Unable to import snowflake procedure grant #1875
Labels
Comments
3 tasks
sfc-gh-jcieslak
added a commit
that referenced
this issue
Mar 14, 2024
The first part of the implementation of the `snowflake_grant_ownership` resource. This is a "basic" version of this resource providing baseline functionalities needed to transfer ownership in Terraform. In the next pull request, I'll add all of the edge cases we have to cover (most of them are described [here](https://docs.snowflake.com/en/sql-reference/sql/grant-ownership#usage-notes)). Changes made: - Created a new `snowflake_grant_ownership` resource with CRUD operations implemented (still there are TODOs left for discussion) - Added examples and documentation needed for the resource and its identifier Things to do before the merge: - remove `snowflake_grant_ownership` from the provider.go TODO in the next pr(s): - Add deprecation messages to old grant resources specifically made for granting ownership - Add edge cases and test them (and if needed describe them in the documentation and add examples) - Add `setId("")` in read and forcefully grant ownership in Create operation - Referring to [comment](#2604 (comment)), test different cases where the Delete operation may struggle with - Test outside of Terraform interactions to see how it behaves in different situations ## Test Plan * [x] acceptance tests * [x] unit tests for the resource identifier conversions from/to String representation * [x] unit tests for the helper functions needed by resource CRUD operations ## References * [GRANT OWNERSHIP](https://docs.snowflake.com/en/sql-reference/sql/grant-ownership) ## Mentioned in A list of issues requesting this resource (a big probability there's more); notify after part 2 will be done. - #2549 - #2199 - #2084 - #1942 - #1875
sfc-gh-swinkler
pushed a commit
that referenced
this issue
Mar 19, 2024
🤖 I have created a release *beep* *boop* --- ## [0.87.3-pre](v0.87.2...v0.87.3-pre) (2024-03-18) ### 🎉 **What's new:** * Add snowflake grant ownership resource ([#2604](#2604)) ([bfadd24](bfadd24)), closes [#2549](#2549) [#2199](#2199) [#2084](#2084) [#1942](#1942) [#1875](#1875) ### 🔧 **Misc** * Fix env variables for tests ([#2603](#2603)) ([8bc2437](8bc2437)) * release 0.87.3-pre ([a2be7b9](a2be7b9)) ### 🐛 **Bug fixes:** * alter table column data type ([#2607](#2607)) ([538b6dc](538b6dc)) * cgo goreleaser alt solution ([#2613](#2613)) ([5d31856](5d31856)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: snowflake-release-please[bot] <105954990+snowflake-release-please[bot]@users.noreply.github.com>
1 task
sfc-gh-jcieslak
added a commit
that referenced
this issue
Apr 3, 2024
A follow-up for #2604. Done in this pr: - Add setId("") in Read (when ownership is not found on the target object) and forcefully grant ownership in Create (this was already present, but added test cases for it). - Edge cases - Granting `ON PIPE` and `ON ALL PIPES` is handled (pipes are paused before and resumed after ownership transfer) Full list of things that still need to be done: - Deprecation messages - More documentation (explain how grant_ownership resource handles edge cases) and examples that would show simple usage, edge cases, cases where the resource may cause trouble - Referring to #2604 (comment), test different cases where the Delete operation may struggle with - Test outside of Terraform interactions to see how it behaves in different situations - A test where used role is not privileged enough to transfer ownership - Also cases within Terraform to see how grant_ownership will act with other grant resources within certain configurations - Edge cases - Granting `ON TASK` - Use `VIEW` when granting on `MATERIALIZED VIEW` - Granting `ON EXTERNAL TABLES` ## References [GRANT OWNERSHIP](https://docs.snowflake.com/en/sql-reference/sql/grant-ownership) ## Mentioned in A list of issues requesting this resource: #2549 #2199 #2084 #1942 #1875
sfc-gh-jcieslak
added a commit
that referenced
this issue
Apr 8, 2024
A follow-up for #2604. Done in this pr: - All of the edge cases handled and tested (except of tasks that are done in the separate pr): - Materialized views (already handled by Snowflake no changes needed) - RBAC hierarchy (test case added) - Delete dependent resource (role or granted object) and remove grant resource from the state (test case added) Won't do: - External tables (cannot handle this edge case, because we have to know the auto_refresh state of the external table; it's not retrievable by SHOW or DESC commands. It will be still possible to grant ownership of the external table, but there may be additional manual work to do afterward. Everything is documented.) ## Test Plan <!-- detail ways in which this PR has been tested or needs to be tested --> * [x] acceptance tests that show how the resource is handling certain edge cases + RBAC use case ## References [GRANT OWNERSHIP](https://docs.snowflake.com/en/sql-reference/sql/grant-ownership) ## Mentioned in A list of issues requesting this resource: #2549 #2199 #2084 #1942 #1875
|
Hey 👋 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Provider Version
Sowflake provider version : v0.64.0
AWS Provider Version : v5.1.0
Terraform Version
Terraform version : v1.4.6
Describe the bug
On trying to import the snowflake procedure grant I am getting the error as
Error: incorrect ID format (expecting database_name|schema_name|procedure_name|argument_data_types|privilege|with_grant_option|on_future|roles|shares)Expected behavior
The grant attached to the snowflake procedure must be successfully imported
Code samples and commands
Resource in main.tf file :
resource "snowflake_procedure_grant" "DEV_SP_PURGE_EXCLUSION_CHECK_GRANT" { }Import Command :
terraform import snowflake_procedure_grant.DEV_SP_PURGE_EXCLUSION_CHECK_GRANT "DEV_DWH|ANALYTICS_SB|SP_PURGE_EXCLUSION_CHECK|[]|OWNERSHIP|true|false|DEV_ANALYTICS_SB_CREATE_ROLE|[]"Additional context
I have tried with upgrading the Snowflake provider version to the latest one but the issue is the same.
Add any other context about the problem here.
While debugging this issue, I tried importing the grant as a new resource instead of importing, and even there I faced an error with the attribute with_grant_option. It gave me an error stating
with_grant_option conflicts with procedure nameerrorThe text was updated successfully, but these errors were encountered: