Add basic test for permission model with ruleset=DATABASE_OWNER, put …

…owner_global_roles below owner_account_grants
littleK0i · May 7, 2024 · 8508cb6 · 8508cb6
1 parent b61d772
commit 8508cb6
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 10 deletions.
diff --git a/snowddl/_config/sample02_01/fivetran_db/params.yaml b/snowddl/_config/sample02_01/fivetran_db/params.yaml
@@ -0,0 +1 @@
+permission_model: fivetran
diff --git a/snowddl/_config/sample02_01/permission_model.yaml b/snowddl/_config/sample02_01/permission_model.yaml
@@ -0,0 +1,17 @@
+fivetran:
+ ruleset: DATABASE_OWNER
+
+ owner_create_grants:
+ - STAGE
+ - TABLE
+ - VIEW
+
+ owner_future_grants:
+ STAGE: [OWNERSHIP]
+ TABLE: [OWNERSHIP]
+ VIEW: [OWNERSHIP]
+
+ read_future_grants:
+ STAGE: [READ]
+ TABLE: [SELECT, REFERENCES]
+ VIEW: [SELECT, REFERENCES]
diff --git a/snowddl/parser/database.py b/snowddl/parser/database.py
@@ -30,13 +30,13 @@
  "type": "string"
  }
  },
- "owner_global_roles": {
+ "owner_account_grants": {
  "type": "array",
  "items": {
  "type": "string"
  }
  },
- "owner_account_grants": {
+ "owner_global_roles": {
  "type": "array",
  "items": {
  "type": "string"
@@ -84,12 +84,12 @@ def load_blueprints(self):
  for warehouse_name in database_params.get("owner_warehouse_usage", []):
  owner_additional_grants.append(self.build_warehouse_role_grant(warehouse_name, self.config.USAGE_ROLE_TYPE))
 
- for global_role_name in database_params.get("owner_global_roles", []):
- owner_additional_grants.append(self.build_global_role_grant(global_role_name))
-
  for account_grant in database_params.get("owner_account_grants", []):
  owner_additional_account_grants.append(self.build_account_grant(account_grant))
 
+ for global_role_name in database_params.get("owner_global_roles", []):
+ owner_additional_grants.append(self.build_global_role_grant(global_role_name))
+
  bp = DatabaseBlueprint(
  full_name=DatabaseIdent(self.env_prefix, database_name),
  permission_model=database_permission_model,

diff --git a/snowddl/parser/schema.py b/snowddl/parser/schema.py
@@ -43,13 +43,13 @@
  "type": "string"
  }
  },
- "owner_global_roles": {
+ "owner_account_grants": {
  "type": "array",
  "items": {
  "type": "string"
  }
  },
- "owner_account_grants": {
+ "owner_global_roles": {
  "type": "array",
  "items": {
  "type": "string"
@@ -124,12 +124,12 @@ def load_blueprints(self):
  for warehouse_name in schema_params.get("owner_warehouse_usage", []):
  owner_additional_grants.append(self.build_warehouse_role_grant(warehouse_name, self.config.USAGE_ROLE_TYPE))
 
- for global_role_name in schema_params.get("owner_global_roles", []):
- owner_additional_grants.append(self.build_global_role_grant(global_role_name))
-
  for account_grant in schema_params.get("owner_account_grants", []):
  owner_additional_account_grants.append(self.build_account_grant(account_grant))
 
+ for global_role_name in schema_params.get("owner_global_roles", []):
+ owner_additional_grants.append(self.build_global_role_grant(global_role_name))
+
  bp = SchemaBlueprint(
  full_name=SchemaIdent(self.env_prefix, database_name, schema_name),
  permission_model=schema_permission_model,