Feature request: lock on schemas / databases that safeguards against dropping

[armaciej]

First of all - great TF provider.

When you want to destroy an S3 bucket, AWS will make you remove the content. This is great as you generally want this double check before removing your data. I'd gladly see that for your provider (maybe as an attribute to the resource ...)

Snowflake supports RESTRICT clause to DROP SCHEMA or DROP DATABASE. However you need to have a foreign key referencing a TABLE in your SCHEMA. This boils down to the fact that you need to create such a key, luckily you can reference a table in your schema. E.g.:

CREATE DATABASE DO_NOT_DELETE;
CREATE SCHEMA DO_NOT_DELETE;
CREATE OR REPLACE TABLE DO_NOT_DELETE.DO_NOT_DELETE.LOCK (LOCK VARCHAR(1) PRIMARY KEY);
CREATE OR REPLACE TABLE DO_NOT_DELETE.DO_NOT_DELETE.LOCK_ENFORCE (LOCK VARCHAR(1) REFERENCES DO_NOT_DELETE.DO_NOT_DELETE.LOCK(LOCK));

After this:

DROP SCHEMA DO_NOT_DELETE.DO_NOT_DELETE RESTRICT;
DROP DATABASE DO_NOT_DELETE RESTRICT;

fails, which is what I would like to have (as an option at least.

[armaciej]

Following changes do the trick for me. However, I'm not a go programmer so this is not a nice implementation (with DatabaseBuilder maybe), nor I can make it work as an option to snowflake_database or snowflake_schema.

Thanks a lot again for your work!!!

[jagoodhand]

👍 for this feature. It links with an issue with the main implementation of Terraform: hashicorp/terraform#17599

I have found it all too easy to accidentally drop a table or other stateful object using Terraform. Having a way to protect against this would be amazing, and vastly increase the range of application for this provider.

EDIT: I would extend this request to also cover stateful objects like tables at the least.

[barino86]

Instead of waiting for the terraform issue to be completed, Can something be implemented in the Snowflake provider that protects against this?

There is a similar issue in the Confluent provider (confluentinc/terraform-provider-confluent#79) and an abstract proposed solution that references what the Google provider does with delete_protection

permalink to the resource schema: https://github.com/hashicorp/terraform-provider-google/blob/ed4ffec8dc53d4330bfc2d1677a311a5b847e9d4/google/resource_bigquery_table.go#L931

permalink to the logic implementation for delete_prevention in the state file: https://github.com/hashicorp/terraform-provider-google/blob/ed4ffec8dc53d4330bfc2d1677a311a5b847e9d4/google/resource_bigquery_table.go#L1272

[sfc-gh-asawicki]

We are closing this issue as part of a cleanup described in announcement. If you believe that the issue is still valid in v0.89.0, please open a new ticket.