Changes after review

Snowflake-Labs · Sep 13, 2024 · ac66d81 · ac66d81
1 parent 34bff36
commit ac66d81
Show file tree

Hide file tree

Showing 4 changed files with 105 additions and 9 deletions.
diff --git a/pkg/sdk/testint/authentication_policies_gen_integration_test.go b/pkg/sdk/testint/authentication_policies_gen_integration_test.go
@@ -225,7 +225,7 @@ func TestInt_AuthenticationPolicies(t *testing.T) {
 			assert.Len(t, authenticationPolicies, 1)
 		})
 
-		// TODO(ticket number): starts_with doesn't work (returns all)
+		// TODO(SNOW-1663343): starts_with doesn't work (returns all)
 		t.Run("starts_with", func(t *testing.T) {
 			authenticationPolicies, err := client.AuthenticationPolicies.Show(ctx, sdk.NewShowAuthenticationPolicyRequest().
 				WithStartsWith("test_auth_policy_").
@@ -260,7 +260,7 @@ func TestInt_AuthenticationPolicies(t *testing.T) {
 			assert.Len(t, authenticationPolicies, 1)
 		})
 
-		// TODO(ticket number): limit from doesn't work (should return 0 elements because alphabetically test_auth_policyzzz is last in the output)
+		// TODO(SNOW-1663343): limit from doesn't work (should return 0 elements because alphabetically test_auth_policyzzz is last in the output)
 		t.Run("limit from", func(t *testing.T) {
 			authenticationPolicies, err := client.AuthenticationPolicies.Show(ctx, sdk.NewShowAuthenticationPolicyRequest().
 				WithLimit(sdk.LimitFrom{Rows: sdk.Int(2), From: sdk.String(id.Name())}).

diff --git a/pkg/sdk/testint/users_integration_test.go b/pkg/sdk/testint/users_integration_test.go
@@ -941,6 +941,43 @@ func TestInt_Users(t *testing.T) {
 		)
 	})
 
+	t.Run("alter: set and unset properties and parameters at the same time", func(t *testing.T) {
+		user, userCleanup := testClientHelper().User.CreateUser(t)
+		t.Cleanup(userCleanup)
+
+		err := client.Users.Alter(ctx, user.ID(), &sdk.AlterUserOptions{
+			Set: &sdk.UserSet{
+				SessionParameters: &sdk.SessionParameters{
+					Autocommit: sdk.Bool(false),
+				},
+				ObjectParameters: &sdk.UserObjectParameters{
+					NetworkPolicy: sdk.Pointer(networkPolicy.ID()),
+				},
+				ObjectProperties: &sdk.UserAlterObjectProperties{
+					UserObjectProperties: sdk.UserObjectProperties{
+						Comment: sdk.String("some comment"),
+					},
+				},
+			},
+		})
+		require.NoError(t, err)
+
+		err = client.Users.Alter(ctx, user.ID(), &sdk.AlterUserOptions{
+			Unset: &sdk.UserUnset{
+				SessionParameters: &sdk.SessionParametersUnset{
+					Autocommit: sdk.Bool(true),
+				},
+				ObjectParameters: &sdk.UserObjectParametersUnset{
+					NetworkPolicy: sdk.Bool(true),
+				},
+				ObjectProperties: &sdk.UserObjectPropertiesUnset{
+					Comment: sdk.Bool(true),
+				},
+			},
+		})
+		require.NoError(t, err)
+	})
+
 	t.Run("alter: set and unset tags", func(t *testing.T) {
 		user, userCleanup := testClientHelper().User.CreateUser(t)
 		t.Cleanup(userCleanup)

diff --git a/pkg/sdk/users.go b/pkg/sdk/users.go
@@ -313,7 +313,7 @@ type AlterUserOptions struct {
 	AddDelegatedAuthorization    *AddDelegatedAuthorization    `ddl:"keyword"`
 	RemoveDelegatedAuthorization *RemoveDelegatedAuthorization `ddl:"keyword"`
 	Set                          *UserSet                      `ddl:"keyword" sql:"SET"`
-	Unset                        *UserUnset                    `ddl:"keyword" sql:"UNSET"`
+	Unset                        *UserUnset                    `ddl:"list" sql:"UNSET"`
 	SetTag                       []TagAssociation              `ddl:"keyword" sql:"SET TAG"`
 	UnsetTag                     []ObjectIdentifier            `ddl:"keyword" sql:"UNSET TAG"`
 }
@@ -400,6 +400,12 @@ func (opts *UserSet) validate() error {
 	if !anyValueSet(opts.PasswordPolicy, opts.SessionPolicy, opts.AuthenticationPolicy, opts.ObjectProperties, opts.ObjectParameters, opts.SessionParameters) {
 		return errAtLeastOneOf("UserSet", "PasswordPolicy", "SessionPolicy", "AuthenticationPolicy", "ObjectProperties", "ObjectParameters", "SessionParameters")
 	}
+	if moreThanOneValueSet(opts.PasswordPolicy, opts.SessionPolicy, opts.AuthenticationPolicy) {
+		return errOneOf("UserSet", "PasswordPolicy", "SessionPolicy", "AuthenticationPolicy")
+	}
+	if anyValueSet(opts.PasswordPolicy, opts.SessionPolicy, opts.AuthenticationPolicy) && anyValueSet(opts.ObjectProperties, opts.ObjectParameters, opts.SessionParameters) {
+		return NewError("policies cannot be set with user properties or parameters at the same time")
+	}
 	if valueSet(opts.ObjectProperties) && valueSet(opts.ObjectProperties.DefaultSecondaryRoles) {
 		if err := opts.ObjectProperties.DefaultSecondaryRoles.validate(); err != nil {
 			return err
@@ -426,8 +432,14 @@ type UserUnset struct {
 
 func (opts *UserUnset) validate() error {
 	// TODO [SNOW-1645875]: change validations with policies
-	if !exactlyOneValueSet(opts.PasswordPolicy, opts.SessionPolicy, opts.ObjectProperties, opts.ObjectParameters, opts.SessionParameters, opts.AuthenticationPolicy) {
-		return errExactlyOneOf("UserUnset", "PasswordPolicy", "SessionPolicy", "AuthenticationPolicy", "ObjectProperties", "ObjectParameters", "SessionParameters")
+	if !anyValueSet(opts.PasswordPolicy, opts.SessionPolicy, opts.ObjectProperties, opts.ObjectParameters, opts.SessionParameters, opts.AuthenticationPolicy) {
+		return errAtLeastOneOf("UserUnset", "PasswordPolicy", "SessionPolicy", "AuthenticationPolicy", "ObjectProperties", "ObjectParameters", "SessionParameters")
+	}
+	if moreThanOneValueSet(opts.PasswordPolicy, opts.SessionPolicy, opts.AuthenticationPolicy) {
+		return errOneOf("UserUnset", "PasswordPolicy", "SessionPolicy", "AuthenticationPolicy")
+	}
+	if anyValueSet(opts.PasswordPolicy, opts.SessionPolicy, opts.AuthenticationPolicy) && anyValueSet(opts.ObjectProperties, opts.ObjectParameters, opts.SessionParameters) {
+		return NewError("policies cannot be unset with user properties or parameters at the same time")
 	}
 	return nil
 }

diff --git a/pkg/sdk/users_test.go b/pkg/sdk/users_test.go
@@ -1,6 +1,7 @@
 package sdk
 
 import (
+	"errors"
 	"fmt"
 	"testing"
 
@@ -119,6 +120,30 @@ func TestUserAlter(t *testing.T) {
 		assertOptsInvalidJoinedErrors(t, opts, errAtLeastOneOf("UserSet", "PasswordPolicy", "SessionPolicy", "AuthenticationPolicy", "ObjectProperties", "ObjectParameters", "SessionParameters"))
 	})
 
+	t.Run("validation: set more than one policy", func(t *testing.T) {
+		opts := &AlterUserOptions{
+			name: id,
+			Set: &UserSet{
+				AuthenticationPolicy: Pointer(randomSchemaObjectIdentifier()),
+				PasswordPolicy:       Pointer(randomSchemaObjectIdentifier()),
+			},
+		}
+		assertOptsInvalidJoinedErrors(t, opts, errOneOf("UserSet", "PasswordPolicy", "SessionPolicy", "AuthenticationPolicy"))
+	})
+
+	t.Run("validation: set policy with user parameters and properties", func(t *testing.T) {
+		opts := &AlterUserOptions{
+			name: id,
+			Set: &UserSet{
+				AuthenticationPolicy: Pointer(randomSchemaObjectIdentifier()),
+				SessionParameters:    &SessionParameters{AbortDetachedQuery: Bool(true)},
+				ObjectParameters:     &UserObjectParameters{EnableUnredactedQuerySyntaxError: Bool(true)},
+				ObjectProperties:     &UserAlterObjectProperties{DisableMfa: Bool(true)},
+			},
+		}
+		assertOptsInvalidJoinedErrors(t, opts, errors.New("policies cannot be set with user properties or parameters at the same time"))
+	})
+
 	t.Run("two sets", func(t *testing.T) {
 		opts := &AlterUserOptions{
 			name: id,
@@ -135,18 +160,40 @@ func TestUserAlter(t *testing.T) {
 			name:  id,
 			Unset: &UserUnset{},
 		}
-		assertOptsInvalidJoinedErrors(t, opts, errExactlyOneOf("UserUnset", "PasswordPolicy", "SessionPolicy", "AuthenticationPolicy", "ObjectProperties", "ObjectParameters", "SessionParameters"))
+		assertOptsInvalidJoinedErrors(t, opts, errAtLeastOneOf("UserUnset", "PasswordPolicy", "SessionPolicy", "AuthenticationPolicy", "ObjectProperties", "ObjectParameters", "SessionParameters"))
 	})
 
-	t.Run("validation: two incompatible unsets", func(t *testing.T) {
+	t.Run("validation: unset property with policy", func(t *testing.T) {
+		opts := &AlterUserOptions{
+			name: id,
+			Unset: &UserUnset{
+				PasswordPolicy:   Bool(true),
+				ObjectParameters: &UserObjectParametersUnset{EnableUnredactedQuerySyntaxError: Bool(true)},
+			},
+		}
+		assertOptsInvalidJoinedErrors(t, opts, errors.New("policies cannot be unset with user properties or parameters at the same time"))
+	})
+
+	t.Run("validation: unset two policies", func(t *testing.T) {
+		opts := &AlterUserOptions{
+			name: id,
+			Unset: &UserUnset{
+				PasswordPolicy:       Bool(true),
+				AuthenticationPolicy: Bool(true),
+			},
+		}
+		assertOptsInvalidJoinedErrors(t, opts, errOneOf("UserUnset", "PasswordPolicy", "SessionPolicy", "AuthenticationPolicy"))
+	})
+
+	t.Run("two compatible unsets", func(t *testing.T) {
 		opts := &AlterUserOptions{
 			name: id,
 			Unset: &UserUnset{
-				SessionParameters: &SessionParametersUnset{BinaryOutputFormat: Bool(true)},
 				ObjectParameters:  &UserObjectParametersUnset{EnableUnredactedQuerySyntaxError: Bool(true)},
+				SessionParameters: &SessionParametersUnset{BinaryOutputFormat: Bool(true)},
 			},
 		}
-		assertOptsInvalidJoinedErrors(t, opts, errExactlyOneOf("UserUnset", "PasswordPolicy", "SessionPolicy", "AuthenticationPolicy", "ObjectProperties", "ObjectParameters", "SessionParameters"))
+		assertOptsValidAndSQLEquals(t, opts, "ALTER USER %s UNSET ENABLE_UNREDACTED_QUERY_SYNTAX_ERROR, BINARY_OUTPUT_FORMAT", id.FullyQualifiedName())
 	})
 
 	t.Run("with setting a policy", func(t *testing.T) {