Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

snowflake_row_access_policy resource wants to be updated on every terraform apply command #1151

Closed
warchief-t opened this issue Jul 22, 2022 · 2 comments
Closed

snowflake_row_access_policy resource wants to be updated on every terraform apply command #1151

warchief-t opened this issue Jul 22, 2022 · 2 comments
Labels
bug Used to mark issues with provider's incorrect behavior category:resource resource:row_access_policy Issue connected to the snowflake_row_access_policy resource

Comments

@warchief-t
Copy link

warchief-t commented Jul 22, 2022
edited
Loading

Provider Version

0.40.0

Terraform Version

1.2.5

Describe the bug

When I do terraform apply I successfully apply resource snowflake_row_access_policy code changes.
But when I do terraform apply again with no code changes, Terraform shows like something has been changed.

Expected behavior

When I do terraform apply I successfully apply resource snowflake_row_access_policy code changes.
When I do terraform apply again with no code changes, Terraform must show that nothing has been changed.

Code samples and commands
main.tf

resource "snowflake_database" "TEST" {

  name                        = "TEST"
  comment                     = "test"
  data_retention_time_in_days = 0
}

resource "snowflake_schema" "TEST_DEV" {

  name                = "DEV"
  database            = snowflake_database.TEST.name
  data_retention_days = 0
}

resource "snowflake_row_access_policy" "TEST_POLICY" {

  name     = "TEST_POLICY"
  database = snowflake_database.TEST.name
  schema   = snowflake_schema.TEST_DEV.name

  signature = {
    SOME_VALUE = "NUMBER"
  }

  row_access_expression = <<-EOT
    CASE
      WHEN current_role() IN (
        'SYSADMIN',
        'ACCOUNTADMIN'
      ) THEN true
      ELSE false
    END
  EOT
}

Additional context
terraform apply output:

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # snowflake_row_access_policy.TEST_POLICY will be updated in-place
  ~ resource "snowflake_row_access_policy" "TEST_POLICY" {
        id                    = "TEST|DEV|TEST_POLICY"
        name                  = "TEST_POLICY"
      ~ row_access_expression = <<-EOT
            CASE
              WHEN current_role() IN (
                'SYSADMIN',
                'ACCOUNTADMIN'
              ) THEN true
              ELSE false
            END
        EOT
        # (3 unchanged attributes hidden)
    }

Fast fix:

  lifecycle {
    ignore_changes = [
      row_access_expression
    ]
  }

But Terraform will not update the config if you will change the row_access_expression script
@warchief-t warchief-t added the bug Used to mark issues with provider's incorrect behavior label Jul 22, 2022
@warchief-t warchief-t changed the title snowflake_row_access_policy resource wants to be updated on every terraform apply snowflake_row_access_policy resource wants to be updated on every terraform apply Jul 22, 2022
@warchief-t warchief-t changed the title snowflake_row_access_policy resource wants to be updated on every terraform apply snowflake_row_access_policy resource wants to be updated on every terraform apply command Jul 22, 2022
@sfc-gh-jcieslak sfc-gh-jcieslak added category:resource resource:row_access_policy Issue connected to the snowflake_row_access_policy resource labels May 20, 2024
This was referenced Sep 9, 2024
Closed
Merged
sfc-gh-jmichalak added a commit that referenced this issue Sep 13, 2024
@sfc-gh-jmichalak
feat: Row access policy resource v1 (#3063)
13cd694 
<!-- Feel free to delete comments as you fill this in -->

<!-- summary of changes -->
- add show and desc output
- rename fields
- change signature to arguments
- implement renaming
- fix permadiff on body
- adjust identifiers handling
- adjust examples
- gen resource asserts (config builders are not working because we have
a required list argument)
- improve handling data types
- move parsing signature to sdk
- support proper casing in arg names

## Test Plan
<!-- detail ways in which this PR has been tested or needs to be tested
-->
* [x] acceptance tests
<!-- add more below if you think they are relevant -->
* [ ] …

## References
<!-- issues documentation links, etc  -->
https://docs.snowflake.com/en/sql-reference/sql/create-row-access-policy

#2053

#1151
## TODO (next PR)
- rework data source
sfc-gh-fbudzynski pushed a commit that referenced this issue Sep 19, 2024
@sfc-gh-jmichalak @sfc-gh-fbudzynski
feat: Row access policy resource v1 (#3063)
6c420a4 
<!-- Feel free to delete comments as you fill this in -->

<!-- summary of changes -->
- add show and desc output
- rename fields
- change signature to arguments
- implement renaming
- fix permadiff on body
- adjust identifiers handling
- adjust examples
- gen resource asserts (config builders are not working because we have
a required list argument)
- improve handling data types
- move parsing signature to sdk
- support proper casing in arg names

## Test Plan
<!-- detail ways in which this PR has been tested or needs to be tested
-->
* [x] acceptance tests
<!-- add more below if you think they are relevant -->
* [ ] …

## References
<!-- issues documentation links, etc  -->
https://docs.snowflake.com/en/sql-reference/sql/create-row-access-policy

#2053

#1151
## TODO (next PR)
- rework data source
@sfc-gh-jmichalak
Copy link
Collaborator

Hi, sorry for the late response. We've released v0.96.0, which includes adjusting and fixing row access policies. Please upgrade with the migration guide.

@sfc-gh-jmichalak
Copy link
Collaborator

Closing the issue due to inactivity.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Used to mark issues with provider's incorrect behavior category:resource resource:row_access_policy Issue connected to the snowflake_row_access_policy resource
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@warchief-t @sfc-gh-jcieslak @sfc-gh-jmichalak