Add missing parameters

Snowflake-Labs · Dec 11, 2023 · f2862ad · f2862ad
1 parent 962b1b6
commit f2862ad
Show file tree

Hide file tree

Showing 6 changed files with 45 additions and 2 deletions.
diff --git a/pkg/resources/grant_privileges_to_role.go b/pkg/resources/grant_privileges_to_role.go
@@ -65,6 +65,7 @@ var grantPrivilegesToRoleSchema = map[string]*schema.Schema{
 						"INTEGRATION",
 						"FAILOVER GROUP",
 						"REPLICATION GROUP",
+						"EXTERNAL VOLUME",
 					}, true),
 				},
 				"object_name": {
@@ -191,6 +192,7 @@ var grantPrivilegesToRoleSchema = map[string]*schema.Schema{
 									"TASKS",
 									"VIEWS",
 									"MATERIALIZED VIEWS",
+									"ICEBERG TABLES",
 								}, true),
 							},
 							"in_database": {
@@ -245,6 +247,7 @@ var grantPrivilegesToRoleSchema = map[string]*schema.Schema{
 									"TASKS",
 									"VIEWS",
 									"MATERIALIZED VIEWS",
+									"ICEBERG TABLES",
 								}, true),
 							},
 							"in_database": {
@@ -730,6 +733,8 @@ func configureAccountRoleGrantPrivilegeOptions(d *schema.ResourceData, privilege
 			on.AccountObject.User = &objectID
 		case sdk.ObjectTypeWarehouse:
 			on.AccountObject.Warehouse = &objectID
+		case sdk.ObjectTypeExternalVolume:
+			on.AccountObject.ExternalVolume = &objectID
 		default:
 			return nil, nil, fmt.Errorf("invalid object type %s", objectType)
 		}

diff --git a/pkg/sdk/grants.go b/pkg/sdk/grants.go
@@ -52,6 +52,7 @@ type GrantOnAccountObject struct {
 	Integration      *AccountObjectIdentifier `ddl:"identifier" sql:"INTEGRATION"`
 	FailoverGroup    *AccountObjectIdentifier `ddl:"identifier" sql:"FAILOVER GROUP"`
 	ReplicationGroup *AccountObjectIdentifier `ddl:"identifier" sql:"REPLICATION GROUP"`
+	ExternalVolume   *AccountObjectIdentifier `ddl:"identifier" sql:"EXTERNAL VOLUME"`
 }
 
 type GrantOnSchema struct {

diff --git a/pkg/sdk/grants_test.go b/pkg/sdk/grants_test.go
@@ -35,6 +35,22 @@ func TestGrantPrivilegesToAccountRole(t *testing.T) {
 		}
 		assertOptsValidAndSQLEquals(t, opts, `GRANT ALL PRIVILEGES ON DATABASE "db1" TO ROLE "role1"`)
 	})
+
+	t.Run("on account object - external volume", func(t *testing.T) {
+		opts := &GrantPrivilegesToAccountRoleOptions{
+			privileges: &AccountRoleGrantPrivileges{
+				AllPrivileges: Bool(true),
+			},
+			on: &AccountRoleGrantOn{
+				AccountObject: &GrantOnAccountObject{
+					ExternalVolume: Pointer(NewAccountObjectIdentifier("ex volume")),
+				},
+			},
+			accountRole: NewAccountObjectIdentifier("role1"),
+		}
+		assertOptsValidAndSQLEquals(t, opts, `GRANT ALL PRIVILEGES ON EXTERNAL VOLUME "ex volume" TO ROLE "role1"`)
+	})
+
 	t.Run("on schema", func(t *testing.T) {
 		opts := &GrantPrivilegesToAccountRoleOptions{
 			privileges: &AccountRoleGrantPrivileges{

diff --git a/pkg/sdk/grants_validations.go b/pkg/sdk/grants_validations.go
@@ -72,8 +72,8 @@ func (v *AccountRoleGrantOn) validate() error {
 }
 
 func (v *GrantOnAccountObject) validate() error {
-	if !exactlyOneValueSet(v.User, v.ResourceMonitor, v.Warehouse, v.Database, v.Integration, v.FailoverGroup, v.ReplicationGroup) {
-		return errExactlyOneOf("GrantOnAccountObject", "User", "ResourceMonitor", "Warehouse", "Database", "Integration", "FailoverGroup", "ReplicationGroup")
+	if !exactlyOneValueSet(v.User, v.ResourceMonitor, v.Warehouse, v.Database, v.Integration, v.FailoverGroup, v.ReplicationGroup, v.ExternalVolume) {
+		return errExactlyOneOf("GrantOnAccountObject", "User", "ResourceMonitor", "Warehouse", "Database", "Integration", "FailoverGroup", "ReplicationGroup", "ExternalVolume")
 	}
 	return nil
 }

diff --git a/pkg/sdk/object_types.go b/pkg/sdk/object_types.go
@@ -59,6 +59,8 @@ const (
 	ObjectTypeApplicationRole    ObjectType = "APPLICATION ROLE"
 	ObjectTypeStreamlit          ObjectType = "STREAMLIT"
 	ObjectTypeColumn             ObjectType = "COLUMN"
+	ObjectTypeIcebergTable       ObjectType = "ICEBERG TABLE"
+	ObjectTypeExternalVolume     ObjectType = "EXTERNAL VOLUME"
 )
 
 func (o ObjectType) String() string {
@@ -109,6 +111,8 @@ func objectTypeSingularToPluralMap() map[ObjectType]PluralObjectType {
 		ObjectTypeApplicationPackage: PluralObjectTypeApplicationPackages,
 		ObjectTypeApplicationRole:    PluralObjectTypeApplicationRoles,
 		ObjectTypeStreamlit:          PluralObjectTypeStreamlits,
+		ObjectTypeIcebergTable:       PluralObjectTypeIcebergTables,
+		ObjectTypeExternalVolume:     PluralObjectTypeExternalVolumes,
 	}
 }
 
