Skip to content

Fix grant macros SQL quoting (v1.0.8)#36

Merged
jonhopper-dataengineers merged 1 commit into
mainfrom
fix/grant-sql-quoting-v2
Jun 25, 2026
Merged

Fix grant macros SQL quoting (v1.0.8)#36
jonhopper-dataengineers merged 1 commit into
mainfrom
fix/grant-sql-quoting-v2

Conversation

@jonhopper-dataengineers

@jonhopper-dataengineers jonhopper-dataengineers commented Jun 25, 2026

Copy link
Copy Markdown
Member

Summary

  • Fixed SQL compilation error in grant macros where Jinja's tojson filter produced double-quoted strings ("ROLE_NAME") that Snowflake interprets as identifiers instead of string literals
  • Replaced map('tojson') | join(', ') with the idiomatic '{{ list | join("', '") }}' pattern across 3 macro files (5 occurrences) to emit correct single-quoted SQL strings
  • Bumped version to 1.0.8, updated CHANGELOG and README

Test plan

  • Run dbt run-operation grant_schema_read against a schema with roles to confirm no invalid identifier errors
  • Run dbt run-operation grant_schema_object_privileges and verify generated SQL uses single-quoted role names
  • Verify _grants_get_schema_object_privs helper produces correct SQL in dry-run mode

.... Generated with Cortex Code

Summary by Sourcery

Fix SQL quoting in grant macros to prevent Snowflake from treating role and privilege names as identifiers, and bump the package version to 1.0.8.

Bug Fixes:

  • Correct grant macro filters to emit single-quoted SQL string literals for privileges and grantees instead of double-quoted identifiers.

Enhancements:

  • Align grant macro Jinja templates with idiomatic list joining patterns for cleaner and more reliable SQL generation.

Build:

  • Update dbt project version metadata to 1.0.8.

Documentation:

  • Update README and CHANGELOG to document the grant SQL quoting fix and new 1.0.8 version.

The Jinja tojson filter wraps values in double quotes which Snowflake
interprets as identifiers causing invalid identifier errors. Replaced with
the idiomatic join pattern to produce single-quoted SQL string literals.

Bumped version to 1.0.8.

.... Generated with [Cortex Code](https://docs.snowflake.com/en/user-guide/cortex-code/cortex-code)

Co-Authored-By: Cortex Code <noreply@snowflake.com>
@sourcery-ai

sourcery-ai Bot commented Jun 25, 2026

Copy link
Copy Markdown
Contributor
Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Fixes SQL quoting in grant-related dbt macros by replacing Jinja tojson usage with a single-quoted join pattern so Snowflake treats role and privilege values as string literals, and bumps the package version to 1.0.8 with corresponding changelog and docs updates.

Sequence diagram for updated grant_schema_read macro SQL generation

sequenceDiagram
  actor User
  participant dbt
  participant grant_schema_read
  participant Snowflake

  User->>dbt: dbt run-operation grant_schema_read
  dbt->>grant_schema_read: render macro
  grant_schema_read->>grant_schema_read: build revoke_query using grant_roles | join("', '")
  grant_schema_read->>dbt: return revoke_query SQL
  dbt->>Snowflake: run_query(revoke_query)
  Snowflake-->>dbt: execute SQL (grantee not in ('ROLE_A', 'ROLE_B')) without invalid identifier
  dbt-->>User: operation completes successfully
Loading

File-Level Changes

Change Details Files
Correct SQL string literal generation in grant helper macro to avoid Snowflake treating values as identifiers.
  • Replace `priv_filter
map('tojson')
Fix grant_schema_object_privileges macro to emit single-quoted privilege and role lists instead of JSON-quoted values.
  • Replace `permission_list
map('upper')
Fix grant_schema_read macro to avoid invalid identifier errors by correctly quoting role names in NOT IN clause.
  • Replace `grant_roles
map('tojson')
Update project metadata and documentation to reflect version bump and describe the grant SQL quoting fix.
  • Add v1.0.8 changelog entry documenting the grant SQL quoting fix and affected macros.
  • Update README displayed package version from 1.0.7 to 1.0.8.
  • Update dbt_project.yml project version from 1.0.7 to 1.0.8.
CHANGELOG.md
README.md
dbt_project.yml

Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've left some high level feedback:

  • The new '{{ list | join("', '") }}' pattern will break if any privilege or role name contains a single quote; consider adding an escaping step or using a helper that safely quotes identifiers/literals for Snowflake.
  • You might want to centralize the SQL literal-joining logic (for privileges/roles) in a small helper macro so the quoting pattern is enforced consistently and easier to adjust if Snowflake or dbt behavior changes again.
Prompt for AI Agents
Please address the comments from this code review:

## Overall Comments
- The new `'{{ list | join("', '") }}'` pattern will break if any privilege or role name contains a single quote; consider adding an escaping step or using a helper that safely quotes identifiers/literals for Snowflake.
- You might want to centralize the SQL literal-joining logic (for privileges/roles) in a small helper macro so the quoting pattern is enforced consistently and easier to adjust if Snowflake or dbt behavior changes again.

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@jonhopper-dataengineers
jonhopper-dataengineers merged commit cdcb72b into main Jun 25, 2026
2 checks passed
@jonhopper-dataengineers
jonhopper-dataengineers deleted the fix/grant-sql-quoting-v2 branch June 25, 2026 20:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant