Add missing parameters

Snowflake-Labs · Dec 11, 2023 · 7ef5aa2 · 7ef5aa2
1 parent 962b1b6
commit 7ef5aa2
Show file tree

Hide file tree

Showing 7 changed files with 82 additions and 2 deletions.
diff --git a/pkg/resources/grant_privileges_to_role.go b/pkg/resources/grant_privileges_to_role.go
@@ -65,6 +65,7 @@ var grantPrivilegesToRoleSchema = map[string]*schema.Schema{
 						"INTEGRATION",
 						"FAILOVER GROUP",
 						"REPLICATION GROUP",
+						"EXTERNAL VOLUME",
 					}, true),
 				},
 				"object_name": {
@@ -191,6 +192,7 @@ var grantPrivilegesToRoleSchema = map[string]*schema.Schema{
 									"TASKS",
 									"VIEWS",
 									"MATERIALIZED VIEWS",
+									"ICEBERG TABLES",
 								}, true),
 							},
 							"in_database": {
@@ -245,6 +247,7 @@ var grantPrivilegesToRoleSchema = map[string]*schema.Schema{
 									"TASKS",
 									"VIEWS",
 									"MATERIALIZED VIEWS",
+									"ICEBERG TABLES",
 								}, true),
 							},
 							"in_database": {
@@ -730,6 +733,8 @@ func configureAccountRoleGrantPrivilegeOptions(d *schema.ResourceData, privilege
 			on.AccountObject.User = &objectID
 		case sdk.ObjectTypeWarehouse:
 			on.AccountObject.Warehouse = &objectID
+		case sdk.ObjectTypeExternalVolume:
+			on.AccountObject.ExternalVolume = &objectID
 		default:
 			return nil, nil, fmt.Errorf("invalid object type %s", objectType)
 		}

diff --git a/pkg/resources/grant_privileges_to_role_acceptance_test.go b/pkg/resources/grant_privileges_to_role_acceptance_test.go
@@ -2,6 +2,8 @@ package resources_test
 
 import (
 	"fmt"
+	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk"
+	"github.com/hashicorp/terraform-plugin-testing/tfversion"
 	"strings"
 	"testing"
 
@@ -861,3 +863,38 @@ func TestAcc_GrantPrivilegesToRole_onSchemaObject_futureInDatabase_externalTable
 		},
 	})
 }
+
+func TestAcc_GrantPrivilegesToRole_onSchemaObject_futureIcebergTables(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories,
+		PreCheck:                 func() { acc.TestAccPreCheck(t) },
+		TerraformVersionChecks: []tfversion.TerraformVersionCheck{
+			tfversion.RequireAbove(tfversion.Version1_5_0),
+		},
+		Steps: []resource.TestStep{
+			{
+				Config: fmt.Sprintf(`
+resource "snowflake_role" "role" {
+  name = "TEST_ROLE_123"
+}
+
+resource "snowflake_grant_privileges_to_role" "grant" {
+  role_name  = snowflake_role.role.name
+  privileges = ["SELECT"]
+  on_schema_object {
+    future {
+      object_type_plural = "ICEBERG TABLES"
+      in_schema          = "\"%s\".\"%s\""
+    }
+  }
+}
+`, acc.TestDatabaseName, acc.TestSchemaName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("snowflake_grant_privileges_to_role.grant", "on_schema_object.#", "1"),
+					resource.TestCheckResourceAttr("snowflake_grant_privileges_to_role.grant", "on_schema_object.0.future.#", "1"),
+					resource.TestCheckResourceAttr("snowflake_grant_privileges_to_role.grant", "on_schema_object.0.future.0.object_type_plural", string(sdk.PluralObjectTypeIcebergTables)),
+				),
+			},
+		},
+	})
+}
diff --git a/pkg/sdk/grants.go b/pkg/sdk/grants.go
@@ -52,6 +52,7 @@ type GrantOnAccountObject struct {
 	Integration      *AccountObjectIdentifier `ddl:"identifier" sql:"INTEGRATION"`
 	FailoverGroup    *AccountObjectIdentifier `ddl:"identifier" sql:"FAILOVER GROUP"`
 	ReplicationGroup *AccountObjectIdentifier `ddl:"identifier" sql:"REPLICATION GROUP"`
+	ExternalVolume   *AccountObjectIdentifier `ddl:"identifier" sql:"EXTERNAL VOLUME"`
 }
 
