From 7ef5aa2a5405d518cc672c1bb220afc9b096850a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Cie=C5=9Blak?= Date: Mon, 11 Dec 2023 13:11:43 +0100 Subject: [PATCH] Add missing parameters --- pkg/resources/grant_privileges_to_role.go | 5 +++ ...rant_privileges_to_role_acceptance_test.go | 37 +++++++++++++++++++ pkg/sdk/grants.go | 1 + pkg/sdk/grants_test.go | 16 ++++++++ pkg/sdk/grants_validations.go | 4 +- pkg/sdk/object_types.go | 6 +++ pkg/sdk/privileges.go | 15 ++++++++ 7 files changed, 82 insertions(+), 2 deletions(-) diff --git a/pkg/resources/grant_privileges_to_role.go b/pkg/resources/grant_privileges_to_role.go index e8a08d4d1c..b1102ba6c4 100644 --- a/pkg/resources/grant_privileges_to_role.go +++ b/pkg/resources/grant_privileges_to_role.go @@ -65,6 +65,7 @@ var grantPrivilegesToRoleSchema = map[string]*schema.Schema{ "INTEGRATION", "FAILOVER GROUP", "REPLICATION GROUP", + "EXTERNAL VOLUME", }, true), }, "object_name": { @@ -191,6 +192,7 @@ var grantPrivilegesToRoleSchema = map[string]*schema.Schema{ "TASKS", "VIEWS", "MATERIALIZED VIEWS", + "ICEBERG TABLES", }, true), }, "in_database": { @@ -245,6 +247,7 @@ var grantPrivilegesToRoleSchema = map[string]*schema.Schema{ "TASKS", "VIEWS", "MATERIALIZED VIEWS", + "ICEBERG TABLES", }, true), }, "in_database": { @@ -730,6 +733,8 @@ func configureAccountRoleGrantPrivilegeOptions(d *schema.ResourceData, privilege on.AccountObject.User = &objectID case sdk.ObjectTypeWarehouse: on.AccountObject.Warehouse = &objectID + case sdk.ObjectTypeExternalVolume: + on.AccountObject.ExternalVolume = &objectID default: return nil, nil, fmt.Errorf("invalid object type %s", objectType) } diff --git a/pkg/resources/grant_privileges_to_role_acceptance_test.go b/pkg/resources/grant_privileges_to_role_acceptance_test.go index 52e5cd0512..b9e02d4ecc 100644 --- a/pkg/resources/grant_privileges_to_role_acceptance_test.go +++ b/pkg/resources/grant_privileges_to_role_acceptance_test.go @@ -2,6 +2,8 @@ package resources_test import ( "fmt" + "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk" + "github.com/hashicorp/terraform-plugin-testing/tfversion" "strings" "testing" @@ -861,3 +863,38 @@ func TestAcc_GrantPrivilegesToRole_onSchemaObject_futureInDatabase_externalTable }, }) } + +func TestAcc_GrantPrivilegesToRole_onSchemaObject_futureIcebergTables(t *testing.T) { + resource.Test(t, resource.TestCase{ + ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories, + PreCheck: func() { acc.TestAccPreCheck(t) }, + TerraformVersionChecks: []tfversion.TerraformVersionCheck{ + tfversion.RequireAbove(tfversion.Version1_5_0), + }, + Steps: []resource.TestStep{ + { + Config: fmt.Sprintf(` +resource "snowflake_role" "role" { + name = "TEST_ROLE_123" +} + +resource "snowflake_grant_privileges_to_role" "grant" { + role_name = snowflake_role.role.name + privileges = ["SELECT"] + on_schema_object { + future { + object_type_plural = "ICEBERG TABLES" + in_schema = "\"%s\".\"%s\"" + } + } +} +`, acc.TestDatabaseName, acc.TestSchemaName), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("snowflake_grant_privileges_to_role.grant", "on_schema_object.#", "1"), + resource.TestCheckResourceAttr("snowflake_grant_privileges_to_role.grant", "on_schema_object.0.future.