refactor after rebase

Author: agustin-conductor

pkg/connector/databases.go

@@ -111,9 +111,9 @@ func (o *databaseBuilder) Grants(ctx context.Context, resource *v2.Resource, _ r
 		return nil, nil, nil
 	}
 
-	owner, ownerResp, err := o.client.GetAccountRole(ctx, database.Owner)
+	owner, ownerStatusCode, err := o.client.GetAccountRole(ctx, database.Owner)
 	if err != nil {
-		if snowflake.IsUnprocessableEntity(ownerResp, err) {
+		if snowflake.IsUnprocessableEntity(ownerStatusCode, err) {
 			wrappedErr := fmt.Errorf("baton-snowflake: insufficient privileges for database owner role %q (database %q): %w", database.Owner, resource.Id.Resource, err)
 			return nil, nil, status.Error(codes.PermissionDenied, wrappedErr.Error())
 		}

pkg/connector/tables.go

@@ -69,8 +69,8 @@ func (o *tableBuilder) isDBSharedOrSystem(ctx context.Context, resource *v2.Reso
 			return val == "true" || val == "1", nil
 		}
 	}
-	db, resp, err := o.client.GetDatabase(ctx, databaseName)
-	if snowflake.IsUnprocessableEntity(resp, err) {
+	db, statusCode, err := o.client.GetDatabase(ctx, databaseName)
+	if snowflake.IsUnprocessableEntity(statusCode, err) {
 		return true, nil
 	}
 	if err != nil {
@@ -148,7 +148,7 @@ func (o *tableBuilder) List(ctx context.Context, parentResourceID *v2.ResourceId
 	}
 
 	const accountPageSize = 200
-	tables, nextCursor, _, err := o.client.ListTablesInAccount(ctx, cursor, accountPageSize)
+	tables, nextCursor, err := o.client.ListTablesInAccount(ctx, cursor, accountPageSize)
 	if err != nil {
 		return nil, nil, wrapError(err, "failed to list tables in account")
 	}
@@ -280,9 +280,9 @@ func (o *tableBuilder) Grants(ctx context.Context, resource *v2.Resource, opts r
 
 		switch tg.GrantedTo {
 		case grantedToRole:
-			role, resp, err := o.client.GetAccountRole(ctx, tg.GranteeName)
+			role, statusCode, err := o.client.GetAccountRole(ctx, tg.GranteeName)
 			if err != nil {
-				if snowflake.IsUnprocessableEntity(resp, err) {
+				if snowflake.IsUnprocessableEntity(statusCode, err) {
 					principalId, idErr := rs.NewResourceID(accountRoleResourceType, tg.GranteeName)
 					if idErr != nil {
 						continue
@@ -335,14 +335,14 @@ func (o *tableBuilder) Grants(ctx context.Context, resource *v2.Resource, opts r
 	}
 
 	if ownerPrincipalID == nil {
-		table, _, err := o.client.GetTable(ctx, databaseName, schemaName, tableName)
+		table, err := o.client.GetTable(ctx, databaseName, schemaName, tableName)
 		if err != nil {
 			return nil, nil, wrapError(err, "failed to get table for owner fallback")
 		}
 		if table != nil && table.Owner != "" && table.Owner != "SNOWFLAKE" {
-			owner, ownerResp, err := o.client.GetAccountRole(ctx, table.Owner)
+			owner, ownerStatusCode, err := o.client.GetAccountRole(ctx, table.Owner)
 			switch {
-			case snowflake.IsUnprocessableEntity(ownerResp, err):
+			case snowflake.IsUnprocessableEntity(ownerStatusCode, err):
 				// system role, skip
 			case err != nil:
 				return nil, nil, wrapError(err, fmt.Sprintf("failed to get account role for table owner %q", table.Owner))

pkg/snowflake/account_role.go

@@ -138,33 +138,37 @@ func (c *Client) ListAccountRoleGrantees(ctx context.Context, roleName string) (
 	return accountRoleGrantees, nil
 }
 
-func (c *Client) GetAccountRole(ctx context.Context, roleName string) (*AccountRole, error) {
+func (c *Client) GetAccountRole(ctx context.Context, roleName string) (*AccountRole, int, error) {
 	queries := []string{
 		fmt.Sprintf("SHOW ROLES LIKE '%s' LIMIT 1;", roleName),
 	}
 
 	req, err := c.PostStatementRequest(ctx, queries)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
 	var response ListAccountRolesRawResponse
 	resp, err := c.Do(req, uhttp.WithJSONResponse(&response))
 	defer closeResponseBody(resp)
 	if err != nil {
-		return nil, err
+		statusCode := 0
+		if resp != nil {
+			statusCode = resp.StatusCode
+		}
+		return nil, statusCode, err
 	}
 
 	accountRoles, err := response.GetAccountRoles()
 	if err != nil {
-		return nil, err
+		return nil, resp.StatusCode, err
 	}
 
 	if len(accountRoles) == 0 {
-		return nil, nil
+		return nil, resp.StatusCode, nil
 	}
 
-	return &accountRoles[0], nil
+	return &accountRoles[0], resp.StatusCode, nil
 }
 
 func (c *Client) GrantAccountRole(ctx context.Context, roleName, userName string) error {

pkg/snowflake/database.go

@@ -101,36 +101,37 @@ func (c *Client) ListDatabases(ctx context.Context, cursor string, limit int) ([
 	return dbs, nil
 }
 
-func (c *Client) GetDatabase(ctx context.Context, name string) (*Database, error) {
+func (c *Client) GetDatabase(ctx context.Context, name string) (*Database, int, error) {
 	queries := []string{
 		fmt.Sprintf("SHOW DATABASES LIKE '%s' LIMIT 1;", name),
 	}
 
 	req, err := c.PostStatementRequest(ctx, queries)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
 	var response ListDatabasesRawResponse
 	resp, err := c.Do(req, uhttp.WithJSONResponse(&response))
 	defer closeResponseBody(resp)
 	if err != nil {
-		if IsUnprocessableEntity(resp, err) {
-			return nil, resp, nil
+		statusCode := 0
+		if resp != nil {
+			statusCode = resp.StatusCode
 		}
-		return nil, resp, err
+		return nil, statusCode, err
 	}
 
 	databases, err := response.GetDatabases()
 	if err != nil {
-		return nil, err
+		return nil, resp.StatusCode, err
 	}
 
 	if len(databases) == 0 {
-		return nil, fmt.Errorf("database with name %s not found", name)
+		return nil, resp.StatusCode, fmt.Errorf("database with name %s not found", name)
 	} else if len(databases) > 1 {
-		return nil, fmt.Errorf("expected 1 database with name %s, got %d", name, len(databases))
+		return nil, resp.StatusCode, fmt.Errorf("expected 1 database with name %s, got %d", name, len(databases))
 	}
 
-	return &databases[0], nil
+	return &databases[0], resp.StatusCode, nil
 }

pkg/snowflake/helper.go

@@ -8,8 +8,8 @@ import (
 // IsUnprocessableEntity reports whether the Snowflake API returned HTTP 422 (Unprocessable Entity).
 // Snowflake returns 422 for certain operations on system/predefined objects (e.g. SHOW GRANTS OF ROLE for ACCOUNTADMIN,
 // SHOW ROLES LIKE for some roles). Callers can treat this as "no data" or "not resolvable" instead of a hard error.
-func IsUnprocessableEntity(resp *http.Response, err error) bool {
-	if resp != nil && resp.StatusCode == http.StatusUnprocessableEntity {
+func IsUnprocessableEntity(statusCode int, err error) bool {
+	if statusCode == http.StatusUnprocessableEntity {
 		return true
 	}
 	if err != nil && (strings.Contains(err.Error(), "422") || strings.Contains(err.Error(), "Unprocessable Entity")) {

pkg/snowflake/table.go

@@ -61,7 +61,7 @@ func (r *ListTablesRawResponse) ListTables() ([]Table, error) {
 
 const tableListCursorSep = "\x00"
 
-func (c *Client) ListTablesInAccount(ctx context.Context, cursor string, limit int) ([]Table, string, *http.Response, error) {
+func (c *Client) ListTablesInAccount(ctx context.Context, cursor string, limit int) ([]Table, string, error) {
 	l := ctxzap.Extract(ctx)
 
 	var q string
@@ -81,51 +81,47 @@ func (c *Client) ListTablesInAccount(ctx context.Context, cursor string, limit i
 
 	req, err := c.PostStatementRequest(ctx, queries)
 	if err != nil {
-		return nil, "", nil, err
+		return nil, "", err
 	}
 
 	var response ListTablesRawResponse
-	resp, err := c.Do(req, uhttp.WithJSONResponse(&response))
+	resp1, err := c.Do(req, uhttp.WithJSONResponse(&response))
+	defer closeResponseBody(resp1)
 	if err != nil {
-		if resp != nil && resp.StatusCode == http.StatusUnprocessableEntity {
+		if resp1 != nil && resp1.StatusCode == http.StatusUnprocessableEntity {
 			l.Debug("Insufficient privileges for SHOW TABLES IN ACCOUNT")
 			wrappedErr := fmt.Errorf("baton-snowflake: insufficient privileges for SHOW TABLES IN ACCOUNT: %w", err)
-			return nil, "", nil, status.Error(codes.PermissionDenied, wrappedErr.Error())
+			return nil, "", status.Error(codes.PermissionDenied, wrappedErr.Error())
 		}
-		return nil, "", nil, err
-	}
-	if resp != nil {
-		defer resp.Body.Close()
+		return nil, "", err
 	}
 
 	req, err = c.GetStatementResponse(ctx, response.StatementHandle)
 	if err != nil {
-		return nil, "", resp, err
+		return nil, "", err
 	}
-	resp, err = c.Do(req, uhttp.WithJSONResponse(&response))
+	resp2, err := c.Do(req, uhttp.WithJSONResponse(&response))
+	defer closeResponseBody(resp2)
 	if err != nil {
-		if resp != nil && resp.StatusCode == http.StatusUnprocessableEntity {
+		if resp2 != nil && resp2.StatusCode == http.StatusUnprocessableEntity {
 			l.Debug("Insufficient privileges for SHOW TABLES IN ACCOUNT (statement result)")
 			wrappedErr := fmt.Errorf("baton-snowflake: insufficient privileges for SHOW TABLES IN ACCOUNT (statement result): %w", err)
-			return nil, "", nil, status.Error(codes.PermissionDenied, wrappedErr.Error())
+			return nil, "", status.Error(codes.PermissionDenied, wrappedErr.Error())
 		}
-		return nil, "", resp, err
-	}
-	if resp != nil {
-		defer resp.Body.Close()
+		return nil, "", err
 	}
 
 	tables, err := response.ListTables()
 	if err != nil {
-		return nil, "", resp, err
+		return nil, "", err
 	}
 
 	var nextCursor string
 	if len(tables) >= limit {
 		last := tables[len(tables)-1]
 		nextCursor = last.DatabaseName + tableListCursorSep + last.SchemaName + tableListCursorSep + last.Name
 	}
-	return tables, nextCursor, resp, nil
+	return tables, nextCursor, nil
 }
 
 // escapeSingleQuote doubles single quotes for use inside SQL string literals.
@@ -149,54 +145,50 @@ func escapeDoubleQuotedIdentifier(s string) string {
 	return strings.ReplaceAll(s, `"`, `""`)
 }
 
-func (c *Client) GetTable(ctx context.Context, database, schema, tableName string) (*Table, *http.Response, error) {
+func (c *Client) GetTable(ctx context.Context, database, schema, tableName string) (*Table, error) {
 	likePattern := escapeLikePattern(tableName)
 	queries := []string{
 		fmt.Sprintf("SHOW TABLES LIKE '%s' ESCAPE '\\' IN SCHEMA \"%s\".\"%s\" LIMIT 1;", likePattern, escapeDoubleQuotedIdentifier(database), escapeDoubleQuotedIdentifier(schema)),
 	}
 
 	req, err := c.PostStatementRequest(ctx, queries)
 	if err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 
 	var response ListTablesRawResponse
-	resp, err := c.Do(req, uhttp.WithJSONResponse(&response))
+	resp1, err := c.Do(req, uhttp.WithJSONResponse(&response))
+	defer closeResponseBody(resp1)
 	if err != nil {
-		if resp != nil && resp.StatusCode == http.StatusUnprocessableEntity {
-			return nil, resp, nil
+		if resp1 != nil && resp1.StatusCode == http.StatusUnprocessableEntity {
+			return nil, nil
 		}
-		return nil, nil, err
-	}
-	if resp != nil {
-		defer resp.Body.Close()
+		return nil, err
 	}
 
 	req, err = c.GetStatementResponse(ctx, response.StatementHandle)
 	if err != nil {
-		return nil, resp, err
+		return nil, err
 	}
-	resp, err = c.Do(req, uhttp.WithJSONResponse(&response))
+	resp2, err := c.Do(req, uhttp.WithJSONResponse(&response))
+	defer closeResponseBody(resp2)
 	if err != nil {
-		return nil, resp, err
-	}
-	if resp != nil {
-		defer resp.Body.Close()
+		return nil, err
 	}
 
 	tables, err := response.ListTables()
 	if err != nil {
-		return nil, resp, err
+		return nil, err
 	}
 
 	// Filter by exact match (database, schema, and name)
 	for _, table := range tables {
 		if table.DatabaseName == database && table.SchemaName == schema && table.Name == tableName {
-			return &table, resp, nil
+			return &table, nil
 		}
 	}
 
-	return nil, resp, fmt.Errorf("table %s.%s.%s not found", database, schema, tableName)
+	return nil, fmt.Errorf("table %s.%s.%s not found", database, schema, tableName)
 }
 
 var tableGrantStructFieldToColumnMap = map[string]string{