Skip to content

Commit

Permalink
Using validation in existing grant resource
Browse files Browse the repository at this point in the history
  • Loading branch information
@sfc-gh-jcieslak
sfc-gh-jcieslak committed Dec 14, 2023
1 parent 2d856b3 commit ad761c8
Show file tree
Hide file tree
Showing 2 changed files with 73 additions and 34 deletions.
75 changes: 41 additions & 34 deletions pkg/resources/grant_privileges_to_role.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,9 +69,10 @@ var grantPrivilegesToRoleSchema = map[string]*schema.Schema{
}, true),
},
"object_name": {
Type: schema.TypeString,
Required: true,
Description: "The fully qualified name of the object on which privileges will be granted.",
Type: schema.TypeString,
Required: true,
Description: "The fully qualified name of the object on which privileges will be granted.",
ValidateDiagFunc: IsValidIdentifier[sdk.AccountObjectIdentifier](),
},
},
},
Expand All @@ -86,11 +87,12 @@ var grantPrivilegesToRoleSchema = map[string]*schema.Schema{
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"schema_name": {
Type: schema.TypeString,
Optional: true,
Description: "The fully qualified name of the schema.",
ConflictsWith: []string{"on_schema.0.all_schemas_in_database", "on_schema.0.future_schemas_in_database"},
ForceNew: true,
Type: schema.TypeString,
Optional: true,
Description: "The fully qualified name of the schema.",
ConflictsWith: []string{"on_schema.0.all_schemas_in_database", "on_schema.0.future_schemas_in_database"},
ValidateDiagFunc: IsValidIdentifier[sdk.DatabaseObjectIdentifier](),
ForceNew: true,
},
"all_schemas_in_database": {
Type: schema.TypeString,
Expand Down Expand Up @@ -151,12 +153,13 @@ var grantPrivilegesToRoleSchema = map[string]*schema.Schema{
}, true),
},
"object_name": {
Type: schema.TypeString,
Optional: true,
Description: "The fully qualified name of the object on which privileges will be granted.",
RequiredWith: []string{"on_schema_object.0.object_type"},
ConflictsWith: []string{"on_schema_object.0.all", "on_schema_object.0.future"},
ForceNew: true,
Type: schema.TypeString,
Optional: true,
Description: "The fully qualified name of the object on which privileges will be granted.",
RequiredWith: []string{"on_schema_object.0.object_type"},
ConflictsWith: []string{"on_schema_object.0.all", "on_schema_object.0.future"},
ValidateDiagFunc: IsValidIdentifier[sdk.SchemaObjectIdentifier](),
ForceNew: true,
},
"all": {
Type: schema.TypeList,
Expand Down Expand Up @@ -197,18 +200,20 @@ var grantPrivilegesToRoleSchema = map[string]*schema.Schema{
}, true),
},
"in_database": {
Type: schema.TypeString,
Optional: true,
Description: "The fully qualified name of the database.",
ConflictsWith: []string{"on_schema_object.0.all.in_schema"},
ForceNew: true,
Type: schema.TypeString,
Optional: true,
Description: "The fully qualified name of the database.",
ConflictsWith: []string{"on_schema_object.0.all.in_schema"},
ValidateDiagFunc: IsValidIdentifier[sdk.AccountObjectIdentifier](),
ForceNew: true,
},
"in_schema": {
Type: schema.TypeString,
Optional: true,
Description: "The fully qualified name of the schema.",
ConflictsWith: []string{"on_schema_object.0.all.in_database"},
ForceNew: true,
Type: schema.TypeString,
Optional: true,
Description: "The fully qualified name of the schema.",
ConflictsWith: []string{"on_schema_object.0.all.in_database"},
ValidateDiagFunc: IsValidIdentifier[sdk.DatabaseObjectIdentifier](),
ForceNew: true,
},
},
},
Expand Down Expand Up @@ -252,18 +257,20 @@ var grantPrivilegesToRoleSchema = map[string]*schema.Schema{
}, true),
},
"in_database": {
Type: schema.TypeString,
Optional: true,
Description: "The fully qualified name of the database.",
ConflictsWith: []string{"on_schema_object.0.all.in_schema"},
ForceNew: true,
Type: schema.TypeString,
Optional: true,
Description: "The fully qualified name of the database.",
ConflictsWith: []string{"on_schema_object.0.all.in_schema"},
ValidateDiagFunc: IsValidIdentifier[sdk.AccountObjectIdentifier](),
ForceNew: true,
},
"in_schema": {
Type: schema.TypeString,
Optional: true,
Description: "The fully qualified name of the schema.",
ConflictsWith: []string{"on_schema_object.0.all.in_database"},
ForceNew: true,
Type: schema.TypeString,
Optional: true,
Description: "The fully qualified name of the schema.",
ConflictsWith: []string{"on_schema_object.0.all.in_database"},
ValidateDiagFunc: IsValidIdentifier[sdk.DatabaseObjectIdentifier](),
ForceNew: true,
},
},
},
Expand Down
32 changes: 32 additions & 0 deletions pkg/resources/grant_privileges_to_role_acceptance_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package resources_test

import (
"fmt"
"regexp"
"strings"
"testing"

Expand Down Expand Up @@ -899,3 +900,34 @@ resource "snowflake_grant_privileges_to_role" "grant" {
},
})
}

func TestAcc_GrantPrivilegesToRole_ValidatedIdentifiers(t *testing.T) {
resource.Test(t, resource.TestCase{
ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories,
PreCheck: func() { acc.TestAccPreCheck(t) },
TerraformVersionChecks: []tfversion.TerraformVersionCheck{
tfversion.RequireAbove(tfversion.Version1_5_0),
},
CheckDestroy: nil,
Steps: []resource.TestStep{
{
Config: fmt.Sprintf(`
resource "snowflake_role" "role" {
name = "TEST_ROLE_123"
}
resource "snowflake_grant_privileges_to_role" "test_invalidation" {
role_name = snowflake_role.role.name
privileges = ["SELECT"]
on_schema_object {
future {
object_type_plural = "ICEBERG TABLES"
in_schema = "%s"
}
}
}`, acc.TestSchemaName),
ExpectError: regexp.MustCompile(".*Expected DatabaseObjectIdentifier identifier type.*"),
},
},
})
}

0 comments on commit ad761c8

Please sign in to comment.