forked from Snowflake-Labs/terraform-provider-snowflake
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Added Row Access Policy Resources (Snowflake-Labs#624)
- Loading branch information
1 parent
c0593a6
commit 1b9a5a7
Showing
20 changed files
with
1,239 additions
and
0 deletions.
There are no files selected for viewing
4 changes: 4 additions & 0 deletions
4
examples/data-sources/snowflake_row_access_policies/data-source.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
data "snowflake_row_access_policies" "current" { | ||
database = "MYDB" | ||
schema = "MYSCHEMA" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
# format is database name | schema name | policy name | ||
terraform import snowflake_row_access_policy.example 'dbName|schemaName|policyName' |
10 changes: 10 additions & 0 deletions
10
examples/resources/snowflake_row_access_policy/resource.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
resource "snowflake_row_access_policy" "example_row_access_policy" { | ||
name = "EXAMPLE_ROW_ACCESS_POLICY" | ||
database = "EXAMPLE_DB" | ||
schema = "EXAMPLE_SCHEMA" | ||
signature = { | ||
A = "VARCHAR", | ||
B = "VARCHAR" | ||
} | ||
row_access_expression = "case when current_role() in ('ANALYST') then true else false end" | ||
} |
2 changes: 2 additions & 0 deletions
2
examples/resources/snowflake_row_access_policy_grant/import.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
# format is database name | schema name | row access policy name | privilege | true/false for with_grant_option | ||
terraform import snowflake_row_access_policy_grant.example 'dbName|schemaName|rowAccessPolicyName|SELECT|false' |
13 changes: 13 additions & 0 deletions
13
examples/resources/snowflake_row_access_policy_grant/resource.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
resource "snowflake_row_access_policy_grant" "grant" { | ||
database_name = "db" | ||
schema_name = "schema" | ||
row_access_policy_name = "row_access_policy" | ||
|
||
privilege = "APPLY" | ||
roles = [ | ||
"role1", | ||
"role2", | ||
] | ||
|
||
with_grant_option = false | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,90 @@ | ||
package datasources | ||
|
||
import ( | ||
"database/sql" | ||
"fmt" | ||
"log" | ||
|
||
"github.com/chanzuckerberg/terraform-provider-snowflake/pkg/snowflake" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" | ||
) | ||
|
||
var rowAccessPoliciesSchema = map[string]*schema.Schema{ | ||
"database": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
Description: "The database from which to return the schemas from.", | ||
}, | ||
"schema": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
Description: "The schema from which to return the row access policyfrom.", | ||
}, | ||
"row_access_policies": { | ||
Type: schema.TypeList, | ||
Computed: true, | ||
Description: "The row access policy in the schema", | ||
Elem: &schema.Resource{ | ||
Schema: map[string]*schema.Schema{ | ||
"name": { | ||
Type: schema.TypeString, | ||
Computed: true, | ||
}, | ||
"database": { | ||
Type: schema.TypeString, | ||
Computed: true, | ||
}, | ||
"schema": { | ||
Type: schema.TypeString, | ||
Computed: true, | ||
}, | ||
"comment": { | ||
Type: schema.TypeString, | ||
Optional: true, | ||
Computed: true, | ||
}, | ||
}, | ||
}, | ||
}, | ||
} | ||
|
||
func RowAccessPolicies() *schema.Resource { | ||
return &schema.Resource{ | ||
Read: ReadRowAccessPolicies, | ||
Schema: rowAccessPoliciesSchema, | ||
} | ||
} | ||
|
||
func ReadRowAccessPolicies(d *schema.ResourceData, meta interface{}) error { | ||
db := meta.(*sql.DB) | ||
databaseName := d.Get("database").(string) | ||
schemaName := d.Get("schema").(string) | ||
|
||
currentRowAccessPolicies, err := snowflake.ListRowAccessPolicies(databaseName, schemaName, db) | ||
if err == sql.ErrNoRows { | ||
// If not found, mark resource to be removed from statefile during apply or refresh | ||
log.Printf("[DEBUG] row access policy in schema (%s) not found", d.Id()) | ||
d.SetId("") | ||
return nil | ||
} else if err != nil { | ||
log.Printf("[DEBUG] unable to parse row access policy in schema (%s)", d.Id()) | ||
d.SetId("") | ||
return nil | ||
} | ||
|
||
rowAccessPolicies := []map[string]interface{}{} | ||
|
||
for _, rowAccessPolicy := range currentRowAccessPolicies { | ||
rowAccessPolicyMap := map[string]interface{}{} | ||
|
||
rowAccessPolicyMap["name"] = rowAccessPolicy.Name.String | ||
rowAccessPolicyMap["database"] = rowAccessPolicy.DatabaseName.String | ||
rowAccessPolicyMap["schema"] = rowAccessPolicy.SchemaName.String | ||
rowAccessPolicyMap["comment"] = rowAccessPolicy.Comment.String | ||
|
||
rowAccessPolicies = append(rowAccessPolicies, rowAccessPolicyMap) | ||
} | ||
|
||
d.SetId(fmt.Sprintf(`%v|%v`, databaseName, schemaName)) | ||
return d.Set("row_access_policies", rowAccessPolicies) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
package datasources_test | ||
|
||
import ( | ||
"fmt" | ||
"strings" | ||
"testing" | ||
|
||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" | ||
) | ||
|
||
func TestAccRowAccessPolicies(t *testing.T) { | ||
databaseName := strings.ToUpper(acctest.RandStringFromCharSet(10, acctest.CharSetAlpha)) | ||
schemaName := strings.ToUpper(acctest.RandStringFromCharSet(10, acctest.CharSetAlpha)) | ||
rowAccessPolicyName := strings.ToUpper(acctest.RandStringFromCharSet(10, acctest.CharSetAlpha)) | ||
resource.ParallelTest(t, resource.TestCase{ | ||
Providers: providers(), | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: rowAccessPolicies(databaseName, schemaName, rowAccessPolicyName), | ||
Check: resource.ComposeTestCheckFunc( | ||
resource.TestCheckResourceAttr("data.snowflake_row_access_policies.v", "database", databaseName), | ||
resource.TestCheckResourceAttr("data.snowflake_row_access_policies.v", "schema", schemaName), | ||
resource.TestCheckResourceAttrSet("data.snowflake_row_access_policies.v", "row_access_policies.#"), | ||
resource.TestCheckResourceAttr("data.snowflake_row_access_policies.v", "row_access_policies.#", "1"), | ||
resource.TestCheckResourceAttr("data.snowflake_row_access_policies.v", "row_access_policies.0.name", rowAccessPolicyName), | ||
), | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
func rowAccessPolicies(databaseName string, schemaName string, rowAccessPolicyName string) string { | ||
return fmt.Sprintf(` | ||
resource snowflake_database "test" { | ||
name = "%v" | ||
} | ||
resource snowflake_schema "test"{ | ||
name = "%v" | ||
database = snowflake_database.test.name | ||
} | ||
resource "snowflake_row_access_policy" "test" { | ||
name = "%v" | ||
database = snowflake_database.test.name | ||
schema = snowflake_schema.test.name | ||
signature = { | ||
N = "VARCHAR" | ||
V = "VARCHAR", | ||
} | ||
row_access_expression = "case when current_role() in ('ANALYST') then true else false end" | ||
comment = "Terraform acceptance test" | ||
} | ||
data snowflake_row_access_policies "v" { | ||
database = snowflake_row_access_policy.test.database | ||
schema = snowflake_row_access_policy.test.schema | ||
depends_on = [snowflake_row_access_policy.test] | ||
} | ||
`, databaseName, schemaName, rowAccessPolicyName) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.