Snowflake-Labs · sfc-gh-jmichalak · Nov 18, 2024 · Nov 12, 2024 · Nov 14, 2024 · Nov 15, 2024
diff --git a/pkg/acceptance/helpers/security_integration_client.go b/pkg/acceptance/helpers/security_integration_client.go
@@ -104,8 +104,9 @@ func (c *SecurityIntegrationClient) CreateOauthForCustomClients(t *testing.T) (*
 	return si, c.DropSecurityIntegrationFunc(t, request.GetName())
 }
 
-func (c *SecurityIntegrationClient) CreateSaml2(t *testing.T, id sdk.AccountObjectIdentifier) (*sdk.SecurityIntegration, func()) {
+func (c *SecurityIntegrationClient) CreateSaml2(t *testing.T) (*sdk.SecurityIntegration, func()) {
 	t.Helper()
+	id := c.ids.RandomAccountObjectIdentifier()
 	return c.CreateSaml2WithRequest(t, sdk.NewCreateSaml2SecurityIntegrationRequest(id, c.ids.Alpha(), "https://example.com", "Custom", random.GenerateX509(t)))
 }
 

diff --git a/pkg/sdk/system_functions.go b/pkg/sdk/system_functions.go
@@ -47,10 +47,10 @@ func (c *systemFunctions) GetTag(ctx context.Context, tagID ObjectIdentifier, ob
 // SQL compilation error: Invalid value VIEW for argument OBJECT_TYPE. Please use object type TABLE for all kinds of table-like objects.
 // TODO [SNOW-1022645]: discuss how we handle situation like this in the SDK
 func normalizeGetTagObjectType(objectType ObjectType) (ObjectType, error) {
-	if !isTagAssociationAllowedObjectTypes(objectType) {
+	if !canBeAssociatedWithTag(objectType) {
 		return "", fmt.Errorf("tagging for object type %s is not supported", objectType)
 	}
-	if slices.Contains([]ObjectType{ObjectTypeView, ObjectTypeMaterializedView, ObjectTypeExternalTable}, objectType) {
+	if slices.Contains([]ObjectType{ObjectTypeView, ObjectTypeMaterializedView, ObjectTypeExternalTable, ObjectTypeEventTable}, objectType) {
 		return ObjectTypeTable, nil
 	}
 

diff --git a/pkg/sdk/tag_association_validations.go b/pkg/sdk/tag_association_validations.go
@@ -73,7 +73,7 @@ var (
 	TagAssociationAllowedObjectTypesString = make([]string, len(TagAssociationAllowedObjectTypes))
 )
 
-func isTagAssociationAllowedObjectTypes(o ObjectType) bool {
+func canBeAssociatedWithTag(o ObjectType) bool {
 	return slices.Contains(TagAssociationAllowedObjectTypes, o)
 }
 

diff --git a/pkg/sdk/tags.go b/pkg/sdk/tags.go
@@ -15,6 +15,8 @@ type Tags interface {
 	Undrop(ctx context.Context, request *UndropTagRequest) error
 	Set(ctx context.Context, request *SetTagRequest) error
 	Unset(ctx context.Context, request *UnsetTagRequest) error
+	SetOnCurrentAccount(ctx context.Context, request *SetTagOnCurrentAccountRequest) error
+	UnsetOnCurrentAccount(ctx context.Context, request *UnsetTagOnCurrentAccountRequest) error
 }
 
 type setTagOptions struct {

diff --git a/pkg/sdk/tags_dto.go b/pkg/sdk/tags_dto.go
@@ -25,6 +25,14 @@ type UnsetTagRequest struct {
 	UnsetTags []ObjectIdentifier
 }
 
