diff --git a/docs/index.md b/docs/index.md index 31e89532d9..0c8dcee945 100644 --- a/docs/index.md +++ b/docs/index.md @@ -14,10 +14,11 @@ Coverage is focused on part of Snowflake related to access control. ```terraform provider "snowflake" { // required - account = "..." # the Snowflake account identifier username = "..." + account = "..." + region = "..." - // optional, exactly one must be set + // optional, at exactly one must be set password = "..." oauth_access_token = "..." private_key_path = "..." @@ -30,7 +31,6 @@ provider "snowflake" { oauth_redirect_url = "..." // optional - region = "..." # required if using legacy format for account identifier role = "..." host = "..." warehouse = "..." @@ -46,8 +46,8 @@ provider "snowflake" { ### Required -- `account` (String) The Snowflake [account identifier](https://docs.snowflake.com/en/user-guide/admin-account-identifier.html). The [preferred](https://docs.snowflake.com/en/user-guide/admin-account-identifier.html#format-1-preferred-account-name-in-your-organization) format uses `-` as the value. If the `account_locator` is used as the value, then the `region` is required to complete the [legacy](https://docs.snowflake.com/en/user-guide/admin-account-identifier.html#format-2-legacy-account-locator-in-a-region) format. Can be sourced from the `SNOWFLAKE_ACCOUNT` environment variable. -- `username` (String) Username for username+password authentication. Can be sourced from the `SNOWFLAKE_USER` environment variable. +- `account` (String) The name of the Snowflake account. Can also come from the `SNOWFLAKE_ACCOUNT` environment variable. +- `username` (String) Username for username+password authentication. Can come from the `SNOWFLAKE_USER` environment variable. ### Optional @@ -59,14 +59,14 @@ provider "snowflake" { - `oauth_endpoint` (String, Sensitive) Required when `oauth_refresh_token` is used. Can be sourced from `SNOWFLAKE_OAUTH_ENDPOINT` environment variable. - `oauth_redirect_url` (String, Sensitive) Required when `oauth_refresh_token` is used. Can be sourced from `SNOWFLAKE_OAUTH_REDIRECT_URL` environment variable. - `oauth_refresh_token` (String, Sensitive) Token for use with OAuth. Setup and generation of the token is left to other tools. Should be used in conjunction with `oauth_client_id`, `oauth_client_secret`, `oauth_endpoint`, `oauth_redirect_url`. Cannot be used with `browser_auth`, `private_key_path`, `oauth_access_token` or `password`. Can be sourced from `SNOWFLAKE_OAUTH_REFRESH_TOKEN` environment variable. -- `password` (String, Sensitive) Password for username+password auth. Cannot be used with `browser_auth` or `private_key_path`. Can be sourced from `SNOWFLAKE_PASSWORD` environment variable. +- `password` (String, Sensitive) Password for username+password auth. Cannot be used with `browser_auth` or `private_key_path`. Can be source from `SNOWFLAKE_PASSWORD` environment variable. - `port` (Number) Support custom port values to snowflake go driver for use with privatelink. Can be sourced from `SNOWFLAKE_PORT` environment variable. -- `private_key` (String, Sensitive) Private Key for username+private-key auth. Cannot be used with `browser_auth` or `password`. Can be sourced from `SNOWFLAKE_PRIVATE_KEY` environment variable. +- `private_key` (String, Sensitive) Private Key for username+private-key auth. Cannot be used with `browser_auth` or `password`. Can be source from `SNOWFLAKE_PRIVATE_KEY` environment variable. - `private_key_passphrase` (String, Sensitive) Supports the encryption ciphers aes-128-cbc, aes-128-gcm, aes-192-cbc, aes-192-gcm, aes-256-cbc, aes-256-gcm, and des-ede3-cbc -- `private_key_path` (String, Sensitive) Path to a private key for using keypair authentication. Cannot be used with `browser_auth`, `oauth_access_token` or `password`. Can be sourced from `SNOWFLAKE_PRIVATE_KEY_PATH` environment variable. +- `private_key_path` (String, Sensitive) Path to a private key for using keypair authentication. Cannot be used with `browser_auth`, `oauth_access_token` or `password`. Can be source from `SNOWFLAKE_PRIVATE_KEY_PATH` environment variable. - `protocol` (String) Support custom protocols to snowflake go driver. Can be sourced from `SNOWFLAKE_PROTOCOL` environment variable. -- `region` (String) [Snowflake region](https://docs.snowflake.com/en/user-guide/intro-regions.html) to use. Required if using the [legacy format for the `account` identifier](https://docs.snowflake.com/en/user-guide/admin-account-identifier.html#format-2-legacy-account-locator-in-a-region) in the form of `.