diff --git a/CREATING_ISSUES.md b/CREATING_ISSUES.md index 8d9802db01..d6572c5c9a 100644 --- a/CREATING_ISSUES.md +++ b/CREATING_ISSUES.md @@ -22,19 +22,20 @@ * [Incorrect account identifier (snowflake_database.from_share)](#incorrect-account-identifier-snowflake_databasefrom_share) * [Granting on Functions or Procedures](#granting-on-functions-or-procedures) * [Infinite diffs, empty privileges, errors when revoking on grant resources](#infinite-diffs-empty-privileges-errors-when-revoking-on-grant-resources) + * [Granting PUBLIC role fails](#granting-public-role-fails) -This guide was made to aid with creating the GitHub issues, so you can maximize your chances of getting help as quickly as possible. +This guide was made to aid with creating the GitHub issues, so you can maximize your chances of getting help as quickly as possible. To correctly report the issue, we suggest going through the following steps. ### 1. Check the existing GitHub issues. -Please, go to the [provider’s issues page](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues) and search if there is any other similar issue to the one you would like to report. -This helps us to keep all relevant information in one place, including any potential workarounds. -If you are unsure how to do it, [here](https://docs.github.com/en/issues/tracking-your-work-with-issues/filtering-and-searching-issues-and-pull-requests) is a quick guide showing different filtering options available on GitHub. -It’s good to search by keywords (like **IMPORTED_PRIVILEGES**) or affected resource names (like **snowflake_database**) for quick and effective results. +Please, go to the [provider’s issues page](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues) and search if there is any other similar issue to the one you would like to report. +This helps us to keep all relevant information in one place, including any potential workarounds. +If you are unsure how to do it, [here](https://docs.github.com/en/issues/tracking-your-work-with-issues/filtering-and-searching-issues-and-pull-requests) is a quick guide showing different filtering options available on GitHub. +It’s good to search by keywords (like **IMPORTED_PRIVILEGES**) or affected resource names (like **snowflake_database**) for quick and effective results. Remember to search through open and closed issues, because there may be a chance we have already fixed the issue, and it’s working in the latest version of the provider. ### 2. Go through the frequently asked questions and commonly known issues. -We’ve put together a list of frequently asked questions ([FAQ](#faq)) and [commonly known issues](#commonly-known-issues). +We’ve put together a list of frequently asked questions ([FAQ](#faq)) and [commonly known issues](#commonly-known-issues). Please check, If the answer you're looking for is in one of the lists. ### 3. Check the official Snowflake documentation @@ -42,13 +43,13 @@ It’s common for some Snowflake objects to have special cases of usage in some Mostly, they are not validated in the provider for various reasons. All of them can result in errors during `terraform plan` or `terraform apply`. For those reasons, it’s worth to check [the official Snowflake documentation](https://docs.snowflake.com/) before assuming it’s a provider issue. -Depending on the situation where an error occurred a corresponding [SQL command](https://docs.snowflake.com/en/sql-reference-commands) should be looked at. +Depending on the situation where an error occurred a corresponding [SQL command](https://docs.snowflake.com/en/sql-reference-commands) should be looked at. Especially take a closer look at the “usage notes” section ([for example](https://docs.snowflake.com/en/sql-reference/sql/grant-ownership#usage-notes)) where all the special cases should be listed. ### 4. Choose the correct template and use as much information as possible. -Currently, we have a few predefined templates for different types of GitHub issues. -Choose the appropriate one for your use case ([create an issue](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/new/choose)). -Remember to provide as much information as possible when filling out the forms, especially category and object types which appear in