From 467b06effca5eba2b64b4e49d17c5c8e0de2da23 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Cie=C5=9Blak?= Date: Tue, 3 Sep 2024 16:22:29 +0200 Subject: [PATCH] fix: minor issues (#3027) ## Addressed issues * #3016 `SHOW ORGANIZATION ACCOUNTS` -> `SHOW ACCOUNTS` BCR * #3015 * #2807 * #3025 --- MIGRATION_GUIDE.md | 4 +- .../grant_privileges_to_account_role.md | 6 +-- .../grant_privileges_to_database_role.md | 6 +-- .../account_parameter_acceptance_test.go | 27 ++++++++++ ...vileges_to_account_role_acceptance_test.go | 54 +++++++++++++++++++ pkg/sdk/accounts.go | 2 +- pkg/sdk/accounts_test.go | 4 +- pkg/sdk/grants_validations.go | 1 + pkg/sdk/object_types.go | 3 ++ pkg/sdk/parameters.go | 7 +++ v1-preparations/CHANGES_BEFORE_V1.md | 5 ++ 11 files changed, 108 insertions(+), 11 deletions(-) diff --git a/MIGRATION_GUIDE.md b/MIGRATION_GUIDE.md index 90a84e5c2b..fdbef105f6 100644 --- a/MIGRATION_GUIDE.md +++ b/MIGRATION_GUIDE.md @@ -278,7 +278,6 @@ In order to avoid dropping `PUBLIC` schemas, we have decided to use `ALTER` inst In order to fix issues in v0.93.0, when a resource has Azure scim client, `sync_password` field is now set to `default` value in the state. State will be migrated automatically. - ### *(breaking change)* refactored snowflake_schema resource Renamed fields: @@ -316,9 +315,10 @@ New fields: We allow creating and managing `PUBLIC` schemas now. When the name of the schema is `PUBLIC`, it's created with `OR_REPLACE`. Please be careful with this operation, because you may experience data loss. `OR_REPLACE` does `DROP` before `CREATE`, so all objects in the schema will be dropped and this is not visible in Terraform plan. To restore data-related objects that might have been accidentally or intentionally deleted, pleas read about [Time Travel](https://docs.snowflake.com/en/user-guide/data-time-travel). The alternative is to import `PUBLIC` schema manually and then manage it with Terraform. We've decided this based on [#2826](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2826). #### *(behavior change)* Boolean type changes -To easily handle three-value logic (true, false, unknown) in provider's configs, type of `is_transient` and `with_managed_access` was changed from boolean to string. This should not require updating existing configs (boolean value should be accepted and state will be migrated to string automatically), however we recommend changing config values to strings. +To easily handle three-value logic (true, false, unknown) in provider's configs, type of `is_transient` and `with_managed_access` was changed from boolean to string. Terraform should recreate resources for configs lacking `is_transient` (`DROP` and then `CREATE` will be run underneath). To prevent this behavior, please set `is_transient` field. +For more details about default values, please refer to the [changes before v1](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/v1-preparations/CHANGES_BEFORE_V1.md#default-values) document. Terraform should perform an action for configs lacking `with_managed_access` (`ALTER SCHEMA DISABLE MANAGED ACCESS` will be run underneath which should not affect the Snowflake object, because `MANAGED ACCESS` is not set by default) ### *(breaking change)* refactored snowflake_schemas datasource diff --git