From 73e443e9dc12efe862f7f8079c9da1c3f649455a Mon Sep 17 00:00:00 2001 From: haley-roberts <56319793+haley-roberts@users.noreply.github.com> Date: Thu, 18 Jun 2020 10:58:36 -0600 Subject: [PATCH] [feature] add monitor execution & execute tasks privileges (#213) --- pkg/resources/account_grant.go | 2 ++ pkg/resources/account_grant_test.go | 34 +++++++++++++++++++++++++++++ pkg/resources/privileges.go | 2 ++ 3 files changed, 38 insertions(+) diff --git a/pkg/resources/account_grant.go b/pkg/resources/account_grant.go index 40262254e7..09b83a1b8b 100644 --- a/pkg/resources/account_grant.go +++ b/pkg/resources/account_grant.go @@ -15,6 +15,8 @@ var validAccountPrivileges = newPrivilegeSet( privilegeCreateIntegration, privilegeManageGrants, privilegeMonitorUsage, + privilegeMonitorExecution, + privilegeExecuteTask, ) var accountGrantSchema = map[string]*schema.Schema{ diff --git a/pkg/resources/account_grant_test.go b/pkg/resources/account_grant_test.go index c166cd743d..86151dea45 100644 --- a/pkg/resources/account_grant_test.go +++ b/pkg/resources/account_grant_test.go @@ -57,6 +57,40 @@ func TestAccountGrantRead(t *testing.T) { }) } +func TestMonitorExecution(t *testing.T) { + r := require.New(t) + + d := accountGrant(t, "ACCOUNT|||MONITOR EXECUTION", map[string]interface{}{ + "privilege": "MONITOR EXECUTION", + "roles": []interface{}{"test-role-1", "test-role-2"}, + }) + + r.NotNil(d) + + WithMockDb(t, func(db *sql.DB, mock sqlmock.Sqlmock) { + expectReadAccountGrant(mock) + err := resources.ReadAccountGrant(d, db) + r.NoError(err) + }) +} + +func TestExecuteTask(t *testing.T) { + r := require.New(t) + + d := accountGrant(t, "ACCOUNT|||EXECUTE TASK", map[string]interface{}{ + "privilege": "EXECUTE TASK", + "roles": []interface{}{"test-role-1", "test-role-2"}, + }) + + r.NotNil(d) + + WithMockDb(t, func(db *sql.DB, mock sqlmock.Sqlmock) { + expectReadAccountGrant(mock) + err := resources.ReadAccountGrant(d, db) + r.NoError(err) + }) +} + func expectReadAccountGrant(mock sqlmock.Sqlmock) { rows := sqlmock.NewRows([]string{ "created_on", "privilege", "granted_on", "name", "granted_to", "grantee_name", "grant_option", "granted_by", diff --git a/pkg/resources/privileges.go b/pkg/resources/privileges.go index ae3e271f4b..0f77df19d0 100644 --- a/pkg/resources/privileges.go +++ b/pkg/resources/privileges.go @@ -45,6 +45,8 @@ const ( privilegeCreateIntegration privilege = "CREATE INTEGRATION" privilegeManageGrants privilege = "MANAGE GRANTS" privilegeMonitorUsage privilege = "MONITOR USAGE" + privilegeMonitorExecution privilege = "MONITOR EXECUTION" + privilegeExecuteTask privilege = "EXECUTE TASK" ) type privilegeSet map[privilege]struct{}