Snowflake-Labs · sfc-gh-jmichalak · Sep 18, 2024 · Sep 16, 2024 · Sep 16, 2024 · Sep 16, 2024
diff --git a/MIGRATION_GUIDE.md b/MIGRATION_GUIDE.md
@@ -6,6 +6,22 @@ across different versions.
 
 ## v0.95.0 ➞ v0.96.0
 
+### snowflake_masking_policies data source changes
+New filtering options:
+- `in`
+- `limit`
+- `with_describe`
+
+New output fields
+- `show_output`
+- `describe_output`
+
+Breaking changes:
+- `database` and `schema` are right now under `in` field
+- `masking_policies` field now organizes output of show under `show_output` field and the output of describe under `describe_output` field.
+
+Please adjust your Terraform configuration files.
+
 ### snowflake_masking_policy resource changes
 New fields:
   - `show_output` field that holds the response from SHOW MASKING POLICIES.
@@ -57,7 +73,6 @@ To easily handle three-value logic (true, false, unknown) in provider's configs,
 
 For more details about default values, please refer to the [changes before v1](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/v1-preparations/CHANGES_BEFORE_V1.md#default-values) document.
 
-
 ### *(breaking change)* resource_monitor resource
 Removed fields:
 - `set_for_account` (will be settable on account resource, right now, the preferred way is to set it through unsafe_execute resource)

diff --git a/docs/data-sources/masking_policies.md b/docs/data-sources/masking_policies.md
@@ -2,42 +2,179 @@
 page_title: "snowflake_masking_policies Data Source - terraform-provider-snowflake"
 subcategory: ""
 description: |-
-
+  Datasource used to get details of filtered masking policies. Filtering is aligned with the current possibilities for SHOW MASKING POLICIES https://docs.snowflake.com/en/sql-reference/sql/show-masking-policies query. The results of SHOW and DESCRIBE are encapsulated in one output collection masking_policies.
 ---
 
-# snowflake_masking_policies (Data Source)
+!> **V1 release candidate** This data source was reworked and is a release candidate for the V1. We do not expect significant changes in it before the V1. We will welcome any feedback and adjust the data source if needed. Any errors reported will be resolved with a higher priority. We encourage checking this data source out before the V1 release. Please follow the [migration guide](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md#v0950--v0960) to use it.
 
+# snowflake_masking_policies (Data Source)
 
+Datasource used to get details of filtered masking policies. Filtering is aligned with the current possibilities for [SHOW MASKING POLICIES](https://docs.snowflake.com/en/sql-reference/sql/show-masking-policies) query. The results of SHOW and DESCRIBE are encapsulated in one output collection `masking_policies`.
 
 ## Example Usage
 
 ```terraform
-data "snowflake_masking_policies" "current" {
-  database = "MYDB"
-  schema   = "MYSCHEMA"
+# Simple usage
+data "snowflake_masking_policies" "simple" {
+}
+
+output "simple_output" {
+  value = data.snowflake_masking_policies.simple.masking_policies
+}
+
+# Filtering (like)
+data "snowflake_masking_policies" "like" {
+  like = "masking-policy-name"
+}
+
+output "like_output" {
+  value = data.snowflake_masking_policies.like.masking_policies
+}
+
+# Filtering by prefix (like)
+data "snowflake_masking_policies" "like_prefix" {
+  like = "prefix%"
+}
+
+output "like_prefix_output" {
+  value = data.snowflake_masking_policies.like_prefix.masking_policies
+}
+
+# Filtering (limit)
+data "snowflake_masking_policies" "limit" {
+  limit {
+    rows = 10
+    from = "prefix-"
+  }
+}
+
+output "limit_output" {
+  value = data.snowflake_masking_policies.limit.masking_policies
+}
+
+# Filtering (in)
+data "snowflake_masking_policies" "in" {
+  in {
+    database = "database"
+  }
+}
+
+output "in_output" {
+  value = data.snowflake_masking_policies.in.masking_policies
+}
+
+# Without additional data (to limit the number of calls make for every found masking policy)
+data "snowflake_masking_policies" "only_show" {
+  # with_describe is turned on by default and it calls DESCRIBE MASKING POLICY for every masking policy found and attaches its output to masking_policies.*.describe_output field
+  with_describe = false
+}
+
+output "only_show_output" {
+  value = data.snowflake_masking_policies.only_show.masking_policies
+}
+
+# Ensure the number of masking policies is equal to at least one element (with the use of postcondition)
+data "snowflake_masking_policies" "assert_with_postcondition" {
+  like = "masking-policy-name%"
+  lifecycle {
+    postcondition {
+      condition     = length(self.masking_policies) > 0
+      error_message = "there should be at least one masking policy"
+    }
+  }
+}
+
+# Ensure the number of masking policies is equal to at exactly one element (with the use of check block)
+check "masking_policy_check" {
+  data "snowflake_masking_policies" "assert_with_check_block" {
+    like = "masking-policy-name"
+  }
+
+  assert {
+    condition     = length(data.snowflake_masking_policies.assert_with_check_block.masking_policies) == 1
+    error_message = "masking policies filtered by '${data.snowflake_masking_policies.assert_with_check_block.like}' returned ${length(data.snowflake_masking_policies.assert_with_check_block.masking_policies)} masking policies where one was expected"
+  }
 }
 ```
 
