From 319ddc3df2f0a73c1f6258632de0e42c04532551 Mon Sep 17 00:00:00 2001
From: M Lorek <mlorek@users.noreply.github.com>
Date: Wed, 15 May 2024 10:01:17 +0100
Subject: [PATCH] feat: datasource database role (#2731)

Adding datasource - single database role

<!-- summary of changes -->

## Test Plan
<!-- detail ways in which this PR has been tested or needs to be tested
-->
* [ v] acceptance tests

## References
<!-- issues documentation links, etc  -->

*
---
 docs/data-sources/database_role.md            | 33 ++++++++
 .../snowflake_database_role/data-source.tf    |  4 +
 pkg/datasources/database_role.go              | 71 +++++++++++++++++
 .../database_role_acceptance_test.go          | 79 +++++++++++++++++++
 pkg/provider/provider.go                      |  1 +
 5 files changed, 188 insertions(+)
 create mode 100644 docs/data-sources/database_role.md
 create mode 100644 examples/data-sources/snowflake_database_role/data-source.tf
 create mode 100644 pkg/datasources/database_role.go
 create mode 100644 pkg/datasources/database_role_acceptance_test.go

diff --git a/docs/data-sources/database_role.md b/docs/data-sources/database_role.md
new file mode 100644
index 0000000000..13d03ddb42
--- /dev/null
+++ b/docs/data-sources/database_role.md
@@ -0,0 +1,33 @@
+---
+page_title: "snowflake_database_role Data Source - terraform-provider-snowflake"
+subcategory: ""
+description: |-
+  
+---
+
+# snowflake_database_role (Data Source)
+
+
+
+## Example Usage
+
+```terraform
+data "snowflake_database_role" "db_role" {
+  database = "MYDB"
+  name     = "DBROLE"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `database` (String) The database from which to return the database role from.
+- `name` (String) Database role name.
+
+### Read-Only
+
+- `comment` (String) The comment on the role
+- `id` (String) The ID of this resource.
+- `owner` (String) The owner of the role
diff --git a/examples/data-sources/snowflake_database_role/data-source.tf b/examples/data-sources/snowflake_database_role/data-source.tf
new file mode 100644
index 0000000000..0e66f67a0c
--- /dev/null
+++ b/examples/data-sources/snowflake_database_role/data-source.tf
@@ -0,0 +1,4 @@
+data "snowflake_database_role" "db_role" {
+  database = "MYDB"
+  name     = "DBROLE"
+}
\ No newline at end of file
diff --git a/pkg/datasources/database_role.go b/pkg/datasources/database_role.go
new file mode 100644
index 0000000000..4379954ec3
--- /dev/null
+++ b/pkg/datasources/database_role.go
@@ -0,0 +1,71 @@
+package datasources
+
+import (
+	"context"
+	"log"
+
+	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/internal/provider"
+
+	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+var databaseRoleSchema = map[string]*schema.Schema{
+	"database": {
+		Type:        schema.TypeString,
+		Required:    true,
+		Description: "The database from which to return the database role from.",
+	},
+	"name": {
+		Type:        schema.TypeString,
+		Required:    true,
+		Description: "Database role name.",
+	},
+	"comment": {
+		Type:        schema.TypeString,
+		Computed:    true,
+		Description: "The comment on the role",
+	},
+	"owner": {
+		Type:        schema.TypeString,
+		Computed:    true,
+		Description: "The owner of the role",
+	},
+}
+
+// DatabaseRole Snowflake Database Role resource.
+func DatabaseRole() *schema.Resource {
+	return &schema.Resource{
+		Read:   ReadDatabaseRole,
+		Schema: databaseRoleSchema,
+	}
+}
+
+// ReadDatabaseRole Reads the database role metadata information.
+func ReadDatabaseRole(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*provider.Context).Client
+
+	databaseName := d.Get("database").(string)
+	roleName := d.Get("name").(string)
+
+	ctx := context.Background()
+	dbObjId := sdk.NewDatabaseObjectIdentifier(databaseName, roleName)
+	databaseRole, err := client.DatabaseRoles.ShowByID(ctx, dbObjId)
+	if err != nil {
+		log.Printf("[DEBUG] unable to show database role %s in db (%s)", roleName, databaseName)
+		d.SetId("")
+		return err
+	}
+
+	err = d.Set("comment", databaseRole.Comment)
+	if err != nil {
+		return err
+	}
+	err = d.Set("owner", databaseRole.Owner)
+	if err != nil {
+		return err
+	}
+
+	d.SetId("database_role_read")
+	return nil
+}
diff --git a/pkg/datasources/database_role_acceptance_test.go b/pkg/datasources/database_role_acceptance_test.go
new file mode 100644
index 0000000000..1b0d27ab9f
--- /dev/null
+++ b/pkg/datasources/database_role_acceptance_test.go
@@ -0,0 +1,79 @@
+package datasources_test
+
+import (
+	"fmt"
+	"regexp"
+	"strings"
+	"testing"
+
+	acc "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-plugin-testing/tfversion"
+)
+
+func TestAcc_DatabaseRole(t *testing.T) {
+	dbName := strings.ToUpper(acctest.RandStringFromCharSet(10, acctest.CharSetAlpha))
+	dbRoleName := strings.ToUpper(acctest.RandStringFromCharSet(10, acctest.CharSetAlpha))
+
+	resource.Test(t, resource.TestCase{
+		ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories,
+		TerraformVersionChecks: []tfversion.TerraformVersionCheck{
+			tfversion.RequireAbove(tfversion.Version1_5_0),
+		},
+		CheckDestroy: nil,
+		Steps: []resource.TestStep{
+			{
+				Config: databaseRole(dbName, dbRoleName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet("data.snowflake_database_role.db_role", "name"),
+					resource.TestCheckResourceAttrSet("data.snowflake_database_role.db_role", "comment"),
+					resource.TestCheckResourceAttrSet("data.snowflake_database_role.db_role", "owner"),
+				),
+			},
+			{
+				Config:      databaseRoleEmpty(dbName),
+				ExpectError: regexp.MustCompile("Error: object does not exist"),
+			},
+		},
+	})
+}
+
+func databaseRole(dbName, dbRoleName string) string {
+	return fmt.Sprintf(`
+		resource snowflake_database "test_db" {
+			name = "%v"
+		}
+
+		resource snowflake_database_role "test_role" {
+			name = "%v"
+            comment = "test"
+			database = snowflake_database.test_db.name
+		}
+
+		data snowflake_database_role "db_role" {
+            database = snowflake_database.test_db.name
+			name = snowflake_database_role.test_role.name
+			depends_on = [
+				snowflake_database_role.test_role,
+			]
+		}
+	`, dbName, dbRoleName)
+}
+
+func databaseRoleEmpty(dbName string) string {
+	return fmt.Sprintf(`
+		resource snowflake_database "test_db" {
+			name = "%v"
+		}
+
+		data snowflake_database_role "db_role" {
+            database = snowflake_database.test_db.name
+			name = "dummy_missing"
+			depends_on = [
+				snowflake_database.test_db,
+			]
+		}
+	`, dbName)
+}
diff --git a/pkg/provider/provider.go b/pkg/provider/provider.go
index 462bf5efa3..4cdb8878c2 100644
--- a/pkg/provider/provider.go
+++ b/pkg/provider/provider.go
@@ -527,6 +527,7 @@ func getDataSources() map[string]*schema.Resource {
 		"snowflake_current_account":                    datasources.CurrentAccount(),
 		"snowflake_current_role":                       datasources.CurrentRole(),
 		"snowflake_database":                           datasources.Database(),
+		"snowflake_database_role":                      datasources.DatabaseRole(),
 		"snowflake_database_roles":                     datasources.DatabaseRoles(),
 		"snowflake_databases":                          datasources.Databases(),
 		"snowflake_dynamic_tables":                     datasources.DynamicTables(),