@@ -199,6 +203,8 @@ const (
 	PluralObjectTypeApplicationPackages PluralObjectType = "APPLICATION PACKAGES"
 	PluralObjectTypeApplicationRoles    PluralObjectType = "APPLICATION ROLES"
 	PluralObjectTypeStreamlits          PluralObjectType = "STREAMLITS"
+	PluralObjectTypeIcebergTables       PluralObjectType = "ICEBERG TABLES"
+	PluralObjectTypeExternalVolumes     PluralObjectType = "EXTERNAL VOLUMES"
 )
 
 func (p PluralObjectType) String() string {

diff --git a/pkg/sdk/privileges.go b/pkg/sdk/privileges.go
@@ -13,6 +13,7 @@ const (
 	GlobalPrivilegeCreateFailoverGroup       GlobalPrivilege = "CREATE FAILOVER GROUP"
 	GlobalPrivilegeCreateIntegration         GlobalPrivilege = "CREATE INTEGRATION"
 	GlobalPrivilegeCreateNetworkPolicy       GlobalPrivilege = "CREATE NETWORK POLICY"
+	GlobalPrivilegeCreateExternalVolume      GlobalPrivilege = "CREATE EXTERNAL VOLUME"
 	GlobalPrivilegeCreateReplicationGroup    GlobalPrivilege = "CREATE REPLICATION GROUP"
 	GlobalPrivilegeCreateRole                GlobalPrivilege = "CREATE ROLE"
 	GlobalPrivilegeCreateShare               GlobalPrivilege = "CREATE SHARE"
@@ -71,6 +72,9 @@ const (
 	AccountObjectPrivilegeMonitor            AccountObjectPrivilege = "MONITOR"
 	AccountObjectPrivilegeUsage              AccountObjectPrivilege = "USAGE"
 
+	// -- For EXTERNAL VOLUME
+	// AccountObjectPrivilegeUsage              AccountObjectPrivilege = "USAGE" (duplicate)
+
 	// -- For FAILOVER GROUP
 	// { FAILOVER | MODIFY | MONITOR | REPLICATE } [ , ... ]
 	AccountObjectPrivilegeFailover AccountObjectPrivilege = "FAILOVER"
@@ -126,11 +130,13 @@ const (
 		[ , ... ]
 	*/
 	SchemaPrivilegeAddSearchOptimization  SchemaPrivilege = "ADD SEARCH OPTIMIZATION"
+	SchemaPrivilegeApplyBudget            SchemaPrivilege = "APPLYBUDGET"
 	SchemaPrivilegeCreateAlert            SchemaPrivilege = "CREATE ALERT"
 	SchemaPrivilegeCreateDynamicTable     SchemaPrivilege = "CREATE DYNAMIC TABLE"
 	SchemaPrivilegeCreateExternalTable    SchemaPrivilege = "CREATE EXTERNAL TABLE"
 	SchemaPrivilegeCreateFileFormat       SchemaPrivilege = "CREATE FILE FORMAT"
 	SchemaPrivilegeCreateFunction         SchemaPrivilege = "CREATE FUNCTION"
+	SchemaPrivilegeCreateIcebergTable     SchemaPrivilege = "CREATE ICEBERG TABLE"
 	SchemaPrivilegeCreateMaterializedView SchemaPrivilege = "CREATE MATERIALIZED VIEW"
 	SchemaPrivilegeCreatePipe             SchemaPrivilege = "CREATE PIPE"
 	SchemaPrivilegeCreateProcedure        SchemaPrivilege = "CREATE PROCEDURE"
@@ -178,6 +184,15 @@ const (
 	// USAGE [ , ... ]
 	SchemaObjectPrivilegeUsage SchemaObjectPrivilege = "USAGE"
 
+	// -- For ICEBERG TABLE
+	SchemaObjectPrivilegeApplyBudget SchemaObjectPrivilege = "APPLYBUDGET"
+	//SchemaObjectPrivilegeDelete      SchemaObjectPrivilege = "DELETE" (duplicate)
+	//SchemaObjectPrivilegeInsert      SchemaObjectPrivilege = "INSERT" (duplicate)
+	//SchemaObjectPrivilegeReferences  SchemaObjectPrivilege = "REFERENCES" (duplicate)
+	//SchemaObjectPrivilegeSelect      SchemaObjectPrivilege = "SELECT" (duplicate)
+	//SchemaObjectPrivilegeTruncate      SchemaObjectPrivilege = "Truncate" (duplicate)
+	//SchemaObjectPrivilegeUpdate      SchemaObjectPrivilege = "Update" (duplicate)
+
 	// -- For PIPE
 	// { MONITOR | OPERATE } [ , ... ]
 	SchemaObjectPrivilegeMonitor SchemaObjectPrivilege = "MONITOR"