[fix] Add shares to grant ResourceData (Snowflake-Labs#263)

gjv9491 · Mar 16, 2021 · 886290b · 886290b
1 parent e9f0cb6
commit 886290b
Show file tree

Hide file tree

Showing 7 changed files with 178 additions and 4 deletions.
diff --git a/pkg/resources/database_grant_test.go b/pkg/resources/database_grant_test.go
@@ -48,11 +48,11 @@ func TestDatabaseGrantCreate(t *testing.T) {
 func TestDatabaseGrantRead(t *testing.T) {
 	r := require.New(t)
 
-	d := databaseGrant(t, "test-database|||IMPORTED PRIVILIGES|false", map[string]interface{}{
+	d := databaseGrant(t, "test-database|||USAGE|false", map[string]interface{}{
 		"database_name":     "test-database",
-		"privilege":         "IMPORTED PRIVILIGES",
-		"roles":             []interface{}{"test-role-1", "test-role-2"},
-		"shares":            []interface{}{"test-share-1", "test-share-2"},
+		"privilege":         "USAGE",
+		"roles":             []interface{}{},
+		"shares":            []interface{}{},
 		"with_grant_option": false,
 	})
 
@@ -63,6 +63,15 @@ func TestDatabaseGrantRead(t *testing.T) {
 		err := resources.ReadDatabaseGrant(d, db)
 		r.NoError(err)
 	})
+	roles := d.Get("roles").(*schema.Set)
+	r.True(roles.Contains("test-role-1"))
+	r.True(roles.Contains("test-role-2"))
+	r.Equal(roles.Len(), 2)
+
+	shares := d.Get("shares").(*schema.Set)
+	r.True(shares.Contains("test-share-1"))
+	r.True(shares.Contains("test-share-2"))
+	r.Equal(shares.Len(), 2)
 }
 
 func expectReadDatabaseGrant(mock sqlmock.Sqlmock) {

diff --git a/pkg/resources/grant_helpers.go b/pkg/resources/grant_helpers.go
@@ -261,6 +261,14 @@ func readGenericGrant(data *schema.ResourceData, meta interface{}, builder snowf
 		}
 	}
 
+	// Now see which shares have our privilege
+	for shareName, privileges := range sharePrivileges {
+		// Where priv is not all so it should match exactly
+		if privileges.hasString(priv) || privileges.ALLPrivsPresent(validPrivileges) {
+			shares = append(shares, shareName)
+		}
+	}
+
 	err = data.Set("privilege", priv)
 	if err != nil {
 		return err

diff --git a/pkg/resources/helpers_test.go b/pkg/resources/helpers_test.go
@@ -26,6 +26,38 @@ func databaseGrant(t *testing.T, id string, params map[string]interface{}) *sche
 	return d
 }
 
+func schemaGrant(t *testing.T, id string, params map[string]interface{}) *schema.ResourceData {
+	r := require.New(t)
+	d := schema.TestResourceDataRaw(t, resources.SchemaGrant().Schema, params)
+	r.NotNil(d)
+	d.SetId(id)
+	return d
+}
+
+func stageGrant(t *testing.T, id string, params map[string]interface{}) *schema.ResourceData {
+	r := require.New(t)
+	d := schema.TestResourceDataRaw(t, resources.StageGrant().Schema, params)
+	r.NotNil(d)
+	d.SetId(id)
+	return d
+}
+
+func tableGrant(t *testing.T, id string, params map[string]interface{}) *schema.ResourceData {
+	r := require.New(t)
+	d := schema.TestResourceDataRaw(t, resources.TableGrant().Schema, params)
+	r.NotNil(d)
+	d.SetId(id)
+	return d
+}
+
+func viewGrant(t *testing.T, id string, params map[string]interface{}) *schema.ResourceData {
+	r := require.New(t)
+	d := schema.TestResourceDataRaw(t, resources.ViewGrant().Schema, params)
+	r.NotNil(d)
+	d.SetId(id)
+	return d
+}
+
 func resourceMonitorGrant(t *testing.T, id string, params map[string]interface{}) *schema.ResourceData {
 	r := require.New(t)
 	d := schema.TestResourceDataRaw(t, resources.ResourceMonitorGrant().Schema, params)

diff --git a/pkg/resources/schema_grant_test.go b/pkg/resources/schema_grant_test.go
@@ -55,6 +55,36 @@ func TestSchemaGrantCreate(t *testing.T) {
 	}
 }
 
+func TestSchemaGrantRead(t *testing.T) {
+	r := require.New(t)
+
+	d := schemaGrant(t, "test-db|test-schema||USAGE|false", map[string]interface{}{
+		"schema_name":       "test-schema",
+		"database_name":     "test-db",
+		"privilege":         "USAGE",
+		"roles":             []interface{}{},
+		"shares":            []interface{}{},
+		"with_grant_option": false,
+	})
+
+	r.NotNil(d)
+
+	WithMockDb(t, func(db *sql.DB, mock sqlmock.Sqlmock) {
+		expectReadSchemaGrant(mock, "USAGE")
+		err := resources.ReadSchemaGrant(d, db)
+		r.NoError(err)
+	})
+	roles := d.Get("roles").(*schema.Set)
+	r.True(roles.Contains("test-role-1"))
+	r.True(roles.Contains("test-role-2"))
+	r.Equal(roles.Len(), 2)
+
+	shares := d.Get("shares").(*schema.Set)
+	r.True(shares.Contains("test-share-1"))
+	r.True(shares.Contains("test-share-2"))
+	r.Equal(shares.Len(), 2)
+}
+
 func expectReadSchemaGrant(mock sqlmock.Sqlmock, test_priv string) {
 	rows := sqlmock.NewRows([]string{
 		"created_on", "privilege", "granted_on", "name", "granted_to", "grantee_name", "grant_option", "granted_by",

diff --git a/pkg/resources/stage_grant_test.go b/pkg/resources/stage_grant_test.go
@@ -48,6 +48,38 @@ func TestStageGrantCreate(t *testing.T) {
 	}
 }
 
