Fix for granting ownership on database roles

(cherry picked from commit c336abc)

pkg/resources/grant_ownership.go

@@ -334,7 +334,7 @@ func ReadGrantOwnership(ctx context.Context, d *schema.ResourceData, meta any) d
 		}
 	}
 
-	opts, grantedOn := prepareShowGrantsRequestForGrantOwnership(id)
+	opts, expectedGrantedOn := prepareShowGrantsRequestForGrantOwnership(id)
 	if opts == nil {
 		return nil
 	}
@@ -368,7 +368,7 @@ func ReadGrantOwnership(ctx context.Context, d *schema.ResourceData, meta any) d
 
 		// grant_on is for future grants, granted_on is for current grants.
 		// They function the same way though in a test for matching the object type
-		if grantedOn != grant.GrantedOn && grantedOn != grant.GrantOn {
+		if expectedGrantedOn != grant.GrantedOn && expectedGrantedOn != grant.GrantOn {
 			continue
 		}
 
@@ -521,12 +521,17 @@ func getOwnershipGrantOpts(id *GrantOwnershipId) *sdk.GrantOwnershipOptions {
 
 func prepareShowGrantsRequestForGrantOwnership(id *GrantOwnershipId) (*sdk.ShowGrantOptions, sdk.ObjectType) {
 	opts := new(sdk.ShowGrantOptions)
-	var grantedOn sdk.ObjectType
+	var expectedGrantedOn sdk.ObjectType
 
 	switch id.Kind {
 	case OnObjectGrantOwnershipKind:
 		data := id.Data.(*OnObjectGrantOwnershipData)
-		grantedOn = data.ObjectType
+		switch data.ObjectType {
+		case sdk.ObjectTypeDatabaseRole:
+			expectedGrantedOn = sdk.ObjectTypeRole
+		default:
+			expectedGrantedOn = data.ObjectType
+		}
 		opts.On = &sdk.ShowGrantsOn{
 			Object: &sdk.Object{
 				ObjectType: data.ObjectType,
@@ -543,7 +548,7 @@ func prepareShowGrantsRequestForGrantOwnership(id *GrantOwnershipId) (*sdk.ShowG
 		return nil, ""
 	case OnFutureGrantOwnershipKind:
 		data := id.Data.(*BulkOperationGrantData)
-		grantedOn = data.ObjectNamePlural.Singular()
+		expectedGrantedOn = data.ObjectNamePlural.Singular()
 		opts.Future = sdk.Bool(true)
 
 		switch data.Kind {
@@ -558,7 +563,7 @@ func prepareShowGrantsRequestForGrantOwnership(id *GrantOwnershipId) (*sdk.ShowG
 		}
 	}
 
-	return opts, grantedOn
+	return opts, expectedGrantedOn
 }
 
 func createGrantOwnershipIdFromSchema(d *schema.ResourceData) (*GrantOwnershipId, error) {

pkg/resources/grant_ownership_acceptance_test.go

@@ -1076,6 +1076,51 @@ func TestAcc_GrantOwnership_OnAllTasks(t *testing.T) {
 	})
 }
 
+func TestAcc_GrantOwnership_OnDatabaseRole(t *testing.T) {
+	databaseName := strings.ToUpper(acctest.RandStringFromCharSet(10, acctest.CharSetAlpha))
+
+	databaseRoleName := strings.ToUpper(acctest.RandStringFromCharSet(10, acctest.CharSetAlpha))
+	databaseRoleFullyQualifiedName := sdk.NewDatabaseObjectIdentifier(databaseName, databaseRoleName).FullyQualifiedName()
+
+	accountRoleName := strings.ToUpper(acctest.RandStringFromCharSet(10, acctest.CharSetAlpha))
+	accountRoleFullyQualifiedName := sdk.NewAccountObjectIdentifier(accountRoleName).FullyQualifiedName()
+
+	configVariables := config.Variables{
+		"account_role_name":  config.StringVariable(accountRoleName),
+		"database_name":      config.StringVariable(databaseName),
+		"database_role_name": config.StringVariable(databaseRoleName),
+	}
+	resourceName := "snowflake_grant_ownership.test"
+
+	resource.Test(t, resource.TestCase{
+		ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories,
+		PreCheck:                 func() { acc.TestAccPreCheck(t) },
+		TerraformVersionChecks: []tfversion.TerraformVersionCheck{
+			tfversion.RequireAbove(tfversion.Version1_5_0),
+		},
+		Steps: []resource.TestStep{
+			{
+				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantOwnership/OnObject_DatabaseRole_ToAccountRole"),
+				ConfigVariables: configVariables,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, "account_role_name", accountRoleName),
+					resource.TestCheckResourceAttr(resourceName, "on.0.object_type", "DATABASE ROLE"),
+					resource.TestCheckResourceAttr(resourceName, "on.0.object_name", databaseRoleFullyQualifiedName),
+					resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("ToAccountRole|%s||OnObject|DATABASE ROLE|%s", accountRoleFullyQualifiedName, databaseRoleFullyQualifiedName)),
+					checkResourceOwnershipIsGranted(&sdk.ShowGrantOptions{
+						On: &sdk.ShowGrantsOn{
+							Object: &sdk.Object{
+								ObjectType: sdk.ObjectTypeDatabaseRole,
+								Name:       sdk.NewDatabaseObjectIdentifierFromFullyQualifiedName(databaseRoleFullyQualifiedName),
+							},
+						},
+					}, sdk.ObjectTypeRole, accountRoleName, fmt.Sprintf("%s.%s", databaseName, databaseRoleName)),
+				),
+			},
+		},
+	})
+}
+
 func createDatabaseWithRoleAsOwner(t *testing.T, roleName string, databaseName string) func() {
 	t.Helper()
 	client, err := sdk.NewDefaultClient()

pkg/resources/testdata/TestAcc_GrantOwnership/OnObject_DatabaseRole_ToAccountRole/test.tf

@@ -0,0 +1,20 @@
+resource "snowflake_role" "test" {
+  name = var.account_role_name
+}
+
+resource "snowflake_database" "test" {
+  name = var.database_name
+}
+
+resource "snowflake_database_role" "test" {
+  name = var.database_role_name
+  database = snowflake_database.test.name
+}
+
+resource "snowflake_grant_ownership" "test" {
+  account_role_name = snowflake_role.test.name
+  on {
+    object_type = "DATABASE ROLE"
+    object_name = "\"${snowflake_database_role.test.database}\".\"${snowflake_database_role.test.name}\""
+  }
+}

pkg/resources/testdata/TestAcc_GrantOwnership/OnObject_DatabaseRole_ToAccountRole/variables.tf

@@ -0,0 +1,11 @@
+variable "account_role_name" {
+  type = string
+}
+
+variable "database_name" {
+  type = string
+}
+
+variable "database_role_name" {
+  type = string
+}