Fixes for EXTERNAL_ACCESS_INTEGRATION; Rework of simplified names for…

… ObjectType
littleK0i · Sep 5, 2024 · 958bd4f · 958bd4f
1 parent fd1f9dc
commit 958bd4f
Show file tree

Hide file tree

Showing 10 changed files with 36 additions and 19 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,12 @@
 # Changelog
 
+## [0.31.1] - 2024-09-05
+
+- Fixed grants on `EXTERNAL ACCESS INTEGRATION` trying to use full object name instead of simplified object name.
+- Reworked how simplified object type names are implemented internally. Now we have normal `singular` name, `singular_for_ref` used in context of policy references, `singular_for_grant` used in context of granting permissions.
+- Added more specific identifier type for `ExternalAccessIntegrationBlueprint.full_name` to prevent issues with env prefix and testing.
+- Fixed test for `TASK` related to Snowflake changing minimum value of `USER_TASK_MINIMUM_TRIGGER_INTERVAL_IN_SECONDS` parameter.
+
 ## [0.31.0] - 2024-08-16
 
 - Implemented `share_read` parameter for `BUSINESS ROLE` and `owner_share_read` parameter for `DATABASE` and `SCHEMA`.

diff --git a/snowddl/blueprint/blueprint.py b/snowddl/blueprint/blueprint.py
@@ -112,6 +112,7 @@ class EventTableBlueprint(SchemaObjectBlueprint):
 
 
 class ExternalAccessIntegrationBlueprint(AbstractBlueprint):
+    full_name: AccountObjectIdent
     allowed_network_rules: List[SchemaObjectIdent]
     allowed_api_authentication_integrations: Optional[List[Ident]] = None
     allowed_authentication_secrets: Optional[List[SchemaObjectIdent]] = None

diff --git a/snowddl/blueprint/object_type.py b/snowddl/blueprint/object_type.py
@@ -50,23 +50,24 @@ class ObjectType(Enum):
     DYNAMIC_TABLE = {
         "singular": "DYNAMIC TABLE",
         "plural": "DYNAMIC TABLES",
-        "simplified": "TABLE",
+        "singular_for_ref": "TABLE",
         "is_future_grant_supported": True,
         "blueprint_cls": "DynamicTableBlueprint",
     }
 
     EVENT_TABLE = {
         "singular": "EVENT TABLE",
         "plural": "EVENT TABLES",
-        "simplified": "TABLE",
+        "singular_for_ref": "TABLE",
         "is_future_grant_supported": True,
         "blueprint_cls": "EventTableBlueprint",
     }
 
     EXTERNAL_ACCESS_INTEGRATION = {
         "singular": "EXTERNAL ACCESS INTEGRATION",
         "plural": "EXTERNAL ACCESS INTEGRATIONS",
-        "simplified": "INTEGRATION",
+        "singular_for_ref": "INTEGRATION",
+        "singular_for_grant": "INTEGRATION",
         "blueprint_cls": "ExternalAccessIntegrationBlueprint",
     }
 
@@ -80,7 +81,7 @@ class ObjectType(Enum):
     EXTERNAL_TABLE = {
         "singular": "EXTERNAL TABLE",
         "plural": "EXTERNAL TABLES",
-        "simplified": "TABLE",
+        "singular_for_ref": "TABLE",
         "is_future_grant_supported": True,
         "blueprint_cls": "ExternalTableBlueprint",
     }
@@ -103,7 +104,7 @@ class ObjectType(Enum):
     HYBRID_TABLE = {
         "singular": "HYBRID TABLE",
         "plural": "HYBRID TABLES",
-        "simplified": "TABLE",
+        "singular_for_ref": "TABLE",
         "is_future_grant_supported": True,
         "blueprint_cls": "HybridTableBlueprint",
     }
@@ -124,7 +125,7 @@ class ObjectType(Enum):
     MATERIALIZED_VIEW = {
         "singular": "MATERIALIZED VIEW",
         "plural": "MATERIALIZED VIEWS",
-        "simplified": "VIEW",
+        "singular_for_ref": "VIEW",
         "is_future_grant_supported": True,
         "blueprint_cls": "MaterializedViewBlueprint",
     }
@@ -301,8 +302,12 @@ def plural(self):
         return self.value.get("plural")
 
     @property
-    def simplified(self):
-        return self.value.get("simplified", self.value.get("singular"))
+    def singular_for_grant(self):
+        return self.value.get("singular_for_grant", self.value.get("singular"))
+
+    @property
+    def singular_for_ref(self):
+        return self.value.get("singular_for_ref", self.value.get("singular"))
 
     @property
     def blueprint_cls(self):

diff --git a/snowddl/resolver/abc_role_resolver.py b/snowddl/resolver/abc_role_resolver.py
@@ -240,7 +240,7 @@ def create_grant(self, role_name, grant: Grant):
             self.engine.execute_safe_ddl(
                 "GRANT {on:r} {name:i} TO ROLE {role_name:i}",
                 {
-                    "on": grant.on.singular,
+                    "on": grant.on.singular_for_grant,
                     "name": grant.name,
                     "role_name": role_name,
                 },
@@ -250,7 +250,7 @@ def create_grant(self, role_name, grant: Grant):
                 "GRANT {privilege:r} ON {on:r} {name:i} TO ROLE {role_name:i}",
                 {
                     "privilege": grant.privilege,
-                    "on": grant.on.singular,
+                    "on": grant.on.singular_for_grant,
                     "name": grant.name,
                     "role_name": role_name,
                 },
@@ -264,7 +264,7 @@ def drop_grant(self, role_name, grant: Grant):
                 "GRANT {privilege:r} ON {on:r} {name:i} TO ROLE {current_role:i} COPY CURRENT GRANTS",
                 {
                     "privilege": grant.privilege,
-                    "on": grant.on.singular,
+                    "on": grant.on.singular_for_grant,
                     "name": grant.name,
                     "current_role": self.engine.context.current_role,
                 },
@@ -273,7 +273,7 @@ def drop_grant(self, role_name, grant: Grant):
             self.engine.execute_safe_ddl(
                 "REVOKE {on:r} {name:i} FROM ROLE {role_name:i}",
                 {
-                    "on": grant.on.singular,
+                    "on": grant.on.singular_for_grant,
                     "name": grant.name,
                     "role_name": role_name,
                 },
@@ -283,7 +283,7 @@ def drop_grant(self, role_name, grant: Grant):
                 "REVOKE {privilege:r} ON {on:r} {name:i} FROM ROLE {role_name:i}",
                 {
                     "privilege": grant.privilege,
-                    "on": grant.on.singular,
+                    "on": grant.on.singular_for_grant,
                     "name": grant.name,
                     "role_name": role_name,
                 },

diff --git a/snowddl/resolver/aggregation_policy.py b/snowddl/resolver/aggregation_policy.py
@@ -145,7 +145,7 @@ def _apply_policy_refs(self, bp: AggregationPolicyBlueprint, skip_existing=False
             query.append(
                 "ALTER {object_type:r} {object_name:i} SET AGGREGATION POLICY {policy_name:i}",
                 {
-                    "object_type": ref.object_type.simplified,
+                    "object_type": ref.object_type.singular_for_ref,
                     "object_name": ref.object_name,
                     "policy_name": bp.full_name,
                 },

diff --git a/snowddl/resolver/projection_policy.py b/snowddl/resolver/projection_policy.py
@@ -137,7 +137,7 @@ def _apply_policy_refs(self, bp: ProjectionPolicyBlueprint, skip_existing=False)
             self.engine.execute_unsafe_ddl(
                 "ALTER {object_type:r} {object_name:i} MODIFY COLUMN {column:i} SET PROJECTION POLICY {policy_name:i} FORCE",
                 {
-                    "object_type": ref.object_type.simplified,
+                    "object_type": ref.object_type.singular_for_ref,
                     "object_name": ref.object_name,
                     "column": ref.column,
                     "policy_name": bp.full_name,

diff --git a/snowddl/resolver/row_access_policy.py b/snowddl/resolver/row_access_policy.py
@@ -170,7 +170,7 @@ def _apply_policy_refs(self, bp: RowAccessPolicyBlueprint, skip_existing=False):
                 self.engine.execute_unsafe_ddl(
                     "ALTER {object_type:r} {object_name:i} DROP ROW ACCESS POLICY {policy_name:i}",
                     {
-                        "object_type": ref.object_type.simplified,
+                        "object_type": ref.object_type.singular_for_ref,
                         "object_name": ref.object_name,
                         "policy_name": bp.full_name,
                     },
@@ -181,7 +181,7 @@ def _apply_policy_refs(self, bp: RowAccessPolicyBlueprint, skip_existing=False):
             self.engine.execute_unsafe_ddl(
                 "ALTER {object_type:r} {object_name:i} ADD ROW ACCESS POLICY {policy_name:i} ON ({columns:i})",
                 {
-                    "object_type": ref.object_type.simplified,
+                    "object_type": ref.object_type.singular_for_ref,
                     "object_name": ref.object_name,
                     "policy_name": bp.full_name,
                     "columns": ref.columns,

diff --git a/snowddl/version.py b/snowddl/version.py
@@ -1 +1 @@
-__version__ = "0.31.0"
+__version__ = "0.31.1"
diff --git a/test/_config/step1/technical_role.yaml b/test/_config/step1/technical_role.yaml
@@ -0,0 +1,4 @@
+eai001_tr1:
+  grants:
+    EXTERNAL_ACCESS_INTEGRATION:USAGE:
+      - eai001_eai1
diff --git a/test/_config/step2/db1/sc1/task/ts001_ts1.yaml b/test/_config/step2/db1/sc1/task/ts001_ts1.yaml
@@ -11,6 +11,6 @@ user_task_timeout_ms: 10000
 suspend_task_after_num_failures: 10
 error_integration: test_notification_integration
 task_auto_retry_attempts: 2
-user_task_minimum_trigger_interval_in_seconds: 10
+user_task_minimum_trigger_interval_in_seconds: 60
 
 comment: cde