-
Notifications
You must be signed in to change notification settings - Fork 418
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
snowflake_grant_ownership
fails to operate on database roles
#2700
Labels
bug
Used to mark issues with provider's incorrect behavior
category:grants
resource:grant_ownership
Issue connected to the snowflake_grant_ownership resource
Comments
sgrzemski
added a commit
to sgrzemski/terraform-provider-snowflake
that referenced
this issue
Apr 11, 2024
The Grants.Show returns GrantedOn == "ROLE" (same in Snowflake UI), but this checks compares "DATABASE ROLE" to "ROLE" and it fails to create the ownership resource.
sgrzemski
added a commit
to sgrzemski/terraform-provider-snowflake
that referenced
this issue
Apr 11, 2024
The Grants.Show returns GrantedOn == "ROLE" (same in Snowflake UI), but this checks compares "DATABASE ROLE" to "ROLE" and it fails to create the ownership resource.
@sgrzemski The fix will be most likely released tomorrow |
sfc-gh-jcieslak
added a commit
that referenced
this issue
Apr 16, 2024
A fix for #2700. Changed expected granted_on when it's equal to the database role. Acceptance test added.
Hey, we released a new provider version: https://github.com/Snowflake-Labs/terraform-provider-snowflake/releases/tag/v0.89.0. Please bump and confirm that it works. |
sfc-gh-jcieslak
added
resource:grant_ownership
Issue connected to the snowflake_grant_ownership resource
category:grants
labels
May 20, 2024
Hey @sgrzemski |
Sure thing, works like a charm. |
Great, closing the ticket then. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
bug
Used to mark issues with provider's incorrect behavior
category:grants
resource:grant_ownership
Issue connected to the snowflake_grant_ownership resource
Terraform CLI and Provider Versions
terraform cli:
provider versions:
0.88.0
Terraform Configuration
Expected Behavior
Ownership of a database role is properly changed.
Actual Behavior
The ownership of a database role is in fact changed, but then the provider fails to verify the ownership:
The issue clearly comes from https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/pkg/resources/grant_ownership.go#L392, which is executed here: https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/pkg/resources/grant_ownership.go#L237. The providers fails to properly read the grants of the database role. The query to retrieve the grants is being formatted properly (
show grants on database role...
).Steps to Reproduce
Just run the ownership change on a database role.
How much impact is this issue causing?
High
Logs
No response
Additional Information
I am using two providers, one env oriented sysadmin, one env oriented useradmin. I am trying to change an ownership of a database role from sysadmin (who created it) to useradmin. It changes the ownership, but it fails to verify the changes afterwards.
I think the problem is here: https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/pkg/resources/grant_ownership.go#L377, the
GranteeName
does not have the Name() method, in opposition to AccountRoleName.The text was updated successfully, but these errors were encountered: