From 0a25acdc02640b1d94141c52880bb499b9943c3a Mon Sep 17 00:00:00 2001 From: Vuong Nguyen Date: Tue, 19 Jul 2022 13:13:17 +0100 Subject: [PATCH] fix reading grants for any file & anon function --- access/resource_sql_permissions.go | 14 +++++ access/resource_sql_permissions_test.go | 68 +++++++++++++++++++++++++ 2 files changed, 82 insertions(+) diff --git a/access/resource_sql_permissions.go b/access/resource_sql_permissions.go index e4e265014b..171fe5032a 100644 --- a/access/resource_sql_permissions.go +++ b/access/resource_sql_permissions.go @@ -134,6 +134,17 @@ func (ta *SqlPermissions) read() error { currentType = "CATALOG" currentKey = "" } + + if ta.AnyFile { + currentType = "ANY FILE" + currentKey = "" + } + + if ta.AnonymousFunction { + currentType = "ANONYMOUS FUNCTION" + currentKey = "" + } + if !strings.EqualFold(currentType, thisType) { continue } @@ -348,6 +359,9 @@ func ResourceSqlPermissions() *schema.Resource { if err != nil { return err } + if !d.HasChangesExcept("cluster_id") { + return nil + } return ta.enforce() }, Delete: func(ctx context.Context, d *schema.ResourceData, c *common.DatabricksClient) error { diff --git a/access/resource_sql_permissions_test.go b/access/resource_sql_permissions_test.go index 32e525f874..e97187f9c2 100644 --- a/access/resource_sql_permissions_test.go +++ b/access/resource_sql_permissions_test.go @@ -433,3 +433,71 @@ func TestResourceSqlPermissions_Delete(t *testing.T) { func TestResourceSqlPermissions_CornerCases(t *testing.T) { qa.ResourceCornerCases(t, ResourceSqlPermissions(), qa.CornerCaseID("database/foo")) } + +func TestResourceSqlPermissions_NoUpdateAnyFile(t *testing.T) { + d, err := qa.ResourceFixture{ + CommandMock: mockData{ + "SHOW GRANT ON ANY FILE ": { + {"users", "SELECT", "ANY_FILE", "None"}, + }, + }.toCommandMock(), + HCL: ` + any_file = "true" + privilege_assignments { + principal = "users" + privileges = ["SELECT"] + } + `, + Fixtures: createHighConcurrencyCluster, + Resource: ResourceSqlPermissions(), + Update: true, + InstanceState: map[string]string{ + "any_file": "true", + "privilege_assignments.#": "1", + "privilege_assignments.0.principal": "users", + "privilege_assignments.0.privileges.#": "1", + "privilege_assignments.0.privileges.0": "SELECT", + }, + ID: "any file/", + }.Apply(t) + assert.NoError(t, err, err) + assert.Equal(t, 1, d.Get("privilege_assignments.#")) + assert.Equal(t, 1, d.Get("privilege_assignments.0.privileges.#")) + assert.Equal(t, "users", d.Get("privilege_assignments.0.principal")) + assert.Equal(t, "SELECT", d.Get("privilege_assignments.0.privileges.0")) + assert.Equal(t, true, d.Get("any_file")) +} + +func TestResourceSqlPermissions_NoUpdateAnonymousFunction(t *testing.T) { + d, err := qa.ResourceFixture{ + CommandMock: mockData{ + "SHOW GRANT ON ANONYMOUS FUNCTION ": { + {"users", "SELECT", "ANONYMOUS_FUNCTION", "None"}, + }, + }.toCommandMock(), + HCL: ` + anonymous_function = "true" + privilege_assignments { + principal = "users" + privileges = ["SELECT"] + } + `, + Fixtures: createHighConcurrencyCluster, + Resource: ResourceSqlPermissions(), + Update: true, + InstanceState: map[string]string{ + "anonymous_function": "true", + "privilege_assignments.#": "1", + "privilege_assignments.0.principal": "users", + "privilege_assignments.0.privileges.#": "1", + "privilege_assignments.0.privileges.0": "SELECT", + }, + ID: "anonymous function/", + }.Apply(t) + assert.NoError(t, err, err) + assert.Equal(t, 1, d.Get("privilege_assignments.#")) + assert.Equal(t, 1, d.Get("privilege_assignments.0.privileges.#")) + assert.Equal(t, "users", d.Get("privilege_assignments.0.principal")) + assert.Equal(t, "SELECT", d.Get("privilege_assignments.0.privileges.0")) + assert.Equal(t, true, d.Get("anonymous_function")) +}