Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Add stream on directory table #3129

Merged
merged 13 commits into from
Oct 22, 2024
15 changes: 14 additions & 1 deletion CREATING_ISSUES.md
Original file line number Diff line number Diff line change
Expand Up @@ -202,7 +202,20 @@ resource "snowflake_grant_privileges_to_account_role" "grant_on_procedure" {
account_role_name = snowflake_account_role.name
on_schema_object {
object_type = "PROCEDURE"
object_name = "\"${snowflake_database.database.name}\".\"${snowflake_schema.schema.name}\".\"${snowflake_procedure.procedure.name}(NUMBER, VARCHAR)\""
object_name = "\"${snowflake_database.database.name}\".\"${snowflake_schema.schema.name}\".\"${snowflake_procedure.procedure.name}\"(NUMBER, VARCHAR)"
}
}
```

If you manage the procedure in Terraform, you can use `fully_qualified_name` field:

```terraform
resource "snowflake_grant_privileges_to_account_role" "grant_on_procedure" {
privileges = ["USAGE"]
account_role_name = snowflake_account_role.name
on_schema_object {
object_type = "PROCEDURE"
object_name = snowflake_procedure.procedure_name.fully_qualified_name
}
}
```
Expand Down
49 changes: 44 additions & 5 deletions MIGRATION_GUIDE.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,23 +9,61 @@ across different versions.

## v0.97.0 ➞ v0.98.0

### *(behavior change)* handling copy_grants
Currently, resources like `snowflake_view`, `snowflake_stream_on_table`, `snowflake_stream_on_external_table` and `snowflake_stream_on_directory_table` support `copy_grants` field corresponding with `COPY GRANTS` during `CREATE`. The current behavior is that, when a change leading for recreation is detected (meaning a change that can not be handled by ALTER, but only by `CREATE OR REPLACE`), `COPY GRANTS` are used during recreation when `copy_grants` is set to `true`. Changing this field without changes in other field results in a noop because in this case there is no need to recreate a resource.

### *(new feature)* recovering stale streams
Starting from this version, the provider detects stale streams for `snowflake_stream_on_table`, `snowflake_stream_on_external_table` and `snowflake_stream_on_directory_table` and recreates them (optionally with `copy_grants`) to recover them. To handle this correctly, a new computed-only field `stale` has been added to these resource, indicating whether a stream is stale.

### *(new feature)* snowflake_stream_on_directory_table resource
Continuing changes made in [v0.97](#v0960--v0970), the new resource `snowflake_stream_on_directory_table` has been introduced to replace the previous `snowflake_stream` for streams on directory tables.

To use the new `stream_on_directory_table`, change the old `stream` from
```terraform
resource "snowflake_stream" "stream" {
name = "stream"
schema = "schema"
database = "database"

on_stage = snowflake_stage.stage.fully_qualified_name

comment = "A stream."
}
```

to

```terraform
resource "snowflake_stream_on_directory_table" "stream" {
name = "stream"
schema = "schema"
database = "database"

stage = snowflake_stage.stage.fully_qualified_name

comment = "A stream."
}
```

Then, follow our [Resource migration guide](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/docs/technical-documentation/resource_migration.md).

### *(new feature)* Secret resources
Added a new secrets resources for managing secrets.
We decided to split each secret flow into individual resources.
We decided to split each secret flow into individual resources.
This segregation was based on the secret flows in CREATE SECRET. i.e.:
- `snowflake_secret_with_client_credentials`
- `snowflake_secret_with_authorization_code_grant`
- `snowflake_secret_with_basic_authentication`
- `snowflake_secret_with_generic_string`


See reference [docs](https://docs.snowflake.com/en/sql-reference/sql/create-secret).

## v0.96.0 ➞ v0.97.0
sfc-gh-jcieslak marked this conversation as resolved.
Show resolved Hide resolved

### *(new feature)* snowflake_stream_on_table, snowflake_stream_on_external_table resource

To enhance clarity and functionality, the new resources `snowflake_stream_on_table` and `snowflake_stream_on_external_table` have been introduced to replace the previous `snowflake_stream`. Recognizing that the old resource carried multiple responsibilities within a single entity, we opted to divide it into more specialized resources.
To enhance clarity and functionality, the new resources `snowflake_stream_on_table`, `snowflake_stream_on_external_table` and `snowflake_stream_on_directory_table` have been introduced to replace the previous `snowflake_stream`. Recognizing that the old resource carried multiple responsibilities within a single entity, we opted to divide it into more specialized resources.
The newly introduced resources are aligned with the latest Snowflake documentation at the time of implementation, and adhere to our [new conventions](#general-changes).
This segregation was based on the object on which the stream is created. The mapping between SQL statements and the resources is the following:
- `ON TABLE <table_name>` -> `snowflake_stream_on_table`
Expand All @@ -49,7 +87,7 @@ resource "snowflake_stream" "stream" {

to

