Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug]: 2024_07 BCR breaks snowflake_user.foo.default_secondary_roles when unset #3038

Closed
1 task
jrobison-sb opened this issue Sep 3, 2024 · 3 comments · Fixed by #2977
Closed
1 task
Labels
bug Used to mark issues with provider's incorrect behavior

Comments

@jrobison-sb
Copy link
Contributor

jrobison-sb commented Sep 3, 2024

Terraform CLI Version

1.9.1

Terraform Provider Version

0.92.0

Terraform Configuration

resource "snowflake_user" "dev3229" {
  name         = "DEV3229"
  login_name   = "DEV3229"
  comment      = "A user of snowflake."
  disabled     = false
  must_change_password = false

  default_secondary_roles = null
}

Category

category:resource

Object type(s)

snowflake_user

Expected Behavior

default_secondary_roles should be null, and prior to the 2024_07 behavior change, this worked as expected. Additionally, after applying the above infrastructure, a subsequent terraform plan should plan cleanly with no diffs reported, which also worked as expected prior to the behavior change.

Actual Behavior

It's no longer possible to set this at null, or set it to an empty list, without plan diffs.

Steps to Reproduce

  1. Apply the 2024_07 behavior change.
  2. Apply the above HCL which uses default_secondary_roles = null (or which doesn't specify default_secondary_roles at all). This will apply cleanly.
  3. Run a terraform plan and you'll see diffs like this:
  # module.sandbox3_application.snowflake_user.dev3229 will be updated in-place
  ~ resource "snowflake_user" "dev3229" {
      ~ default_secondary_roles = [
          - "ALL",
        ]
        id                      = "DEV3229"
        name                    = (sensitive value)
        # (12 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.
  1. Hmm, that's weird, try applying again maybe?
  2. Now it gets even weirder because now the diff looks like this on every subsequent plan:
  # module.sandbox3_application.snowflake_user.dev3229 will be updated in-place
  ~ resource "snowflake_user" "dev3229" {
      ~ default_secondary_roles = [
          - jsonencode([]),
        ]
        id                      = "DEV3229"
        name                    = (sensitive value)
        # (12 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.
  1. Try setting it to an empty list instead of null. Apply again.
  2. All subsequent diffs still look like this:
  # module.sandbox3_application.snowflake_user.dev3229 will be updated in-place
  ~ resource "snowflake_user" "dev3229" {
      ~ default_secondary_roles = [
          - jsonencode([]),
        ]
        id                      = "DEV3229"
        name                    = (sensitive value)
        # (12 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

How much impact is this issue causing?

Low

Logs

No response

Additional Information

No response

Would you like to implement a fix?

  • Yeah, I'll take it 😎
@jrobison-sb jrobison-sb added the bug Used to mark issues with provider's incorrect behavior label Sep 3, 2024
@sfc-gh-asawicki
Copy link
Collaborator

Hey @jrobison-sb. Thanks for reaching out to us.

We release v0.95 with user resource changes today. I'll check if it needs adjustments to work correctly with this bundle.

sfc-gh-jcieslak pushed a commit that referenced this issue Sep 4, 2024
- fix warehouse resume
- add system functions to enable/disable BCR
- change default secondary roles handling
- address BCR 2024_07 for default secondary roles

References: #3038
sfc-gh-jcieslak pushed a commit that referenced this issue Sep 4, 2024
🤖 I have created a release *beep* *boop*
---


##
[0.95.0](v0.94.1...v0.95.0)
(2024-09-04)


### 🎉 **What's new:**

* Add change_tracking, row access policy and aggregation policy to views
([#2988](#2988))
([1f88bb1](1f88bb1))
* Add fully_qualified_name to all resources
([#2990](#2990))
([1b0462f](1b0462f))
* Add identifier parsers
([#2957](#2957))
([824ec52](824ec52))
* Add identifier with arguments
([#2979](#2979))
([00ae1c5](00ae1c5))
* Add timeouts block to cortex
([#3004](#3004))
([34d764b](34d764b))
* Add user parameters to resource
([#2968](#2968))
([f4ae380](f4ae380))
* Conclude user rework
([#3036](#3036))
([23e4625](23e4625))
* database role v1 readiness
([#3014](#3014))
([c4db255](c4db255))
* Identifier with arguments for procedure and external function
([#2987](#2987))
([f13cc5c](f13cc5c))
* Rework user resource
([#3026](#3026))
([bde2638](bde2638)),
closes
[#1572](#1572)
* Rework users datasource
([#3030](#3030))
([751239b](751239b)),
closes
[#2902](#2902)
* Upgrade view sdk
([#2969](#2969))
([ef2d50a](ef2d50a))
* View rework part 2
([#3021](#3021))
([e05377d](e05377d))
* View rework part 3
([#3023](#3023))
([195b41c](195b41c))


### 🔧 **Misc**

* Add annotation about fully_qualified_name and fix handling granteeName
([#3009](#3009))
([94e6345](94e6345))
* Apply identifier conventions
([#2996](#2996))
([5cbea84](5cbea84))
* apply identifier conventions to grants
([#3008](#3008))
([d7780ae](d7780ae))
* Clean collection utils
([#3028](#3028))
([426ddb1](426ddb1))
* Clean old assertions
([#3029](#3029))
([ad657eb](ad657eb))
* Conclude identifiers rework
([#3011](#3011))
([c1b53f3](c1b53f3))
* Improve user test and add manual test for user default database and
role
([#3035](#3035))
([6cb0b4e](6cb0b4e))
* Use new identifier with arguments in function, external function and
procedure grants
([#3002](#3002))
([5053f8b](5053f8b))
* User improvements
([#3034](#3034))
([65b64d7](65b64d7))


### 🐛 **Bug fixes:**

* database tests and introduce a new parameter
([#2981](#2981))
([3bae7f6](3bae7f6))
* Fix custom diffs for fields with diff supression
([#3032](#3032))
([2499602](2499602))
* Fix default secondary roles after BCR 2024_07
([#3040](#3040))
([2ca465a](2ca465a)),
closes
[#3038](#3038)
* Fix issues 2972 and 3007
([#3020](#3020))
([1772387](1772387))
* Fix known user resource issues
([#3013](#3013))
([a5dfeac](a5dfeac))
* identifier issues
([#2998](#2998))
([6fb76b7](6fb76b7))
* minor issues
([#3027](#3027))
([467b06e](467b06e)),
closes
[#3015](#3015)
[#2807](#2807)
[#3025](#3025)
* Nuke users
([#2971](#2971))
([0d90cc9](0d90cc9))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: snowflake-release-please[bot] <105954990+snowflake-release-please[bot]@users.noreply.github.com>
@sfc-gh-asawicki
Copy link
Collaborator

Hey @jrobison-sb. We have just released v0.95.0 of the provider.

default_secondary_roles were replaced with default_secondary_roles_option. Please consult the migration guide.

@sfc-gh-asawicki
Copy link
Collaborator

Closing the issue due to inactivity. Please create a new one if the issue persists in the newest version of the provider.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Used to mark issues with provider's incorrect behavior
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants