fix: network policy update (#2647)

fixes #2593 

## Test Plan
<!-- detail ways in which this PR has been tested or needs to be tested
-->
* [ ] acceptance tests
<!-- add more below if you think they are relevant -->
* [ ] …

## References
<!-- issues documentation links, etc  -->

*

pkg/sdk/network_policies_def.go

@@ -8,6 +8,16 @@ var (
 	ip = g.NewQueryStruct("IP").
 		Text("IP", g.KeywordOptions().SingleQuotes().Required())
 
+	networkPoliciesAddNetworkRule = g.NewQueryStruct("AddNetworkRule").
+					ListAssignment("ALLOWED_NETWORK_RULE_LIST", "SchemaObjectIdentifier", g.ParameterOptions().Parentheses()).
+					ListAssignment("BLOCKED_NETWORK_RULE_LIST", "SchemaObjectIdentifier", g.ParameterOptions().Parentheses()).
+					WithValidation(g.ExactlyOneValueSet, "AllowedNetworkRuleList", "BlockedNetworkRuleList")
+
+	networkPoliciesRemoveNetworkRule = g.NewQueryStruct("RemoveNetworkRule").
+						ListAssignment("ALLOWED_NETWORK_RULE_LIST", "SchemaObjectIdentifier", g.ParameterOptions().Parentheses()).
+						ListAssignment("BLOCKED_NETWORK_RULE_LIST", "SchemaObjectIdentifier", g.ParameterOptions().Parentheses()).
+						WithValidation(g.ExactlyOneValueSet, "AllowedNetworkRuleList", "BlockedNetworkRuleList")
+
 	NetworkPoliciesDef = g.NewInterface(
 		"NetworkPolicies",
 		"NetworkPolicy",
@@ -20,6 +30,8 @@ var (
 				OrReplace().
 				SQL("NETWORK POLICY").
 				Name().
+				ListAssignment("ALLOWED_NETWORK_RULE_LIST", "SchemaObjectIdentifier", g.ParameterOptions().Parentheses()).
+				ListAssignment("BLOCKED_NETWORK_RULE_LIST", "SchemaObjectIdentifier", g.ParameterOptions().Parentheses()).
 				ListQueryStructField("AllowedIpList", ip, g.ParameterOptions().SQL("ALLOWED_IP_LIST").Parentheses()).
 				ListQueryStructField("BlockedIpList", ip, g.ParameterOptions().SQL("BLOCKED_IP_LIST").Parentheses()).
 				OptionalTextAssignment("COMMENT", g.ParameterOptions().SingleQuotes()).
@@ -35,16 +47,28 @@ var (
 				OptionalQueryStructField(
 					"Set",
 					g.NewQueryStruct("NetworkPolicySet").
+						ListAssignment("ALLOWED_NETWORK_RULE_LIST", "SchemaObjectIdentifier", g.ParameterOptions().Parentheses()).
+						ListAssignment("BLOCKED_NETWORK_RULE_LIST", "SchemaObjectIdentifier", g.ParameterOptions().Parentheses()).
 						ListQueryStructField("AllowedIpList", ip, g.ParameterOptions().SQL("ALLOWED_IP_LIST").Parentheses()).
 						ListQueryStructField("BlockedIpList", ip, g.ParameterOptions().SQL("BLOCKED_IP_LIST").Parentheses()).
 						OptionalTextAssignment("COMMENT", g.ParameterOptions().SingleQuotes()).
-						WithValidation(g.AtLeastOneValueSet, "AllowedIpList", "BlockedIpList", "Comment"),
+						WithValidation(g.AtLeastOneValueSet, "AllowedIpList", "BlockedIpList", "Comment", "AllowedNetworkRuleList", "BlockedNetworkRuleList"),
 					g.KeywordOptions().SQL("SET"),
 				).
+				OptionalQueryStructField(
+					"Add",
+					networkPoliciesAddNetworkRule,
+					g.KeywordOptions().SQL("ADD"),
+				).
+				OptionalQueryStructField(
+					"Remove",
+					networkPoliciesRemoveNetworkRule,
+					g.KeywordOptions().SQL("REMOVE"),
+				).
 				OptionalSQL("UNSET COMMENT").
 				Identifier("RenameTo", g.KindOfTPointer[AccountObjectIdentifier](), g.IdentifierOptions().SQL("RENAME TO")).
 				WithValidation(g.ValidIdentifier, "name").
-				WithValidation(g.ExactlyOneValueSet, "Set", "UnsetComment", "RenameTo").
+				WithValidation(g.ExactlyOneValueSet, "Set", "UnsetComment", "RenameTo", "Add", "Remove").
 				WithValidation(g.ValidIdentifierIfSet, "RenameTo"),
 		).
 		DropOperation(
@@ -63,13 +87,17 @@ var (
 				Field("name", "string").
 				Field("comment", "string").
 				Field("entries_in_allowed_ip_list", "int").
-				Field("entries_in_blocked_ip_list", "int"),
+				Field("entries_in_blocked_ip_list", "int").
+				Field("entries_in_allowed_network_rules", "int").
+				Field("entries_in_blocked_network_rules", "int"),
 			g.PlainStruct("NetworkPolicy").
 				Field("CreatedOn", "string").
 				Field("Name", "string").
 				Field("Comment", "string").
 				Field("EntriesInAllowedIpList", "int").
-				Field("EntriesInBlockedIpList", "int"),
+				Field("EntriesInBlockedIpList", "int").
+				Field("EntriesInAllowedNetworkRules", "int").
+				Field("EntriesInBlockedNetworkRules", "int"),
 			g.NewQueryStruct("ShowNetworkPolicies").
 				Show().
 				SQL("NETWORK POLICIES"),

pkg/sdk/network_policies_dto_gen.go

@@ -11,11 +11,13 @@ var (
 )
 
 type CreateNetworkPolicyRequest struct {
-	OrReplace     *bool
-	name          AccountObjectIdentifier // required
-	AllowedIpList []IPRequest
-	BlockedIpList []IPRequest
-	Comment       *string
+	OrReplace              *bool
+	name                   AccountObjectIdentifier // required
+	AllowedNetworkRuleList []SchemaObjectIdentifier
+	BlockedNetworkRuleList []SchemaObjectIdentifier
+	AllowedIpList          []IPRequest
+	BlockedIpList          []IPRequest
+	Comment                *string
 }
 
 func (r *CreateNetworkPolicyRequest) GetName() AccountObjectIdentifier {
@@ -30,14 +32,28 @@ type AlterNetworkPolicyRequest struct {
 	IfExists     *bool
 	name         AccountObjectIdentifier // required
 	Set          *NetworkPolicySetRequest
+	Add          *AddNetworkRuleRequest
+	Remove       *RemoveNetworkRuleRequest
 	UnsetComment *bool
 	RenameTo     *AccountObjectIdentifier
 }
 
 type NetworkPolicySetRequest struct {
-	AllowedIpList []IPRequest
-	BlockedIpList []IPRequest
-	Comment       *string
+	AllowedNetworkRuleList []SchemaObjectIdentifier
+	BlockedNetworkRuleList []SchemaObjectIdentifier
+	AllowedIpList          []IPRequest
+	BlockedIpList          []IPRequest
+	Comment                *string
+}
+
+type AddNetworkRuleRequest struct {
+	AllowedNetworkRuleList []SchemaObjectIdentifier
+	BlockedNetworkRuleList []SchemaObjectIdentifier
+}
+
+type RemoveNetworkRuleRequest struct {
+	AllowedNetworkRuleList []SchemaObjectIdentifier
+	BlockedNetworkRuleList []SchemaObjectIdentifier
 }
 
 type DropNetworkPolicyRequest struct {

pkg/sdk/network_policies_gen.go

@@ -13,13 +13,15 @@ type NetworkPolicies interface {
 
 // CreateNetworkPolicyOptions is based on https://docs.snowflake.com/en/sql-reference/sql/create-network-policy.
 type CreateNetworkPolicyOptions struct {
-	create        bool                    `ddl:"static" sql:"CREATE"`
-	OrReplace     *bool                   `ddl:"keyword" sql:"OR REPLACE"`
-	networkPolicy bool                    `ddl:"static" sql:"NETWORK POLICY"`
-	name          AccountObjectIdentifier `ddl:"identifier"`
-	AllowedIpList []IP                    `ddl:"parameter,parentheses" sql:"ALLOWED_IP_LIST"`
-	BlockedIpList []IP                    `ddl:"parameter,parentheses" sql:"BLOCKED_IP_LIST"`
-	Comment       *string                 `ddl:"parameter,single_quotes" sql:"COMMENT"`
+	create                 bool                     `ddl:"static" sql:"CREATE"`
+	OrReplace              *bool                    `ddl:"keyword" sql:"OR REPLACE"`
+	networkPolicy          bool                     `ddl:"static" sql:"NETWORK POLICY"`
+	name                   AccountObjectIdentifier  `ddl:"identifier"`
+	AllowedNetworkRuleList []SchemaObjectIdentifier `ddl:"parameter,parentheses" sql:"ALLOWED_NETWORK_RULE_LIST"`
+	BlockedNetworkRuleList []SchemaObjectIdentifier `ddl:"parameter,parentheses" sql:"BLOCKED_NETWORK_RULE_LIST"`
+	AllowedIpList          []IP                     `ddl:"parameter,parentheses" sql:"ALLOWED_IP_LIST"`
+	BlockedIpList          []IP                     `ddl:"parameter,parentheses" sql:"BLOCKED_IP_LIST"`
+	Comment                *string                  `ddl:"parameter,single_quotes" sql:"COMMENT"`
 }
 
 type IP struct {
@@ -33,14 +35,28 @@ type AlterNetworkPolicyOptions struct {
 	IfExists      *bool                    `ddl:"keyword" sql:"IF EXISTS"`
 	name          AccountObjectIdentifier  `ddl:"identifier"`
 	Set           *NetworkPolicySet        `ddl:"keyword" sql:"SET"`
+	Add           *AddNetworkRule          `ddl:"keyword" sql:"ADD"`
+	Remove        *RemoveNetworkRule       `ddl:"keyword" sql:"REMOVE"`
 	UnsetComment  *bool                    `ddl:"keyword" sql:"UNSET COMMENT"`
 	RenameTo      *AccountObjectIdentifier `ddl:"identifier" sql:"RENAME TO"`
 }
 
 type NetworkPolicySet struct {
-	AllowedIpList []IP    `ddl:"parameter,parentheses" sql:"ALLOWED_IP_LIST"`
-	BlockedIpList []IP    `ddl:"parameter,parentheses" sql:"BLOCKED_IP_LIST"`
-	Comment       *string `ddl:"parameter,single_quotes" sql:"COMMENT"`
+	AllowedNetworkRuleList []SchemaObjectIdentifier `ddl:"parameter,parentheses" sql:"ALLOWED_NETWORK_RULE_LIST"`
+	BlockedNetworkRuleList []SchemaObjectIdentifier `ddl:"parameter,parentheses" sql:"BLOCKED_NETWORK_RULE_LIST"`
+	AllowedIpList          []IP                     `ddl:"parameter,parentheses" sql:"ALLOWED_IP_LIST"`
+	BlockedIpList          []IP                     `ddl:"parameter,parentheses" sql:"BLOCKED_IP_LIST"`
+	Comment                *string                  `ddl:"parameter,single_quotes" sql:"COMMENT"`
+}
+
+type AddNetworkRule struct {
+	AllowedNetworkRuleList []SchemaObjectIdentifier `ddl:"parameter,parentheses" sql:"ALLOWED_NETWORK_RULE_LIST"`
+	BlockedNetworkRuleList []SchemaObjectIdentifier `ddl:"parameter,parentheses" sql:"BLOCKED_NETWORK_RULE_LIST"`
+}
+
+type RemoveNetworkRule struct {
+	AllowedNetworkRuleList []SchemaObjectIdentifier `ddl:"parameter,parentheses" sql:"ALLOWED_NETWORK_RULE_LIST"`
+	BlockedNetworkRuleList []SchemaObjectIdentifier `ddl:"parameter,parentheses" sql:"BLOCKED_NETWORK_RULE_LIST"`
 }
 
 // DropNetworkPolicyOptions is based on https://docs.snowflake.com/en/sql-reference/sql/drop-network-policy.
@@ -58,19 +74,23 @@ type ShowNetworkPolicyOptions struct {
 }
 
 type showNetworkPolicyDBRow struct {
-	CreatedOn              string `db:"created_on"`
-	Name                   string `db:"name"`
-	Comment                string `db:"comment"`
-	EntriesInAllowedIpList int    `db:"entries_in_allowed_ip_list"`
-	EntriesInBlockedIpList int    `db:"entries_in_blocked_ip_list"`
+	CreatedOn                    string `db:"created_on"`
+	Name                         string `db:"name"`
+	Comment                      string `db:"comment"`
+	EntriesInAllowedIpList       int    `db:"entries_in_allowed_ip_list"`
+	EntriesInBlockedIpList       int    `db:"entries_in_blocked_ip_list"`
+	EntriesInAllowedNetworkRules int    `db:"entries_in_allowed_network_rules"`
+	EntriesInBlockedNetworkRules int    `db:"entries_in_blocked_network_rules"`
 }
 
 type NetworkPolicy struct {
-	CreatedOn              string
-	Name                   string
-	Comment                string
-	EntriesInAllowedIpList int
-	EntriesInBlockedIpList int
+	CreatedOn                    string
+	Name                         string
+	Comment                      string
+	EntriesInAllowedIpList       int
+	EntriesInBlockedIpList       int
+	EntriesInAllowedNetworkRules int
+	EntriesInBlockedNetworkRules int
 }
 
 // DescribeNetworkPolicyOptions is based on https://docs.snowflake.com/en/sql-reference/sql/desc-network-policy.