Merge branch 'Snowflake-Labs:main' into add-authentication-policies

Snowflake-Labs · Oct 3, 2024 · bc8534a · bc8534a
2 parents db00798 + b0a67e6
commit bc8534a
Show file tree

Hide file tree

Showing 106 changed files with 7,823 additions and 1,392 deletions.
diff --git a/.github/ISSUE_TEMPLATE/01-bug.yml b/.github/ISSUE_TEMPLATE/01-bug.yml
@@ -134,6 +134,7 @@ body:
         - resource:sequence
         - resource:session_parameter
         - resource:share
+        - resource:shared_database
         - resource:stage
         - resource:storage_integration
         - resource:stream

diff --git a/.github/ISSUE_TEMPLATE/02-general-usage.yml b/.github/ISSUE_TEMPLATE/02-general-usage.yml
@@ -132,6 +132,7 @@ body:
         - resource:sequence
         - resource:session_parameter
         - resource:share
+        - resource:shared_database
         - resource:stage
         - resource:storage_integration
         - resource:stream

diff --git a/.github/ISSUE_TEMPLATE/03-documentation.yml b/.github/ISSUE_TEMPLATE/03-documentation.yml
@@ -66,6 +66,7 @@ body:
         - resource:sequence
         - resource:session_parameter
         - resource:share
+        - resource:shared_database
         - resource:stage
         - resource:storage_integration
         - resource:stream
@@ -151,4 +152,4 @@ body:
       label: Would you like to implement a fix?
       description: If you plan to implement a fix for this, check this box to let the maintainers and community know (you can update this later if you change your mind).
       options:
-        - label: Yeah, I'll take it 😎
+        - label: Yeah, I'll take it 😎
diff --git a/.github/ISSUE_TEMPLATE/04-feature-request.yml b/.github/ISSUE_TEMPLATE/04-feature-request.yml
@@ -102,6 +102,7 @@ body:
         - resource:sequence
         - resource:session_parameter
         - resource:share
+        - resource:shared_database
         - resource:stage
         - resource:storage_integration
         - resource:stream

diff --git a/CREATING_ISSUES.md b/CREATING_ISSUES.md
@@ -22,33 +22,34 @@
   * [Incorrect account identifier (snowflake_database.from_share)](#incorrect-account-identifier-snowflake_databasefrom_share)
   * [Granting on Functions or Procedures](#granting-on-functions-or-procedures)
   * [Infinite diffs, empty privileges, errors when revoking on grant resources](#infinite-diffs-empty-privileges-errors-when-revoking-on-grant-resources)
+  * [Granting PUBLIC role fails](#granting-public-role-fails)
 
-This guide was made to aid with creating the GitHub issues, so you can maximize your chances of getting help as quickly as possible. 
+This guide was made to aid with creating the GitHub issues, so you can maximize your chances of getting help as quickly as possible.
 To correctly report the issue, we suggest going through the following steps.
 
 ### 1. Check the existing GitHub issues.
-Please, go to the [provider’s issues page](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues) and search if there is any other similar issue to the one you would like to report. 
-This helps us to keep all relevant information in one place, including any potential workarounds. 
-If you are unsure how to do it, [here](https://docs.github.com/en/issues/tracking-your-work-with-issues/filtering-and-searching-issues-and-pull-requests) is a quick guide showing different filtering options available on GitHub. 
-It’s good to search by keywords (like **IMPORTED_PRIVILEGES**) or affected resource names (like **snowflake_database**) for quick and effective results. 
+Please, go to the [provider’s issues page](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues) and search if there is any other similar issue to the one you would like to report.
+This helps us to keep all relevant information in one place, including any potential workarounds.
+If you are unsure how to do it, [here](https://docs.github.com/en/issues/tracking-your-work-with-issues/filtering-and-searching-issues-and-pull-requests) is a quick guide showing different filtering options available on GitHub.
+It’s good to search by keywords (like **IMPORTED_PRIVILEGES**) or affected resource names (like **snowflake_database**) for quick and effective results.
 Remember to search through open and closed issues, because there may be a chance we have already fixed the issue, and it’s working in the latest version of the provider.
 
 ### 2. Go through the frequently asked questions and commonly known issues.
-We’ve put together a list of frequently asked questions ([FAQ](#faq)) and [commonly known issues](#commonly-known-issues). 
+We’ve put together a list of frequently asked questions ([FAQ](#faq)) and [commonly known issues](#commonly-known-issues).
 Please check, If the answer you're looking for is in one of the lists.
 