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
-### Required
+### Optional
 
-- `database` (String) The database from which to return the schemas from.
-- `schema` (String) The schema from which to return the maskingPolicies from.
+- `in` (Block List, Max: 1) IN clause to filter the list of masking policies (see [below for nested schema](#nestedblock--in))
+- `like` (String) Filters the output with **case-insensitive** pattern, with support for SQL wildcard characters (`%` and `_`).
+- `limit` (Block List, Max: 1) Limits the number of rows returned. If the `limit.from` is set, then the limit wll start from the first element matched by the expression. The expression is only used to match with the first element, later on the elements are not matched by the prefix, but you can enforce a certain pattern with `starts_with` or `like`. (see [below for nested schema](#nestedblock--limit))
+- `with_describe` (Boolean) Runs DESC MASKING POLICY for each masking policy returned by SHOW MASKING POLICIES. The output of describe is saved to the description field. By default this value is set to true.
 
 ### Read-Only
 
 - `id` (String) The ID of this resource.
-- `masking_policies` (List of Object) The maskingPolicies in the schema (see [below for nested schema](#nestedatt--masking_policies))
+- `masking_policies` (List of Object) Holds the aggregated output of all views details queries. (see [below for nested schema](#nestedatt--masking_policies))
+
+<a id="nestedblock--in"></a>
+### Nested Schema for `in`
+
+Optional:
+
+- `account` (Boolean) Returns records for the entire account.
+- `application` (String) Returns records for the specified application.
+- `application_package` (String) Returns records for the specified application package.
+- `database` (String) Returns records for the current database in use or for a specified database.
+- `schema` (String) Returns records for the current schema in use or a specified schema. Use fully qualified name.
+
+
+<a id="nestedblock--limit"></a>
+### Nested Schema for `limit`
+
+Required:
+
+- `rows` (Number) The maximum number of rows to return.
+
+Optional:
+
+- `from` (String) Specifies a **case-sensitive** pattern that is used to match object name. After the first match, the limit on the number of rows will be applied.
+
 
 <a id="nestedatt--masking_policies"></a>
 ### Nested Schema for `masking_policies`
 
 Read-Only:
 
+- `describe_output` (List of Object) (see [below for nested schema](#nestedobjatt--masking_policies--describe_output))
+- `show_output` (List of Object) (see [below for nested schema](#nestedobjatt--masking_policies--show_output))
+
+<a id="nestedobjatt--masking_policies--describe_output"></a>
+### Nested Schema for `masking_policies.describe_output`
+
+Read-Only:
+
+- `body` (String)
+- `name` (String)
+- `return_type` (String)
+- `signature` (List of Object) (see [below for nested schema](#nestedobjatt--masking_policies--describe_output--signature))
+
+<a id="nestedobjatt--masking_policies--describe_output--signature"></a>
+### Nested Schema for `masking_policies.describe_output.signature`
+
+Read-Only:
+
+- `name` (String)
+- `type` (String)
+
+
+
+<a id="nestedobjatt--masking_policies--show_output"></a>
+### Nested Schema for `masking_policies.show_output`
+
+Read-Only:
+
 - `comment` (String)
-- `database` (String)
+- `created_on` (String)
+- `database_name` (String)
+- `exempt_other_policies` (Boolean)
 - `kind` (String)
 - `name` (String)
-- `schema` (String)
+- `owner` (String)
+- `owner_role_type` (String)
+- `schema_name` (String)
diff --git a/docs/data-sources/views.md b/docs/data-sources/views.md
@@ -5,6 +5,8 @@ description: |-
   Datasource used to get details of filtered views. Filtering is aligned with the current possibilities for SHOW VIEWS https://docs.snowflake.com/en/sql-reference/sql/show-views query (only like is supported). The results of SHOW and DESCRIBE are encapsulated in one output collection views.
 ---
 
