Merge branch 'main' into secret-type-external-change

CREATING_ISSUES.md

@@ -202,7 +202,20 @@ resource "snowflake_grant_privileges_to_account_role" "grant_on_procedure" {
   account_role_name = snowflake_account_role.name
   on_schema_object {
     object_type = "PROCEDURE"
-    object_name = "\"${snowflake_database.database.name}\".\"${snowflake_schema.schema.name}\".\"${snowflake_procedure.procedure.name}(NUMBER, VARCHAR)\""
+    object_name = "\"${snowflake_database.database.name}\".\"${snowflake_schema.schema.name}\".\"${snowflake_procedure.procedure.name}\"(NUMBER, VARCHAR)"
+  }
+}
+```
+
+If you manage the procedure in Terraform, you can use `fully_qualified_name` field:
+
+```terraform
+resource "snowflake_grant_privileges_to_account_role" "grant_on_procedure" {
+  privileges        = ["USAGE"]
+  account_role_name = snowflake_account_role.name
+  on_schema_object {
+    object_type = "PROCEDURE"
+    object_name = snowflake_procedure.procedure_name.fully_qualified_name
   }
 }
 ```

MIGRATION_GUIDE.md

@@ -9,23 +9,61 @@ across different versions.
 
 ## v0.97.0 ➞ v0.98.0
 
+### *(behavior change)* handling copy_grants
+Currently, resources like `snowflake_view`, `snowflake_stream_on_table`, `snowflake_stream_on_external_table` and `snowflake_stream_on_directory_table`  support `copy_grants` field corresponding with `COPY GRANTS` during `CREATE`. The current behavior is that, when a change leading for recreation is detected (meaning a change that can not be handled by ALTER, but only by `CREATE OR REPLACE`), `COPY GRANTS` are used during recreation when `copy_grants` is set to `true`. Changing this field without changes in other field results in a noop because in this case there is no need to recreate a resource.
+
+### *(new feature)* recovering stale streams
+Starting from this version, the provider detects stale streams for `snowflake_stream_on_table`, `snowflake_stream_on_external_table` and `snowflake_stream_on_directory_table` and recreates them (optionally with `copy_grants`) to recover them. To handle this correctly, a new computed-only field `stale` has been added to these resource, indicating whether a stream is stale.
+
+### *(new feature)* snowflake_stream_on_directory_table resource
+Continuing changes made in [v0.97](#v0960--v0970), the new resource `snowflake_stream_on_directory_table` has been introduced to replace the previous `snowflake_stream` for streams on directory tables.
+
+To use the new `stream_on_directory_table`, change the old `stream` from
+```terraform
+resource "snowflake_stream" "stream" {
+  name     = "stream"
+  schema   = "schema"
+  database = "database"
+
+  on_stage    = snowflake_stage.stage.fully_qualified_name
+
+  comment = "A stream."
+}
+```
+
+to
+
+```terraform
+resource "snowflake_stream_on_directory_table" "stream" {
+  name     = "stream"
+  schema   = "schema"
+  database = "database"
+
+  stage             = snowflake_stage.stage.fully_qualified_name
+
+  comment = "A stream."
+}
+```
+
+Then, follow our [Resource migration guide](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/docs/technical-documentation/resource_migration.md).
+
 ### *(new feature)* Secret resources
 Added a new secrets resources for managing secrets.
-We decided to split each secret flow into individual resources. 
+We decided to split each secret flow into individual resources.
 This segregation was based on the secret flows in CREATE SECRET. i.e.:
 - `snowflake_secret_with_client_credentials`
 - `snowflake_secret_with_authorization_code_grant`
 - `snowflake_secret_with_basic_authentication`
 - `snowflake_secret_with_generic_string`
- 
+
 
 See reference [docs](https://docs.snowflake.com/en/sql-reference/sql/create-secret).
 
 ## v0.96.0 ➞ v0.97.0
 
 ### *(new feature)* snowflake_stream_on_table, snowflake_stream_on_external_table resource
 
-To enhance clarity and functionality, the new resources `snowflake_stream_on_table` and `snowflake_stream_on_external_table` have been introduced to replace the previous `snowflake_stream`. Recognizing that the old resource carried multiple responsibilities within a single entity, we opted to divide it into more specialized resources.
+To enhance clarity and functionality, the new resources `snowflake_stream_on_table`, `snowflake_stream_on_external_table` and `snowflake_stream_on_directory_table` have been introduced to replace the previous `snowflake_stream`. Recognizing that the old resource carried multiple responsibilities within a single entity, we opted to divide it into more specialized resources.
 The newly introduced resources are aligned with the latest Snowflake documentation at the time of implementation, and adhere to our [new conventions](#general-changes).
 This segregation was based on the object on which the stream is created. The mapping between SQL statements and the resources is the following:
 - `ON TABLE <table_name>` -> `snowflake_stream_on_table`
@@ -49,7 +87,7 @@ resource "snowflake_stream" "stream" {
 
 to
 
-```
+```terraform
 resource "snowflake_stream_on_table" "stream" {
   name     = "stream"
   schema   = "schema"
@@ -62,6 +100,7 @@ resource "snowflake_stream_on_table" "stream" {
 }
 ```
 
+
 Then, follow our [Resource migration guide](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/docs/technical-documentation/resource_migration.md).
 