+type SetTagOnCurrentAccountRequest struct {
+	SetTags []TagAssociation
+}
+
+type UnsetTagOnCurrentAccountRequest struct {
+	UnsetTags []ObjectIdentifier
+}
+
 type CreateTagRequest struct {
 	orReplace   *bool
 	ifNotExists *bool

diff --git a/pkg/sdk/tags_dto_builders.go b/pkg/sdk/tags_dto_builders.go
@@ -24,6 +24,24 @@ func (s *UnsetTagRequest) WithUnsetTags(tags []ObjectIdentifier) *UnsetTagReques
 	return s
 }
 
+func NewSetTagOnCurrentAccountRequest() *SetTagOnCurrentAccountRequest {
+	return &SetTagOnCurrentAccountRequest{}
+}
+
+func (s *SetTagOnCurrentAccountRequest) WithSetTags(tags []TagAssociation) *SetTagOnCurrentAccountRequest {
+	s.SetTags = tags
+	return s
+}
+
+func NewUnsetTagOnCurrentAccountRequest() *UnsetTagOnCurrentAccountRequest {
+	return &UnsetTagOnCurrentAccountRequest{}
+}
+
+func (s *UnsetTagOnCurrentAccountRequest) WithUnsetTags(tags []ObjectIdentifier) *UnsetTagOnCurrentAccountRequest {
+	s.UnsetTags = tags
+	return s
+}
+
 func NewCreateTagRequest(name SchemaObjectIdentifier) *CreateTagRequest {
 	s := CreateTagRequest{}
 	s.name = name

diff --git a/pkg/sdk/tags_impl.go b/pkg/sdk/tags_impl.go
@@ -57,17 +57,41 @@ func (v *tags) Undrop(ctx context.Context, request *UndropTagRequest) error {
 }
 
 func (v *tags) Set(ctx context.Context, request *SetTagRequest) error {
+	objectType, err := normalizeGetTagObjectType(request.objectType)
+	if err != nil {
+		return err
+	}
+	request.objectType = objectType
+
 	// TODO [SNOW-1022645]: use query from resource sdk - similarly to https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/0e88e082282adf35f605c323569908a99bd406f9/pkg/acceptance/check_destroy.go#L67
 	opts := request.toOpts()
 	return validateAndExec(v.client, ctx, opts)
 }
 
 func (v *tags) Unset(ctx context.Context, request *UnsetTagRequest) error {
+	objectType, err := normalizeGetTagObjectType(request.objectType)
+	if err != nil {
+		return err
+	}
+	request.objectType = objectType
+
 	// TODO [SNOW-1022645]: use query from resource sdk - similarly to https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/0e88e082282adf35f605c323569908a99bd406f9/pkg/acceptance/check_destroy.go#L67
 	opts := request.toOpts()
 	return validateAndExec(v.client, ctx, opts)
 }
 
+func (v *tags) SetOnCurrentAccount(ctx context.Context, request *SetTagOnCurrentAccountRequest) error {
+	return v.client.Accounts.Alter(ctx, &AlterAccountOptions{
+		SetTag: request.SetTags,
+	})
+}
+
+func (v *tags) UnsetOnCurrentAccount(ctx context.Context, request *UnsetTagOnCurrentAccountRequest) error {
+	return v.client.Accounts.Alter(ctx, &AlterAccountOptions{
+		UnsetTag: request.UnsetTags,
+	})
+}
+
 func (s *CreateTagRequest) toOpts() *createTagOptions {
 	return &createTagOptions{
 		OrReplace:     s.orReplace,

diff --git a/pkg/sdk/tags_test.go b/pkg/sdk/tags_test.go
@@ -1,6 +1,7 @@
 package sdk
 
 import (
+	"errors"
 	"testing"
 )
 
@@ -370,6 +371,18 @@ func TestTagSet(t *testing.T) {
 		assertOptsInvalidJoinedErrors(t, opts, ErrInvalidObjectIdentifier)
 	})
 
+	t.Run("validation: unsupported object type", func(t *testing.T) {
+		opts := defaultOpts()
+		opts.objectType = ObjectTypeSequence
+		assertOptsInvalidJoinedErrors(t, opts, errors.New("tagging for object type SEQUENCE is not supported"))
+	})
+
+	t.Run("validation: unsupported account", func(t *testing.T) {
+		opts := defaultOpts()
+		opts.objectType = ObjectTypeAccount
+		assertOptsInvalidJoinedErrors(t, opts, errors.New("tagging for object type ACCOUNT is not supported - use Tags.SetOnCurrentAccount instead"))
+	})
+
 	t.Run("set with all optional", func(t *testing.T) {
 		opts := defaultOpts()
 		opts.SetTags = []TagAssociation{
@@ -415,6 +428,18 @@ func TestTagUnset(t *testing.T) {
 		assertOptsInvalidJoinedErrors(t, opts, ErrInvalidObjectIdentifier)
 	})
 
+	t.Run("validation: unsupported object type", func(t *testing.T) {
+		opts := defaultOpts()
+		opts.objectType = ObjectTypeSequence
+		assertOptsInvalidJoinedErrors(t, opts, errors.New("tagging for object type SEQUENCE is not supported"))
+	})
+
+	t.Run("validation: unsupported account", func(t *testing.T) {
+		opts := defaultOpts()
+		opts.objectType = ObjectTypeAccount
+		assertOptsInvalidJoinedErrors(t, opts, errors.New("tagging for object type ACCOUNT is not supported - use Tags.UnsetOnCurrentAccount instead"))
+	})
+
 	t.Run("unset with all optional", func(t *testing.T) {
 		opts := defaultOpts()
 		opts.UnsetTags = []ObjectIdentifier{

diff --git a/pkg/sdk/tags_validations.go b/pkg/sdk/tags_validations.go
@@ -2,6 +2,7 @@ package sdk
 
 import (
 	"errors"
+	"fmt"
 )
 
 var (
@@ -150,6 +151,12 @@ func (opts *setTagOptions) validate() error {
 	if !ValidObjectIdentifier(opts.objectName) {
 		errs = append(errs, ErrInvalidObjectIdentifier)
 	}
+	if !canBeAssociatedWithTag(opts.objectType) {
+		return fmt.Errorf("tagging for object type %s is not supported", opts.objectType)
+	}
+	if opts.objectType == ObjectTypeAccount {
+		return fmt.Errorf("tagging for object type ACCOUNT is not supported - use Tags.SetOnCurrentAccount instead")
+	}
 	return errors.Join(errs...)
 }
 
@@ -161,5 +168,11 @@ func (opts *unsetTagOptions) validate() error {
 	if !ValidObjectIdentifier(opts.objectName) {
 		errs = append(errs, ErrInvalidObjectIdentifier)
 	}
+	if !canBeAssociatedWithTag(opts.objectType) {
+		return fmt.Errorf("tagging for object type %s is not supported", opts.objectType)
+	}
+	if opts.objectType == ObjectTypeAccount {
+		return fmt.Errorf("tagging for object type ACCOUNT is not supported - use Tags.UnsetOnCurrentAccount instead")
+	}
 	return errors.Join(errs...)
 }
diff --git a/pkg/sdk/testint/authentication_policies_gen_integration_test.go b/pkg/sdk/testint/authentication_policies_gen_integration_test.go
@@ -58,10 +58,9 @@ func TestInt_AuthenticationPolicies(t *testing.T) {
 
 	t.Run("Create - complete", func(t *testing.T) {
 		id := testClientHelper().Ids.RandomSchemaObjectIdentifier()
-		saml2Id := testClientHelper().Ids.RandomAccountObjectIdentifier()
 		comment := random.Comment()
 
-		_, cleanupSamlIntegration := testClientHelper().SecurityIntegration.CreateSaml2(t, saml2Id)
+		samlIntegration, cleanupSamlIntegration := testClientHelper().SecurityIntegration.CreateSaml2(t)
 		t.Cleanup(cleanupSamlIntegration)
 
 		err := client.AuthenticationPolicies.Create(ctx, sdk.NewCreateAuthenticationPolicyRequest(id).
@@ -72,7 +71,7 @@ func TestInt_AuthenticationPolicies(t *testing.T) {
 				{Method: sdk.MfaAuthenticationMethodsSaml},
 			}).
 			WithSecurityIntegrations([]sdk.SecurityIntegrationsOption{
-				{Name: saml2Id},
+				{Name: samlIntegration.ID()},
 			}).
 			WithClientTypes([]sdk.ClientTypes{
 				{ClientType: sdk.ClientTypesDrivers},
@@ -93,19 +92,18 @@ func TestInt_AuthenticationPolicies(t *testing.T) {
 		assertProperty(t, desc, "COMMENT", comment)
 		assertProperty(t, desc, "MFA_ENROLLMENT", "OPTIONAL")
 		assertProperty(t, desc, "MFA_AUTHENTICATION_METHODS", "[PASSWORD, SAML]")
-		assertProperty(t, desc, "SECURITY_INTEGRATIONS", fmt.Sprintf("[%s]", saml2Id.Name()))
+		assertProperty(t, desc, "SECURITY_INTEGRATIONS", fmt.Sprintf("[%s]", samlIntegration.ID().Name()))
 		assertProperty(t, desc, "CLIENT_TYPES", "[DRIVERS, SNOWSQL]")
 		assertProperty(t, desc, "AUTHENTICATION_METHODS", "[PASSWORD, SAML]")
 	})
 
 	t.Run("Alter - set and unset properties", func(t *testing.T) {
-		saml2Id := testClientHelper().Ids.RandomAccountObjectIdentifier()
 		comment := random.Comment()
 
 		authenticationPolicy, cleanupAuthPolicy := testClientHelper().AuthenticationPolicy.Create(t)
 		t.Cleanup(cleanupAuthPolicy)
 
-		_, cleanupSamlIntegration := testClientHelper().SecurityIntegration.CreateSaml2(t, saml2Id)
+		samlIntegration, cleanupSamlIntegration := testClientHelper().SecurityIntegration.CreateSaml2(t)
 		t.Cleanup(cleanupSamlIntegration)
 
 		err := client.AuthenticationPolicies.Alter(ctx, sdk.NewAlterAuthenticationPolicyRequest(authenticationPolicy.ID()).
@@ -117,7 +115,7 @@ func TestInt_AuthenticationPolicies(t *testing.T) {
 					{Method: sdk.MfaAuthenticationMethodsSaml},
 				}).
 				WithSecurityIntegrations([]sdk.SecurityIntegrationsOption{
-					{Name: saml2Id},
+					{Name: samlIntegration.ID()},
 				}).
 				WithClientTypes([]sdk.ClientTypes{
 					{ClientType: sdk.ClientTypesDrivers},
@@ -136,7 +134,7 @@ func TestInt_AuthenticationPolicies(t *testing.T) {
 		assertProperty(t, desc, "COMMENT", comment)
 		assertProperty(t, desc, "MFA_ENROLLMENT", "REQUIRED")
 		assertProperty(t, desc, "MFA_AUTHENTICATION_METHODS", "[PASSWORD, SAML]")
-		assertProperty(t, desc, "SECURITY_INTEGRATIONS", fmt.Sprintf("[%s]", saml2Id.Name()))
+		assertProperty(t, desc, "SECURITY_INTEGRATIONS", fmt.Sprintf("[%s]", samlIntegration.ID().Name()))
 		assertProperty(t, desc, "CLIENT_TYPES", "[DRIVERS, SNOWSQL, SNOWFLAKE_UI]")
 		assertProperty(t, desc, "AUTHENTICATION_METHODS", "[PASSWORD, SAML]")
 

diff --git a/pkg/sdk/testint/databases_integration_test.go b/pkg/sdk/testint/databases_integration_test.go
@@ -337,7 +337,6 @@ func TestInt_DatabasesCreateSecondary(t *testing.T) {
 
