Skip to content

Commit

Permalink
feat: database role v1 readiness (#3014)
Browse files Browse the repository at this point in the history
## Changes
- Checked and updated SDK for database roles (implementation,
validation, unit tests, int tests)
- Fixed makefile command name for cleaning models
- Generate asserts and models for database roles and used them in
acceptance tests
- Fixed template spacing (it was failing for database role)
- Minor changes in the database role resource + added show_output field
- Moved global variable `id` in acceptance test to local scope
(`alerts_acceptance_test.go`)
- Fixed import id and slightly updated example configuration
- Data source implementation and tests adjusted
  • Loading branch information
sfc-gh-jcieslak authored Aug 28, 2024
1 parent a5dfeac commit c4db255
Show file tree
Hide file tree
Showing 35 changed files with 1,206 additions and 291 deletions.
17 changes: 17 additions & 0 deletions MIGRATION_GUIDE.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,23 @@ across different versions.

## v0.94.x ➞ v0.95.0

### *(breaking change)* database roles data source; field rename, schema structure changes, and adding missing filtering options

- `database` renamed to `in_database`
- Added `like` and `limit` filtering options
- `SHOW DATABASE ROLES` output is now put inside `database_roles.*.show_output`. Here's the list of currently available fields:
- `created_on`
- `name`
- `is_default`
- `is_current`
- `is_inherited`
- `granted_to_roles`
- `granted_to_database_roles`
- `granted_database_roles`
- `owner`
- `comment`
- `owner_role_type`

### snowflake_view resource changes
New fields:
- `row_access_policy`
Expand Down
4 changes: 2 additions & 2 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -156,10 +156,10 @@ clean-resource-show-output-assertions: ## Clean resource parameters assertions
generate-resource-model-builders: ## Generate resource model builders
go generate ./pkg/acceptance/bettertestspoc/config/model/generate.go

clean-resource-model-builder: ## Clean resource model builders
clean-resource-model-builders: ## Clean resource model builders
rm -f ./pkg/acceptance/bettertestspoc/config/model/*_gen.go

clean-all-assertions-and-config-models: clean-snowflake-object-assertions clean-snowflake-object-parameters-assertions clean-resource-assertions clean-resource-parameters-assertions clean-resource-show-output-assertions clean-resource-model-builder ## clean all generated assertions and config models
clean-all-assertions-and-config-models: clean-snowflake-object-assertions clean-snowflake-object-parameters-assertions clean-resource-assertions clean-resource-parameters-assertions clean-resource-show-output-assertions clean-resource-model-builders ## clean all generated assertions and config models

generate-all-assertions-and-config-models: generate-snowflake-object-assertions generate-snowflake-object-parameters-assertions generate-resource-assertions generate-resource-parameters-assertions generate-resource-show-output-assertions generate-resource-model-builders ## generate all assertions and config models

Expand Down
38 changes: 36 additions & 2 deletions docs/data-sources/database_roles.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ description: |-
---

!> **V1 release candidate** This data source was reworked and is a release candidate for the V1. We do not expect significant changes in it before the V1. We will welcome any feedback and adjust the data source if needed. Any errors reported will be resolved with a higher priority. We encourage checking this data source out before the V1 release. Please follow the [migration guide](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md#v0920--v0930) to use it.

# snowflake_database_roles (Data Source)


Expand All @@ -22,18 +24,50 @@ data "snowflake_database_roles" "db_roles" {

### Required

- `database` (String) The database from which to return the database roles from.
- `in_database` (String) The database from which to return the database roles from.

### Optional

- `like` (String) Filters the output with **case-insensitive** pattern, with support for SQL wildcard characters (`%` and `_`).
- `limit` (Block List, Max: 1) Limits the number of rows returned. If the `limit.from` is set, then the limit wll start from the first element matched by the expression. The expression is only used to match with the first element, later on the elements are not matched by the prefix, but you can enforce a certain pattern with `starts_with` or `like`. (see [below for nested schema](#nestedblock--limit))

### Read-Only

- `database_roles` (List of Object) Lists all the database roles in a specified database. (see [below for nested schema](#nestedatt--database_roles))
- `database_roles` (List of Object) Holds the aggregated output of all database role details queries. (see [below for nested schema](#nestedatt--database_roles))
- `id` (String) The ID of this resource.

<a id="nestedblock--limit"></a>
### Nested Schema for `limit`

Required:

- `rows` (Number) The maximum number of rows to return.

Optional:

- `from` (String) Specifies a **case-sensitive** pattern that is used to match object name. After the first match, the limit on the number of rows will be applied.


<a id="nestedatt--database_roles"></a>
### Nested Schema for `database_roles`

Read-Only:

- `show_output` (List of Object) (see [below for nested schema](#nestedobjatt--database_roles--show_output))

<a id="nestedobjatt--database_roles--show_output"></a>
### Nested Schema for `database_roles.show_output`

Read-Only:

- `comment` (String)
- `created_on` (String)
- `granted_database_roles` (Number)
- `granted_to_database_roles` (Number)
- `granted_to_roles` (Number)
- `is_current` (Boolean)
- `is_default` (Boolean)
- `is_inherited` (Boolean)
- `name` (String)
- `owner` (String)
- `owner_role_type` (String)
39 changes: 31 additions & 8 deletions docs/resources/database_role.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,20 +5,25 @@ description: |-
---

!> **V1 release candidate** This resource was reworked and is a release candidate for the V1. We do not expect significant changes in it before the V1. We will welcome any feedback and adjust the resource if needed. Any errors reported will be resolved with a higher priority. We encourage checking this resource out before the V1 release.