`. Can be sourced from the `SNOWFLAKE_REGION` environment variable. -- `role` (String) Snowflake role to use for operations. If left unset, default role for user will be used. Can be sourced from the `SNOWFLAKE_ROLE` environment variable. +- `region` (String) [Snowflake region](https://docs.snowflake.com/en/user-guide/intro-regions.html) to use. Can be source from the `SNOWFLAKE_REGION` environment variable. +- `role` (String) Snowflake role to use for operations. If left unset, default role for user will be used. Can come from the `SNOWFLAKE_ROLE` environment variable. - `warehouse` (String) Sets the default warehouse. Optional. Can be sourced from SNOWFLAKE_WAREHOUSE environment variable. ## Authentication @@ -79,7 +79,7 @@ The Snowflake provider support multiple ways to authenticate: * Browser Auth * Private Key -In all cases account and username are required. +In all cases account, username, and region are required. ### Keypair Authentication Environment Variables diff --git a/pkg/resources/file_format.go b/pkg/resources/file_format.go index 014a8c9238..daaee3b9f1 100644 --- a/pkg/resources/file_format.go +++ b/pkg/resources/file_format.go @@ -4,6 +4,7 @@ import ( "bytes" "database/sql" "encoding/csv" + "errors" "fmt" "log" "strings" @@ -537,7 +538,7 @@ func ReadFileFormat(d *schema.ResourceData, meta interface{}) error { row := snowflake.QueryRow(db, ff) f, err := snowflake.ScanFileFormatShow(row) - if err == sql.ErrNoRows { + if errors.Is(err, sql.ErrNoRows) { // If not found, mark resource to be removed from statefile during apply or refresh log.Printf("[DEBUG] file_format (%s) not found", d.Id()) d.SetId("") diff --git a/pkg/resources/file_format_test.go b/pkg/resources/file_format_test.go index 8f18e9dedc..862425a730 100644 --- a/pkg/resources/file_format_test.go +++ b/pkg/resources/file_format_test.go @@ -73,7 +73,6 @@ func expectReadFileFormat(mock sqlmock.Sqlmock) { mock.ExpectQuery(`^SHOW FILE FORMATS LIKE 'test_file_format' IN SCHEMA "test_db"."test_schema"$`).WillReturnRows(rows) } - func TestFileFormatWhenMissing(t *testing.T) { r := require.New(t) @@ -98,4 +97,4 @@ func TestFileFormatWhenMissing(t *testing.T) { r.Empty(d.State()) r.Nil(err) }) -} \ No newline at end of file +} diff --git a/pkg/snowflake/table_constraint.go b/pkg/snowflake/table_constraint.go index 9f0c0c736c..6fcae4eb88 100644 --- a/pkg/snowflake/table_constraint.go +++ b/pkg/snowflake/table_constraint.go @@ -221,7 +221,8 @@ type tableConstraint struct { // Show returns the SQL query that will show a table constraint by ID. func ShowTableConstraint(name, tableDB, tableSchema, tableName string, db *sql.DB) (*tableConstraint, error) { - rows, err := db.Query(`SELECT * FROM SNOWFLAKE.INFORMATION_SCHEMA.TABLE_CONSTRAINTS WHERE TABLE_NAME = '?' AND TABLE_SCHEMA = '?' AND TABLE_CATALOG = '?' AND CONSTRAINT_NAME = '?'`, + stmt := `SELECT * FROM SNOWFLAKE.INFORMATION_SCHEMA.TABLE_CONSTRAINTS WHERE TABLE_NAME = '?' AND TABLE_SCHEMA = '?' AND TABLE_CATALOG = '?' AND CONSTRAINT_NAME = '?'` + rows, err := db.Query(stmt, tableName, tableSchema, tableDB, name) if err != nil { return nil, err diff --git a/pkg/snowflake/tag_association.go b/pkg/snowflake/tag_association.go index 87b819dc7d..4b9d24351f 100644 --- a/pkg/snowflake/tag_association.go +++ b/pkg/snowflake/tag_association.go @@ -96,7 +96,8 @@ func ScanTagAssociation(row *sqlx.Row) (*tagAssociation, error) { } func ListTagAssociations(tb *TagAssociationBuilder, db *sql.DB) ([]tagAssociation, error) { - rows, err := db.Query(`SELECT SYSTEM$GET_TAG('"?"."?"."?"', '?', '?') TAG_VALUE WHERE TAG_VALUE IS NOT NULL`, + stmt := `SELECT SYSTEM$GET_TAG('"?"."?"."?"', '?', '?') TAG_VALUE WHERE TAG_VALUE IS NOT NULL` + rows, err := db.Query(stmt, tb.databaseName, tb.schemaName, tb.tagName, tb.objectIdentifier, tb.objectType) if err != nil { return nil, err