make pre-push

docs/resources/grant_privileges_to_database_role.md

@@ -6,6 +6,9 @@ description: |-
   
 ---
 
+
+!> **Warning** Be careful when using `always_apply` field. It will always produce a plan (even when no changes were made) and can be harmful in some setups. For more details why we decided to introduce it to go our document explaining those design decisions (coming soon).
+
 # snowflake_grant_privileges_to_database_role (Resource)
 
 
@@ -173,7 +176,7 @@ resource "snowflake_grant_privileges_to_database_role" "example" {
 - `all_privileges` (Boolean) Grant all privileges on the database role.
 - `always_apply` (Boolean) If true, the resource will always produce a “plan” and on “apply” it will re-grant defined privileges. It is supposed to be used only in “grant privileges on all X’s in database / schema Y” or “grant all privileges to X” scenarios to make sure that every new object in a given database / schema is granted by the account role and every new privilege is granted to the database role. Important note: this flag is not compliant with the Terraform assumptions of the config being eventually convergent (producing an empty plan).
 - `always_apply_trigger` (String) This field should not be set and its main purpose is to achieve the functionality described by always_apply field. This is value will be flipped to the opposite value on every terraform apply, thus creating a new plan that will re-apply grants.
-- `on_database` (String) The fully qualified name of the database on which privileges will be granted. If the identifier is not fully qualified (in the form of <db_name>.≤database_role_name>), the command looks for the database role in the current database for the session. All privileges are limited to the database that contains the database role, as well as other objects in the same database.
+- `on_database` (String) The fully qualified name of the database on which privileges will be granted.
 - `on_schema` (Block List, Max: 1) Specifies the schema on which privileges will be granted. (see [below for nested schema](#nestedblock--on_schema))
 - `on_schema_object` (Block List, Max: 1) Specifies the schema object on which privileges will be granted. (see [below for nested schema](#nestedblock--on_schema_object))
 - `privileges` (Set of String) The privileges to grant on the database role.

pkg/resources/grant_privileges_to_database_role.go

@@ -476,7 +476,7 @@ func UpdateGrantPrivilegesToDatabaseRole(ctx context.Context, d *schema.Resource
 		if d.HasChange("all_privileges") {
 			if _, allPrivileges := d.GetChange("all_privileges"); allPrivileges.(bool) {
 				shouldGrantAndRevoke = false
-				//id.Privileges = []string{}
+				id.Privileges = []string{}
 			}
 		}
 

pkg/resources/grant_privileges_to_database_role_acceptance_test.go

@@ -221,7 +221,8 @@ func TestAcc_GrantPrivilegesToDatabaseRole_OnFutureSchemasInDatabase(t *testing.
 					resource.TestCheckResourceAttr(resourceName, "privileges.0", string(sdk.SchemaPrivilegeCreateTable)),
 					resource.TestCheckResourceAttr(resourceName, "privileges.1", string(sdk.SchemaPrivilegeModify)),
 					resource.TestCheckResourceAttr(resourceName, "on_schema.#", "1"),
-					resource.TestCheckResourceAttr(resourceName, "on_schema.0.future_schemas_in_database", databaseName), resource.TestCheckResourceAttr(resourceName, "with_grant_option", "false"),
+					resource.TestCheckResourceAttr(resourceName, "on_schema.0.future_schemas_in_database", databaseName),
+					resource.TestCheckResourceAttr(resourceName, "with_grant_option", "false"),
 					resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|CREATE TABLE,MODIFY|OnSchema|OnFutureSchemasInDatabase|%s", databaseRoleName, databaseName)),
 				),
 			},

pkg/resources/grant_privileges_to_database_role_identifier.go

@@ -131,6 +131,8 @@ func ParseGrantPrivilegesToDatabaseRoleId(id string) (GrantPrivilegesToDatabaseR
 		return databaseRoleId, sdk.NewError(`database role identifier should hold at least 5 parts "<database_role_name>|<with_grant_option>|<always_apply>|<privileges>|<grant_type>|<grant_data>"`)
 	}
 