a/docs/resources/grant_privileges_to_account_role.md b/docs/resources/grant_privileges_to_account_role.md index 3ed5f058f1..a96306852a 100644 --- a/docs/resources/grant_privileges_to_account_role.md +++ b/docs/resources/grant_privileges_to_account_role.md @@ -307,14 +307,14 @@ Optional: - `all` (Block List, Max: 1) Configures the privilege to be granted on all objects in either a database or schema. (see [below for nested schema](#nestedblock--on_schema_object--all)) - `future` (Block List, Max: 1) Configures the privilege to be granted on future objects in either a database or schema. (see [below for nested schema](#nestedblock--on_schema_object--future)) - `object_name` (String) The fully qualified name of the object on which privileges will be granted. -- `object_type` (String) The object type of the schema object on which privileges will be granted. Valid values are: AGGREGATION POLICY | ALERT | AUTHENTICATION POLICY | CORTEX SEARCH SERVICE | DATA METRIC FUNCTION | DYNAMIC TABLE | EVENT TABLE | EXTERNAL TABLE | FILE FORMAT | FUNCTION | GIT REPOSITORY | HYBRID TABLE | IMAGE REPOSITORY | ICEBERG TABLE | MASKING POLICY | MATERIALIZED VIEW | MODEL | NETWORK RULE | NOTEBOOK | PACKAGES POLICY | PASSWORD POLICY | PIPE | PROCEDURE | PROJECTION POLICY | ROW ACCESS POLICY | SECRET | SERVICE | SESSION POLICY | SEQUENCE | SNAPSHOT | STAGE | STREAM | TABLE | TAG | TASK | VIEW | STREAMLIT +- `object_type` (String) The object type of the schema object on which privileges will be granted. Valid values are: AGGREGATION POLICY | ALERT | AUTHENTICATION POLICY | CORTEX SEARCH SERVICE | DATA METRIC FUNCTION | DYNAMIC TABLE | EVENT TABLE | EXTERNAL TABLE | FILE FORMAT | FUNCTION | GIT REPOSITORY | HYBRID TABLE | IMAGE REPOSITORY | ICEBERG TABLE | MASKING POLICY | MATERIALIZED VIEW | MODEL | NETWORK RULE | NOTEBOOK | PACKAGES POLICY | PASSWORD POLICY | PIPE | PROCEDURE | PROJECTION POLICY | ROW ACCESS POLICY | SECRET | SERVICE | SESSION POLICY | SEQUENCE | SNAPSHOT | STAGE | STREAM | TABLE | TAG | TASK | VIEW | STREAMLIT | DATASET ### Nested Schema for `on_schema_object.all` Required: -- `object_type_plural` (String) The plural object type of the schema object on which privileges will be granted. Valid values are: AGGREGATION POLICIES | ALERTS | AUTHENTICATION POLICIES | CORTEX SEARCH SERVICES | DATA METRIC FUNCTIONS | DYNAMIC TABLES | EVENT TABLES | EXTERNAL TABLES | FILE FORMATS | FUNCTIONS | GIT REPOSITORIES | HYBRID TABLES | IMAGE REPOSITORIES | ICEBERG TABLES | MASKING POLICIES | MATERIALIZED VIEWS | MODELS | NETWORK RULES | NOTEBOOKS | PACKAGES POLICIES | PASSWORD POLICIES | PIPES | PROCEDURES | PROJECTION POLICIES | ROW ACCESS POLICIES | SECRETS | SERVICES | SESSION POLICIES | SEQUENCES | SNAPSHOTS | STAGES | STREAMS | TABLES | TAGS | TASKS | VIEWS | STREAMLITS. +- `object_type_plural` (String) The plural object type of the schema object on which privileges will be granted. Valid values are: AGGREGATION POLICIES | ALERTS | AUTHENTICATION POLICIES | CORTEX SEARCH SERVICES | DATA METRIC FUNCTIONS | DYNAMIC TABLES | EVENT TABLES | EXTERNAL TABLES | FILE FORMATS | FUNCTIONS | GIT REPOSITORIES | HYBRID TABLES | IMAGE REPOSITORIES | ICEBERG TABLES | MASKING POLICIES | MATERIALIZED VIEWS | MODELS | NETWORK RULES | NOTEBOOKS | PACKAGES POLICIES | PASSWORD POLICIES | PIPES | PROCEDURES | PROJECTION POLICIES | ROW ACCESS POLICIES | SECRETS | SERVICES | SESSION POLICIES | SEQUENCES | SNAPSHOTS | STAGES | STREAMS | TABLES | TAGS | TASKS | VIEWS | STREAMLITS | DATASETS. Optional: @@ -327,7 +327,7 @@ Optional: Required: -- `object_type_plural` (String) The plural object type of the schema object on which privileges will be granted. Valid values are: ALERTS | AUTHENTICATION POLICIES | DATA METRIC FUNCTIONS | DYNAMIC TABLES | EVENT TABLES | EXTERNAL TABLES | FILE FORMATS | FUNCTIONS | GIT REPOSITORIES | HYBRID TABLES | ICEBERG TABLES | MATERIALIZED VIEWS | MODELS | NETWORK RULES | NOTEBOOKS | PASSWORD POLICIES | PIPES | PROCEDURES | SECRETS | SERVICES | SEQUENCES | SNAPSHOTS | STAGES | STREAMS | TABLES | TASKS | VIEWS. +- `object_type_plural` (String) The plural object type of the schema object on which privileges will be granted. Valid values are: ALERTS | AUTHENTICATION POLICIES | DATA METRIC FUNCTIONS | DYNAMIC TABLES | EVENT TABLES | EXTERNAL TABLES | FILE FORMATS | FUNCTIONS | GIT REPOSITORIES | HYBRID TABLES | ICEBERG TABLES | MATERIALIZED VIEWS | MODELS | NETWORK RULES | NOTEBOOKS | PASSWORD POLICIES | PIPES | PROCEDURES | SECRETS | SERVICES | SEQUENCES | SNAPSHOTS | STAGES | STREAMS | TABLES | TASKS | VIEWS | DATASETS. Optional: diff --git a/docs/resources/grant_privileges_to_database_role.md b/docs/resources/grant_privileges_to_database_role.md index acf4a0caa9..f8011813ac 100644 --- a/docs/resources/grant_privileges_to_database_role.md +++ b/docs/resources/grant_privileges_to_database_role.md @@ -215,14 +215,14 @@ Optional: - `all` (Block List, Max: 1) Configures the privilege to be granted on all objects in either a database or schema. (see [below for nested schema](#nestedblock--on_schema_object--all)) - `future` (Block List, Max: 1) Configures the privilege to be granted on future objects in either a database or schema. (see [below for nested schema](#nestedblock--on_schema_object--future)) - `object_name` (String) The fully qualified name of the object on which privileges will be granted. -- `object_type` (String) The object type of the schema object on which privileges will be granted. Valid values are: AGGREGATION POLICY | ALERT | AUTHENTICATION POLICY | CORTEX SEARCH SERVICE | DATA METRIC FUNCTION | DYNAMIC TABLE | EVENT TABLE | EXTERNAL TABLE | FILE FORMAT | FUNCTION | GIT REPOSITORY | HYBRID TABLE | IMAGE REPOSITORY | ICEBERG TABLE | MASKING POLICY | MATERIALIZED VIEW | MODEL | NETWORK RULE | NOTEBOOK | PACKAGES POLICY | PASSWORD POLICY | PIPE | PROCEDURE | PROJECTION POLICY | ROW ACCESS POLICY | SECRET | SERVICE | SESSION POLICY | SEQUENCE | SNAPSHOT | STAGE | STREAM | TABLE | TAG | TASK | VIEW | STREAMLIT +- `object_type` (String) The object type of the schema object on which privileges will be granted. Valid values are: AGGREGATION POLICY | ALERT | AUTHENTICATION POLICY | CORTEX SEARCH SERVICE | DATA METRIC FUNCTION | DYNAMIC TABLE | EVENT TABLE | EXTERNAL TABLE | FILE FORMAT | FUNCTION | GIT REPOSITORY | HYBRID TABLE | IMAGE REPOSITORY | ICEBERG TABLE | MASKING POLICY | MATERIALIZED VIEW | MODEL | NETWORK RULE | NOTEBOOK | PACKAGES POLICY | PASSWORD POLICY | PIPE | PROCEDURE | PROJECTION POLICY | ROW ACCESS POLICY | SECRET | SERVICE | SESSION POLICY | SEQUENCE | SNAPSHOT | STAGE | STREAM | TABLE | TAG | TASK | VIEW | STREAMLIT | DATASET ### Nested Schema for `on_schema_object.all` Required: -- `object_type_plural` (String) The plural object type of the schema object on which privileges will be granted. Valid values are: AGGREGATION POLICIES | ALERTS | AUTHENTICATION POLICIES | CORTEX SEARCH SERVICES | DATA METRIC FUNCTIONS | DYNAMIC TABLES | EVENT TABLES | EXTERNAL TABLES | FILE FORMATS | FUNCTIONS | GIT REPOSITORIES | HYBRID TABLES | IMAGE REPOSITORIES | ICEBERG TABLES | MASKING POLICIES | MATERIALIZED VIEWS | MODELS | NETWORK RULES | NOTEBOOKS | PACKAGES POLICIES | PASSWORD POLICIES | PIPES | PROCEDURES | PROJECTION POLICIES | ROW ACCESS POLICIES | SECRETS | SERVICES | SESSION POLICIES | SEQUENCES | SNAPSHOTS | STAGES | STREAMS | TABLES | TAGS | TASKS | VIEWS | STREAMLITS. +- `object_type_plural` (String) The plural object type of the schema object on which privileges will be granted. Valid values are: AGGREGATION POLICIES | ALERTS | AUTHENTICATION POLICIES | CORTEX SEARCH SERVICES | DATA METRIC FUNCTIONS | DYNAMIC TABLES | EVENT TABLES | EXTERNAL TABLES | FILE FORMATS | FUNCTIONS | GIT REPOSITORIES | HYBRID TABLES | IMAGE REPOSITORIES | ICEBERG TABLES | MASKING POLICIES | MATERIALIZED VIEWS | MODELS | NETWORK RULES | NOTEBOOKS | PACKAGES POLICIES | PASSWORD POLICIES | PIPES | PROCEDURES | PROJECTION POLICIES | ROW ACCESS POLICIES | SECRETS | SERVICES | SESSION POLICIES | SEQUENCES | SNAPSHOTS | STAGES | STREAMS | TABLES | TAGS | TASKS | VIEWS | STREAMLITS | DATASETS. Optional: @@ -235,7 +235,7 @@ Optional: Required: -- `object_type_plural` (String) The plural object type of the schema object on which privileges will be granted. Valid values are: ALERTS | AUTHENTICATION POLICIES | DATA METRIC FUNCTIONS | DYNAMIC TABLES | EVENT TABLES | EXTERNAL TABLES | FILE FORMATS | FUNCTIONS | GIT REPOSITORIES | HYBRID TABLES | ICEBERG TABLES | MATERIALIZED VIEWS | MODELS | NETWORK RULES | NOTEBOOKS | PASSWORD POLICIES | PIPES | PROCEDURES | SECRETS | SERVICES | SEQUENCES | SNAPSHOTS | STAGES | STREAMS | TABLES | TASKS | VIEWS. +- `object_type_plural` (String) The plural object type of the schema object on which privileges will be granted. Valid values are: ALERTS | AUTHENTICATION POLICIES | DATA METRIC FUNCTIONS | DYNAMIC TABLES | EVENT TABLES | EXTERNAL TABLES | FILE FORMATS | FUNCTIONS | GIT REPOSITORIES | HYBRID TABLES | ICEBERG TABLES | MATERIALIZED VIEWS | MODELS | NETWORK RULES | NOTEBOOKS | PASSWORD POLICIES | PIPES | PROCEDURES | SECRETS | SERVICES | SEQUENCES | SNAPSHOTS | STAGES | STREAMS | TABLES | TASKS | VIEWS | DATASETS. Optional: diff --git a/pkg/resources/account_parameter_acceptance_test.go b/pkg/resources/account_parameter_acceptance_test.go index 95d9322d65..8b269e8983 100644 --- a/pkg/resources/account_parameter_acceptance_test.go +++ b/pkg/resources/account_parameter_acceptance_test.go @@ -107,3 +107,30 @@ func TestAcc_AccountParameter_Issue2573(t *testing.T) { }, }) } + +func TestAcc_AccountParameter_Issue3025(t *testing.T) { + t.Skipf("The cleanup for parameter is currently incorrect and this test messes with other ones. Skipping until SNOW-1528546 is resolved.") + resource.Test(t, resource.TestCase{ + ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories, + PreCheck: func() { acc.TestAccPreCheck(t) }, + TerraformVersionChecks: []tfversion.TerraformVersionCheck{ + tfversion.RequireAbove(tfversion.Version1_5_0), + }, + CheckDestroy: nil, + Steps: []resource.TestStep{ + { + Config: accountParameterBasic("OAUTH_ADD_PRIVILEGED_ROLES_TO_BLOCKED_LIST", "true"), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("snowflake_account_parameter.p", "key", "OAUTH_ADD_PRIVILEGED_ROLES_TO_BLOCKED_LIST"), + resource.TestCheckResourceAttr("snowflake_account_parameter.p", "value", "true"), + ), + }, + { + ResourceName: "snowflake_account_parameter.p", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{}, + }, + }, + }) +} diff --git a/pkg/resources/grant_privileges_to_account_role_acceptance_test.go b/pkg/resources/grant_privileges_to_account_role_acceptance_test.go index eeb05eb77e..66dc2efd39 100644 --- a/pkg/resources/grant_privileges_to_account_role_acceptance_test.go +++ b/pkg/resources/grant_privileges_to_account_role_acceptance_test.go @@ -1820,3 +1820,57 @@ func TestAcc_GrantPrivilegesToAccountRole_IdentifierQuotingDiffSuppression(t *te }, }) } + +// proves https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2807 +func TestAcc_GrantPrivilegesToAccountRole_OnDataset_issue2807(t *testing.T) { + roleId := acc.TestClient().Ids.RandomAccountObjectIdentifier() + roleFullyQualifiedName := roleId.FullyQualifiedName() + databaseName := acc.TestClient().Ids.DatabaseId().FullyQualifiedName() + configVariables := config.Variables{ + "name": config.StringVariable(roleFullyQualifiedName), + "privileges": config.ListVariable( + config.StringVariable(string(sdk.SchemaObjectPrivilegeUsage)), + ), + "database": config.StringVariable(databaseName), + "object_type_plural": config.StringVariable(sdk.PluralObjectTypeDatasets.String()), + "with_grant_option": config.BoolVariable(false), + } + resourceName := "snowflake_grant_privileges_to_account_role.test" + + resource.Test(t, resource.TestCase{ + ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories, + PreCheck: func() { acc.TestAccPreCheck(t) }, + TerraformVersionChecks: []tfversion.TerraformVersionCheck{ + tfversion.RequireAbove(tfversion.Version1_5_0), + }, + CheckDestroy: acc.CheckAccountRolePrivilegesRevoked(t), + Steps: []resource.TestStep{ + { + PreConfig: func() { + _, roleCleanup := acc.TestClient().Role.CreateRoleWithIdentifier(t, roleId) + t.Cleanup(roleCleanup) + }, + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToAccountRole/OnSchemaObject_OnFuture_InDatabase"), + ConfigVariables: configVariables, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(resourceName, "account_role_name", roleFullyQualifiedName), + resource.TestCheckResourceAttr(resourceName, "privileges.#", "1"), + resource.TestCheckResourceAttr(resourceName, "privileges.0", string(sdk.SchemaObjectPrivilegeUsage)), + resource.TestCheckResourceAttr(resourceName, "on_schema_object.#", "1"), + resource.TestCheckResourceAttr(resourceName, "on_schema_object.0.future.