Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: create a workaround for granting privileges on all pipes #2477

Merged
merged 3 commits into from
Feb 14, 2024
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
lint + doc fix
sfc-gh-jcieslak committed Feb 12, 2024
commit 42be4e47ab6d7ffd27e55b33a89d9e3bf7d5f27f
1 change: 0 additions & 1 deletion pkg/resources/grant_privileges_to_role_acceptance_test.go
Original file line number Diff line number Diff line change
@@ -3,7 +3,6 @@ package resources_test
import (
"errors"
"fmt"
"github.com/hashicorp/terraform-plugin-testing/config"
"regexp"
"strings"
"testing"
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
resource "snowflake_grant_privileges_to_database_role" "test" {
database_role_name = "\"${var.database}\".\"${var.name}\""
privileges = var.privileges
with_grant_option = var.with_grant_option
privileges = var.privileges
with_grant_option = var.with_grant_option

on_schema_object {
all {
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
resource "snowflake_grant_privileges_to_role" "test" {
role_name = var.name
role_name = var.name
privileges = var.privileges
with_grant_option = var.with_grant_option

16 changes: 12 additions & 4 deletions pkg/sdk/grants_impl.go
Original file line number Diff line number Diff line change
@@ -23,7 +23,9 @@ func (v *grants) GrantPrivilegesToAccountRole(ctx context.Context, privileges *A
opts.accountRole = role
logging.DebugLogger.Printf("[DEBUG] Grant privileges to account role: opts %+v", opts)

// TODO: Describe why it's here
// Snowflake doesn't allow bulk operations on Pipes. Because of that, when SDK user
// issues "grant x on all pipes" operation, we'll go and grant specified privileges
// to every Pipe one by one.
if on != nil &&
on.SchemaObject != nil &&
on.SchemaObject.All != nil &&
@@ -64,7 +66,9 @@ func (v *grants) RevokePrivilegesFromAccountRole(ctx context.Context, privileges
opts.accountRole = role
logging.DebugLogger.Printf("[DEBUG] Revoke privileges from account role: opts %+v", opts)

// TODO: Describe why it's here
// Snowflake doesn't allow bulk operations on Pipes. Because of that, when SDK user
// issues "revoke x on all pipes" operation, we'll go and revoke specified privileges
// from every Pipe one by one.
if on != nil &&
on.SchemaObject != nil &&
on.SchemaObject.All != nil &&
@@ -103,7 +107,9 @@ func (v *grants) GrantPrivilegesToDatabaseRole(ctx context.Context, privileges *
opts.on = on
opts.databaseRole = role

// TODO: Describe why it's here
// Snowflake doesn't allow bulk operations on Pipes. Because of that, when SDK user
// issues "grant x on all pipes" operation, we'll go and grant specified privileges
// to every Pipe one by one.
if on != nil &&
on.SchemaObject != nil &&
on.SchemaObject.All != nil &&
@@ -142,7 +148,9 @@ func (v *grants) RevokePrivilegesFromDatabaseRole(ctx context.Context, privilege
opts.on = on
opts.databaseRole = role

// TODO: Describe why it's here
// Snowflake doesn't allow bulk operations on Pipes. Because of that, when SDK user
// issues "revoke x on all pipes" operation, we'll go and revoke specified privileges
// from every Pipe one by one.
if on != nil &&
on.SchemaObject != nil &&
on.SchemaObject.All != nil &&
3 changes: 2 additions & 1 deletion pkg/sdk/testint/grants_integration_test.go
Original file line number Diff line number Diff line change
@@ -1,12 +1,13 @@
package testint

import (
"testing"

"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk"
"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk/internal/collections"
"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk/internal/random"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"testing"
)

func TestInt_GrantAndRevokePrivilegesToAccountRole(t *testing.T) {