#", "1"), + resource.TestCheckResourceAttr("snowflake_grant_privileges_to_role.grant", "on_schema_object.0.future.0.object_type_plural", string(sdk.PluralObjectTypeIcebergTables)), + ), + }, + }, + }) +} diff --git a/pkg/sdk/grants.go b/pkg/sdk/grants.go index b9af33ecfa..f4dc79fcb4 100644 --- a/pkg/sdk/grants.go +++ b/pkg/sdk/grants.go @@ -52,6 +52,7 @@ type GrantOnAccountObject struct { Integration *AccountObjectIdentifier `ddl:"identifier" sql:"INTEGRATION"` FailoverGroup *AccountObjectIdentifier `ddl:"identifier" sql:"FAILOVER GROUP"` ReplicationGroup *AccountObjectIdentifier `ddl:"identifier" sql:"REPLICATION GROUP"` + ExternalVolume *AccountObjectIdentifier `ddl:"identifier" sql:"EXTERNAL VOLUME"` } type GrantOnSchema struct { diff --git a/pkg/sdk/grants_test.go b/pkg/sdk/grants_test.go index 3c8b0825a9..927c954bcd 100644 --- a/pkg/sdk/grants_test.go +++ b/pkg/sdk/grants_test.go @@ -35,6 +35,22 @@ func TestGrantPrivilegesToAccountRole(t *testing.T) { } assertOptsValidAndSQLEquals(t, opts, `GRANT ALL PRIVILEGES ON DATABASE "db1" TO ROLE "role1"`) }) + + t.Run("on account object - external volume", func(t *testing.T) { + opts := &GrantPrivilegesToAccountRoleOptions{ + privileges: &AccountRoleGrantPrivileges{ + AllPrivileges: Bool(true), + }, + on: &AccountRoleGrantOn{ + AccountObject: &GrantOnAccountObject{ + ExternalVolume: Pointer(NewAccountObjectIdentifier("ex volume")), + }, + }, + accountRole: NewAccountObjectIdentifier("role1"), + } + assertOptsValidAndSQLEquals(t, opts, `GRANT ALL PRIVILEGES ON EXTERNAL VOLUME "ex volume" TO ROLE "role1"`) + }) + t.Run("on schema", func(t *testing.T) { opts := &GrantPrivilegesToAccountRoleOptions{ privileges: &AccountRoleGrantPrivileges{ diff --git a/pkg/sdk/grants_validations.go b/pkg/sdk/grants_validations.go index a66029ac63..694dbbad91 100644 --- a/pkg/sdk/grants_validations.go +++ b/pkg/sdk/grants_validations.go @@ -72,8 +72,8 @@ func (v *AccountRoleGrantOn) validate() error { } func (v *GrantOnAccountObject) validate() error { - if !exactlyOneValueSet(v.User, v.ResourceMonitor, v.Warehouse, v.Database, v.Integration, v.FailoverGroup, v.ReplicationGroup) { - return errExactlyOneOf("GrantOnAccountObject", "User", "ResourceMonitor", "Warehouse", "Database", "Integration", "FailoverGroup", "ReplicationGroup") + if !exactlyOneValueSet(v.User, v.ResourceMonitor, v.Warehouse, v.Database, v.Integration, v.FailoverGroup, v.ReplicationGroup, v.ExternalVolume) { + return errExactlyOneOf("GrantOnAccountObject", "User", "ResourceMonitor", "Warehouse", "Database", "Integration", "FailoverGroup", "ReplicationGroup", "ExternalVolume") } return nil } diff --git a/pkg/sdk/object_types.go b/pkg/sdk/object_types.go index 44363d0afb..b59ea64da5 100644 --- a/pkg/sdk/object_types.go +++ b/pkg/sdk/object_types.go @@ -59,6 +59,8 @@ const ( ObjectTypeApplicationRole ObjectType = "APPLICATION ROLE" ObjectTypeStreamlit ObjectType = "STREAMLIT" ObjectTypeColumn ObjectType = "COLUMN" + ObjectTypeIcebergTable ObjectType = "ICEBERG TABLE" + ObjectTypeExternalVolume ObjectType = "EXTERNAL VOLUME" ) func (o ObjectType) String() string { @@ -109,6 +111,8 @@ func objectTypeSingularToPluralMap() map[ObjectType]PluralObjectType { ObjectTypeApplicationPackage: PluralObjectTypeApplicationPackages, ObjectTypeApplicationRole: PluralObjectTypeApplicationRoles, ObjectTypeStreamlit: PluralObjectTypeStreamlits, + ObjectTypeIcebergTable: PluralObjectTypeIcebergTables, + ObjectTypeExternalVolume: PluralObjectTypeExternalVolumes, } } @@ -199,6 +203,8 @@ const ( PluralObjectTypeApplicationPackages PluralObjectType = "APPLICATION PACKAGES" PluralObjectTypeApplicationRoles PluralObjectType = "APPLICATION ROLES" PluralObjectTypeStreamlits PluralObjectType = "STREAMLITS" + PluralObjectTypeIcebergTables PluralObjectType = "ICEBERG TABLES" + PluralObjectTypeExternalVolumes PluralObjectType = "EXTERNAL VOLUMES" ) func (p PluralObjectType) String() string { diff --git a/pkg/sdk/privileges.go b/pkg/sdk/privileges.go index d4eb5958d9..47bb95a520 100644 --- a/pkg/sdk/privileges.go +++ b/pkg/sdk/privileges.go @@ -13,6 +13,7 @@ const ( GlobalPrivilegeCreateFailoverGroup GlobalPrivilege = "CREATE FAILOVER GROUP" GlobalPrivilegeCreateIntegration GlobalPrivilege = "CREATE INTEGRATION" GlobalPrivilegeCreateNetworkPolicy GlobalPrivilege = "CREATE NETWORK POLICY" + GlobalPrivilegeCreateExternalVolume GlobalPrivilege = "CREATE EXTERNAL VOLUME" GlobalPrivilegeCreateReplicationGroup GlobalPrivilege = "CREATE REPLICATION GROUP" GlobalPrivilegeCreateRole GlobalPrivilege = "CREATE ROLE" GlobalPrivilegeCreateShare GlobalPrivilege = "CREATE SHARE" @@ -71,6 +72,9 @@ const ( AccountObjectPrivilegeMonitor AccountObjectPrivilege = "MONITOR" AccountObjectPrivilegeUsage AccountObjectPrivilege = "USAGE" + // -- For EXTERNAL VOLUME + // AccountObjectPrivilegeUsage AccountObjectPrivilege = "USAGE" (duplicate) + // -- For FAILOVER GROUP // { FAILOVER | MODIFY | MONITOR | REPLICATE } [ , ... ] AccountObjectPrivilegeFailover AccountObjectPrivilege = "FAILOVER" @@ -126,11 +130,13 @@ const ( [ , ... ] */ SchemaPrivilegeAddSearchOptimization SchemaPrivilege = "ADD SEARCH OPTIMIZATION" + SchemaPrivilegeApplyBudget SchemaPrivilege = "APPLYBUDGET" SchemaPrivilegeCreateAlert SchemaPrivilege = "CREATE ALERT" SchemaPrivilegeCreateDynamicTable SchemaPrivilege = "CREATE DYNAMIC TABLE" SchemaPrivilegeCreateExternalTable SchemaPrivilege = "CREATE EXTERNAL TABLE" SchemaPrivilegeCreateFileFormat SchemaPrivilege = "CREATE FILE FORMAT" SchemaPrivilegeCreateFunction SchemaPrivilege = "CREATE FUNCTION" + SchemaPrivilegeCreateIcebergTable SchemaPrivilege = "CREATE ICEBERG TABLE" SchemaPrivilegeCreateMaterializedView SchemaPrivilege = "CREATE MATERIALIZED VIEW" SchemaPrivilegeCreatePipe SchemaPrivilege = "CREATE PIPE" SchemaPrivilegeCreateProcedure SchemaPrivilege = "CREATE PROCEDURE" @@ -178,6 +184,15 @@ const ( // USAGE [ , ... ] SchemaObjectPrivilegeUsage SchemaObjectPrivilege = "USAGE" + // -- For ICEBERG TABLE + SchemaObjectPrivilegeApplyBudget SchemaObjectPrivilege = "APPLYBUDGET" + //SchemaObjectPrivilegeDelete SchemaObjectPrivilege = "DELETE" (duplicate) + //SchemaObjectPrivilegeInsert SchemaObjectPrivilege = "INSERT" (duplicate) + //SchemaObjectPrivilegeReferences SchemaObjectPrivilege = "REFERENCES" (duplicate) + //SchemaObjectPrivilegeSelect SchemaObjectPrivilege = "SELECT" (duplicate) + //SchemaObjectPrivilegeTruncate SchemaObjectPrivilege = "Truncate" (duplicate) + //SchemaObjectPrivilegeUpdate SchemaObjectPrivilege = "Update" (duplicate) + // -- For PIPE // { MONITOR | OPERATE } [ , ... ] SchemaObjectPrivilegeMonitor SchemaObjectPrivilege = "MONITOR"