almost every template. +Currently, we have a few predefined templates for different types of GitHub issues. +Choose the appropriate one for your use case ([create an issue](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/new/choose)). +Remember to provide as much information as possible when filling out the forms, especially category and object types which appear in almost every template. That way we will be able to categorize the issues and plan future improvements. When filling out corresponding templates you need to remember the following: - Bug - It’s important to know the root cause of the issue, that is why we encourage you to fill out the optional fields If you think they can be essential in the analysis. That way we will be able to answer or fix the issue without asking for additional context. - General Usage - Like in the case of bugs, any additional context can speed up the process. @@ -62,8 +63,8 @@ It depends on the status of the feature. Snowflake marks features as follows: - Public Preview (PuPr) - Generally Available (GA) -Currently, our main focus is on making the provider stable with the most stable GA features, -but please take a closer look at our recently updated [roadmap](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/ROADMAP.md#05052024-roadmap-overview) +Currently, our main focus is on making the provider stable with the most stable GA features, +but please take a closer look at our recently updated [roadmap](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/ROADMAP.md#05052024-roadmap-overview) which describes our priorities for the next quarters. ### When will my bug report be fixed/released? @@ -76,26 +77,26 @@ The releases are usually happening once every two weeks, mostly done on Wednesda ### How to migrate from version X to Y? As noted at the top of our [README](https://github.com/Snowflake-Labs/terraform-provider-snowflake?tab=readme-ov-file#snowflake-terraform-provider), -the project is still experimental and breaking change may occur. We try to minimize such changes, but with some of the changes required for version 1.0.0, it’s inevitable. -Because of that, whenever we introduce any breaking change, we add it to the [migration guide](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md). +the project is still experimental and breaking change may occur. We try to minimize such changes, but with some of the changes required for version 1.0.0, it’s inevitable. +Because of that, whenever we introduce any breaking change, we add it to the [migration guide](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md). It’s a document containing every breaking change (starting from around v0.73.0) with additional hints on how to migrate resources between the versions. ### What are the current/future plans for the provider? -Our current plans are documented in the publicly available [roadmap](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/ROADMAP.md) that you can find in our repository. +Our current plans are documented in the publicly available [roadmap](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/ROADMAP.md) that you can find in our repository. We will be updating it to keep you posted on what’s coming for the provider. ### How can I contribute? If you would like to contribute to the project, please follow our [contribution guidelines](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/CONTRIBUTING.md). ### How can I debug the issue myself? -The provider is simply an abstraction issuing SQL commands through the Go Snowflake driver, so most of the errors will be connected to incorrectly built or executed SQL statements. -To see what SQLs are being run you have to set the `TF_LOG=DEBUG` environment variable. +The provider is simply an abstraction issuing SQL commands through the Go Snowflake driver, so most of the errors will be connected to incorrectly built or executed SQL statements. +To see what SQLs are being run you have to set the `TF_LOG=DEBUG` environment variable. To confirm the correctness of the SQLs, refer to the [official Snowflake documentation](https://docs.snowflake.com/). ### How can I import already existing Snowflake infrastructure into Terraform? -Please refer to [this