chore: Show a possible solution for #2877 (#2878)

As described in
https://docs.snowflake.com/en/user-guide/tasks-graphs#manage-task-graph-ownership,
there are two main options. This PR shows the one granting ownership of
all tasks at once.

pkg/resources/grant_ownership_acceptance_test.go

@@ -7,17 +7,16 @@ import (
 	"slices"
 	"testing"
 
-	"github.com/hashicorp/terraform-plugin-testing/plancheck"
-	"github.com/stretchr/testify/assert"
+	acc "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance"
 
 	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/internal/provider"
-	"github.com/hashicorp/terraform-plugin-testing/terraform"
-
-	acc "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance"
 	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk"
 	"github.com/hashicorp/terraform-plugin-testing/config"
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-plugin-testing/plancheck"
+	"github.com/hashicorp/terraform-plugin-testing/terraform"
 	"github.com/hashicorp/terraform-plugin-testing/tfversion"
+	"github.com/stretchr/testify/assert"
 )
 
 func TestAcc_GrantOwnership_OnObject_Database_ToAccountRole(t *testing.T) {
@@ -1053,6 +1052,93 @@ func TestAcc_GrantOwnership_OnTask(t *testing.T) {
 	})
 }
 
+func TestAcc_GrantOwnership_OnTask_Discussion2877(t *testing.T) {
+	taskId := acc.TestClient().Ids.RandomSchemaObjectIdentifier()
+	childId := acc.TestClient().Ids.RandomSchemaObjectIdentifier()
+	accountRoleId := acc.TestClient().Ids.RandomAccountObjectIdentifier()
+
+	configVariables := config.Variables{
+		"account_role_name": config.StringVariable(accountRoleId.Name()),
+		"database":          config.StringVariable(acc.TestDatabaseName),
+		"schema":            config.StringVariable(acc.TestSchemaName),
+		"task":              config.StringVariable(taskId.Name()),
+		"child":             config.StringVariable(childId.Name()),
+		"warehouse":         config.StringVariable(acc.TestWarehouseName),
+	}
+	resourceName := "snowflake_grant_ownership.test"
+
+	resource.Test(t, resource.TestCase{
+		ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories,
+		PreCheck:                 func() { acc.TestAccPreCheck(t) },
+		TerraformVersionChecks: []tfversion.TerraformVersionCheck{
+			tfversion.RequireAbove(tfversion.Version1_5_0),
+		},
+		Steps: []resource.TestStep{
+			{
+				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantOwnership/OnTask_Discussion2877/1"),
+				ConfigVariables: configVariables,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("snowflake_task.test", "name", taskId.Name()),
+					resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("ToAccountRole|%s||OnObject|TASK|%s", accountRoleId.FullyQualifiedName(), taskId.FullyQualifiedName())),
+					checkResourceOwnershipIsGranted(&sdk.ShowGrantOptions{
+						On: &sdk.ShowGrantsOn{
+							Object: &sdk.Object{
+								ObjectType: sdk.ObjectTypeTask,
+								Name:       taskId,
+							},
+						},
+					}, sdk.ObjectTypeTask, accountRoleId.Name(), taskId.FullyQualifiedName()),
+				),
+			},
+			{
+				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantOwnership/OnTask_Discussion2877/2"),
+				ConfigVariables: configVariables,
+				ExpectError:     regexp.MustCompile("cannot have the given predecessor since they do not share the same owner role"),
+			},
+			{
+				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantOwnership/OnTask_Discussion2877/3"),
+				ConfigVariables: configVariables,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("snowflake_task.test", "name", taskId.Name()),
+					checkResourceOwnershipIsGranted(&sdk.ShowGrantOptions{
+						On: &sdk.ShowGrantsOn{
+							Object: &sdk.Object{
+								ObjectType: sdk.ObjectTypeTask,
+								Name:       taskId,
+							},
+						},
+					}, sdk.ObjectTypeTask, acc.TestClient().Context.CurrentRole(t).Name(), taskId.FullyQualifiedName()),
+				),
+			},
+			{
+				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantOwnership/OnTask_Discussion2877/4"),
+				ConfigVariables: configVariables,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("snowflake_task.test", "name", taskId.Name()),
+					resource.TestCheckResourceAttr("snowflake_task.child", "name", childId.Name()),
+					resource.TestCheckResourceAttr("snowflake_task.child", "after.0", taskId.Name()),
+					checkResourceOwnershipIsGranted(&sdk.ShowGrantOptions{
+						On: &sdk.ShowGrantsOn{
+							Object: &sdk.Object{
+								ObjectType: sdk.ObjectTypeTask,
+								Name:       taskId,
+							},
+						},
+					}, sdk.ObjectTypeTask, accountRoleId.Name(), taskId.FullyQualifiedName()),
+					checkResourceOwnershipIsGranted(&sdk.ShowGrantOptions{
+						On: &sdk.ShowGrantsOn{
+							Object: &sdk.Object{
+								ObjectType: sdk.ObjectTypeTask,
+								Name:       childId,
+							},
+						},
+					}, sdk.ObjectTypeTask, accountRoleId.Name(), childId.FullyQualifiedName()),
+				),
+			},
+		},
+	})
+}
+
 func TestAcc_GrantOwnership_OnAllTasks(t *testing.T) {
 	taskId := acc.TestClient().Ids.RandomSchemaObjectIdentifier()
 	secondTaskId := acc.TestClient().Ids.RandomSchemaObjectIdentifier()

pkg/resources/testdata/TestAcc_GrantOwnership/OnTask_Discussion2877/1/test.tf

@@ -0,0 +1,20 @@
+resource "snowflake_role" "test" {
+  name = var.account_role_name
+}
+
+resource "snowflake_task" "test" {
+  database      = var.database
+  schema        = var.schema
+  name          = var.task
+  warehouse     = var.warehouse
+  sql_statement = "SELECT CURRENT_TIMESTAMP"
+}
+
+resource "snowflake_grant_ownership" "test" {
+  account_role_name = snowflake_role.test.name
+
+  on {
+    object_type = "TASK"
+    object_name = "\"${snowflake_task.test.database}\".\"${snowflake_task.test.schema}\".\"${snowflake_task.test.name}\""
+  }
+}

pkg/resources/testdata/TestAcc_GrantOwnership/OnTask_Discussion2877/1/variables.tf

@@ -0,0 +1,19 @@
+variable "account_role_name" {
+  type = string
+}
+
+variable "database" {
+  type = string
+}
+
+variable "schema" {
+  type = string
+}
+
+variable "task" {
+  type = string
+}
+
+variable "warehouse" {
+  type = string
+}

pkg/resources/testdata/TestAcc_GrantOwnership/OnTask_Discussion2877/2/test.tf

@@ -0,0 +1,40 @@
+resource "snowflake_role" "test" {
+  name = var.account_role_name
+}
+
+resource "snowflake_task" "test" {
+  database      = var.database
+  schema        = var.schema
+  name          = var.task
+  warehouse     = var.warehouse
+  sql_statement = "SELECT CURRENT_TIMESTAMP"
+}
+
+resource "snowflake_task" "child" {
+  database      = var.database
+  schema        = var.schema
+  name          = var.child
+  warehouse     = var.warehouse
+  after         = [snowflake_task.test.name]
+  sql_statement = "SELECT CURRENT_TIMESTAMP"
+}
+
+resource "snowflake_grant_ownership" "test" {
+  depends_on = [snowflake_task.child]
+
+  account_role_name = snowflake_role.test.name
+
+  on {
+    object_type = "TASK"
+    object_name = "\"${snowflake_task.test.database}\".\"${snowflake_task.test.schema}\".\"${snowflake_task.test.name}\""
+  }
+}
+
+resource "snowflake_grant_ownership" "child" {
+  account_role_name = snowflake_role.test.name
+
+  on {
+    object_type = "TASK"
+    object_name = "\"${snowflake_task.child.database}\".\"${snowflake_task.child.schema}\".\"${snowflake_task.child.name}\""
+  }
+}

pkg/resources/testdata/TestAcc_GrantOwnership/OnTask_Discussion2877/2/variables.tf

@@ -0,0 +1,23 @@
+variable "account_role_name" {
+  type = string
+}
+
+variable "database" {
+  type = string
+}
+
+variable "schema" {
+  type = string
+}
+
+variable "task" {
+  type = string
+}
+
+variable "child" {
+  type = string
+}
+
+variable "warehouse" {
+  type = string
+}

pkg/resources/testdata/TestAcc_GrantOwnership/OnTask_Discussion2877/3/test.tf

@@ -0,0 +1,11 @@
+resource "snowflake_role" "test" {
+  name = var.account_role_name
+}
+
+resource "snowflake_task" "test" {
+  database      = var.database
+  schema        = var.schema
+  name          = var.task
+  warehouse     = var.warehouse
+  sql_statement = "SELECT CURRENT_TIMESTAMP"
+}

pkg/resources/testdata/TestAcc_GrantOwnership/OnTask_Discussion2877/3/variables.tf

@@ -0,0 +1,23 @@
+variable "account_role_name" {
+  type = string
+}
+
+variable "database" {
+  type = string
+}
+
+variable "schema" {
+  type = string
+}
+
+variable "task" {
+  type = string
+}
+
+variable "child" {
+  type = string
+}
+
+variable "warehouse" {
+  type = string
+}

pkg/resources/testdata/TestAcc_GrantOwnership/OnTask_Discussion2877/4/test.tf

@@ -0,0 +1,32 @@
+resource "snowflake_role" "test" {
+  name = var.account_role_name
+}
+
+resource "snowflake_task" "test" {
+  database      = var.database
+  schema        = var.schema
+  name          = var.task
+  warehouse     = var.warehouse
+  sql_statement = "SELECT CURRENT_TIMESTAMP"
+}
+
+resource "snowflake_task" "child" {
+  database      = var.database
+  schema        = var.schema
+  name          = var.child
+  warehouse     = var.warehouse
+  after         = [snowflake_task.test.name]
+  sql_statement = "SELECT CURRENT_TIMESTAMP"
+}
+
+resource "snowflake_grant_ownership" "test" {
+  depends_on        = [snowflake_task.test, snowflake_task.child]
+  account_role_name = snowflake_role.test.name
+
+  on {
+    all {
+      object_type_plural = "TASKS"
+      in_schema          = "\"${var.database}\".\"${var.schema}\""
+    }
+  }
+}

pkg/resources/testdata/TestAcc_GrantOwnership/OnTask_Discussion2877/4/variables.tf

@@ -0,0 +1,23 @@
+variable "account_role_name" {
+  type = string
+}
+
+variable "database" {
+  type = string
+}
+
+variable "schema" {
+  type = string
+}
+
+variable "task" {
+  type = string
+}
+
+variable "child" {
+  type = string
+}
+
+variable "warehouse" {
+  type = string
+}