 ### 3. Check the official Snowflake documentation
 It’s common for some Snowflake objects to have special cases of usage in some scenarios.
 Mostly, they are not validated in the provider for various reasons.
 All of them can result in errors during `terraform plan` or `terraform apply`.
 For those reasons, it’s worth to check [the official Snowflake documentation](https://docs.snowflake.com/) before assuming it’s a provider issue.
-Depending on the situation where an error occurred a corresponding [SQL command](https://docs.snowflake.com/en/sql-reference-commands) should be looked at. 
+Depending on the situation where an error occurred a corresponding [SQL command](https://docs.snowflake.com/en/sql-reference-commands) should be looked at.
 Especially take a closer look at the “usage notes” section ([for example](https://docs.snowflake.com/en/sql-reference/sql/grant-ownership#usage-notes)) where all the special cases should be listed.
 
 ### 4. Choose the correct template and use as much information as possible.
-Currently, we have a few predefined templates for different types of GitHub issues. 
-Choose the appropriate one for your use case ([create an issue](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/new/choose)). 
-Remember to provide as much information as possible when filling out the forms, especially category and object types which appear in almost every template. 
+Currently, we have a few predefined templates for different types of GitHub issues.
+Choose the appropriate one for your use case ([create an issue](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/new/choose)).
+Remember to provide as much information as possible when filling out the forms, especially category and object types which appear in almost every template.
 That way we will be able to categorize the issues and plan future improvements. When filling out corresponding templates you need to remember the following:
 - Bug - It’s important to know the root cause of the issue, that is why we encourage you to fill out the optional fields If you think they can be essential in the analysis. That way we will be able to answer or fix the issue without asking for additional context.
 - General Usage - Like in the case of bugs, any additional context can speed up the process.
@@ -62,8 +63,8 @@ It depends on the status of the feature. Snowflake marks features as follows:
 - Public Preview (PuPr)
 - Generally Available (GA)
 
-Currently, our main focus is on making the provider stable with the most stable GA features, 
-but please take a closer look at our recently updated [roadmap](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/ROADMAP.md#05052024-roadmap-overview) 
+Currently, our main focus is on making the provider stable with the most stable GA features,
+but please take a closer look at our recently updated [roadmap](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/ROADMAP.md#05052024-roadmap-overview)
 which describes our priorities for the next quarters.
 
 ### When will my bug report be fixed/released?
@@ -76,26 +77,26 @@ The releases are usually happening once every two weeks, mostly done on Wednesda
 
 ### How to migrate from version X to Y?
 As noted at the top of our [README](https://github.com/Snowflake-Labs/terraform-provider-snowflake?tab=readme-ov-file#snowflake-terraform-provider),
-the project is still experimental and breaking change may occur. We try to minimize such changes, but with some of the changes required for version 1.0.0, it’s inevitable. 
-Because of that, whenever we introduce any breaking change, we add it to the [migration guide](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md). 
+the project is still experimental and breaking change may occur. We try to minimize such changes, but with some of the changes required for version 1.0.0, it’s inevitable.
+Because of that, whenever we introduce any breaking change, we add it to the [migration guide](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md).
 It’s a document containing every breaking change (starting from around v0.73.0) with additional hints on how to migrate resources between the versions.
 
 ### What are the current/future plans for the provider?
-Our current plans are documented in the publicly available [roadmap](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/ROADMAP.md) that you can find in our repository. 
+Our current plans are documented in the publicly available [roadmap](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/ROADMAP.md) that you can find in our repository.
 We will be updating it to keep you posted on what’s coming for the provider.
 
 ### How can I contribute?
 If you would like to contribute to the project, please follow our [contribution guidelines](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/CONTRIBUTING.md).
 
 ### How can I debug the issue myself?
-The provider is simply an abstraction issuing SQL commands through the Go Snowflake driver, so most of the errors will be connected to incorrectly built or executed SQL statements. 
-To see what SQLs are being run you have to set the `TF_LOG=DEBUG` environment variable. 
+The provider is simply an abstraction issuing SQL commands through the Go Snowflake driver, so most of the errors will be connected to incorrectly built or executed SQL statements.
+To see what SQLs are being run you have to set the `TF_LOG=DEBUG` environment variable.
 To confirm the correctness of the SQLs, refer to the [official Snowflake documentation](https://docs.snowflake.com/).
 