document](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/docs/technical-documentation/resource_migration.md#3-two-options-from-here) -as it describes different approaches of importing the existing Snowflake infrastructure into Terrafrom as configuration. -One thing worth noting is that some approaches can be automated by scripts interacting with Snowflake and generating needed configuration blocks, +Please refer to [this document](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/docs/technical-documentation/resource_migration.md#3-two-options-from-here) +as it describes different approaches of importing the existing Snowflake infrastructure into Terrafrom as configuration. +One thing worth noting is that some approaches can be automated by scripts interacting with Snowflake and generating needed configuration blocks, which is highly recommended for large-scale migrations. ### What identifiers are valid inside the provider and how to reference one resource inside the other one? @@ -193,7 +194,7 @@ You may encounter the following error: **Related issues:** [#2375](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2375), [#2922](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2922) -**Solution:** Specify the arguments in the `object_name`: +**Solution:** Specify the arguments in the `object_name`: ```terraform resource "snowflake_grant_privileges_to_account_role" "grant_on_procedure" { @@ -226,3 +227,31 @@ we filter on, it needs to exactly match with the output provided by `SHOW GRANTS - Change the `object_type` to correct value. - Import the state from Snowflake using `terraform import`. - Remove the grant configuration and after `terraform apply` put it back with the correct `object_type` (requires revoking). + +### Granting PUBLIC role fails +**Problem:** When you try granting PUBLIC role, like: +```terraform +resource "snowflake_account_role" "any_role" { + name = "ANY_ROLE" +} + +resource "snowflake_grant_account_role" "this_is_a_bug" { + parent_role_name = snowflake_account_role.any_role.name + role_name = "PUBLIC" +} +``` +Terraform may fail with: +``` +╷ +│ Error: Provider produced inconsistent result after apply +│ +│ When applying changes to snowflake_grant_account_role.this_is_a_bug, provider "provider["registry.terraform.io/snowflake-labs/snowflake"]" produced an +│ unexpected new value: Root object was present, but now absent. +│ +│ This is a bug in the provider, which should be reported in the provider's own issue tracker. +╵ +``` + +**Related issues:** [#3001](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/3001), [#2848](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2848) + +**Solution:** This happens, because the PUBLIC role is a "pseudo-role" (see [docs](https://docs.snowflake.com/en/user-guide/security-access-control-overview#system-defined-roles)) that is already assigned to every role and user, so there is no need to grant it through Terraform. If you have an issue with removing the resources please use `terraform state rm ` to remove the resource from the state (and you can safely remove the configuration). diff --git a/MIGRATION_GUIDE.md b/MIGRATION_GUIDE.md index ae2ecd9298..d4d899b091 100644 --- a/MIGRATION_GUIDE.md +++ b/MIGRATION_GUIDE.md @@ -4,6 +4,9 @@ This document is meant to help you migrate your Terraform config to the new newe describe deprecations or breaking changes and help you to change your configuration to keep the same (or similar) behavior across different versions. +> [!TIP] +> We highly recommend upgrading the versions one by one instead of bulk upgrades. + ## v0.95.0 ➞ v0.96.0 ### snowflake_masking_policies data source changes diff --git a/docs/resources/view.md b/docs/resources/view.md index ba07139c62..b5de4f4853 100644 --- a/docs/resources/view.md +++ b/docs/resources/view.md @@ -9,6 +9,8 @@ description: |- !> **Note about copy_grants** Fields like `is_recursive`, `is_temporary`, `copy_grants` and `statement` can not be ALTERed on Snowflake side (check [docs](https://docs.snowflake.com/en/sql-reference/sql/alter-view)), and a change means recreation of the resource. ForceNew can not be used because it does not preserve grants from `copy_grants`. Beware that even though a change is marked as update, the resource is recreated. +!