Add test proving new privilege granting

References: #3153
Snowflake-Labs · Nov 7, 2024 · 307366c · 307366c
1 parent 36d20c7
commit 307366c
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 2 deletions.
diff --git a/pkg/resources/grant_privileges_to_account_role_acceptance_test.go b/pkg/resources/grant_privileges_to_account_role_acceptance_test.go
@@ -8,11 +8,10 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/internal/collections"
-
 	acc "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance"
 
 	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance/testenvs"
+	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/internal/collections"
 	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk"
 	"github.com/hashicorp/terraform-plugin-testing/config"
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
@@ -70,6 +69,45 @@ func TestAcc_GrantPrivilegesToAccountRole_OnAccount(t *testing.T) {
 	})
 }
 
+func TestAcc_GrantPrivilegesToAccountRole_OnAccount_gh3153(t *testing.T) {
+	roleId := acc.TestClient().Ids.RandomAccountObjectIdentifier()
+	roleFullyQualifiedName := roleId.FullyQualifiedName()
+	configVariables := config.Variables{
+		"name": config.StringVariable(roleFullyQualifiedName),
+		"privileges": config.ListVariable(
+			config.StringVariable("MANAGE SHARE TARGET"),
+		),
+	}
+	resourceName := "snowflake_grant_privileges_to_account_role.test"
+
+	resource.Test(t, resource.TestCase{
+		ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories,
+		PreCheck:                 func() { acc.TestAccPreCheck(t) },
+		TerraformVersionChecks: []tfversion.TerraformVersionCheck{
+			tfversion.RequireAbove(tfversion.Version1_5_0),
+		},
+		CheckDestroy: acc.CheckAccountRolePrivilegesRevoked(t),
+		Steps: []resource.TestStep{
+			{
+				PreConfig: func() {
+					_, roleCleanup := acc.TestClient().Role.CreateRoleWithIdentifier(t, roleId)
+					t.Cleanup(roleCleanup)
+					acc.TestClient().BcrBundles.EnableBcrBundle(t, "2024_07")
+				},
+				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToAccountRole/OnAccount_gh3153"),
+				ConfigVariables: configVariables,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, "account_role_name", roleFullyQualifiedName),
+					resource.TestCheckResourceAttr(resourceName, "privileges.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "privileges.0", "MANAGE SHARE TARGET"),
+					resource.TestCheckResourceAttr(resourceName, "on_account", "true"),
+					resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|MANAGE SHARE TARGET|OnAccount", roleFullyQualifiedName)),
+				),
+			},
+		},
+	})
+}
+
 func TestAcc_GrantPrivilegesToAccountRole_OnAccount_PrivilegesReversed(t *testing.T) {
 	roleId := acc.TestClient().Ids.RandomAccountObjectIdentifier()
 	roleFullyQualifiedName := roleId.FullyQualifiedName()

diff --git a/pkg/resources/testdata/TestAcc_GrantPrivilegesToAccountRole/OnAccount_gh3153/test.tf b/pkg/resources/testdata/TestAcc_GrantPrivilegesToAccountRole/OnAccount_gh3153/test.tf
@@ -0,0 +1,5 @@
+resource "snowflake_grant_privileges_to_account_role" "test" {
+  account_role_name = var.name
+  privileges        = var.privileges
+  on_account        = true
+}
diff --git a/pkg/resources/testdata/TestAcc_GrantPrivilegesToAccountRole/OnAccount_gh3153/variables.tf b/pkg/resources/testdata/TestAcc_GrantPrivilegesToAccountRole/OnAccount_gh3153/variables.tf
@@ -0,0 +1,7 @@
+variable "name" {
+  type = string
+}
+
+variable "privileges" {
+  type = list(string)
+}