wip

pkg/resources/grant_privileges_to_account_role.go

@@ -462,16 +462,6 @@ func UpdateGrantPrivilegesToAccountRole(ctx context.Context, d *schema.ResourceD
 			)
 
 			if err != nil {
-				if errors.Is(err, sdk.ErrObjectNotExistOrAuthorized) {
-					d.SetId("")
-					return diag.Diagnostics{
-						diag.Diagnostic{
-							Severity: diag.Warning,
-							Summary:  "Failed to revoke all privileges. Object not found. Marking the resource as removed.",
-							Detail:   fmt.Sprintf("Id: %s\nError: %s", d.Id(), err),
-						},
-					}
-				}
 				return diag.Diagnostics{
 					diag.Diagnostic{
 						Severity: diag.Error,
@@ -536,16 +526,6 @@ func UpdateGrantPrivilegesToAccountRole(ctx context.Context, d *schema.ResourceD
 					new(sdk.GrantPrivilegesToAccountRoleOptions),
 				)
 				if err != nil {
-					if errors.Is(err, sdk.ErrObjectNotExistOrAuthorized) {
-						d.SetId("")
-						return diag.Diagnostics{
-							diag.Diagnostic{
-								Severity: diag.Warning,
-								Summary:  "Failed to grant added privileges. Object not found. Marking the resource as removed.",
-								Detail:   fmt.Sprintf("Id: %s\nError: %s", d.Id(), err),
-							},
-						}
-					}
 					return diag.Diagnostics{
 						diag.Diagnostic{
 							Severity: diag.Error,
@@ -573,16 +553,6 @@ func UpdateGrantPrivilegesToAccountRole(ctx context.Context, d *schema.ResourceD
 					new(sdk.RevokePrivilegesFromAccountRoleOptions),
 				)
 				if err != nil {
-					if errors.Is(err, sdk.ErrObjectNotExistOrAuthorized) {
-						d.SetId("")
-						return diag.Diagnostics{
-							diag.Diagnostic{
-								Severity: diag.Warning,
-								Summary:  "Failed to revoke removed privileges. Object not found. Marking the resource as removed.",
-								Detail:   fmt.Sprintf("Id: %s\nError: %s", d.Id(), err),
-							},
-						}
-					}
 					return diag.Diagnostics{
 						diag.Diagnostic{
 							Severity: diag.Error,
@@ -612,16 +582,6 @@ func UpdateGrantPrivilegesToAccountRole(ctx context.Context, d *schema.ResourceD
 			)
 
 			if err != nil {
-				if errors.Is(err, sdk.ErrObjectNotExistOrAuthorized) {
-					d.SetId("")
-					return diag.Diagnostics{
-						diag.Diagnostic{
-							Severity: diag.Warning,
-							Summary:  "Failed to grant all privileges. Object not found. Marking the resource as removed.",
-							Detail:   fmt.Sprintf("Id: %s\nError: %s", d.Id(), err),
-						},
-					}
-				}
 				return diag.Diagnostics{
 					diag.Diagnostic{
 						Severity: diag.Error,
@@ -765,6 +725,17 @@ func ReadGrantPrivilegesToAccountRole(ctx context.Context, d *schema.ResourceDat
 
 	client := meta.(*provider.Context).Client
 
+	if _, err := client.Roles.ShowByID(ctx, sdk.NewShowByIdRoleRequest(id.RoleName)); err != nil && err.Error() == "object does not exist" {
+		d.SetId("")
+		return diag.Diagnostics{
+			diag.Diagnostic{
+				Severity: diag.Warning,
+				Summary:  "Failed to retrieve account role. Marking the resource as removed.",
+				Detail:   fmt.Sprintf("Id: %s", d.Id()),
+			},
+		}
+	}
+
 	logging.DebugLogger.Printf("[DEBUG] About to show grants")
 	grants, err := client.Grants.Show(ctx, opts)
 	if err != nil {
@@ -773,8 +744,8 @@ func ReadGrantPrivilegesToAccountRole(ctx context.Context, d *schema.ResourceDat
 			return diag.Diagnostics{
 				diag.Diagnostic{
 					Severity: diag.Warning,
-					Summary:  "Failed to retrieve grants. Object not found. Marking the resource as removed.",
-					Detail:   fmt.Sprintf("Id: %s\nError: %s", d.Id(), err),
+					Summary:  "Failed to retrieve grants. Target object not found. Marking the resource as removed.",
+					Detail:   fmt.Sprintf("Id: %s", d.Id()),
 				},
 			}
 		}