+!> **V1 release candidate** This data source was reworked and is a release candidate for the V1. We do not expect significant changes in it before the V1. We will welcome any feedback and adjust the data source if needed. Any errors reported will be resolved with a higher priority. We encourage checking this data source out before the V1 release. Please follow the [migration guide](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md#v094x--v0950) to use it.
+
 # snowflake_views (Data Source)
 
 Datasource used to get details of filtered views. Filtering is aligned with the current possibilities for [SHOW VIEWS](https://docs.snowflake.com/en/sql-reference/sql/show-views) query (only `like` is supported). The results of SHOW and DESCRIBE are encapsulated in one output collection `views`.

diff --git a/examples/data-sources/snowflake_masking_policies/data-source.tf b/examples/data-sources/snowflake_masking_policies/data-source.tf
@@ -1,4 +1,81 @@
-data "snowflake_masking_policies" "current" {
-  database = "MYDB"
-  schema   = "MYSCHEMA"
-}
+# Simple usage
+data "snowflake_masking_policies" "simple" {
+}
+
+output "simple_output" {
+  value = data.snowflake_masking_policies.simple.masking_policies
+}
+
+# Filtering (like)
+data "snowflake_masking_policies" "like" {
+  like = "masking-policy-name"
+}
+
+output "like_output" {
+  value = data.snowflake_masking_policies.like.masking_policies
+}
+
+# Filtering by prefix (like)
+data "snowflake_masking_policies" "like_prefix" {
+  like = "prefix%"
+}
+
+output "like_prefix_output" {
+  value = data.snowflake_masking_policies.like_prefix.masking_policies
+}
+
+# Filtering (limit)
+data "snowflake_masking_policies" "limit" {
+  limit {
+    rows = 10
+    from = "prefix-"
+  }
+}
+
+output "limit_output" {
+  value = data.snowflake_masking_policies.limit.masking_policies
+}
+
+# Filtering (in)
+data "snowflake_masking_policies" "in" {
+  in {
+    database = "database"
+  }
+}
+
+output "in_output" {
+  value = data.snowflake_masking_policies.in.masking_policies
+}
+
+# Without additional data (to limit the number of calls make for every found masking policy)
+data "snowflake_masking_policies" "only_show" {
+  # with_describe is turned on by default and it calls DESCRIBE MASKING POLICY for every masking policy found and attaches its output to masking_policies.*.describe_output field
+  with_describe = false
+}
+
+output "only_show_output" {
+  value = data.snowflake_masking_policies.only_show.masking_policies
+}
+
+# Ensure the number of masking policies is equal to at least one element (with the use of postcondition)
+data "snowflake_masking_policies" "assert_with_postcondition" {
+  like = "masking-policy-name%"
+  lifecycle {
+    postcondition {
+      condition     = length(self.masking_policies) > 0
+      error_message = "there should be at least one masking policy"
+    }
+  }
+}
+
+# Ensure the number of masking policies is equal to at exactly one element (with the use of check block)
+check "masking_policy_check" {
+  data "snowflake_masking_policies" "assert_with_check_block" {
+    like = "masking-policy-name"
+  }
+
+  assert {
+    condition     = length(data.snowflake_masking_policies.assert_with_check_block.masking_policies) == 1
+    error_message = "masking policies filtered by '${data.snowflake_masking_policies.assert_with_check_block.like}' returned ${length(data.snowflake_masking_policies.assert_with_check_block.masking_policies)} masking policies where one was expected"
+  }
+}
diff --git a/...ceptance/bettertestspoc/assert/resourceshowoutputassert/masking_policy_show_output_ext.go b/...ceptance/bettertestspoc/assert/resourceshowoutputassert/masking_policy_show_output_ext.go
@@ -1,10 +1,23 @@
 package resourceshowoutputassert
 
 import (
+	"testing"
+
 	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance/bettertestspoc/assert"
 )
 
 func (p *MaskingPolicyShowOutputAssert) HasCreatedOnNotEmpty() *MaskingPolicyShowOutputAssert {
 	p.AddAssertion(assert.ResourceShowOutputValuePresent("created_on"))
 	return p
 }
+
+// MaskingPoliciesDatasourceShowOutput is a temporary workaround to have better show output assertions in data source acceptance tests.
+func MaskingPoliciesDatasourceShowOutput(t *testing.T, name string) *MaskingPolicyShowOutputAssert {
+	t.Helper()
+
+	m := MaskingPolicyShowOutputAssert{
+		ResourceAssert: assert.NewDatasourceAssert("data."+name, "show_output", "masking_policies.0."),
+	}
+	m.AddAssertion(assert.ValueSet("show_output.#", "1"))
+	return &m
+}