Snowflake-Labs · sfc-gh-jmichalak · Sep 13, 2024 · Sep 10, 2024 · Sep 11, 2024 · Sep 11, 2024
diff --git a/MIGRATION_GUIDE.md b/MIGRATION_GUIDE.md
@@ -19,7 +19,7 @@ Please rename these fields in your configuration files. State will be migrated a
 #### *(breaking change)* Adjusted behavior of arguments/signature
 Now, arguments are stored as a list, instead of a map. Please adjust that in your configs. State is migrated automatically. Also, this means that order of the items matters and may be adjusted.
 
-Argument names are now case sensitive.
+Argument names are now case sensitive. All policies created previously in the provider have upper case argument names. If you used lower case before, please adjust your configs.
 
 #### *(breaking change)* Adjusted behavior on changing name
 Previously, after changing `name` field, the resource was recreated. Now, the object is renamed with `RENAME TO`.
@@ -31,7 +31,7 @@ Now, similarly to handling statements in other resources, we replace blank chara
 
 #### *(breaking change)* Identifiers related changes
 During [identifiers rework](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/ROADMAP.md#identifiers-rework) we decided to
-migrate resource ids from pipe-separated to regular Snowflake identifiers (e.g. `<database_name>|<schema_name>` -> `"<database_name>"."<schema_name>"`).
+migrate resource ids from pipe-separated to regular Snowflake identifiers (e.g. `<database_name>|<schema_name>` -> `"<database_name>"."<schema_name>"`). Importing resources also needs to be adjusted (see [example](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/row_access_policy#import)).
 
 Also, we added diff suppress function that prevents Terraform from showing differences, when only quoting is different.
 