 func TestInt_DatabasesAlter(t *testing.T) {
 	client := testClient(t)
-	secondaryClient := testSecondaryClient(t)
 	ctx := testContext(t)
 
 	assertDatabaseParameterEquals := func(t *testing.T, params []*sdk.Parameter, parameterName sdk.AccountParameter, expected string) {
@@ -369,74 +368,11 @@ func TestInt_DatabasesAlter(t *testing.T) {
 		},
 		{
 			DatabaseType: "From Share",
-			CreateFn: func(t *testing.T) (*sdk.Database, func()) {
-				t.Helper()
-
-				shareTest, shareCleanup := secondaryTestClientHelper().Share.CreateShare(t)
-				t.Cleanup(shareCleanup)
-
-				sharedDatabase, sharedDatabaseCleanup := secondaryTestClientHelper().Database.CreateDatabase(t)
-				t.Cleanup(sharedDatabaseCleanup)
-
-				databaseId := sharedDatabase.ID()
-
-				err := secondaryClient.Grants.GrantPrivilegeToShare(ctx, []sdk.ObjectPrivilege{sdk.ObjectPrivilegeUsage}, &sdk.ShareGrantOn{
-					Database: sharedDatabase.ID(),
-				}, shareTest.ID())
-				require.NoError(t, err)
-				t.Cleanup(func() {
-					err := secondaryClient.Grants.RevokePrivilegeFromShare(ctx, []sdk.ObjectPrivilege{sdk.ObjectPrivilegeUsage}, &sdk.ShareGrantOn{
-						Database: sharedDatabase.ID(),
-					}, shareTest.ID())
-					require.NoError(t, err)
-				})
-
-				err = secondaryClient.Shares.Alter(ctx, shareTest.ID(), &sdk.AlterShareOptions{
-					IfExists: sdk.Bool(true),
-					Set: &sdk.ShareSet{
-						Accounts: []sdk.AccountIdentifier{
-							testClientHelper().Account.GetAccountIdentifier(t),
-						},
-					},
-				})
-				require.NoError(t, err)
-
-				err = client.Databases.CreateShared(ctx, databaseId, shareTest.ExternalID(), &sdk.CreateSharedDatabaseOptions{})
-				require.NoError(t, err)
-
-				database, err := client.Databases.ShowByID(ctx, databaseId)
-				require.NoError(t, err)
-
-				return database, testClientHelper().Database.DropDatabaseFunc(t, database.ID())
-			},
+			CreateFn:     createDatabaseFromShare,
 		},
 		{
 			DatabaseType: "Replica",
-			CreateFn: func(t *testing.T) (*sdk.Database, func()) {
-				t.Helper()
-
-				sharedDatabase, sharedDatabaseCleanup := secondaryTestClientHelper().Database.CreateDatabase(t)
-				t.Cleanup(sharedDatabaseCleanup)
-
-				err := secondaryClient.Databases.AlterReplication(ctx, sharedDatabase.ID(), &sdk.AlterDatabaseReplicationOptions{
-					EnableReplication: &sdk.EnableReplication{
-						ToAccounts: []sdk.AccountIdentifier{
-							testClientHelper().Account.GetAccountIdentifier(t),
-						},
-						IgnoreEditionCheck: sdk.Bool(true),
-					},
-				})
-				require.NoError(t, err)
-
-				externalDatabaseId := sdk.NewExternalObjectIdentifier(secondaryTestClientHelper().Ids.AccountIdentifierWithLocator(), sharedDatabase.ID())
-				err = client.Databases.CreateSecondary(ctx, sharedDatabase.ID(), externalDatabaseId, &sdk.CreateSecondaryDatabaseOptions{})
-				require.NoError(t, err)
-
-				database, err := client.Databases.ShowByID(ctx, sharedDatabase.ID())
-				require.NoError(t, err)
-
-				return database, testClientHelper().Database.DropDatabaseFunc(t, sharedDatabase.ID())
-			},
+			CreateFn:     createDatabaseReplica,
 		},
 	}