+func TestStageGrantRead(t *testing.T) {
+	r := require.New(t)
+
+	d := stageGrant(t, "test-db|test-schema|test-stage|USAGE|false", map[string]interface{}{
+		"stage_name":        "test-stage",
+		"schema_name":       "test-schema",
+		"database_name":     "test-db",
+		"privilege":         "USAGE",
+		"roles":             []interface{}{},
+		"shares":            []interface{}{},
+		"with_grant_option": false,
+	})
+
+	r.NotNil(d)
+
+	WithMockDb(t, func(db *sql.DB, mock sqlmock.Sqlmock) {
+		expectReadStageGrant(mock, "USAGE")
+		err := resources.ReadStageGrant(d, db)
+		r.NoError(err)
+	})
+
+	roles := d.Get("roles").(*schema.Set)
+	r.True(roles.Contains("test-role-1"))
+	r.True(roles.Contains("test-role-2"))
+	r.Equal(roles.Len(), 2)
+
+	shares := d.Get("shares").(*schema.Set)
+	r.True(shares.Contains("test-share-1"))
+	r.True(shares.Contains("test-share-2"))
+	r.Equal(shares.Len(), 2)
+}
+
 func expectReadStageGrant(mock sqlmock.Sqlmock, test_priv string) {
 	rows := sqlmock.NewRows([]string{
 		"created_on", "privilege", "granted_on", "name", "granted_to", "grantee_name", "grant_option", "granted_by",

diff --git a/pkg/resources/table_grant_test.go b/pkg/resources/table_grant_test.go
@@ -46,6 +46,37 @@ func TestTableGrantCreate(t *testing.T) {
 		r.NoError(err)
 	})
 }
+func TestTableGrantRead(t *testing.T) {
+	r := require.New(t)
+
+	d := tableGrant(t, "test-db|PUBLIC|test-table|SELECT|false", map[string]interface{}{
+		"table_name":        "test-table",
+		"schema_name":       "PUBLIC",
+		"database_name":     "test-db",
+		"privilege":         "SELECT",
+		"roles":             []interface{}{},
+		"shares":            []interface{}{},
+		"with_grant_option": false,
+	})
+
+	r.NotNil(d)
+
+	WithMockDb(t, func(db *sql.DB, mock sqlmock.Sqlmock) {
+		expectReadTableGrant(mock)
+		err := resources.ReadTableGrant(d, db)
+		r.NoError(err)
+	})
+
+	roles := d.Get("roles").(*schema.Set)
+	r.True(roles.Contains("test-role-1"))
+	r.True(roles.Contains("test-role-2"))
+	r.Equal(roles.Len(), 2)
+
+	shares := d.Get("shares").(*schema.Set)
+	r.True(shares.Contains("test-share-1"))
+	r.True(shares.Contains("test-share-2"))
+	r.Equal(shares.Len(), 2)
+}
 
 func expectReadTableGrant(mock sqlmock.Sqlmock) {
 	rows := sqlmock.NewRows([]string{

diff --git a/pkg/resources/view_grant_test.go b/pkg/resources/view_grant_test.go
@@ -45,6 +45,38 @@ func TestViewGrantCreate(t *testing.T) {
 	})
 }
 
+func TestViewGrantRead(t *testing.T) {
+	r := require.New(t)
+
+	d := viewGrant(t, "test-db|PUBLIC|test-view|SELECT|false", map[string]interface{}{
+		"view_name":         "test-view",
+		"schema_name":       "PUBLIC",
+		"database_name":     "test-db",
+		"privilege":         "SELECT",
+		"roles":             []interface{}{},
+		"shares":            []interface{}{},
+		"with_grant_option": false,
+	})
+
+	r.NotNil(d)
+
+	WithMockDb(t, func(db *sql.DB, mock sqlmock.Sqlmock) {
+		expectReadViewGrant(mock)
+		err := resources.ReadViewGrant(d, db)
+		r.NoError(err)
+	})
+
+	roles := d.Get("roles").(*schema.Set)
+	r.True(roles.Contains("test-role-1"))
+	r.True(roles.Contains("test-role-2"))
+	r.Equal(roles.Len(), 2)
+
+	shares := d.Get("shares").(*schema.Set)
+	r.True(shares.Contains("test-share-1"))
+	r.True(shares.Contains("test-share-2"))
+	r.Equal(shares.Len(), 2)
+}
+
 func expectReadViewGrant(mock sqlmock.Sqlmock) {
 	rows := sqlmock.NewRows([]string{
 		"created_on", "privilege", "granted_on", "name", "granted_to", "grantee_name", "grant_option", "granted_by",