					  name = "some.role-123"
+					  name = "%s"
 				 }
 
 				 resource "snowflake_database" "db" {
-					  name = "infinite_plan_grants_db"
+					  name = "%s"
 				 }
 
 				 resource "snowflake_grant_privileges_to_role" "g" {
 					  depends_on = [snowflake_role.r, snowflake_database.db]
 					  privileges = ["CREATE SCHEMA"]
-					  role_name  = "\"some.role-123\""
+					  role_name  = "\"${snowflake_role.r.name}\""
 					  on_account_object {
 						object_type = "DATABASE"
 						object_name = snowflake_database.db.name
 					  }
 				   }
-				 `,
+				 `, name, databaseName),
 				ConfigPlanChecks: resource.ConfigPlanChecks{
 					PostApplyPostRefresh: []plancheck.PlanCheck{
 						plancheck.ExpectEmptyPlan(),

From d1f3c67bf4cc230fcc166c7ad0bc2f8f2710e8b4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Cie=C5=9Blak?= <jan.cieslak@snowflake.com>
Date: Thu, 25 Jan 2024 15:44:23 +0100
Subject: [PATCH 2/2] add dot and hyphen to the role name

---
 pkg/resources/grant_privileges_to_role_acceptance_test.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/pkg/resources/grant_privileges_to_role_acceptance_test.go b/pkg/resources/grant_privileges_to_role_acceptance_test.go
index a94b64a7f3..6dc43b2ca5 100644
--- a/pkg/resources/grant_privileges_to_role_acceptance_test.go
+++ b/pkg/resources/grant_privileges_to_role_acceptance_test.go
@@ -59,7 +59,9 @@ func TestAcc_GrantPrivilegesToRole_onAccount(t *testing.T) {
 // contains escaped identifier, it won't match in the comparison grant.GranteeName == role_name. This results in
 // setting privileges to an empty array, which causes infinite plan.
 func TestAcc_GrantPrivilegesToRole_OnSchema_InfinitePlan(t *testing.T) {
-	name := strings.ToUpper(acctest.RandStringFromCharSet(10, acctest.CharSetAlpha))
+	name := []byte(strings.ToUpper(acctest.RandStringFromCharSet(10, acctest.CharSetAlpha)))
+	name[3] = '.'
+	name[7] = '-'
 	databaseName := strings.ToUpper(acctest.RandStringFromCharSet(10, acctest.CharSetAlpha))
 
 	resource.Test(t, resource.TestCase{
@@ -88,7 +90,7 @@ func TestAcc_GrantPrivilegesToRole_OnSchema_InfinitePlan(t *testing.T) {
 						object_name = snowflake_database.db.name
 					  }
 				   }
-				 `, name, databaseName),
+				 `, string(name), databaseName),
 				ConfigPlanChecks: resource.ConfigPlanChecks{
 					PostApplyPostRefresh: []plancheck.PlanCheck{
 						plancheck.ExpectEmptyPlan(),