 type GrantOnSchema struct {

diff --git a/pkg/sdk/grants_test.go b/pkg/sdk/grants_test.go
@@ -35,6 +35,22 @@ func TestGrantPrivilegesToAccountRole(t *testing.T) {
 		}
 		assertOptsValidAndSQLEquals(t, opts, `GRANT ALL PRIVILEGES ON DATABASE "db1" TO ROLE "role1"`)
 	})
+
+	t.Run("on account object - external volume", func(t *testing.T) {
+		opts := &GrantPrivilegesToAccountRoleOptions{
+			privileges: &AccountRoleGrantPrivileges{
+				AllPrivileges: Bool(true),
+			},
+			on: &AccountRoleGrantOn{
+				AccountObject: &GrantOnAccountObject{
+					ExternalVolume: Pointer(NewAccountObjectIdentifier("ex volume")),
+				},
+			},
+			accountRole: NewAccountObjectIdentifier("role1"),
+		}
+		assertOptsValidAndSQLEquals(t, opts, `GRANT ALL PRIVILEGES ON EXTERNAL VOLUME "ex volume" TO ROLE "role1"`)
+	})
+
 	t.Run("on schema", func(t *testing.T) {
 		opts := &GrantPrivilegesToAccountRoleOptions{
 			privileges: &AccountRoleGrantPrivileges{

diff --git a/pkg/sdk/grants_validations.go b/pkg/sdk/grants_validations.go
@@ -72,8 +72,8 @@ func (v *AccountRoleGrantOn) validate() error {
 }
 
 func (v *GrantOnAccountObject) validate() error {
-	if !exactlyOneValueSet(v.User, v.ResourceMonitor, v.Warehouse, v.Database, v.Integration, v.FailoverGroup, v.ReplicationGroup) {
-		return errExactlyOneOf("GrantOnAccountObject", "User", "ResourceMonitor", "Warehouse", "Database", "Integration", "FailoverGroup", "ReplicationGroup")
+	if !exactlyOneValueSet(v.User, v.ResourceMonitor, v.Warehouse, v.Database, v.Integration, v.FailoverGroup, v.ReplicationGroup, v.ExternalVolume) {
+		return errExactlyOneOf("GrantOnAccountObject", "User", "ResourceMonitor", "Warehouse", "Database", "Integration", "FailoverGroup", "ReplicationGroup", "ExternalVolume")
 	}
 	return nil
 }

diff --git a/pkg/sdk/object_types.go b/pkg/sdk/object_types.go
@@ -59,6 +59,8 @@ const (
 	ObjectTypeApplicationRole    ObjectType = "APPLICATION ROLE"
 	ObjectTypeStreamlit          ObjectType = "STREAMLIT"
 	ObjectTypeColumn             ObjectType = "COLUMN"
+	ObjectTypeIcebergTable       ObjectType = "ICEBERG TABLE"
+	ObjectTypeExternalVolume     ObjectType = "EXTERNAL VOLUME"
 )
 
 func (o ObjectType) String() string {
@@ -109,6 +111,8 @@ func objectTypeSingularToPluralMap() map[ObjectType]PluralObjectType {
 		ObjectTypeApplicationPackage: PluralObjectTypeApplicationPackages,
 		ObjectTypeApplicationRole:    PluralObjectTypeApplicationRoles,
 		ObjectTypeStreamlit:          PluralObjectTypeStreamlits,
+		ObjectTypeIcebergTable:       PluralObjectTypeIcebergTables,
+		ObjectTypeExternalVolume:     PluralObjectTypeExternalVolumes,
 	}
 }
 
@@ -199,6 +203,8 @@ const (
 	PluralObjectTypeApplicationPackages PluralObjectType = "APPLICATION PACKAGES"
 	PluralObjectTypeApplicationRoles    PluralObjectType = "APPLICATION ROLES"
 	PluralObjectTypeStreamlits          PluralObjectType = "STREAMLITS"
+	PluralObjectTypeIcebergTables       PluralObjectType = "ICEBERG TABLES"
+	PluralObjectTypeExternalVolumes     PluralObjectType = "EXTERNAL VOLUMES"
 )
 
 func (p PluralObjectType) String() string {

diff --git a/pkg/sdk/privileges.go b/pkg/sdk/privileges.go
@@ -13,6 +13,7 @@ const (
 	GlobalPrivilegeCreateFailoverGroup       GlobalPrivilege = "CREATE FAILOVER GROUP"
 	GlobalPrivilegeCreateIntegration         GlobalPrivilege = "CREATE INTEGRATION"
 	GlobalPrivilegeCreateNetworkPolicy       GlobalPrivilege = "CREATE NETWORK POLICY"
+	GlobalPrivilegeCreateExternalVolume      GlobalPrivilege = "CREATE EXTERNAL VOLUME"
 	GlobalPrivilegeCreateReplicationGroup    GlobalPrivilege = "CREATE REPLICATION GROUP"
 	GlobalPrivilegeCreateRole                GlobalPrivilege = "CREATE ROLE"
 	GlobalPrivilegeCreateShare               GlobalPrivilege = "CREATE SHARE"
@@ -71,6 +72,9 @@ const (
 	AccountObjectPrivilegeMonitor            AccountObjectPrivilege = "MONITOR"
 	AccountObjectPrivilegeUsage              AccountObjectPrivilege = "USAGE"
 
+	// -- For EXTERNAL VOLUME
+	// AccountObjectPrivilegeUsage              AccountObjectPrivilege = "USAGE" (duplicate)
+
 	// -- For FAILOVER GROUP
 	// { FAILOVER | MODIFY | MONITOR | REPLICATE } [ , ... ]
 	AccountObjectPrivilegeFailover AccountObjectPrivilege = "FAILOVER"
@@ -126,11 +130,13 @@ const (
 		[ , ... ]
 	*/
 	SchemaPrivilegeAddSearchOptimization  SchemaPrivilege = "ADD SEARCH OPTIMIZATION"
+	SchemaPrivilegeApplyBudget            SchemaPrivilege = "APPLYBUDGET"
 	SchemaPrivilegeCreateAlert            SchemaPrivilege = "CREATE ALERT"
 	SchemaPrivilegeCreateDynamicTable     SchemaPrivilege = "CREATE DYNAMIC TABLE"
 	SchemaPrivilegeCreateExternalTable    SchemaPrivilege = "CREATE EXTERNAL TABLE"
 	SchemaPrivilegeCreateFileFormat       SchemaPrivilege = "CREATE FILE FORMAT"
 	SchemaPrivilegeCreateFunction         SchemaPrivilege = "CREATE FUNCTION"
+	SchemaPrivilegeCreateIcebergTable     SchemaPrivilege = "CREATE ICEBERG TABLE"
 	SchemaPrivilegeCreateMaterializedView SchemaPrivilege = "CREATE MATERIALIZED VIEW"
 	SchemaPrivilegeCreatePipe             SchemaPrivilege = "CREATE PIPE"
 	SchemaPrivilegeCreateProcedure        SchemaPrivilege = "CREATE PROCEDURE"
@@ -178,6 +184,15 @@ const (
 	// USAGE [ , ... ]
 	SchemaObjectPrivilegeUsage SchemaObjectPrivilege = "USAGE"
 
+	// -- For ICEBERG TABLE
+	SchemaObjectPrivilegeApplyBudget SchemaObjectPrivilege = "APPLYBUDGET"
+	//SchemaObjectPrivilegeDelete      SchemaObjectPrivilege = "DELETE" (duplicate)
+	//SchemaObjectPrivilegeInsert      SchemaObjectPrivilege = "INSERT" (duplicate)
+	//SchemaObjectPrivilegeReferences  SchemaObjectPrivilege = "REFERENCES" (duplicate)
+	//SchemaObjectPrivilegeSelect      SchemaObjectPrivilege = "SELECT" (duplicate)
+	//SchemaObjectPrivilegeTruncate      SchemaObjectPrivilege = "Truncate" (duplicate)
+	//SchemaObjectPrivilegeUpdate      SchemaObjectPrivilege = "Update" (duplicate)
+
 	// -- For PIPE
 	// { MONITOR | OPERATE } [ , ... ]
 	SchemaObjectPrivilegeMonitor SchemaObjectPrivilege = "MONITOR"