> Due to Snowflake limitations, to properly compute diff on `statement` field, the provider parses a `text` field which contains the whole CREATE query used to create the resource. We recommend not using special characters, especially `(`, `,`, `)` in any of the fields, if possible. + ~> **Required warehouse** For this resource, the provider uses [policy references](https://docs.snowflake.com/en/sql-reference/functions/policy_references) which requires a warehouse in the connection. Please, make sure you have either set a DEFAULT_WAREHOUSE for the user, or specified a warehouse in the provider configuration. # snowflake_view (Resource) diff --git a/pkg/datasources/parameters.go b/pkg/datasources/parameters.go index 4c9ddd9b19..9ed876e404 100644 --- a/pkg/datasources/parameters.go +++ b/pkg/datasources/parameters.go @@ -129,7 +129,6 @@ func ReadParameters(d *schema.ResourceData, meta interface{}) error { } } parameters, err = client.Parameters.ShowParameters(ctx, &opts) - if err != nil { return fmt.Errorf("error listing parameters: %w", err) } diff --git a/pkg/sdk/identifier_parsers.go b/pkg/sdk/identifier_parsers.go index e10cc18046..709e473990 100644 --- a/pkg/sdk/identifier_parsers.go +++ b/pkg/sdk/identifier_parsers.go @@ -3,6 +3,7 @@ package sdk import ( "bytes" "encoding/csv" + "errors" "fmt" "slices" "strconv" @@ -152,6 +153,9 @@ func ParseExternalObjectIdentifier(identifier string) (ExternalObjectIdentifier, func ParseSchemaObjectIdentifierWithArguments(fullyQualifiedName string) (SchemaObjectIdentifierWithArguments, error) { splitIdIndex := strings.IndexRune(fullyQualifiedName, '(') + if splitIdIndex == -1 { + return SchemaObjectIdentifierWithArguments{}, errors.New("unable to parse identifier: '(' not present") + } parts, err := ParseIdentifierString(fullyQualifiedName[:splitIdIndex]) if err != nil { return SchemaObjectIdentifierWithArguments{}, err diff --git a/pkg/sdk/identifier_parsers_test.go b/pkg/sdk/identifier_parsers_test.go index 381a530a9a..375d3178a3 100644 --- a/pkg/sdk/identifier_parsers_test.go +++ b/pkg/sdk/identifier_parsers_test.go @@ -357,6 +357,7 @@ func TestNewSchemaObjectIdentifierWithArgumentsFromFullyQualifiedName_WithRawInp {RawInput: `abc.def.ghi(FLOAT, VECTOR(INT, 20))`, ExpectedIdentifierStructure: NewSchemaObjectIdentifierWithArguments(`abc`, `def`, `ghi`, DataTypeFloat, "VECTOR(INT, 20)")}, // TODO(SNOW-1571674): Won't work, because of the assumption that identifiers are not containing '(' and ')' parentheses (unfortunately, we're not able to produce meaningful errors for those cases) {RawInput: `abc."(ef".ghi(FLOAT, VECTOR(INT, 20))`, Error: `unable to read identifier: abc."`}, + {RawInput: `abc.def.ghi`, Error: `unable to parse identifier: '(' not present`}, } for _, testCase := range testCases { diff --git a/pkg/snowflake/parser.go b/pkg/snowflake/parser.go index 2913e93a7b..5b3ea49be7 100644 --- a/pkg/snowflake/parser.go +++ b/pkg/snowflake/parser.go @@ -79,14 +79,18 @@ func (e *ViewSelectStatementExtractor) consumeColumn() (isLast bool) { e.consumeID() if e.input[e.pos-1] == ')' { isLast = true + return } e.consumeSpace() + ok := e.consumeToken("projection policy") if ok { e.consumeSpace() e.consumeID() if e.input[e.pos-1] == ')' { isLast = true + e.consumeSpace() + return } e.consumeSpace() } @@ -95,13 +99,24 @@ func (e *ViewSelectStatementExtractor) consumeColumn() (isLast bool) { e.consumeSpace() e.consumeID() e.consumeSpace() - e.consumeToken("using") - e.consumeSpace() - e.consumeIdentifierList() - if string(e.input[e.pos-2:e.pos]) == "))" { - isLast = true + if ok := e.consumeToken("using"); ok { + e.consumeSpace() + e.consumeIdentifierList() + if string(e.input[e.pos-3:e.pos-1]) == "))" { + isLast = true + e.consumeSpace() + return + } + e.consumeSpace() } - e.consumeSpace() + } + + e.consumeQuotedParameter("comment", false) + e.consumeSpace() + e.consumeToken(",") + if e.input[e.pos] == ')' { + e.consumeToken(")") + isLast = true } return } @@ -201,7 +216,7 @@ func (e *ViewSelectStatementExtractor) ExtractDynamicTable() (string, error) { e.consumeSpace() e.consumeComment() e.consumeSpace() - e.consumeQuotedParameter("lag") + e.consumeQuotedParameter("lag", true) e.consumeSpace() e.consumeTokenParameter("warehouse") e.consumeSpace() @@ -266,22 +281,23 @@ func (e *ViewSelectStatementExtractor) consumeNonSpace() { } func (e *ViewSelectStatementExtractor) consumeComment() { - e.consumeQuotedParameter("comment") + e.consumeQuotedParameter("comment", true) } -func (e *ViewSelectStatementExtractor) consumeQuotedParameter(param string) { +func (e *ViewSelectStatementExtractor) consumeQuotedParameter(param string, withEquals bool) { if c := e.consumeToken(param); !c { return } e.consumeSpace() - if c := e.consumeToken("="); !c { - return + if withEquals { + if c := e.consumeToken("="); !c { + return + } + e.consumeSpace() } - e.consumeSpace() - if c := e.consumeToken("'"); !c { return } diff --git a/pkg/snowflake/parser_test.go b/pkg/snowflake/parser_test.go index e4b0f1627e..1ce7277b16 100644 --- a/pkg/snowflake/parser_test.go +++ b/pkg/snowflake/parser_test.go @@ -37,7 +37,13 @@ from bar;` issue2640 := `CREATE OR REPLACE SECURE VIEW "CLASSIFICATION" comment = 'Classification View of the union of classification tables' AS select * from AB1_SUBSCRIPTION.CLASSIFICATION.CLASSIFICATION union select * from AB2_SUBSCRIPTION.CLASSIFICATION.CLASSIFICATION` withRowAccessAndAggregationPolicy := `CREATE SECURE VIEW "rgdxfmnfhh"."PUBLIC"."rgdxfmnfhh" COMMENT = 'Terraform test resource' ROW ACCESS policy rap on (title, title2) AGGREGATION POLICY rap AS SELECT ROLE_NAME, ROLE_OWNER FROM INFORMATION_SCHEMA.APPLICABLE_ROLES` withRowAccessAndAggregationPolicyWithEntityKey := `CREATE SECURE VIEW "rgdxfmnfhh"."PUBLIC"."rgdxfmnfhh" COMMENT = 'Terraform test resource' ROW ACCESS policy rap on (title, title2) AGGREGATION POLICY rap ENTITY KEY (foo, bar) AS SELECT ROLE_NAME, ROLE_OWNER FROM INFORMATION_SCHEMA.APPLICABLE_ROLES` - allFields := `CREATE OR REPLACE SECURE TEMPORARY VIEW "rgdxfmnfhh"."PUBLIC"."rgdxfmnfhh" (id MASKING POLICY mp USING ("col1", "cond1") PROJECTION POLICY pp COMMENT = 'asdf', foo MASKING POLICY mp USING ("col1", "cond1")) COMMENT = 'Terraform test resource' ROW ACCESS policy rap on (title, title2) AGGREGATION POLICY rap ENTITY KEY (foo, bar) AS SELECT ROLE_NAME, ROLE_OWNER FROM INFORMATION_SCHEMA.APPLICABLE_ROLES` + columnsListEndingWithMaskingPolicyWithoutUsing := `CREATE OR REPLACE SECURE TEMPORARY VIEW "rgdxfmnfhh"."PUBLIC"."rgdxfmnfhh" (id PROJECTION POLICY pp MASKING POLICY mp COMMENT 'a (s) df', foo MASKING POLICY pp) COMMENT = 'Terraform test resource' ROW ACCESS policy rap on (title, title2) AGGREGATION POLICY rap ENTITY KEY (foo, bar) AS SELECT ROLE_NAME, ROLE_OWNER FROM INFORMATION_SCHEMA.APPLICABLE_ROLES` + columnsListEndingWithMaskingPolicyWithUsing := `CREATE OR REPLACE SECURE TEMPORARY VIEW "rgdxfmnfhh"."PUBLIC"."rgdxfmnfhh" (id PROJECTION POLICY pp MASKING POLICY mp COMMENT 'a (s) df', foo MASKING POLICY pp USING ("col1")) COMMENT = 'Terraform test resource' ROW ACCESS policy rap on (title, title2) AGGREGATION POLICY rap ENTITY KEY (foo, bar) AS SELECT ROLE_NAME, ROLE_OWNER FROM INFORMATION_SCHEMA.APPLICABLE_ROLES` + columnsListEndingWithProjectionPolicy := `CREATE OR REPLACE SECURE TEMPORARY VIEW "rgdxfmnfhh"."PUBLIC"."rgdxfmnfhh" (id PROJECTION POLICY pp MASKING POLICY mp COMMENT 'a (s) df' , foo PROJECTION POLICY pp) COMMENT = 'Terraform test resource' ROW ACCESS policy rap on (title, title2) AGGREGATION POLICY rap ENTITY KEY (foo, bar) AS SELECT ROLE_NAME, ROLE_OWNER FROM INFORMATION_SCHEMA.APPLICABLE_ROLES` + columnsListEndingWithComment := `CREATE OR REPLACE SECURE TEMPORARY VIEW "rgdxfmnfhh"."PUBLIC"."rgdxfmnfhh" (id PROJECTION POLICY pp MASKING POLICY mp COMMENT 'asdf', foo PROJECTION POLICY pp COMMENT 'foo (bar) hoge') COMMENT = 'Terraform test resource' ROW ACCESS policy rap on (title, title2) AGGREGATION POLICY rap ENTITY KEY (foo, bar) AS SELECT ROLE_NAME, ROLE_OWNER FROM INFORMATION_SCHEMA.APPLICABLE_ROLES` + columnsListEndingWithID := `CREATE OR REPLACE SECURE TEMPORARY VIEW "rgdxfmnfhh"."PUBLIC"."rgdxfmnfhh" ("ID", "FOO") COMMENT = 'Terraform test resource' ROW ACCESS policy rap on (title, title2) AGGREGATION POLICY rap ENTITY KEY (foo, bar) AS SELECT ROLE_NAME, ROLE_OWNER FROM INFORMATION_SCHEMA.APPLICABLE_ROLES` + allFields := `CREATE OR REPLACE SECURE TEMPORARY VIEW "rgdxfmnfhh"."PUBLIC"."rgdxfmnfhh" (id PROJECTION POLICY pp MASKING POLICY