diff --git a/docs/resources/row_access_policy.md b/docs/resources/row_access_policy.md
@@ -22,6 +22,14 @@ resource "snowflake_row_access_policy" "example_row_access_policy" {
     name = "ARG1"
     type = "VARCHAR"
   }
+  argument {
+    name = "ARG2"
+    type = "NUMBER"
+  }
+  argument {
+    name = "ARG3"
+    type = "TIMESTAMP_NTZ"
+  }
   body    = "case when current_role() in ('ANALYST') then true else false end"
   comment = "comment"
 }
@@ -91,5 +99,5 @@ Read-Only:
 Import is supported using the following syntax:
 
 ```shell
-terraform import snowflake_row_access_policy.example '"<database_name>"."<schema_name>"."<view_name>"'
+terraform import snowflake_row_access_policy.example '"<database_name>"."<schema_name>"."<row_access_policy_name>"'
 ```
diff --git a/examples/resources/snowflake_row_access_policy/import.sh b/examples/resources/snowflake_row_access_policy/import.sh
@@ -1 +1 @@
-terraform import snowflake_row_access_policy.example '"<database_name>"."<schema_name>"."<view_name>"'
+terraform import snowflake_row_access_policy.example '"<database_name>"."<schema_name>"."<row_access_policy_name>"'
diff --git a/examples/resources/snowflake_row_access_policy/resource.tf b/examples/resources/snowflake_row_access_policy/resource.tf
@@ -6,6 +6,14 @@ resource "snowflake_row_access_policy" "example_row_access_policy" {
     name = "ARG1"
     type = "VARCHAR"
   }
+  argument {
+    name = "ARG2"
+    type = "NUMBER"
+  }
+  argument {
+    name = "ARG3"
+    type = "TIMESTAMP_NTZ"
+  }
   body    = "case when current_role() in ('ANALYST') then true else false end"
   comment = "comment"
 }
diff --git a/pkg/acceptance/bettertestspoc/assert/resourceassert/gen/resource_schema_def.go b/pkg/acceptance/bettertestspoc/assert/resourceassert/gen/resource_schema_def.go
@@ -41,4 +41,8 @@ var allResourceSchemaDefs = []ResourceSchemaDef{
 		name:   "ResourceMonitor",
 		schema: resources.ResourceMonitor().Schema,
 	},
+	{
+		name:   "RowAccessPolicy",
+		schema: resources.RowAccessPolicy().Schema,
+	},
 }
diff --git a/pkg/acceptance/bettertestspoc/assert/resourceassert/row_access_policy_resource_ext.go b/pkg/acceptance/bettertestspoc/assert/resourceassert/row_access_policy_resource_ext.go
@@ -0,0 +1,18 @@
+package resourceassert
+
+import (
+	"fmt"
+	"strconv"
+
+	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance/bettertestspoc/assert"
+	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk"
+)
+
+func (r *RowAccessPolicyResourceAssert) HasArguments(args []sdk.RowAccessPolicyArgument) *RowAccessPolicyResourceAssert {
+	r.AddAssertion(assert.ValueSet("argument.#", strconv.FormatInt(int64(len(args)), 10)))
+	for i, v := range args {
+		r.AddAssertion(assert.ValueSet(fmt.Sprintf("argument.%d.name", i), v.Name))
+		r.AddAssertion(assert.ValueSet(fmt.Sprintf("argument.%d.type", i), v.Type))
+	}
+	return r
+}
diff --git a/pkg/acceptance/bettertestspoc/config/model/row_access_policy_model_ext.go b/pkg/acceptance/bettertestspoc/config/model/row_access_policy_model_ext.go
@@ -0,0 +1,19 @@
+package model
+
+import (
+	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk"
+	"github.com/hashicorp/terraform-plugin-testing/config"
+	tfconfig "github.com/hashicorp/terraform-plugin-testing/config"
+)
+
+func (r *RowAccessPolicyModel) WithArgument(argument []sdk.RowAccessPolicyArgument) *RowAccessPolicyModel {
+	maps := make([]config.Variable, len(argument))
+	for i, v := range argument {
+		maps[i] = config.MapVariable(map[string]config.Variable{
+			"name": config.StringVariable(v.Name),
+			"type": config.StringVariable(v.Type),
+		})
+	}
+	r.Argument = tfconfig.SetVariable(maps...)
+	return r
+}
diff --git a/pkg/acceptance/bettertestspoc/config/model/row_access_policy_model_gen.go b/pkg/acceptance/bettertestspoc/config/model/row_access_policy_model_gen.go
diff --git a/pkg/acceptance/helpers/row_access_policy_client.go b/pkg/acceptance/helpers/row_access_policy_client.go
@@ -47,6 +47,19 @@ func (c *RowAccessPolicyClient) CreateRowAccessPolicyWithDataType(t *testing.T,
 	return rowAccessPolicy, c.DropRowAccessPolicyFunc(t, id)
 }
 
+func (c *RowAccessPolicyClient) CreateOrReplaceRowAccessPolicy(t *testing.T, req sdk.CreateRowAccessPolicyRequest) (*sdk.RowAccessPolicy, func()) {
+	t.Helper()
+	ctx := context.Background()
+
+	err := c.client().Create(ctx, req.WithOrReplace(sdk.Pointer(true)))
+	require.NoError(t, err)
+
+	rowAccessPolicy, err := c.client().ShowByID(ctx, req.GetName())
+	require.NoError(t, err)
+
+	return rowAccessPolicy, c.DropRowAccessPolicyFunc(t, req.GetName())
+}
+
 func (c *RowAccessPolicyClient) Alter(t *testing.T, req sdk.AlterRowAccessPolicyRequest) {
 	t.Helper()
 	ctx := context.Background()

diff --git a/pkg/resources/row_access_policy.go b/pkg/resources/row_access_policy.go
@@ -49,11 +49,9 @@ var rowAccessPolicySchema = map[string]*schema.Schema{
 				},
 				// TODO(SNOW-1596962): Fully support VECTOR data type sdk.ParseFunctionArgumentsFromString could be a base for another function that takes argument names into consideration.
 				"type": {
-					Type:     schema.TypeString,
-					Required: true,
-					DiffSuppressFunc: func(key, oldValue, newValue string, _ *schema.ResourceData) bool {
-						return NormalizeAndCompare(sdk.ToDataType)(key, oldValue, newValue, nil)
-					},
+					Type:             schema.TypeString,
+					Required:         true,
+					DiffSuppressFunc: NormalizeAndCompare(sdk.ToDataType),
 					ValidateDiagFunc: sdkValidation(sdk.ToDataType),
 					Description:      "The argument type",
 					ForceNew:         true,
@@ -106,12 +104,12 @@ func RowAccessPolicy() *schema.Resource {
 
 		Schema: rowAccessPolicySchema,
 		Importer: &schema.ResourceImporter{
-			StateContext: schema.ImportStatePassthroughContext,
+			StateContext: ImportRowAccessPolicy,
 		},
 
 		CustomizeDiff: customdiff.All(
-			ComputedIfAnyAttributeChanged(rowAccessPolicySchema, ShowOutputAttributeName, "comment"),
-			ComputedIfAnyAttributeChanged(rowAccessPolicySchema, DescribeOutputAttributeName, "body"),
+			ComputedIfAnyAttributeChanged(rowAccessPolicySchema, ShowOutputAttributeName, "comment", "name"),
+			ComputedIfAnyAttributeChanged(rowAccessPolicySchema, DescribeOutputAttributeName, "body", "name", "signature"),
 			ComputedIfAnyAttributeChanged(rowAccessPolicySchema, FullyQualifiedNameAttributeName, "name"),
 		),
 
@@ -126,6 +124,47 @@ func RowAccessPolicy() *schema.Resource {
 	}
 }
 
+func ImportRowAccessPolicy(ctx context.Context, d *schema.ResourceData, meta any) ([]*schema.ResourceData, error) {
+	log.Printf("[DEBUG] Starting row access policy import")
+	client := meta.(*provider.Context).Client
+	id, err := sdk.ParseSchemaObjectIdentifier(d.Id())
+	if err != nil {
+		return nil, err
+	}
+
+	policy, err := client.RowAccessPolicies.ShowByID(ctx, id)
+	if err != nil {
+		return nil, err
+	}
+	if err := d.Set("name", id.Name()); err != nil {
+		return nil, err
+	}
+	if err := d.Set("database", id.DatabaseName()); err != nil {
+		return nil, err
+	}
+	if err := d.Set("schema", id.SchemaName()); err != nil {
+		return nil, err
+	}
+	if err := d.Set("comment", policy.Comment); err != nil {
+		return nil, err
+	}
+	policyDescription, err := client.RowAccessPolicies.Describe(ctx, id)
+	if err != nil {
+		return nil, err
+	}
+	if err := d.Set("body", policyDescription.Body); err != nil {
+		return nil, err
+	}
+	args, err := policyDescription.Arguments()
+	if err != nil {
+		return nil, err
+	}
+	if err := d.Set("argument", schemas.RowAccessPolicyArgumentsToSchema(args)); err != nil {
+		return nil, err
+	}
+	return []*schema.ResourceData{d}, nil
+}
+
 func CreateRowAccessPolicy(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics {
 	client := meta.(*provider.Context).Client
 
@@ -205,8 +244,11 @@ func ReadRowAccessPolicy(ctx context.Context, d *schema.ResourceData, meta any)
 	if err := d.Set("body", rowAccessPolicyDescription.Body); err != nil {
 		return diag.FromErr(err)
 	}
-
-	if err := d.Set("argument", rowAccessPolicyDescription.Arguments()); err != nil {
+	args, err := rowAccessPolicyDescription.Arguments()
+	if err != nil {
+		return diag.FromErr(err)
+	}
+	if err := d.Set("argument", schemas.RowAccessPolicyArgumentsToSchema(args)); err != nil {
 		return diag.FromErr(err)
 	}
 	if err = d.Set(ShowOutputAttributeName, []map[string]any{schemas.RowAccessPolicyToSchema(rowAccessPolicy)}); err != nil {