Fixed reads for any_file and anonymous_function in databricks_sql_permissions

access/resource_sql_permissions.go

@@ -134,6 +134,17 @@ func (ta *SqlPermissions) read() error {
 			currentType = "CATALOG"
 			currentKey = ""
 		}
+
+		if ta.AnyFile {
+			currentType = "ANY FILE"
+			currentKey = ""
+		}
+
+		if ta.AnonymousFunction {
+			currentType = "ANONYMOUS FUNCTION"
+			currentKey = ""
+		}
+
 		if !strings.EqualFold(currentType, thisType) {
 			continue
 		}
@@ -348,6 +359,9 @@ func ResourceSqlPermissions() *schema.Resource {
 			if err != nil {
 				return err
 			}
+			if !d.HasChangesExcept("cluster_id") {
+				return nil
+			}
 			return ta.enforce()
 		},
 		Delete: func(ctx context.Context, d *schema.ResourceData, c *common.DatabricksClient) error {

access/resource_sql_permissions_test.go

@@ -433,3 +433,71 @@ func TestResourceSqlPermissions_Delete(t *testing.T) {
 func TestResourceSqlPermissions_CornerCases(t *testing.T) {
 	qa.ResourceCornerCases(t, ResourceSqlPermissions(), qa.CornerCaseID("database/foo"))
 }
+
+func TestResourceSqlPermissions_NoUpdateAnyFile(t *testing.T) {
+	d, err := qa.ResourceFixture{
+		CommandMock: mockData{
+			"SHOW GRANT ON ANY FILE ": {
+				{"users", "SELECT", "ANY_FILE", "None"},
+			},
+		}.toCommandMock(),
+		HCL: `
+		any_file = "true"
+		privilege_assignments {
+			principal = "users"
+			privileges = ["SELECT"]
+		}
+		`,
+		Fixtures: createHighConcurrencyCluster,
+		Resource: ResourceSqlPermissions(),
+		Update:   true,
+		InstanceState: map[string]string{
+			"any_file":                             "true",
+			"privilege_assignments.#":              "1",
+			"privilege_assignments.0.principal":    "users",
+			"privilege_assignments.0.privileges.#": "1",
+			"privilege_assignments.0.privileges.0": "SELECT",
+		},
+		ID: "any file/",
+	}.Apply(t)
+	assert.NoError(t, err, err)
+	assert.Equal(t, 1, d.Get("privilege_assignments.#"))
+	assert.Equal(t, 1, d.Get("privilege_assignments.0.privileges.#"))
+	assert.Equal(t, "users", d.Get("privilege_assignments.0.principal"))
+	assert.Equal(t, "SELECT", d.Get("privilege_assignments.0.privileges.0"))
+	assert.Equal(t, true, d.Get("any_file"))
+}
+
+func TestResourceSqlPermissions_NoUpdateAnonymousFunction(t *testing.T) {
+	d, err := qa.ResourceFixture{
+		CommandMock: mockData{
+			"SHOW GRANT ON ANONYMOUS FUNCTION ": {
+				{"users", "SELECT", "ANONYMOUS_FUNCTION", "None"},
+			},
+		}.toCommandMock(),
+		HCL: `
+		anonymous_function = "true"
+		privilege_assignments {
+			principal = "users"
+			privileges = ["SELECT"]
+		}
+		`,
+		Fixtures: createHighConcurrencyCluster,
+		Resource: ResourceSqlPermissions(),
+		Update:   true,
+		InstanceState: map[string]string{
+			"anonymous_function":                   "true",
+			"privilege_assignments.#":              "1",
+			"privilege_assignments.0.principal":    "users",
+			"privilege_assignments.0.privileges.#": "1",
+			"privilege_assignments.0.privileges.0": "SELECT",
+		},
+		ID: "anonymous function/",
+	}.Apply(t)
+	assert.NoError(t, err, err)
+	assert.Equal(t, 1, d.Get("privilege_assignments.#"))
+	assert.Equal(t, 1, d.Get("privilege_assignments.0.privileges.#"))
+	assert.Equal(t, "users", d.Get("privilege_assignments.0.principal"))
+	assert.Equal(t, "SELECT", d.Get("privilege_assignments.0.privileges.0"))
+	assert.Equal(t, true, d.Get("anonymous_function"))
+}