pkg/resources/grant_privileges_to_account_role_acceptance_test.go

@@ -1095,7 +1095,7 @@ func TestAcc_GrantPrivilegesToAccountRole_RemoveGrantedObjectOutsideTerraform(t
 				PreConfig:       func() { databaseCleanup() },
 				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToAccountRole/OnAccountObject"),
 				ConfigVariables: configVariables,
-				// The error occurs in the Create operation, indicating the Read operation removed resource from the state.
+				// The error occurs in the Create operation, indicating the Read operation removed the resource from the state in the previous step.
 				ExpectError: regexp.MustCompile("An error occurred when granting privileges to account role"),
 			},
 		},
@@ -1134,12 +1134,11 @@ func TestAcc_GrantPrivilegesToAccountRole_RemoveAccountRoleOutsideTerraform(t *t
 				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToAccountRole/OnAccountObject"),
 				ConfigVariables: configVariables,
 			},
-			// TODO: Handle Update errors (and setId if not found)
 			{
 				PreConfig:       func() { roleCleanup() },
 				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToAccountRole/OnAccountObject"),
 				ConfigVariables: configVariables,
-				// The error occurs in the Create operation, indicating the Read operation removed resource from the state.
+				// The error occurs in the Create operation, indicating the Read operation removed the resource from the state in the previous step.
 				ExpectError: regexp.MustCompile("An error occurred when granting privileges to account role"),
 			},
 		},

pkg/resources/grant_privileges_to_database_role.go

@@ -639,15 +639,26 @@ func ReadGrantPrivilegesToDatabaseRole(ctx context.Context, d *schema.ResourceDa
 	}
 
 	client := meta.(*provider.Context).Client
+	if _, err := client.DatabaseRoles.ShowByID(ctx, id.DatabaseRoleName); err != nil && err.Error() == "object does not exist" {
+		d.SetId("")
+		return diag.Diagnostics{
+			diag.Diagnostic{
+				Severity: diag.Warning,
+				Summary:  "Failed to retrieve database role. Marking the resource as removed.",
+				Detail:   fmt.Sprintf("Id: %s", d.Id()),
+			},
+		}
+	}
+
 	grants, err := client.Grants.Show(ctx, opts)
 	if err != nil {
 		if errors.Is(err, sdk.ErrObjectNotExistOrAuthorized) {
 			d.SetId("")
 			return diag.Diagnostics{
 				diag.Diagnostic{
 					Severity: diag.Warning,
-					Summary:  "Failed to retrieve grants. Object not found. Marking the resource as removed.",
-					Detail:   fmt.Sprintf("Id: %s\nError: %s", d.Id(), err),
+					Summary:  "Failed to retrieve grants. Target object not found. Marking the resource as removed.",
+					Detail:   fmt.Sprintf("Id: %s", d.Id()),
 				},
 			}
 		}

pkg/resources/grant_privileges_to_database_role_acceptance_test.go

@@ -833,14 +833,55 @@ func TestAcc_GrantPrivilegesToDatabaseRole_RemoveGrantedObjectOutsideTerraform(t
 				PreConfig:       func() { databaseCleanup() },
 				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnDatabase"),
 				ConfigVariables: configVariables,
-				// The error occurs in the Create operation, indicating the Read operation removed resource from the state.
+				// The error occurs in the Create operation, indicating the Read operation removed the resource from the state in the previous step.
 				ExpectError: regexp.MustCompile("An error occurred when granting privileges to database role"),
 			},
 		},
 	})
 }
 
