dbt-snowflake only supports granting to Account-level database roles. Snowflake supports granting to other objects including Database Roles and Shares. However, dbt-snowflake does not.
Solution
The solution allow dbt-snowflake to manage database roles as well as existing account level roles. The configuration is extended to include a nested object_type level but also supports the original style. The original style is mapped into the new style under a "role" key.
The solution has added a number of python functions to the adapter. Originally these were implemented as macros but the logic was also required in python for the automated tests. Rather than duplicate the logic it was moved into python and made available in the jinja context.
The new functions are below. I believe in the long term these would make sense migrating into the dbt-adapter project.
standardize_grant_config
diff_of_grants
The solution also introduces three new macros, which are similar to existing ones but take an additional object_type parameter ie role or database_role:
get_grant_sql_by_type
get_revoke_sql_by_type
get_dcl_statement_list_by_type
Areas that need advice
The existing test_grants.py has been patched to make use of the new functions and the tests are passing. This is not the cleanest and any suggestion for improvement would be appreciated.
The best way to extended the current tests to support roles in the new style.
The best way to include database roles in the functional tests.
[ ] I have run this code in development and it appears to resolve the stated issue
[ ] This PR includes tests, or tests are not required/relevant for this PR
[ ] This PR has no interface changes (e.g. macros, cli, logs, json artifacts, config files, adapter interface, etc) or this PR has already received feedback and approval from Product or DX
resolves #1206 docs dbt-labs/docs.getdbt.com/#
Problem
dbt-snowflake only supports granting to Account-level database roles. Snowflake supports granting to other objects including Database Roles and Shares. However, dbt-snowflake does not.
Solution
The solution allow dbt-snowflake to manage database roles as well as existing account level roles. The configuration is extended to include a nested object_type level but also supports the original style. The original style is mapped into the new style under a "role" key.
The solution has added a number of python functions to the adapter. Originally these were implemented as macros but the logic was also required in python for the automated tests. Rather than duplicate the logic it was moved into python and made available in the jinja context.
The new functions are below. I believe in the long term these would make sense migrating into the dbt-adapter project.
The solution also introduces three new macros, which are similar to existing ones but take an additional object_type parameter ie role or database_role:
Areas that need advice
Checklist