 ### *(new feature)* new snowflake_service_user and snowflake_legacy_service_user resources
@@ -97,7 +136,7 @@ resource "snowflake_user" "service_user" {
   lifecycle {
     ignore_changes = [user_type]
   }
-  
+
   name         = "Snowflake Service User"
   login_name   = "service_user"
   email        = "[email protected]"

Makefile

@@ -76,6 +76,9 @@ test-architecture: ## check architecture constraints between packages
 test-client: ## runs test that checks sdk.Client without instrumentedsql
 	SF_TF_NO_INSTRUMENTED_SQL=1 SF_TF_GOSNOWFLAKE_LOG_LEVEL=debug go test ./pkg/sdk/internal/client/... -v
 
+test-object-renaming: ## runs tests in object_renaming_acceptance_test.go
+	TEST_SF_TF_ENABLE_OBJECT_RENAMING=1 go test ./pkg/resources/object_renaming_acceptace_test.go -v
+
 test-acceptance-%: ## run acceptance tests for the given resource only, e.g. test-acceptance-Warehouse
 	TF_ACC=1 TF_LOG=DEBUG SF_TF_ACC_TEST_CONFIGURE_CLIENT_ONCE=true go test -run ^TestAcc_$*_ -v -timeout=20m ./pkg/resources
 

docs/guides/identifiers.md

@@ -15,7 +15,7 @@ For example, instead of writing
 ```
 object_name = “\”${snowflake_table.database}\”.\”${snowflake_table.schema}\”.\”${snowflake_table.name}\””
 # for procedures
-object_name = “\”${snowflake_procedure.database}\”.\”${snowflake_procedure.schema}\”.\”${snowflake_procedure.name}(NUMBER, VARCHAR)\””
+object_name = “\”${snowflake_procedure.database}\”.\”${snowflake_procedure.schema}\”.\”${snowflake_procedure.name}\"(NUMBER, VARCHAR)”
 ```
 