# snowflake_database_role (Resource)



## Example Usage

```terraform
resource "snowflake_database_role" "db_role" {
database = "database"
name = "role_1"
comment = "my db role"
resource "snowflake_database" "test_database" {
name = "database_name"
}
```
resource "snowflake_database_role" "test_database_role" {
database = snowflake_database.test_database.fully_qualified_name
name = "database_role_name"
comment = "my database role"
}
```
-> **Note** Instead of using fully_qualified_name, you can reference objects managed outside Terraform by constructing a correct ID, consult [identifiers guide](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/guides/identifiers#new-computed-fully-qualified-name-field-in-resources).
<!-- TODO(SNOW-1634854): include an example showing both methods-->

Expand All @@ -27,8 +32,8 @@ resource "snowflake_database_role" "db_role" {

### Required

- `database` (String) The database in which to create the database role.
- `name` (String) Specifies the identifier for the database role.
- `database` (String) The database in which to create the database role. Due to technical limitations (read more [here](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/docs/technical-documentation/identifiers_rework_design_decisions.md#known-limitations-and-identifier-recommendations)), avoid using the following characters: `|`, `.`, `(`, `)`, `"`
- `name` (String) Specifies the identifier for the database role. Due to technical limitations (read more [here](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/docs/technical-documentation/identifiers_rework_design_decisions.md#known-limitations-and-identifier-recommendations)), avoid using the following characters: `|`, `.`, `(`, `)`, `"`

### Optional

Expand All @@ -38,11 +43,29 @@ resource "snowflake_database_role" "db_role" {

- `fully_qualified_name` (String) Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
- `id` (String) The ID of this resource.
- `show_output` (List of Object) Outputs the result of `SHOW DATABASE ROLES` for the given database role. Note that this value will be only recomputed whenever comment field changes. (see [below for nested schema](#nestedatt--show_output))

<a id="nestedatt--show_output"></a>
### Nested Schema for `show_output`

Read-Only:

- `comment` (String)
- `created_on` (String)
- `granted_database_roles` (Number)
- `granted_to_database_roles` (Number)
- `granted_to_roles` (Number)
- `is_current` (Boolean)
- `is_default` (Boolean)
- `is_inherited` (Boolean)
- `name` (String)
- `owner` (String)
- `owner_role_type` (String)

## Import

Import is supported using the following syntax:

```shell
terraform import snowflake_database_role.example 'dbName|roleName'
terraform import snowflake_database_role.example '"<database_name>"."<database_role_name>"'
```
2 changes: 1 addition & 1 deletion examples/resources/snowflake_database_role/import.sh
Original file line number Diff line number Diff line change
@@ -1 +1 @@
terraform import snowflake_database_role.example 'dbName|roleName'
terraform import snowflake_database_role.example '"<database_name>"."<database_role_name>"'
12 changes: 8 additions & 4 deletions examples/resources/snowflake_database_role/resource.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
resource "snowflake_database_role" "db_role" {
database = "database"
name = "role_1"
comment = "my db role"
resource "snowflake_database" "test_database" {
name = "database_name"
}

resource "snowflake_database_role" "test_database_role" {
database = snowflake_database.test_database.fully_qualified_name
name = "database_role_name"
comment = "my database role"
}
16 changes: 16 additions & 0 deletions pkg/acceptance/bettertestspoc/README.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,19 @@
# Better tests poc

<!-- TOC -->
* [Better tests poc](#better-tests-poc)
* [How it works](#how-it-works)
* [Adding new resource assertions](#adding-new-resource-assertions)
* [Adding new resource show output assertions](#adding-new-resource-show-output-assertions)
* [Adding new resource parameters assertions](#adding-new-resource-parameters-assertions)
* [Adding new Snowflake object assertions](#adding-new-snowflake-object-assertions)
* [Adding new Snowflake object parameters assertions](#adding-new-snowflake-object-parameters-assertions)
* [Adding new resource config model builders](#adding-new-resource-config-model-builders)
* [Running the generators](#running-the-generators)
* [Example usage in practice](#example-usage-in-practice)
* [Known limitations/planned improvements](#known-limitationsplanned-improvements)
<!-- TOC -->

This package contains a quick implementation of helpers that should allow us a quicker, more pleasant, and more readable implementation of tests, mainly the acceptance ones.
It contains the following packages:
- `assert` - all the assertions reside here. Also, the utilities to build assertions for new objects. All the current assertions are generated. The currently supported assertions are:
Expand Down Expand Up @@ -326,3 +341,4 @@ func (w *WarehouseDatasourceShowOutputAssert) IsEmpty() {
- distinguish between different enum types (TODO left in `assert/resourceshowoutputassert/gen/templates.go`)
- support the rest of attribute types in config model builders (TODO left in `config/model/gen/model.go`)
- parametrize test client helper used - integration versus acceptance tests - this has to be changed in the generator too (TODO left in `assert/objectassert/user_snowflake_ext.go`)
- Omit computed fields in the model (like FullyQualifiedName), because it doesn't make sense to set them

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,11 @@ type SdkObjectDef struct {
}

var allStructs = []SdkObjectDef{
{
IdType: "sdk.DatabaseObjectIdentifier",
ObjectType: sdk.ObjectTypeDatabaseRole,
ObjectStruct: sdk.DatabaseRole{},
},
{
IdType: "sdk.AccountObjectIdentifier",
ObjectType: sdk.ObjectTypeUser,
Expand Down
Loading

0 comments on commit c4db255

Please sign in to comment.