mp USING ("col1", "cond1") COMMENT 'asdf', foo MASKING POLICY mp USING ("col1", "cond1")) COMMENT = 'Terraform test resource' ROW ACCESS policy rap on (title, title2) AGGREGATION POLICY rap ENTITY KEY (foo, bar) AS SELECT ROLE_NAME, ROLE_OWNER FROM INFORMATION_SCHEMA.APPLICABLE_ROLES` + testStatement := "SELECT ROLE_NAME, ROLE_OWNER FROM INFORMATION_SCHEMA.APPLICABLE_ROLES" type args struct { input string } @@ -61,11 +67,16 @@ from bar;` {"comment", args{comment}, "select * from bar;", false}, {"commentEscape", args{commentEscape}, "select * from bar;", false}, {"identifier", args{identifier}, "select * from bar;", false}, - {"full", args{full}, "SELECT ROLE_NAME, ROLE_OWNER FROM INFORMATION_SCHEMA.APPLICABLE_ROLES", false}, + {"full", args{full}, testStatement, false}, {"issue2640", args{issue2640}, "select * from AB1_SUBSCRIPTION.CLASSIFICATION.CLASSIFICATION union select * from AB2_SUBSCRIPTION.CLASSIFICATION.CLASSIFICATION", false}, - {"with row access policy and aggregation policy", args{withRowAccessAndAggregationPolicy}, "SELECT ROLE_NAME, ROLE_OWNER FROM INFORMATION_SCHEMA.APPLICABLE_ROLES", false}, - {"with row access policy and aggregation policy with entity key", args{withRowAccessAndAggregationPolicyWithEntityKey}, "SELECT ROLE_NAME, ROLE_OWNER FROM INFORMATION_SCHEMA.APPLICABLE_ROLES", false}, - {"all fields", args{allFields}, "SELECT ROLE_NAME, ROLE_OWNER FROM INFORMATION_SCHEMA.APPLICABLE_ROLES", false}, + {"with row access policy and aggregation policy", args{withRowAccessAndAggregationPolicy}, testStatement, false}, + {"with row access policy and aggregation policy with entity key", args{withRowAccessAndAggregationPolicyWithEntityKey}, testStatement, false}, + {"with column list ending with masking policy without using", args{columnsListEndingWithMaskingPolicyWithoutUsing}, testStatement, false}, + {"with column list ending with masking policy with using", args{columnsListEndingWithMaskingPolicyWithUsing}, testStatement, false}, + {"with column list ending with projection using", args{columnsListEndingWithProjectionPolicy}, testStatement, false}, + {"with column list ending with comment", args{columnsListEndingWithComment}, testStatement, false}, + {"with column list ending with column name", args{columnsListEndingWithID}, testStatement, false}, + {"all fields", args{allFields}, testStatement, false}, } for _, tt := range tests { tt := tt diff --git a/templates/resources/view.md.tmpl b/templates/resources/view.md.tmpl index 368bbfc15d..636271fb96 100644 --- a/templates/resources/view.md.tmpl +++ b/templates/resources/view.md.tmpl @@ -13,6 +13,8 @@ description: |- !> **Note about copy_grants** Fields like `is_recursive`, `is_temporary`, `copy_grants` and `statement` can not be ALTERed on Snowflake side (check [docs](https://docs.snowflake.com/en/sql-reference/sql/alter-view)), and a change means recreation of the resource. ForceNew can not be used because it does not preserve grants from `copy_grants`. Beware that even though a change is marked as update, the resource is recreated. +!> Due to Snowflake limitations, to properly compute diff on `statement` field, the provider parses a `text` field which contains the whole CREATE query used to create the resource. We recommend not using special characters, especially `(`, `,`, `)` in any of the fields, if possible. + ~> **Required warehouse** For this resource, the provider uses [policy references](https://docs.snowflake.com/en/sql-reference/functions/policy_references) which requires a warehouse in the connection. Please, make sure you have either set a DEFAULT_WAREHOUSE for the user, or specified a warehouse in the provider configuration. # {{.Name}} ({{.Type}}) diff --git a/v1-preparations/ESSENTIAL_GA_OBJECTS.MD b/v1-preparations/ESSENTIAL_GA_OBJECTS.MD index 70f0c6fa1c..4ee0f78206 100644 --- a/v1-preparations/ESSENTIAL_GA_OBJECTS.MD +++ b/v1-preparations/ESSENTIAL_GA_OBJECTS.MD @@ -23,8 +23,8 @@ newer provider versions. We will address these while working on the given object | SECURITY INTEGRATION | 🚀 | issues in the older versions: [resources](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues?q=label%3Aresource%3Aexternal_oauth_integration%2Cresource%3Asaml_integration%2Cresource%3Aoauth_integration%2Cresource%3Ascim_integration) | | USER | 🚀 | issues in the older versions: [resources](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues?q=label%3Aresource%3Auser+) and [datasources](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues?q=label%3Adata_source%3Ausers+) | | WAREHOUSE | 🚀 | issues in the older versions: [resources](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues?q=label%3Aresource%3Awarehouse+) and [datasources](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues?q=label%3Adata_source%3Awarehouses+) | -| FUNCTION | 👨‍💻 | [2859](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2859), [#2735](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2735), [#2426](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2426), [#1479](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1479), [#1393](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1393), [#1208](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1208), [#1079](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1079) | -| MASKING POLICY | 👨‍💻 | [#2236](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2236), [#2035](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2035), [#1799](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1799), [#1764](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1764), [#1656](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1656), [#1444](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1444), [#1422](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1422), [#1097](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1097) | +| FUNCTION | 👨‍💻 | [#3097](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/3097), [#3093](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/3093), [#3089](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/3089), [#2859](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2859), [#2735](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2735), [#2426](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2426), [#1479](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1479), [#1393](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1393), [#1208](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1208), [#1079](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1079) | +| MASKING POLICY | 🚀 | [#2035](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2035), [#1656](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1656), [#1444](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1444), [#1422](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1422), [#1097](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1097)
Issues related to attaching masking policies to tables ([#2236](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2236), [#1799](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1799), [#1764](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1764)) will be completed during TABLE rework. | | PROCEDURE | 👨‍💻 | [#2735](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2735), [#2623](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2623), [#2257](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2257), [#2146](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2146), [#1855](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1855), [#1695](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1695), [#1640](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1640), [#1195](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1195), [#1189](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1189), [#1178](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1178), [#1050](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1050) | | ROW ACCESS POLICY | 🚀 | [#2053](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2053), [#1600](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1600), [#1151](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1151) | | SCHEMA | 🚀 | issues in the older versions: [resources](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues?q=label%3Aresource%3Aschema+) and [datasources](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues?q=label%3Adata_source%3Aschemas+) |