 now we can write

docs/resources/stream_on_directory_table.md

@@ -0,0 +1,126 @@
+---
+page_title: "snowflake_stream_on_directory_table Resource - terraform-provider-snowflake"
+subcategory: ""
+description: |-
+  Resource used to manage streams on directory tables. For more information, check stream documentation https://docs.snowflake.com/en/sql-reference/sql/create-stream.
+---
+
+!> **V1 release candidate** This resource was reworked and is a release candidate for the V1. We do not expect significant changes in it before the V1. We will welcome any feedback and adjust the resource if needed. Any errors reported will be resolved with a higher priority. We encourage checking this resource out before the V1 release. Please follow the [migration guide](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md#v0970--v0980) to use it.
+
+# snowflake_stream_on_directory_table (Resource)
+
+Resource used to manage streams on directory tables. For more information, check [stream documentation](https://docs.snowflake.com/en/sql-reference/sql/create-stream).
+
+## Example Usage
+
+```terraform
+resource "snowflake_stage" "example_stage" {
+  name        = "EXAMPLE_STAGE"
+  url         = "s3://com.example.bucket/prefix"
+  database    = "EXAMPLE_DB"
+  schema      = "EXAMPLE_SCHEMA"
+  credentials = "AWS_KEY_ID='${var.example_aws_key_id}' AWS_SECRET_KEY='${var.example_aws_secret_key}'"
+}
+
+# basic resource
+resource "snowflake_stream_on_directory_table" "stream" {
+  name     = "stream"
+  schema   = "schema"
+  database = "database"
+
+  stage = snowflake_stage.stage.fully_qualified_name
+}
+
+
+# resource with more fields set
+resource "snowflake_stream_on_directory_table" "stream" {
+  name     = "stream"
+  schema   = "schema"
+  database = "database"
+
+  copy_grants = true
+  stage       = snowflake_stage.stage.fully_qualified_name
+
+  at {
+    statement = "8e5d0ca9-005e-44e6-b858-a8f5b37c5726"
+  }
+
+  comment = "A stream."
+}
+```
+-> **Note** Instead of using fully_qualified_name, you can reference objects managed outside Terraform by constructing a correct ID, consult [identifiers guide](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/guides/identifiers#new-computed-fully-qualified-name-field-in-resources).
+<!-- TODO(SNOW-1634854): include an example showing both methods-->
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `database` (String) The database in which to create the stream. Due to technical limitations (read more [here](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/docs/technical-documentation/identifiers_rework_design_decisions.md#known-limitations-and-identifier-recommendations)), avoid using the following characters: `|`, `.`, `(`, `)`, `"`
+- `name` (String) Specifies the identifier for the stream; must be unique for the database and schema in which the stream is created. Due to technical limitations (read more [here](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/docs/technical-documentation/identifiers_rework_design_decisions.md#known-limitations-and-identifier-recommendations)), avoid using the following characters: `|`, `.`, `(`, `)`, `"`
+- `schema` (String) The schema in which to create the stream. Due to technical limitations (read more [here](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/docs/technical-documentation/identifiers_rework_design_decisions.md#known-limitations-and-identifier-recommendations)), avoid using the following characters: `|`, `.`, `(`, `)`, `"`
+- `stage` (String) Specifies an identifier for the stage the stream will monitor. Due to Snowflake limitations, the provider can not read the stage's database and schema. For stages, Snowflake returns only partially qualified name instead of fully qualified name. Please use stages located in the same schema as the stream. Due to technical limitations (read more [here](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/docs/technical-documentation/identifiers_rework_design_decisions.md#known-limitations-and-identifier-recommendations)), avoid using the following characters: `|`, `.`, `(`, `)`, `"`
+
+### Optional
+
+- `comment` (String) Specifies a comment for the stream.
+- `copy_grants` (Boolean) Retains the access permissions from the original stream when a stream is recreated using the OR REPLACE clause. That is sometimes used when the provider detects changes for fields that can not be changed by ALTER. This value will not have any effect when creating a new stream.
+
+### Read-Only
+
+- `describe_output` (List of Object) Outputs the result of `DESCRIBE STREAM` for the given stream. (see [below for nested schema](#nestedatt--describe_output))
+- `fully_qualified_name` (String) Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
+- `id` (String) The ID of this resource.
+- `show_output` (List of Object) Outputs the result of `SHOW STREAMS` for the given stream. (see [below for nested schema](#nestedatt--show_output))
+- `stale` (Boolean) Indicated if the stream is stale. When Terraform detects that the stream is stale, the stream is recreated with `CREATE OR REPLACE`. Read more on stream staleness in Snowflake [docs](https://docs.snowflake.com/en/user-guide/streams-intro#data-retention-period-and-staleness).
+
+<a id="nestedatt--describe_output"></a>
+### Nested Schema for `describe_output`
+
+Read-Only:
+
+- `base_tables` (List of String)
+- `comment` (String)
+- `created_on` (String)
+- `database_name` (String)
+- `invalid_reason` (String)
+- `mode` (String)
+- `name` (String)
+- `owner` (String)
+- `owner_role_type` (String)
+- `schema_name` (String)
+- `source_type` (String)
+- `stale` (Boolean)
+- `stale_after` (String)
+- `table_name` (String)
+- `type` (String)
+
+
+<a id="nestedatt--show_output"></a>
+### Nested Schema for `show_output`
+
+Read-Only:
+
+- `base_tables` (List of String)
+- `comment` (String)
+- `created_on` (String)
+- `database_name` (String)
+- `invalid_reason` (String)
+- `mode` (String)
+- `name` (String)
+- `owner` (String)
+- `owner_role_type` (String)
+- `schema_name` (String)
+- `source_type` (String)
+- `stale` (Boolean)
+- `stale_after` (String)
+- `table_name` (String)
+- `type` (String)
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import snowflake_stream_on_directory_table.example '"<database_name>"."<schema_name>"."<stream_name>"'
+```

docs/resources/stream_on_external_table.md

@@ -89,6 +89,7 @@ resource "snowflake_stream_on_external_table" "stream" {
 - `fully_qualified_name` (String) Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
 - `id` (String) The ID of this resource.
 - `show_output` (List of Object) Outputs the result of `SHOW STREAMS` for the given stream. (see [below for nested schema](#nestedatt--show_output))
+- `stale` (Boolean) Indicated if the stream is stale. When Terraform detects that the stream is stale, the stream is recreated with `CREATE OR REPLACE`. Read more on stream staleness in Snowflake [docs](https://docs.snowflake.com/en/user-guide/streams-intro#data-retention-period-and-staleness).
 