```
```terraform
resource "snowflake_stream_on_table" "stream" {
name = "stream"
schema = "schema"
Expand All @@ -62,6 +100,7 @@ resource "snowflake_stream_on_table" "stream" {
}
```


Then, follow our [Resource migration guide](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/docs/technical-documentation/resource_migration.md).

### *(new feature)* new snowflake_service_user and snowflake_legacy_service_user resources
Expand Down Expand Up @@ -97,7 +136,7 @@ resource "snowflake_user" "service_user" {
lifecycle {
ignore_changes = [user_type]
}

name = "Snowflake Service User"
login_name = "service_user"
email = "[email protected]"
Expand Down
2 changes: 1 addition & 1 deletion docs/guides/identifiers.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ For example, instead of writing
```
object_name = “\”${snowflake_table.database}\”.\”${snowflake_table.schema}\”.\”${snowflake_table.name}\””
# for procedures
object_name = “\”${snowflake_procedure.database}\”.\”${snowflake_procedure.schema}\”.\”${snowflake_procedure.name}(NUMBER, VARCHAR)\”
object_name = “\”${snowflake_procedure.database}\”.\”${snowflake_procedure.schema}\”.\”${snowflake_procedure.name}\"(NUMBER, VARCHAR)”
```

now we can write
Expand Down
126 changes: 126 additions & 0 deletions docs/resources/stream_on_directory_table.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,126 @@
---
page_title: "snowflake_stream_on_directory_table Resource - terraform-provider-snowflake"
subcategory: ""
description: |-
Resource used to manage streams on directory tables. For more information, check stream documentation https://docs.snowflake.com/en/sql-reference/sql/create-stream.
---

!> **V1 release candidate** This resource was reworked and is a release candidate for the V1. We do not expect significant changes in it before the V1. We will welcome any feedback and adjust the resource if needed. Any errors reported will be resolved with a higher priority. We encourage checking this resource out before the V1 release. Please follow the [migration guide](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md#v0970--v0980) to use it.

# snowflake_stream_on_directory_table (Resource)

Resource used to manage streams on directory tables. For more information, check [stream documentation](https://docs.snowflake.com/en/sql-reference/sql/create-stream).

## Example Usage

```terraform
resource "snowflake_stage" "example_stage" {
name = "EXAMPLE_STAGE"
url = "s3://com.example.bucket/prefix"
database = "EXAMPLE_DB"
schema = "EXAMPLE_SCHEMA"
credentials = "AWS_KEY_ID='${var.example_aws_key_id}' AWS_SECRET_KEY='${var.example_aws_secret_key}'"
}

# basic resource
resource "snowflake_stream_on_directory_table" "stream" {
name = "stream"
schema = "schema"
database = "database"

stage = snowflake_stage.stage.fully_qualified_name
}


# resource with more fields set
resource "snowflake_stream_on_directory_table" "stream" {
name = "stream"
schema = "schema"
database = "database"

copy_grants = true
stage = snowflake_stage.stage.fully_qualified_name

at {
statement = "8e5d0ca9-005e-44e6-b858-a8f5b37c5726"
}

comment = "A stream."
}
```
-> **Note** Instead of using fully_qualified_name, you can reference objects managed outside Terraform by constructing a correct ID, consult [identifiers guide](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/guides/identifiers#new-computed-fully-qualified-name-field-in-resources).
<!-- TODO(SNOW-1634854): include an example showing both methods-->

<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `database` (String) The database in which to create the stream. Due to technical limitations (read more [here](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/docs/technical-documentation/identifiers_rework_design_decisions.md#known-limitations-and-identifier-recommendations)), avoid using the following characters: `|`, `.`, `(`, `)`, `"`
- `name` (String) Specifies the identifier for the stream; must be unique for the database and schema in which the stream is created. Due to technical limitations (read more [here](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/docs/technical-documentation/identifiers_rework_design_decisions.md#known-limitations-and-identifier-recommendations)), avoid using the following characters: `|`, `.`, `(`, `)`, `"`
- `schema` (String) The schema in which to create the stream. Due to technical limitations (read more [here](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/docs/technical-documentation/identifiers_rework_design_decisions.md#known-limitations-and-identifier-recommendations)), avoid using the following characters: `|`, `.`, `(`, `)`, `"`
- `stage` (String) Specifies an identifier for the stage the stream will monitor. Due to Snowflake limitations, the provider can not read the stage's database and schema. For stages, Snowflake returns only partially qualified name instead of fully qualified name. Please use stages located in the same schema as the stream. Due to technical limitations (read more [here](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/docs/technical-documentation/identifiers_rework_design_decisions.md#known-limitations-and-identifier-recommendations)), avoid using the following characters: `|`, `.`, `(`, `)`, `"`

### Optional

- `comment` (String) Specifies a comment for the stream.
- `copy_grants` (Boolean) Retains the access permissions from the original stream when a stream is recreated using the OR REPLACE clause. That is sometimes used when the provider detects changes for fields that can not be changed by ALTER. This value will not have any effect when creating a new stream.

### Read-Only

- `describe_output` (List of Object) Outputs the result of `DESCRIBE STREAM` for the given stream. (see [below for nested schema](#nestedatt--describe_output))
- `fully_qualified_name` (String) Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
- `id` (String) The ID of this resource.
- `show_output` (List of Object) Outputs the result of `SHOW STREAMS` for the given stream. (see [below for nested schema](#nestedatt--show_output))
- `stale` (Boolean) Indicated if the stream is stale. When Terraform detects that the stream is stale, the stream is recreated with `CREATE OR REPLACE`. Read more on stream staleness in Snowflake [docs](https://docs.snowflake.com/en/user-guide/streams-intro#data-retention-period-and-staleness).

<a id="nestedatt--describe_output"></a>
### Nested Schema for `describe_output`

Read-Only:

- `base_tables` (List of String)
- `comment` (String)
- `created_on` (String)
- `database_name` (String)
- `invalid_reason` (String)
- `mode` (String)
- `name` (String)
- `owner` (String)
- `owner_role_type` (String)
- `schema_name` (String)
- `source_type` (String)
- `stale` (Boolean)
- `stale_after` (String)
- `table_name` (String)
- `type` (String)


<a id="nestedatt--show_output"></a>
### Nested Schema for `show_output`

Read-Only:

- `base_tables` (List of String)
- `comment` (String)
- `created_on` (String)
- `database_name` (String)
- `invalid_reason` (String)
- `mode` (String)
- `name` (String)
- `owner` (String)
- `owner_role_type` (String)
- `schema_name` (String)
- `source_type` (String)
- `stale` (Boolean)
- `stale_after` (String)
- `table_name` (String)
- `type` (String)

## Import

Import is supported using the following syntax:

```shell
terraform import snowflake_stream_on_directory_table.example '"<database_name>"."<schema_name>"."<stream_name>"'
```
5 changes: 3 additions & 2 deletions docs/resources/stream_on_external_table.md
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,7 @@ resource "snowflake_stream_on_external_table" "stream" {
- `fully_qualified_name` (String) Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
- `id` (String) The ID of this resource.
- `show_output` (List of Object) Outputs the result of `SHOW STREAMS` for the given stream. (see [below for nested schema](#nestedatt--show_output))
- `stale` (Boolean) Indicated if the stream is stale. When Terraform detects that the stream is stale, the stream is recreated with `CREATE OR REPLACE`. Read more on stream staleness in Snowflake [docs](https://docs.snowflake.com/en/user-guide/streams-intro#data-retention-period-and-staleness).
sfc-gh-asawicki marked this conversation as resolved.
Show resolved Hide resolved

