fix: function not exist and integration grant (#1154)

* Added a generic "resource not found error" Fixed 'function' not exist scenario Fixed grant helpers to consider only relevant grants * Added a generic "resource not found error" Fixed 'function' not exist scenario Fixed grant helpers to consider only relevant grants Fixed 'stage' not exist scenario * Added a generic "resource not found error" Fixed 'function' not exist scenario Fixed grant helpers to consider only relevant grants Fixed 'stage' not exist scenario removed unnecessary debug logs Co-authored-by: Scott Winkler <scott.winkler@snowflake.com>
Snowflake-Labs · Sep 20, 2022 · ea01e66 · ea01e66
1 parent e61c15a
commit ea01e66
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 10 deletions.
diff --git a/pkg/resources/function.go b/pkg/resources/function.go
@@ -272,8 +272,11 @@ func ReadFunction(d *schema.ResourceData, meta interface{}) error {
 		return err
 	}
 	rows, err := snowflake.Query(db, stmt)
-	if err != nil {
-		return err
+	if err != nil && snowflake.IsResourceNotExistOrNotAuthorized(err.Error(), "Function") {
+		// If not found, mark resource to be removed from statefile during apply or refresh
+		log.Printf("[DEBUG] function (%s) not found or we are not authorized.Err:\n%s", d.Id(), err.Error())
+		d.SetId("")
+		return nil
 	}
 	defer rows.Close()
 	descPropValues, err := snowflake.ScanFunctionDescription(rows)

diff --git a/pkg/resources/grant_helpers.go b/pkg/resources/grant_helpers.go
@@ -229,15 +229,29 @@ func readGenericGrant(
 		}
 		return err
 	}
+
 	priv := d.Get("privilege").(string)
 	grantOption := d.Get("with_grant_option").(bool)
 
+	var relevantGrants []*grant
+	for _, grant := range grants {
+		if grant.Privilege == priv && grant.GrantOption == grantOption {
+			relevantGrants = append(relevantGrants, grant)
+		}
+	}
+
+	// If no relevant grants, set id to blank and return
+	if len(relevantGrants) == 0 {
+		d.SetId("")
+		return nil
+	}
+
 	// Map of roles to privileges
 	rolePrivileges := map[string]PrivilegeSet{}
 	sharePrivileges := map[string]PrivilegeSet{}
 
 	// List of all grants for each schema_database
-	for _, grant := range grants {
+	for _, grant := range relevantGrants {
 		switch grant.GranteeType {
 		case "ROLE":
 			roleName := grant.GranteeName
@@ -273,6 +287,7 @@ func readGenericGrant(
 	existingRoles := d.Get("roles").(*schema.Set)
 	multipleGrantFeatureFlag := d.Get("enable_multiple_grants").(bool)
 	var roles, shares []string
+
 	// Now see which roles have our privilege
 	for roleName, privileges := range rolePrivileges {
 		// Where priv is not all so it should match exactly
@@ -312,6 +327,7 @@ func readGenericGrant(
 	if err != nil {
 		return err
 	}
+
 	return nil
 }
 

diff --git a/pkg/resources/user.go b/pkg/resources/user.go
@@ -3,7 +3,6 @@ package resources
 import (
 	"database/sql"
 	"log"
-	"regexp"
 	"strings"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
@@ -141,11 +140,6 @@ var userSchema = map[string]*schema.Schema{
 	//    MINS_TO_BYPASS_NETWORK POLICY = <integer>
 }
 
-func isUserNotExistOrNotAuthorized(errorString string) bool {
-	var userNotExistOrNotAuthorizedRegEx, _ = regexp.Compile("SQL compilation error:User '.*' does not exist or not authorized.")
-	return userNotExistOrNotAuthorizedRegEx.MatchString(strings.ReplaceAll(errorString, "\n", ""))
-}
-
 func User() *schema.Resource {
 	return &schema.Resource{
 		Create: CreateUser,
@@ -173,7 +167,7 @@ func ReadUser(d *schema.ResourceData, meta interface{}) error {
 	stmt := snowflake.User(id).Describe()
 	rows, err := snowflake.Query(db, stmt)
 
-	if err != nil && isUserNotExistOrNotAuthorized(err.Error()) {
+	if err != nil && snowflake.IsResourceNotExistOrNotAuthorized(err.Error(), "User") {
 		// If not found, mark resource to be removed from statefile during apply or refresh
 		log.Printf("[DEBUG] user (%s) not found or we are not authorized.Err:\n%s", d.Id(), err.Error())
 		d.SetId("")

diff --git a/pkg/snowflake/errors.go b/pkg/snowflake/errors.go
@@ -1,6 +1,18 @@
 package snowflake
 
+import (
+	"fmt"
+	"regexp"
+	"strings"
+)
+
 // Generic Errors
 var (
 	ErrNoRowInRS = "sql: no rows in result set"
 )
+
+func IsResourceNotExistOrNotAuthorized(errorString string, resourceType string) bool {
+	regexStr := fmt.Sprintf("SQL compilation error:%s '.*' does not exist or not authorized.", resourceType)
+	var userNotExistOrNotAuthorizedRegEx, _ = regexp.Compile(regexStr)
+	return userNotExistOrNotAuthorizedRegEx.MatchString(strings.ReplaceAll(errorString, "\n", ""))
+}