#", "1"), + resource.TestCheckResourceAttr(resourceName, "on_schema_object.0.future.0.object_type_plural", string(sdk.PluralObjectTypeDatasets)), + resource.TestCheckResourceAttr(resourceName, "on_schema_object.0.future.0.in_database", databaseName), + resource.TestCheckResourceAttr(resourceName, "with_grant_option", "false"), + resource.TestCheckResourceAttr(resourceName, "id", fmt.Sprintf("%s|false|false|USAGE|OnSchemaObject|OnFuture|DATASETS|InDatabase|%s", roleFullyQualifiedName, databaseName)), + ), + }, + { + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_GrantPrivilegesToAccountRole/OnSchemaObject_OnFuture_InDatabase"), + ConfigVariables: configVariables, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} diff --git a/pkg/sdk/accounts.go b/pkg/sdk/accounts.go index 9f08ad838e..ee2b0661e7 100644 --- a/pkg/sdk/accounts.go +++ b/pkg/sdk/accounts.go @@ -262,7 +262,7 @@ func (c *accounts) Alter(ctx context.Context, opts *AlterAccountOptions) error { // ShowAccountOptions is based on https://docs.snowflake.com/en/sql-reference/sql/show-organisation-accounts. type ShowAccountOptions struct { show bool `ddl:"static" sql:"SHOW"` - accounts bool `ddl:"static" sql:"ORGANIZATION ACCOUNTS"` + accounts bool `ddl:"static" sql:"ACCOUNTS"` Like *Like `ddl:"keyword" sql:"LIKE"` } diff --git a/pkg/sdk/accounts_test.go b/pkg/sdk/accounts_test.go index 7c6379351f..22841843dc 100644 --- a/pkg/sdk/accounts_test.go +++ b/pkg/sdk/accounts_test.go @@ -196,7 +196,7 @@ func TestAccountAlter(t *testing.T) { func TestAccountShow(t *testing.T) { t.Run("empty options", func(t *testing.T) { opts := &ShowAccountOptions{} - assertOptsValidAndSQLEquals(t, opts, `SHOW ORGANIZATION ACCOUNTS`) + assertOptsValidAndSQLEquals(t, opts, `SHOW ACCOUNTS`) }) t.Run("with like", func(t *testing.T) { @@ -205,6 +205,6 @@ func TestAccountShow(t *testing.T) { Pattern: String("myaccount"), }, } - assertOptsValidAndSQLEquals(t, opts, `SHOW ORGANIZATION ACCOUNTS LIKE 'myaccount'`) + assertOptsValidAndSQLEquals(t, opts, `SHOW ACCOUNTS LIKE 'myaccount'`) }) } diff --git a/pkg/sdk/grants_validations.go b/pkg/sdk/grants_validations.go index cb1d20a617..2d1727ee85 100644 --- a/pkg/sdk/grants_validations.go +++ b/pkg/sdk/grants_validations.go @@ -103,6 +103,7 @@ var validGrantToObjectTypes = []ObjectType{ ObjectTypeTask, ObjectTypeView, ObjectTypeStreamlit, // added because of https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2656 + ObjectTypeDataset, // added because of https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2807 } // based on https://docs.snowflake.com/en/sql-reference/sql/grant-privilege#restrictions-and-limitations diff --git a/pkg/sdk/object_types.go b/pkg/sdk/object_types.go index d54b3337fd..a5b17fa9c9 100644 --- a/pkg/sdk/object_types.go +++ b/pkg/sdk/object_types.go @@ -19,6 +19,7 @@ const ( ObjectTypeManagedAccount ObjectType = "MANAGED ACCOUNT" ObjectTypeUser ObjectType = "USER" ObjectTypeDatabaseRole ObjectType = "DATABASE ROLE" + ObjectTypeDataset ObjectType = "DATASET" ObjectTypeRole ObjectType = "ROLE" ObjectTypeIntegration ObjectType = "INTEGRATION" ObjectTypeNetworkPolicy ObjectType = "NETWORK POLICY" @@ -91,6 +92,7 @@ func objectTypeSingularToPluralMap() map[ObjectType]PluralObjectType { ObjectTypeManagedAccount: PluralObjectTypeManagedAccounts, ObjectTypeUser: PluralObjectTypeUsers, ObjectTypeDatabaseRole: PluralObjectTypeDatabaseRoles, + ObjectTypeDataset: PluralObjectTypeDatasets, ObjectTypeRole: PluralObjectTypeRoles, ObjectTypeIntegration: PluralObjectTypeIntegrations, ObjectTypeNetworkPolicy: PluralObjectTypeNetworkPolicies, @@ -198,6 +200,7 @@ const ( PluralObjectTypeManagedAccounts PluralObjectType = "MANAGED ACCOUNTS" PluralObjectTypeUsers PluralObjectType = "USERS" PluralObjectTypeDatabaseRoles PluralObjectType = "DATABASE ROLES" + PluralObjectTypeDatasets PluralObjectType = "DATASETS" PluralObjectTypeRoles PluralObjectType = "ROLES" PluralObjectTypeIntegrations PluralObjectType = "INTEGRATIONS" PluralObjectTypeNetworkPolicies PluralObjectType = "NETWORK POLICIES" diff --git a/pkg/sdk/parameters.go b/pkg/sdk/parameters.go index 53a2a2bed4..877c91cc09 100644 --- a/pkg/sdk/parameters.go +++ b/pkg/sdk/parameters.go @@ -117,6 +117,12 @@ func (parameters *parameters) SetAccountParameter(ctx context.Context, parameter opts.Set.Parameters.AccountParameters.MinDataRetentionTimeInDays = Pointer(v) case AccountParameterNetworkPolicy: opts.Set.Parameters.AccountParameters.NetworkPolicy = &value + case AccountParameterOAuthAddPrivilegedRolesToBlockedList: + b, err := parseBooleanParameter(string(parameter), value) + if err != nil { + return err + } + opts.Set.Parameters.AccountParameters.OAuthAddPrivilegedRolesToBlockedList = b case AccountParameterPeriodicDataRekeying: b, err := parseBooleanParameter(string(parameter), value) if err != nil { @@ -713,6 +719,7 @@ type AccountParameters struct { InitialReplicationSizeLimitInTB *float64 `ddl:"parameter" sql:"INITIAL_REPLICATION_SIZE_LIMIT_IN_TB"` MinDataRetentionTimeInDays *int `ddl:"parameter" sql:"MIN_DATA_RETENTION_TIME_IN_DAYS"` NetworkPolicy *string `ddl:"parameter,single_quotes" sql:"NETWORK_POLICY"` + OAuthAddPrivilegedRolesToBlockedList *bool `ddl:"parameter" sql:"OAUTH_ADD_PRIVILEGED_ROLES_TO_BLOCKED_LIST"` PeriodicDataRekeying *bool `ddl:"parameter" sql:"PERIODIC_DATA_REKEYING"` PreventLoadFromInlineURL *bool `ddl:"parameter" sql:"PREVENT_LOAD_FROM_INLINE_URL"` PreventUnloadToInlineURL *bool `ddl:"parameter" sql:"PREVENT_UNLOAD_TO_INLINE_URL"` diff --git a/v1-preparations/CHANGES_BEFORE_V1.md b/v1-preparations/CHANGES_BEFORE_V1.md index a4ba18a9e2..b42c021e3a 100644 --- a/v1-preparations/CHANGES_BEFORE_V1.md +++ b/v1-preparations/CHANGES_BEFORE_V1.md @@ -15,6 +15,11 @@ create a resource with slightly different configuration in Snowflake (depending current account configuration, and most-likely other factors). That is why we recommend setting optional fields where you want to ensure that the specified value has been set on the Snowflake side. +Additionally, resources created before this change may experience force replacement plans on boolean fields +after upgrading to the new version of the resource. That's because those fields now have different type and default value. +The only way to prevent this behavior is to set this value in configuration to the value that was previously in state. +Refer to [this issue](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/3015) for more details. + ## Validations This point connects with the one on about the [default values](#default-values). First of all, we want to reduce the coupling between Snowflake and the provider. Secondly, some of the value limits are soft (consult issues [#2948](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2948) and [#1919](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1919)) which makes it difficult to align provider validations with the custom setups. Lastly, some values depend on the Snowflake edition used.