<a id="nestedblock--at"></a>
### Nested Schema for `at`
Expand Down Expand Up @@ -128,7 +129,7 @@ Read-Only:
- `owner_role_type` (String)
- `schema_name` (String)
- `source_type` (String)
- `stale` (String)
- `stale` (Boolean)
- `stale_after` (String)
- `table_name` (String)
- `type` (String)
Expand All @@ -150,7 +151,7 @@ Read-Only:
- `owner_role_type` (String)
- `schema_name` (String)
- `source_type` (String)
- `stale` (String)
- `stale` (Boolean)
- `stale_after` (String)
- `table_name` (String)
- `type` (String)
Expand Down
5 changes: 3 additions & 2 deletions docs/resources/stream_on_table.md
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,7 @@ resource "snowflake_stream_on_table" "stream" {
- `fully_qualified_name` (String) Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
- `id` (String) The ID of this resource.
- `show_output` (List of Object) Outputs the result of `SHOW STREAMS` for the given stream. (see [below for nested schema](#nestedatt--show_output))
- `stale` (Boolean) Indicated if the stream is stale. When Terraform detects that the stream is stale, the stream is recreated with `CREATE OR REPLACE`. Read more on stream staleness in Snowflake [docs](https://docs.snowflake.com/en/user-guide/streams-intro#data-retention-period-and-staleness).

<a id="nestedblock--at"></a>
### Nested Schema for `at`
Expand Down Expand Up @@ -113,7 +114,7 @@ Read-Only:
- `owner_role_type` (String)
- `schema_name` (String)
- `source_type` (String)
- `stale` (String)
- `stale` (Boolean)
- `stale_after` (String)
- `table_name` (String)
- `type` (String)
Expand All @@ -135,7 +136,7 @@ Read-Only:
- `owner_role_type` (String)
- `schema_name` (String)
- `source_type` (String)
- `stale` (String)
- `stale` (Boolean)
- `stale_after` (String)
- `table_name` (String)
- `type` (String)
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
terraform import snowflake_stream_on_directory_table.example '"<database_name>"."<schema_name>"."<stream_name>"'
33 changes: 33 additions & 0 deletions examples/resources/snowflake_stream_on_directory_table/resource.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
resource "snowflake_stage" "example_stage" {
name = "EXAMPLE_STAGE"
url = "s3://com.example.bucket/prefix"
database = "EXAMPLE_DB"
schema = "EXAMPLE_SCHEMA"
credentials = "AWS_KEY_ID='${var.example_aws_key_id}' AWS_SECRET_KEY='${var.example_aws_secret_key}'"
}

# basic resource
resource "snowflake_stream_on_directory_table" "stream" {
name = "stream"
schema = "schema"
database = "database"

stage = snowflake_stage.stage.fully_qualified_name
}


# resource with more fields set
resource "snowflake_stream_on_directory_table" "stream" {
name = "stream"
schema = "schema"
database = "database"

copy_grants = true
stage = snowflake_stage.stage.fully_qualified_name

at {
statement = "8e5d0ca9-005e-44e6-b858-a8f5b37c5726"
}

comment = "A stream."
}
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,11 @@ func (s *StreamAssert) HasBaseTables(expected ...sdk.SchemaObjectIdentifier) *St
}
var errs []error
for _, wantId := range expected {
if !slices.ContainsFunc(o.BaseTables, func(gotId sdk.SchemaObjectIdentifier) bool {
if !slices.ContainsFunc(o.BaseTables, func(gotName string) bool {
gotId, err := sdk.ParseSchemaObjectIdentifier(gotName)
if err != nil {
errs = append(errs, err)
}
return wantId.FullyQualifiedName() == gotId.FullyQualifiedName()
}) {
errs = append(errs, fmt.Errorf("expected id: %s, to be in the list ids: %v", wantId.FullyQualifiedName(), o.BaseTables))
Expand All @@ -74,6 +78,23 @@ func (s *StreamAssert) HasBaseTables(expected ...sdk.SchemaObjectIdentifier) *St
return s
}

func (s *StreamAssert) HasBaseTablesPartiallyQualified(expected ...string) *StreamAssert {
s.AddAssertion(func(t *testing.T, o *sdk.Stream) error {
t.Helper()
if len(o.BaseTables) != len(expected) {
return fmt.Errorf("expected base tables length: %v; got: %v", len(expected), len(o.BaseTables))
}
var errs []error
for _, wantName := range expected {
if !slices.Contains(o.BaseTables, wantName) {
errs = append(errs, fmt.Errorf("expected name: %s, to be in the list ids: %v", wantName, o.BaseTables))
}
}
return errors.Join(errs...)
})
return s
}

func (s *StreamAssert) HasMode(expected sdk.StreamMode) *StreamAssert {
s.AddAssertion(func(t *testing.T, o *sdk.Stream) error {
t.Helper()
Expand Down

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading
Loading