-func createDatabaseRoleOutsideTerraform(t *testing.T, databaseName string, name string) {
+// proves https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2621 doesn't apply to this resource
+func TestAcc_GrantPrivilegesToDatabaseRole_RemoveDatabaseRoleOutsideTerraform(t *testing.T) {
+	name := strings.ToUpper(acctest.RandStringFromCharSet(10, acctest.CharSetAlpha))
+	databaseName := strings.ToUpper(acctest.RandStringFromCharSet(10, acctest.CharSetAlpha))
+	configVariables := config.Variables{
+		"name":     config.StringVariable(name),
+		"database": config.StringVariable(databaseName),
+		"privileges": config.ListVariable(
+			config.StringVariable(string(sdk.AccountObjectPrivilegeCreateSchema)),
+		),
+		"with_grant_option": config.BoolVariable(true),
+	}
+
+	var databaseRoleCleanup func()
+	resource.Test(t, resource.TestCase{
+		ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories,
+		PreCheck:                 func() { acc.TestAccPreCheck(t) },
+		TerraformVersionChecks: []tfversion.TerraformVersionCheck{
+			tfversion.RequireAbove(tfversion.Version1_5_0),
+		},
+		CheckDestroy: testAccCheckDatabaseRolePrivilegesRevoked,
+		Steps: []resource.TestStep{
+			{
+				PreConfig: func() {
+					t.Cleanup(createTemporaryDatabaseOutsideTerraform(t, databaseName))
+					databaseRoleCleanup = createDatabaseRoleOutsideTerraform(t, databaseName, name)
+				},
+				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnDatabase"),
+				ConfigVariables: configVariables,
+			},
+			{
+				PreConfig:       func() { databaseRoleCleanup() },
+				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToDatabaseRole/OnDatabase"),
+				ConfigVariables: configVariables,
+				// The error occurs in the Create operation, indicating the Read operation removed the resource from the state in the previous step.
+				ExpectError: regexp.MustCompile("An error occurred when granting privileges to database role"),
+			},
+		},
+	})
+}
+
+func createDatabaseRoleOutsideTerraform(t *testing.T, databaseName string, name string) func() {
 	t.Helper()
 	client, err := sdk.NewDefaultClient()
 	if err != nil {
@@ -851,6 +892,12 @@ func createDatabaseRoleOutsideTerraform(t *testing.T, databaseName string, name
 	if err := client.DatabaseRoles.Create(ctx, sdk.NewCreateDatabaseRoleRequest(databaseRoleId).WithOrReplace(true)); err != nil {
 		t.Fatal(fmt.Errorf("error database role (%s): %w", databaseRoleId.FullyQualifiedName(), err))
 	}
+
+	return func() {
+		if err := client.DatabaseRoles.Drop(ctx, sdk.NewDropDatabaseRoleRequest(databaseRoleId).WithIfExists(true)); err != nil {
+			t.Fatal(fmt.Errorf("error database role (%s): %w", databaseRoleId.FullyQualifiedName(), err))
+		}
+	}
 }
 
 func queriedPrivilegesToDatabaseRoleEqualTo(databaseRoleName sdk.DatabaseObjectIdentifier, privileges ...string) func(s *terraform.State) error {

pkg/resources/grant_privileges_to_share.go

@@ -306,6 +306,17 @@ func ReadGrantPrivilegesToShare(ctx context.Context, d *schema.ResourceData, met
 	}
 
 	client := meta.(*provider.Context).Client
+	if _, err := client.Shares.ShowByID(ctx, id.ShareName); err != nil && errors.Is(err, sdk.ErrObjectNotExistOrAuthorized) {
+		d.SetId("")
+		return diag.Diagnostics{
+			diag.Diagnostic{
+				Severity: diag.Warning,
+				Summary:  "Failed to retrieve share. Marking the resource as removed.",
+				Detail:   fmt.Sprintf("Id: %s", d.Id()),
+			},
+		}
+	}
+
 	grants, err := client.Grants.Show(ctx, opts)
 	if err != nil {
 		if errors.Is(err, sdk.ErrObjectNotExistOrAuthorized) {

pkg/resources/grant_privileges_to_share_acceptance_test.go

@@ -522,7 +522,7 @@ func TestAcc_GrantPrivilegesToShare_NoOnOption(t *testing.T) {
 }
 
 // proves https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2621 doesn't apply to this resource
-func TestAcc_GrantPrivilegesToShare_RemoveGrantedObjectOutsideTerraform(t *testing.T) {
+func TestAcc_GrantPrivilegesToShare_RemoveShareOutsideTerraform(t *testing.T) {
 	databaseName := strings.ToUpper(acctest.RandStringFromCharSet(10, acctest.CharSetAlpha))
 	shareName := strings.ToUpper(acctest.RandStringFromCharSet(10, acctest.CharSetAlpha))
 
@@ -553,14 +553,7 @@ func TestAcc_GrantPrivilegesToShare_RemoveGrantedObjectOutsideTerraform(t *testi
 				PreConfig:       func() { shareCleanup() },
 				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToShare/OnCustomShare"),
 				ConfigVariables: configVariables,
-				// The error occurs in the Update operation
-				ExpectError: regexp.MustCompile("Failed to grant added privileges. Object not found. Marking the resource as removed."),
-			},
-			{
-				PreConfig:       func() { shareCleanup() },
-				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToShare/OnCustomShare"),
-				ConfigVariables: configVariables,
-				// The error occurs in the Update operation, indicating the Read operation removed resource from the state.
+				// The error occurs in the Create operation, indicating the Read operation removed the resource from the state in the previous step.
 				ExpectError: regexp.MustCompile("An error occurred when granting privileges to share"),
 			},
 		},