 <a id="nestedblock--at"></a>
 ### Nested Schema for `at`
@@ -128,7 +129,7 @@ Read-Only:
 - `owner_role_type` (String)
 - `schema_name` (String)
 - `source_type` (String)
-- `stale` (String)
+- `stale` (Boolean)
 - `stale_after` (String)
 - `table_name` (String)
 - `type` (String)
@@ -150,7 +151,7 @@ Read-Only:
 - `owner_role_type` (String)
 - `schema_name` (String)
 - `source_type` (String)
-- `stale` (String)
+- `stale` (Boolean)
 - `stale_after` (String)
 - `table_name` (String)
 - `type` (String)

docs/resources/stream_on_table.md

@@ -74,6 +74,7 @@ resource "snowflake_stream_on_table" "stream" {
 - `fully_qualified_name` (String) Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
 - `id` (String) The ID of this resource.
 - `show_output` (List of Object) Outputs the result of `SHOW STREAMS` for the given stream. (see [below for nested schema](#nestedatt--show_output))
+- `stale` (Boolean) Indicated if the stream is stale. When Terraform detects that the stream is stale, the stream is recreated with `CREATE OR REPLACE`. Read more on stream staleness in Snowflake [docs](https://docs.snowflake.com/en/user-guide/streams-intro#data-retention-period-and-staleness).
 
 <a id="nestedblock--at"></a>
 ### Nested Schema for `at`
@@ -113,7 +114,7 @@ Read-Only:
 - `owner_role_type` (String)
 - `schema_name` (String)
 - `source_type` (String)
-- `stale` (String)
+- `stale` (Boolean)
 - `stale_after` (String)
 - `table_name` (String)
 - `type` (String)
@@ -135,7 +136,7 @@ Read-Only:
 - `owner_role_type` (String)
 - `schema_name` (String)
 - `source_type` (String)
-- `stale` (String)
+- `stale` (Boolean)
 - `stale_after` (String)
 - `table_name` (String)
 - `type` (String)

examples/resources/snowflake_stream_on_directory_table/import.sh

@@ -0,0 +1 @@
+terraform import snowflake_stream_on_directory_table.example '"<database_name>"."<schema_name>"."<stream_name>"'

examples/resources/snowflake_stream_on_directory_table/resource.tf

@@ -0,0 +1,33 @@
+resource "snowflake_stage" "example_stage" {
+  name        = "EXAMPLE_STAGE"
+  url         = "s3://com.example.bucket/prefix"
+  database    = "EXAMPLE_DB"
+  schema      = "EXAMPLE_SCHEMA"
+  credentials = "AWS_KEY_ID='${var.example_aws_key_id}' AWS_SECRET_KEY='${var.example_aws_secret_key}'"
+}
+
+# basic resource
+resource "snowflake_stream_on_directory_table" "stream" {
+  name     = "stream"
+  schema   = "schema"
+  database = "database"
+
+  stage = snowflake_stage.stage.fully_qualified_name
+}
+
+
+# resource with more fields set
+resource "snowflake_stream_on_directory_table" "stream" {
+  name     = "stream"
+  schema   = "schema"
+  database = "database"
+
+  copy_grants = true
+  stage       = snowflake_stage.stage.fully_qualified_name
+
+  at {
+    statement = "8e5d0ca9-005e-44e6-b858-a8f5b37c5726"
+  }
+
+  comment = "A stream."
+}

pkg/acceptance/bettertestspoc/assert/objectassert/stream_snowflake_ext.go

@@ -63,7 +63,11 @@ func (s *StreamAssert) HasBaseTables(expected ...sdk.SchemaObjectIdentifier) *St
 		}
 		var errs []error
 		for _, wantId := range expected {
-			if !slices.ContainsFunc(o.BaseTables, func(gotId sdk.SchemaObjectIdentifier) bool {
+			if !slices.ContainsFunc(o.BaseTables, func(gotName string) bool {
+				gotId, err := sdk.ParseSchemaObjectIdentifier(gotName)
+				if err != nil {
+					errs = append(errs, err)
+				}
 				return wantId.FullyQualifiedName() == gotId.FullyQualifiedName()
 			}) {
 				errs = append(errs, fmt.Errorf("expected id: %s, to be in the list ids: %v", wantId.FullyQualifiedName(), o.BaseTables))
@@ -74,6 +78,23 @@ func (s *StreamAssert) HasBaseTables(expected ...sdk.SchemaObjectIdentifier) *St
 	return s
 }
 
+func (s *StreamAssert) HasBaseTablesPartiallyQualified(expected ...string) *StreamAssert {
+	s.AddAssertion(func(t *testing.T, o *sdk.Stream) error {
+		t.Helper()
+		if len(o.BaseTables) != len(expected) {
+			return fmt.Errorf("expected base tables length: %v; got: %v", len(expected), len(o.BaseTables))
+		}
+		var errs []error
+		for _, wantName := range expected {
+			if !slices.Contains(o.BaseTables, wantName) {
+				errs = append(errs, fmt.Errorf("expected name: %s, to be in the list ids: %v", wantName, o.BaseTables))
+			}
+		}
+		return errors.Join(errs...)
+	})
+	return s
+}
+
 func (s *StreamAssert) HasMode(expected sdk.StreamMode) *StreamAssert {
 	s.AddAssertion(func(t *testing.T, o *sdk.Stream) error {
 		t.Helper()