 ### How can I import already existing Snowflake infrastructure into Terraform?
-Please refer to [this document](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/docs/technical-documentation/resource_migration.md#3-two-options-from-here) 
-as it describes different approaches of importing the existing Snowflake infrastructure into Terrafrom as configuration. 
-One thing worth noting is that some approaches can be automated by scripts interacting with Snowflake and generating needed configuration blocks, 
+Please refer to [this document](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/docs/technical-documentation/resource_migration.md#3-two-options-from-here)
+as it describes different approaches of importing the existing Snowflake infrastructure into Terrafrom as configuration.
+One thing worth noting is that some approaches can be automated by scripts interacting with Snowflake and generating needed configuration blocks,
 which is highly recommended for large-scale migrations.
 
 ### What identifiers are valid inside the provider and how to reference one resource inside the other one?
@@ -193,7 +194,7 @@ You may encounter the following error:
 
 **Related issues:** [#2375](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2375), [#2922](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2922)
 
-**Solution:** Specify the arguments in the `object_name`: 
+**Solution:** Specify the arguments in the `object_name`:
 
 ```terraform
 resource "snowflake_grant_privileges_to_account_role" "grant_on_procedure" {
@@ -226,3 +227,31 @@ we filter on, it needs to exactly match with the output provided by `SHOW GRANTS
     - Change the `object_type` to correct value.
     - Import the state from Snowflake using `terraform import`.
   - Remove the grant configuration and after `terraform apply` put it back with the correct `object_type` (requires revoking).
+
+### Granting PUBLIC role fails
+**Problem:** When you try granting PUBLIC role, like:
+```terraform
+resource "snowflake_account_role" "any_role" {
+  name = "ANY_ROLE"
+}
+
+resource "snowflake_grant_account_role" "this_is_a_bug" {
+  parent_role_name = snowflake_account_role.any_role.name
+  role_name        = "PUBLIC"
+}
+```
+Terraform may fail with:
+```
+╷
+│ Error: Provider produced inconsistent result after apply
+│
+│ When applying changes to snowflake_grant_account_role.this_is_a_bug, provider "provider["registry.terraform.io/snowflake-labs/snowflake"]" produced an
+│ unexpected new value: Root object was present, but now absent.
+│
+│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
+╵
+```
+
+**Related issues:** [#3001](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/3001), [#2848](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2848)
+
+**Solution:** This happens, because the PUBLIC role is a "pseudo-role" (see [docs](https://docs.snowflake.com/en/user-guide/security-access-control-overview#system-defined-roles)) that is already assigned to every role and user, so there is no need to grant it through Terraform. If you have an issue with removing the resources please use `terraform state rm <id>` to remove the resource from the state (and you can safely remove the configuration).
diff --git a/MIGRATION_GUIDE.md b/MIGRATION_GUIDE.md
@@ -4,6 +4,9 @@ This document is meant to help you migrate your Terraform config to the new newe
 describe deprecations or breaking changes and help you to change your configuration to keep the same (or similar) behavior
 across different versions.
 
+> [!TIP]
+> We highly recommend upgrading the versions one by one instead of bulk upgrades.
+
 ## v0.95.0 ➞ v0.96.0
 
 ### snowflake_masking_policies data source changes

diff --git a/docs/resources/grant_account_role.md b/docs/resources/grant_account_role.md
@@ -43,7 +43,7 @@ resource "snowflake_user" "user" {
 }
 
 resource "snowflake_grant_account_role" "g" {
-  role_name = snowflake_role.role.name
+  role_name = snowflake_account_role.role.name
   user_name = snowflake_user.user.name
 }
 ```

diff --git a/docs/resources/shared_database.md b/docs/resources/shared_database.md
@@ -51,8 +51,6 @@ resource "snowflake_shared_database" "test" {
   from_share   = "<primary_account_organization_name>.<primary_account_name>.${snowflake_share.test.name}"
   comment      = "A shared database"
 
-  data_retention_time_in_days                   = 10
-  max_data_extension_time_in_days               = 20
   external_volume                               = "<external_volume_name>"
   catalog                                       = "<catalog_name>"
   replace_invalid_characters                    = false

diff --git a/docs/resources/view.md b/docs/resources/view.md
@@ -9,6 +9,8 @@ description: |-
 
 !> **Note about copy_grants** Fields like `is_recursive`, `is_temporary`, `copy_grants` and `statement` can not be ALTERed on Snowflake side (check [docs](https://docs.snowflake.com/en/sql-reference/sql/alter-view)), and a change means recreation of the resource. ForceNew can not be used because it does not preserve grants from `copy_grants`. Beware that even though a change is marked as update, the resource is recreated.
 