+	// TODO: Identifier parsing should be replaced with better version introduced in SNOW-999049.
+	// Right now, it's same as sdk.NewDatabaseObjectIdentifierFromFullyQualifiedName, but with error handling.
 	databaseRoleNameParts := strings.Split(parts[0], ".")
 	if len(databaseRoleNameParts) == 0 ||
 		(len(databaseRoleNameParts) == 1 && databaseRoleNameParts[0] == "") ||
@@ -155,7 +157,7 @@ func ParseGrantPrivilegesToDatabaseRoleId(id string) (GrantPrivilegesToDatabaseR
 
 	privileges := strings.Split(parts[3], ",")
 	if len(privileges) == 0 || (len(privileges) == 1 && privileges[0] == "") {
-		return databaseRoleId, sdk.NewError(fmt.Sprintf(`invalid Privileges value: %s, should be either a comma seperated list of privileges or "ALL" / "ALL PRIVILEGES" for all privileges`, parts[3]))
+		return databaseRoleId, sdk.NewError(fmt.Sprintf(`invalid Privileges value: %s, should be either a comma separated list of privileges or "ALL" / "ALL PRIVILEGES" for all privileges`, parts[3]))
 	}
 	if len(privileges) == 1 && (privileges[0] == "ALL" || privileges[0] == "ALL PRIVILEGES") {
 		databaseRoleId.AllPrivileges = true

pkg/resources/grant_privileges_to_database_role_identifier_test.go

@@ -266,7 +266,7 @@ func TestParseGrantPrivilegesToDatabaseRoleId(t *testing.T) {
 		{
 			Name:       "validation: grant database role empty privileges",
 			Identifier: `"database-name"."database-role"|false|false||OnDatabase|"on-database-name"`,
-			Error:      `invalid Privileges value: , should be either a comma seperated list of privileges or "ALL" / "ALL PRIVILEGES" for all privileges`,
+			Error:      `invalid Privileges value: , should be either a comma separated list of privileges or "ALL" / "ALL PRIVILEGES" for all privileges`,
 		},
 		{
 			Name:       "validation: grant database role empty with grant option",

pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_OnSchema_ExactlyOneOf/test.tf

@@ -3,7 +3,7 @@ resource "snowflake_grant_privileges_to_database_role" "test" {
   privileges         = ["USAGE"]
 
   on_schema {
-    schema_name = "some_database.schema_name"
+    schema_name             = "some_database.schema_name"
     all_schemas_in_database = "some_database"
   }
 }

pkg/resources/testdata/TestAcc_GrantPrivilegesToDatabaseRole_UpdatePrivileges_SnowflakeChecked/on_schema/test.tf

@@ -4,7 +4,7 @@ resource "snowflake_schema" "test" {
 }
 
 resource "snowflake_grant_privileges_to_database_role" "test" {
-  depends_on = [snowflake_schema.test]
+  depends_on         = [snowflake_schema.test]
   database_role_name = "\"${var.database}\".\"${var.name}\""
   privileges         = var.privileges
   on_schema {

pkg/sdk/parameters_test.go

@@ -1,7 +1,6 @@
 package sdk
 
 import (
-	"log"
 	"testing"
 )
 
@@ -23,19 +22,3 @@ func TestSetObjectParameterOnObject(t *testing.T) {
 		assertOptsValidAndSQLEquals(t, opts, "ALTER USER %s SET ENABLE_UNREDACTED_QUERY_SYNTAX_ERROR = TRUE", id.FullyQualifiedName())
 	})
 }
-
-func (o ObjectType) Check() bool {
-	var m map[ObjectType]bool
-	if _, ok := m[o]; ok {
-		return true
-	}
-	return false
-}
-
-func Test(t *testing.T) {
-	a := "abc"
-	b := ObjectTypeDatabase
-
-	log.Println(ObjectType(a).Check())
-	log.Println(b.Check())
-}