-
Notifications
You must be signed in to change notification settings - Fork 423
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
snowflake_grant_privileges_to_account_role to support OWNERSHIP role #2549
Comments
The same thing is happening with the |
@sfc-gh-jcieslak to be clear there are a number of functions that being deprecated and all have the same behaviour, I've just listed one of them in the example and @lachniej has called out another. Would be amazing to support all deprecated functions |
Hey @AndrewKlimovski @lachniej 👋 |
Thanks for the update @sfc-gh-jcieslak Not sure what you mean by "as already mentioned" can you please clarify? Would love to avoid double handling my SQL translations if possible. Thanks |
Sure, you mentioned |
@sfc-gh-jcieslak Thanks for clarifying and confirming the approach. The talk about creating a separate resource for handling the specialized ownership grant has been around for about 6 months in various threads I have been on and read. Is there a rough ETA of when we could expect to see a resource like this? More curious than anything because we have some jenky workarounds in place right now for this. |
@Bryan-Meier it looks like they are actively working on it #2604 |
The first part of the implementation of the `snowflake_grant_ownership` resource. This is a "basic" version of this resource providing baseline functionalities needed to transfer ownership in Terraform. In the next pull request, I'll add all of the edge cases we have to cover (most of them are described [here](https://docs.snowflake.com/en/sql-reference/sql/grant-ownership#usage-notes)). Changes made: - Created a new `snowflake_grant_ownership` resource with CRUD operations implemented (still there are TODOs left for discussion) - Added examples and documentation needed for the resource and its identifier Things to do before the merge: - remove `snowflake_grant_ownership` from the provider.go TODO in the next pr(s): - Add deprecation messages to old grant resources specifically made for granting ownership - Add edge cases and test them (and if needed describe them in the documentation and add examples) - Add `setId("")` in read and forcefully grant ownership in Create operation - Referring to [comment](#2604 (comment)), test different cases where the Delete operation may struggle with - Test outside of Terraform interactions to see how it behaves in different situations ## Test Plan * [x] acceptance tests * [x] unit tests for the resource identifier conversions from/to String representation * [x] unit tests for the helper functions needed by resource CRUD operations ## References * [GRANT OWNERSHIP](https://docs.snowflake.com/en/sql-reference/sql/grant-ownership) ## Mentioned in A list of issues requesting this resource (a big probability there's more); notify after part 2 will be done. - #2549 - #2199 - #2084 - #1942 - #1875
🤖 I have created a release *beep* *boop* --- ## [0.87.3-pre](v0.87.2...v0.87.3-pre) (2024-03-18) ### 🎉 **What's new:** * Add snowflake grant ownership resource ([#2604](#2604)) ([bfadd24](bfadd24)), closes [#2549](#2549) [#2199](#2199) [#2084](#2084) [#1942](#1942) [#1875](#1875) ### 🔧 **Misc** * Fix env variables for tests ([#2603](#2603)) ([8bc2437](8bc2437)) * release 0.87.3-pre ([a2be7b9](a2be7b9)) ### 🐛 **Bug fixes:** * alter table column data type ([#2607](#2607)) ([538b6dc](538b6dc)) * cgo goreleaser alt solution ([#2613](#2613)) ([5d31856](5d31856)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: snowflake-release-please[bot] <105954990+snowflake-release-please[bot]@users.noreply.github.com>
Reopening, because it auto-closed :/ |
A follow-up for #2604. Done in this pr: - Add setId("") in Read (when ownership is not found on the target object) and forcefully grant ownership in Create (this was already present, but added test cases for it). - Edge cases - Granting `ON PIPE` and `ON ALL PIPES` is handled (pipes are paused before and resumed after ownership transfer) Full list of things that still need to be done: - Deprecation messages - More documentation (explain how grant_ownership resource handles edge cases) and examples that would show simple usage, edge cases, cases where the resource may cause trouble - Referring to #2604 (comment), test different cases where the Delete operation may struggle with - Test outside of Terraform interactions to see how it behaves in different situations - A test where used role is not privileged enough to transfer ownership - Also cases within Terraform to see how grant_ownership will act with other grant resources within certain configurations - Edge cases - Granting `ON TASK` - Use `VIEW` when granting on `MATERIALIZED VIEW` - Granting `ON EXTERNAL TABLES` ## References [GRANT OWNERSHIP](https://docs.snowflake.com/en/sql-reference/sql/grant-ownership) ## Mentioned in A list of issues requesting this resource: #2549 #2199 #2084 #1942 #1875
A follow-up for #2604. Done in this pr: - All of the edge cases handled and tested (except of tasks that are done in the separate pr): - Materialized views (already handled by Snowflake no changes needed) - RBAC hierarchy (test case added) - Delete dependent resource (role or granted object) and remove grant resource from the state (test case added) Won't do: - External tables (cannot handle this edge case, because we have to know the auto_refresh state of the external table; it's not retrievable by SHOW or DESC commands. It will be still possible to grant ownership of the external table, but there may be additional manual work to do afterward. Everything is documented.) ## Test Plan <!-- detail ways in which this PR has been tested or needs to be tested --> * [x] acceptance tests that show how the resource is handling certain edge cases + RBAC use case ## References [GRANT OWNERSHIP](https://docs.snowflake.com/en/sql-reference/sql/grant-ownership) ## Mentioned in A list of issues requesting this resource: #2549 #2199 #2084 #1942 #1875
Hey 👋 |
Terraform CLI and Provider Versions
v1.5.4
Use Cases or Problem Statement
Usage of
snowflake_<resource>_grant
is being deprecated in favour ofsnowflake_grant_privileges_to_account_role
as per the deprecation warning.Example
snowflake_database_grant
accepts the privilegeOWNERSHIP
however trying to move to the proposed new function throws the error:Proposal
Either the function
snowflake_grant_privileges_to_account_role
supports the 'OWNERSHIP' role or examples are give of how to port from the deprecatedsnowflake_<resource>_grant
function to the new functionHow much impact is this issue causing?
Medium
Additional Information
No response
The text was updated successfully, but these errors were encountered: