Wait for resource to be updated during grants resource modification (#3026)

* Wait for resource to be updated during grants resource modification

* Fix typo

* Fix typo

Author: hectorcast-db

catalog/resource_grants.go

@@ -3,11 +3,14 @@ package catalog
 import (
 	"context"
 	"fmt"
+	"log"
 	"sort"
 	"strings"
+	"time"
 
 	"github.com/databricks/databricks-sdk-go/apierr"
 	"github.com/databricks/terraform-provider-databricks/common"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
 
@@ -126,7 +129,31 @@ func (a PermissionsAPI) replacePermissions(securable, name string, list Permissi
 	if err != nil {
 		return err
 	}
-	return a.updatePermissions(securable, name, list.diff(existing))
+	err = a.updatePermissions(securable, name, list.diff(existing))
+	if err != nil {
+		return err
+	}
+	return a.waitForStatus(securable, name, list)
+}
+
+func (a PermissionsAPI) defaultTimeout() time.Duration {
+	return 1 * time.Minute
+}
+
+func (a PermissionsAPI) waitForStatus(securable, name string, desired PermissionsList) (err error) {
+	return resource.RetryContext(a.context, a.defaultTimeout(), func() *resource.RetryError {
+		permissions, err := a.getPermissions(securable, name)
+		if err != nil {
+			return resource.NonRetryableError(err)
+		}
+		log.Printf("[DEBUG] Permissions for %s-%s are: %v", securable, name, permissions)
+		if permissions.diff(desired).Changes == nil {
+			return nil
+		}
+		return resource.RetryableError(
+			fmt.Errorf("permissions for %s-%s are %v, but have to be %v",
+				securable, name, permissions, desired))
+	})
 }
 
 type securableMapping map[string]map[string]bool

catalog/resource_grants_test.go

@@ -59,6 +59,108 @@ func TestGrantCreate(t *testing.T) {
 					},
 				},
 			},
+			{
+				Method:   "GET",
+				Resource: "/api/2.1/unity-catalog/permissions/table/foo.bar.baz",
+				Response: PermissionsList{
+					Assignments: []PrivilegeAssignment{
+						{
+							Principal:  "me",
+							Privileges: []string{"MODIFY"},
+						},
+					},
+				},
+			},
+		},
+		Resource: ResourceGrants(),
+		Create:   true,
+		HCL: `
+		table = "foo.bar.baz"
+
+		grant {
+			principal = "me"
+			privileges = ["MODIFY"]
+		}`,
+	}.ApplyNoError(t)
+}
+
+func TestWaitUntilReady(t *testing.T) {
+	qa.ResourceFixture{
+		Fixtures: []qa.HTTPFixture{
+			{
+				Method:   "GET",
+				Resource: "/api/2.1/unity-catalog/permissions/table/foo.bar.baz",
+				Response: PermissionsList{
+					Assignments: []PrivilegeAssignment{
+						{
+							Principal:  "me",
+							Privileges: []string{"SELECT"},
+						},
+						{
+							Principal:  "someone-else",
+							Privileges: []string{"MODIFY", "SELECT"},
+						},
+					},
+				},
+			},
+			{
+				Method:   "PATCH",
+				Resource: "/api/2.1/unity-catalog/permissions/table/foo.bar.baz",
+				ExpectedRequest: permissionsDiff{
+					Changes: []permissionsChange{
+						{
+							Principal: "me",
+							Add:       []string{"MODIFY"},
+							Remove:    []string{"SELECT"},
+						},
+						{
+							Principal: "someone-else",
+							Remove:    []string{"MODIFY", "SELECT"},
+						},
+					},
+				},
+			},
+			// This one is still the first one, to simulate a delay on updating the permissions
+			{
+				Method:   "GET",
+				Resource: "/api/2.1/unity-catalog/permissions/table/foo.bar.baz",
+				Response: PermissionsList{
+					Assignments: []PrivilegeAssignment{
+						{
+							Principal:  "me",
+							Privileges: []string{"SELECT"},
+						},
+						{
+							Principal:  "someone-else",
+							Privileges: []string{"MODIFY", "SELECT"},
+						},
+					},
+				},
+			},
+			{
+				Method:   "GET",
+				Resource: "/api/2.1/unity-catalog/permissions/table/foo.bar.baz",
+				Response: PermissionsList{
+					Assignments: []PrivilegeAssignment{
+						{
+							Principal:  "me",
+							Privileges: []string{"MODIFY"},
+						},
+					},
+				},
+			},
+			{
+				Method:   "GET",
+				Resource: "/api/2.1/unity-catalog/permissions/table/foo.bar.baz",
+				Response: PermissionsList{
+					Assignments: []PrivilegeAssignment{
+						{
+							Principal:  "me",
+							Privileges: []string{"MODIFY"},
+						},
+					},
+				},
+			},
 		},
 		Resource: ResourceGrants(),
 		Create:   true,
@@ -106,6 +208,18 @@ func TestGrantUpdate(t *testing.T) {
 					},
 				},
 			},
+			{
+				Method:   "GET",
+				Resource: "/api/2.1/unity-catalog/permissions/table/foo.bar.baz",
+				Response: PermissionsList{
+					Assignments: []PrivilegeAssignment{
+						{
+							Principal:  "me",
+							Privileges: []string{"MODIFY", "SELECT"},
+						},
+					},
+				},
+			},
 		},
 		Resource: ResourceGrants(),
 		Update:   true,
@@ -275,6 +389,18 @@ func TestShareGrantCreate(t *testing.T) {
 					},
 				},
 			},
+			{
+				Method:   "GET",
+				Resource: "/api/2.1/unity-catalog/shares/myshare/permissions",
+				Response: PermissionsList{
+					Assignments: []PrivilegeAssignment{
+						{
+							Principal:  "me",
+							Privileges: []string{"SELECT"},
+						},
+					},
+				},
+			},
 		},
 		Resource: ResourceGrants(),
 		Create:   true,
@@ -331,6 +457,18 @@ func TestShareGrantUpdate(t *testing.T) {
 					},
 				},
 			},
+			{
+				Method:   "GET",
+				Resource: "/api/2.1/unity-catalog/shares/myshare/permissions",
+				Response: PermissionsList{
+					Assignments: []PrivilegeAssignment{
+						{
+							Principal:  "you",
+							Privileges: []string{"SELECT"},
+						},
+					},
+				},
+			},
 		},
 		Resource: ResourceGrants(),
 		Update:   true,
@@ -406,6 +544,18 @@ func TestConnectionGrantCreate(t *testing.T) {
 					},
 				},
 			},
+			{
+				Method:   "GET",
+				Resource: "/api/2.1/unity-catalog/permissions/connection/myconn",
+				Response: PermissionsList{
+					Assignments: []PrivilegeAssignment{
+						{
+							Principal:  "me",
+							Privileges: []string{"USE_CONNECTION"},
+						},
+					},
+				},
+			},
 		},
 		Resource: ResourceGrants(),
 		Create:   true,