+!> Due to Snowflake limitations, to properly compute diff on `statement` field, the provider parses a `text` field which contains the whole CREATE query used to create the resource. We recommend not using special characters, especially `(`, `,`, `)` in any of the fields, if possible.
+
 ~> **Required warehouse** For this resource, the provider uses [policy references](https://docs.snowflake.com/en/sql-reference/functions/policy_references) which requires a warehouse in the connection. Please, make sure you have either set a DEFAULT_WAREHOUSE for the user, or specified a warehouse in the provider configuration.
 
 # snowflake_view (Resource)

diff --git a/examples/resources/snowflake_grant_account_role/resource.tf b/examples/resources/snowflake_grant_account_role/resource.tf
@@ -29,6 +29,6 @@ resource "snowflake_user" "user" {
 }
 
 resource "snowflake_grant_account_role" "g" {
-  role_name = snowflake_role.role.name
+  role_name = snowflake_account_role.role.name
   user_name = snowflake_user.user.name
 }
diff --git a/examples/resources/snowflake_shared_database/resource.tf b/examples/resources/snowflake_shared_database/resource.tf
@@ -35,8 +35,6 @@ resource "snowflake_shared_database" "test" {
   from_share   = "<primary_account_organization_name>.<primary_account_name>.${snowflake_share.test.name}"
   comment      = "A shared database"
 
-  data_retention_time_in_days                   = 10
-  max_data_extension_time_in_days               = 20
   external_volume                               = "<external_volume_name>"
   catalog                                       = "<catalog_name>"
   replace_invalid_characters                    = false

diff --git a/pkg/acceptance/bettertestspoc/README.md b/pkg/acceptance/bettertestspoc/README.md
@@ -342,3 +342,10 @@ func (w *WarehouseDatasourceShowOutputAssert) IsEmpty() {
 - support the rest of attribute types in config model builders (TODO left in `config/model/gen/model.go`)
 - parametrize test client helper used - integration versus acceptance tests - this has to be changed in the generator too (TODO left in `assert/objectassert/user_snowflake_ext.go`)
 - Omit computed fields in the model (like FullyQualifiedName), because it doesn't make sense to set them
+- There's an error when generating models, steps to reproduce:
+  - Go to view resource code and change `data_metric_function` field to `testing` and make it required
+  - During the generation, the following error appears: mixed named and unnamed parameters. 
+    It's a golang error indicating that the parameter has both unnamed and named parameters in function (e.g. `func(abc string, int)`).
+    The error is a result of both things:
+    1. Lists of objects are partially generated, and only parameter name is generated in some functions (the type has to be added manually).
+    2. `testing` is a package name that makes Go think that we want to have unnamed parameter there, but we just didn't generate the type for that field in the function argument.
diff --git a/pkg/acceptance/bettertestspoc/assert/objectassert/gen/sdk_object_def.go b/pkg/acceptance/bettertestspoc/assert/objectassert/gen/sdk_object_def.go
@@ -57,6 +57,21 @@ var allStructs = []SdkObjectDef{
 		ObjectType:   sdk.ObjectTypeAuthenticationPolicy,
 		ObjectStruct: sdk.AuthenticationPolicy{},
 	},
+	{
+		IdType:       "sdk.SchemaObjectIdentifier",
+		ObjectType:   sdk.ObjectTypeTask,
+		ObjectStruct: sdk.Task{},
+	},
+	{
+		IdType:       "sdk.SchemaObjectIdentifier",
+		ObjectType:   sdk.ObjectTypeSecret,
+		ObjectStruct: sdk.Secret{},
+	},
+	{
+		IdType:       "sdk.SchemaObjectIdentifier",
+		ObjectType:   sdk.ObjectTypeStream,
+		ObjectStruct: sdk.Stream{},
+	},
 }
 
 func GetSdkObjectDetails() []genhelpers.SdkObjectDetails {