-
Notifications
You must be signed in to change notification settings - Fork 426
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Add a new account roles data source (#3257)
<!-- Feel free to delete comments as you fill this in --> - add a new data source for account rolers to be consistent with resources - prove that database role with the same prefix is not in the output of SHOW ROLES - deprecate the `roles` data source (it will be removed in v1-ready branch) <!-- summary of changes --> ## Test Plan <!-- detail ways in which this PR has been tested or needs to be tested --> * [x] acceptance tests <!-- add more below if you think they are relevant --> * [ ] … ## References <!-- issues documentation links, etc --> https://docs.snowflake.com/en/sql-reference/sql/show-roles
- Loading branch information
1 parent
c4f1e8f
commit b3d6b9e
Showing
25 changed files
with
450 additions
and
25 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,99 @@ | ||
--- | ||
page_title: "snowflake_account_roles Data Source - terraform-provider-snowflake" | ||
subcategory: "" | ||
description: |- | ||
Data source used to get details of filtered account roles. Filtering is aligned with the current possibilities for SHOW ROLES https://docs.snowflake.com/en/sql-reference/sql/show-roles query (like and in_class are all supported). The results of SHOW are encapsulated in one output collection. | ||
--- | ||
|
||
# snowflake_account_roles (Data Source) | ||
|
||
Data source used to get details of filtered account roles. Filtering is aligned with the current possibilities for [SHOW ROLES](https://docs.snowflake.com/en/sql-reference/sql/show-roles) query (`like` and `in_class` are all supported). The results of SHOW are encapsulated in one output collection. | ||
|
||
## Example Usage | ||
|
||
```terraform | ||
# Simple usage | ||
data "snowflake_account_roles" "simple" { | ||
} | ||
output "simple_output" { | ||
value = data.snowflake_account_roles.simple.roles | ||
} | ||
# Filtering (like) | ||
data "snowflake_account_roles" "like" { | ||
like = "role-name" | ||
} | ||
output "like_output" { | ||
value = data.snowflake_account_roles.like.roles | ||
} | ||
# Filtering (in class) | ||
data "snowflake_account_roles" "in_class" { | ||
in_class = "SNOWFLAKE.CORE.BUDGET" | ||
} | ||
output "in_class_output" { | ||
value = data.snowflake_account_roles.in_class.roles | ||
} | ||
# Ensure the number of roles is equal to at least one element (with the use of postcondition) | ||
data "snowflake_account_roles" "assert_with_postcondition" { | ||
like = "role-name-%" | ||
lifecycle { | ||
postcondition { | ||
condition = length(self.roles) > 0 | ||
error_message = "there should be at least one role" | ||
} | ||
} | ||
} | ||
# Ensure the number of roles is equal to at exactly one element (with the use of check block) | ||
check "role_check" { | ||
data "snowflake_account_roles" "assert_with_check_block" { | ||
like = "role-name" | ||
} | ||
assert { | ||
condition = length(data.snowflake_account_roles.assert_with_check_block.roles) == 1 | ||
error_message = "Roles filtered by '${data.snowflake_account_roles.assert_with_check_block.like}' returned ${length(data.snowflake_account_roles.assert_with_check_block.roles)} roles where one was expected" | ||
} | ||
} | ||
``` | ||
|
||
<!-- schema generated by tfplugindocs --> | ||
## Schema | ||
|
||
### Optional | ||
|
||
- `in_class` (String) Filters the SHOW GRANTS output by class name. | ||
- `like` (String) Filters the output with **case-insensitive** pattern, with support for SQL wildcard characters (`%` and `_`). | ||
|
||
### Read-Only | ||
|
||
- `account_roles` (List of Object) Holds the aggregated output of all account role details queries. (see [below for nested schema](#nestedatt--account_roles)) | ||
- `id` (String) The ID of this resource. | ||
|
||
<a id="nestedatt--account_roles"></a> | ||
### Nested Schema for `account_roles` | ||
|
||
Read-Only: | ||
|
||
- `show_output` (List of Object) (see [below for nested schema](#nestedobjatt--account_roles--show_output)) | ||
|
||
<a id="nestedobjatt--account_roles--show_output"></a> | ||
### Nested Schema for `account_roles.show_output` | ||
|
||
Read-Only: | ||
|
||
- `assigned_to_users` (Number) | ||
- `comment` (String) | ||
- `created_on` (String) | ||
- `granted_roles` (Number) | ||
- `granted_to_roles` (Number) | ||
- `is_current` (Boolean) | ||
- `is_default` (Boolean) | ||
- `is_inherited` (Boolean) | ||
- `name` (String) | ||
- `owner` (String) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,4 @@ | ||
## Currently deprecated datasources | ||
|
||
- [snowflake_role](./docs/data-sources/role) - use [snowflake_roles](./docs/data-sources/roles) instead | ||
- [snowflake_role](./docs/data-sources/role) - use [snowflake_account_roles](./docs/data-sources/account_roles) instead | ||
- [snowflake_roles](./docs/data-sources/roles) - use [snowflake_account_roles](./docs/data-sources/account_roles) instead |
48 changes: 48 additions & 0 deletions
48
examples/data-sources/snowflake_account_roles/data-source.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
# Simple usage | ||
data "snowflake_account_roles" "simple" { | ||
} | ||
|
||
output "simple_output" { | ||
value = data.snowflake_account_roles.simple.roles | ||
} | ||
|
||
# Filtering (like) | ||
data "snowflake_account_roles" "like" { | ||
like = "role-name" | ||
} | ||
|
||
output "like_output" { | ||
value = data.snowflake_account_roles.like.roles | ||
} | ||
|
||
# Filtering (in class) | ||
data "snowflake_account_roles" "in_class" { | ||
in_class = "SNOWFLAKE.CORE.BUDGET" | ||
} | ||
|
||
output "in_class_output" { | ||
value = data.snowflake_account_roles.in_class.roles | ||
} | ||
|
||
# Ensure the number of roles is equal to at least one element (with the use of postcondition) | ||
data "snowflake_account_roles" "assert_with_postcondition" { | ||
like = "role-name-%" | ||
lifecycle { | ||
postcondition { | ||
condition = length(self.roles) > 0 | ||
error_message = "there should be at least one role" | ||
} | ||
} | ||
} | ||
|
||
# Ensure the number of roles is equal to at exactly one element (with the use of check block) | ||
check "role_check" { | ||
data "snowflake_account_roles" "assert_with_check_block" { | ||
like = "role-name" | ||
} | ||
|
||
assert { | ||
condition = length(data.snowflake_account_roles.assert_with_check_block.roles) == 1 | ||
error_message = "Roles filtered by '${data.snowflake_account_roles.assert_with_check_block.like}' returned ${length(data.snowflake_account_roles.assert_with_check_block.roles)} roles where one was expected" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
package datasources | ||
|
||
import ( | ||
"context" | ||
"fmt" | ||
|
||
"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/provider/datasources" | ||
|
||
"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/resources" | ||
"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/schemas" | ||
|
||
"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/internal/provider" | ||
|
||
"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/diag" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" | ||
) | ||
|
||
var accountRolesSchema = map[string]*schema.Schema{ | ||
"like": likeSchema, | ||
"in_class": { | ||
Type: schema.TypeString, | ||
Optional: true, | ||
ValidateDiagFunc: resources.IsValidIdentifier[sdk.SchemaObjectIdentifier](), | ||
Description: "Filters the SHOW GRANTS output by class name.", | ||
}, | ||
"account_roles": { | ||
Type: schema.TypeList, | ||
Computed: true, | ||
Description: "Holds the aggregated output of all account role details queries.", | ||
Elem: &schema.Resource{ | ||
Schema: map[string]*schema.Schema{ | ||
resources.ShowOutputAttributeName: { | ||
Type: schema.TypeList, | ||
Computed: true, | ||
Description: "Holds the output of SHOW ROLES.", | ||
Elem: &schema.Resource{ | ||
Schema: schemas.ShowRoleSchema, | ||
}, | ||
}, | ||
}, | ||
}, | ||
}, | ||
} | ||
|
||
func AccountRoles() *schema.Resource { | ||
return &schema.Resource{ | ||
ReadContext: TrackingReadWrapper(datasources.AccountRoles, ReadAccountRoles), | ||
Schema: accountRolesSchema, | ||
Description: "Data source used to get details of filtered account roles. Filtering is aligned with the current possibilities for [SHOW ROLES](https://docs.snowflake.com/en/sql-reference/sql/show-roles) query (`like` and `in_class` are all supported). The results of SHOW are encapsulated in one output collection.", | ||
} | ||
} | ||
|
||
func ReadAccountRoles(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics { | ||
client := meta.(*provider.Context).Client | ||
|
||
req := sdk.NewShowRoleRequest() | ||
|
||
handleLike(d, &req.Like) | ||
|
||
if className, ok := d.GetOk("in_class"); ok { | ||
req.WithInClass(sdk.RolesInClass{ | ||
Class: sdk.NewSchemaObjectIdentifierFromFullyQualifiedName(className.(string)), | ||
}) | ||
} | ||
|
||
roles, err := client.Roles.Show(ctx, req) | ||
if err != nil { | ||
return diag.Diagnostics{ | ||
diag.Diagnostic{ | ||
Severity: diag.Error, | ||
Summary: "Failed to show account roles", | ||
Detail: fmt.Sprintf("Error: %s", err), | ||
}, | ||
} | ||
} | ||
|
||
d.SetId("account_roles_read") | ||
|
||
flattenedAccountRoles := make([]map[string]any, len(roles)) | ||
for i, role := range roles { | ||
role := role | ||
flattenedAccountRoles[i] = map[string]any{ | ||
resources.ShowOutputAttributeName: []map[string]any{schemas.RoleToSchema(&role)}, | ||
} | ||
} | ||
|
||
err = d.Set("account_roles", flattenedAccountRoles) | ||
if err != nil { | ||
return diag.FromErr(err) | ||
} | ||
|
||
return nil | ||
} |
Oops, something went wrong.