From 8508cb622d029481914236ad0366991c8f8deb52 Mon Sep 17 00:00:00 2001 From: Vitaly Markov Date: Tue, 7 May 2024 13:58:38 +0100 Subject: [PATCH] Add basic test for permission model with ruleset=DATABASE_OWNER, put owner_global_roles below owner_account_grants --- .../_config/sample02_01/fivetran_db/params.yaml | 1 + .../_config/sample02_01/permission_model.yaml | 17 +++++++++++++++++ snowddl/parser/database.py | 10 +++++----- snowddl/parser/schema.py | 10 +++++----- 4 files changed, 28 insertions(+), 10 deletions(-) create mode 100644 snowddl/_config/sample02_01/fivetran_db/params.yaml diff --git a/snowddl/_config/sample02_01/fivetran_db/params.yaml b/snowddl/_config/sample02_01/fivetran_db/params.yaml new file mode 100644 index 0000000..7b4ea3a --- /dev/null +++ b/snowddl/_config/sample02_01/fivetran_db/params.yaml @@ -0,0 +1 @@ +permission_model: fivetran diff --git a/snowddl/_config/sample02_01/permission_model.yaml b/snowddl/_config/sample02_01/permission_model.yaml index e69de29..bcd5a02 100644 --- a/snowddl/_config/sample02_01/permission_model.yaml +++ b/snowddl/_config/sample02_01/permission_model.yaml @@ -0,0 +1,17 @@ +fivetran: + ruleset: DATABASE_OWNER + + owner_create_grants: + - STAGE + - TABLE + - VIEW + + owner_future_grants: + STAGE: [OWNERSHIP] + TABLE: [OWNERSHIP] + VIEW: [OWNERSHIP] + + read_future_grants: + STAGE: [READ] + TABLE: [SELECT, REFERENCES] + VIEW: [SELECT, REFERENCES] diff --git a/snowddl/parser/database.py b/snowddl/parser/database.py index 7279ca2..4cb70f8 100644 --- a/snowddl/parser/database.py +++ b/snowddl/parser/database.py @@ -30,13 +30,13 @@ "type": "string" } }, - "owner_global_roles": { + "owner_account_grants": { "type": "array", "items": { "type": "string" } }, - "owner_account_grants": { + "owner_global_roles": { "type": "array", "items": { "type": "string" @@ -84,12 +84,12 @@ def load_blueprints(self): for warehouse_name in database_params.get("owner_warehouse_usage", []): owner_additional_grants.append(self.build_warehouse_role_grant(warehouse_name, self.config.USAGE_ROLE_TYPE)) - for global_role_name in database_params.get("owner_global_roles", []): - owner_additional_grants.append(self.build_global_role_grant(global_role_name)) - for account_grant in database_params.get("owner_account_grants", []): owner_additional_account_grants.append(self.build_account_grant(account_grant)) + for global_role_name in database_params.get("owner_global_roles", []): + owner_additional_grants.append(self.build_global_role_grant(global_role_name)) + bp = DatabaseBlueprint( full_name=DatabaseIdent(self.env_prefix, database_name), permission_model=database_permission_model, diff --git a/snowddl/parser/schema.py b/snowddl/parser/schema.py index a19eac9..a2b16c2 100644 --- a/snowddl/parser/schema.py +++ b/snowddl/parser/schema.py @@ -43,13 +43,13 @@ "type": "string" } }, - "owner_global_roles": { + "owner_account_grants": { "type": "array", "items": { "type": "string" } }, - "owner_account_grants": { + "owner_global_roles": { "type": "array", "items": { "type": "string" @@ -124,12 +124,12 @@ def load_blueprints(self): for warehouse_name in schema_params.get("owner_warehouse_usage", []): owner_additional_grants.append(self.build_warehouse_role_grant(warehouse_name, self.config.USAGE_ROLE_TYPE)) - for global_role_name in schema_params.get("owner_global_roles", []): - owner_additional_grants.append(self.build_global_role_grant(global_role_name)) - for account_grant in schema_params.get("owner_account_grants", []): owner_additional_account_grants.append(self.build_account_grant(account_grant)) + for global_role_name in schema_params.get("owner_global_roles", []): + owner_additional_grants.append(self.build_global_role_grant(global_role_name)) + bp = SchemaBlueprint( full_name=SchemaIdent(self.env_prefix, database_name, schema_name), permission_model=schema_permission_model,