feat: support custom ownership transfer for grants

[hexDoor]

• Add new optional schema variable revert_ownership_to_role_name which allows granular control over which role ownership will transfer to when destroying generic grants (including destruction during update) such as the following:
  • database_grant
  • external_table_grant
  • file_format_grant
  • function_grant
  • integration_grant
  • masking_policy_grant
  • materialized_view_grant
  • pipe_grant
  • procedure_grant
  • row_access_policy_grant
  • schema_grant
  • sequence_grant
  • stage_grant
  • stream_grant
  • table_grant
  • tag_grant
  • task_grant
  • view_grant
  • warehouse_grant

Note: Grants that do not seem to have a concept of ownership such as resource_monitor_grant do not gain this optional variable.

• Add RevokeOwnership method to *GrantExecutable interfaces and implement

  • Create new tests and modify existing ones as necessary

• Fix small variable naming issues

  • AllGrantBuilder referred as fgb => agb
  • ExistingGrantExecutable referred as fge => ege

Test Plan

• acceptance tests (shouldn't be necessary considering these changes are theoretically backwards compatible)
• unit tets

References

• should fix Additional control over generic ownership grants on destroy #1744
• should fix Unable to destroy resources created with terraform when changing ownership #1060

[sfc-gh-swinkler]

I think it would make more sense to have an dedicated role_ownership_grant resource than to add an attribute which doesn't do anything most of the time. However, I do plan to deprecate these existing grant resources in the future (see: #1470 for more info), so i guess its okay.

[sfc-gh-swinkler]

@hexDoor there appears to be some merge conflicts which must be resolved through command line. Could you please fix this?

Also I would like to let you know about a redesign effort to make a more stable and testable SDK. Refer to: #1767.

[hexDoor]

@sfc-gh-swinkler Apologies for the delay.

Merge conflicts have been resolved.

I think it would make more sense to have an dedicated role_ownership_grant resource than to add an attribute which doesn't do anything most of the time. However, I do plan to deprecate these existing grant resources in the future (see: #1470 for more info), so i guess its okay.

I agree but I found that this PR would be the least painful and disruptive way of implementing something that will unblock our project. I'll be happy to contribute to the discussion when I can.

Also I would like to let you know about a redesign effort to make a more stable and testable SDK. Refer to: #1767.

I have noted this if I need to implement new features in the future but I suggest continuing with the v1 design for this particular PR as it's meant to be more of a bandaid than a permanent fix. The aforementioned re-design of grant resources should remedy this in the future.

[hexDoor]

I remove privilegeOwnership as it should already be serviced by UserOwnershipGrant resource.
Leaving it in may contribute to confusion.

[sfc-gh-swinkler]

I have noted this if I need to implement new features in the future but I suggest continuing with the v1 design for this particular PR as it's meant to be more of a bandaid than a permanent fix. The aforementioned re-design of grant resources should remedy this in the future.

True, lets revisit this in the future. For now, i agree a bandaid solution is sufficient.

[sfc-gh-swinkler]

@hexDoor thank you for your contribution!