terraform-provider-snowflake
terraform-provider-snowflake copied to clipboard
Snowflake-Labs
External table documentation conflicts itself on schema requirement
Provider Version
chanzuckerberg/snowflake v0.33.1
Terraform Version
Terraform v1.1.9
Describe the bug
I copied the code I have to creating future schema grants for tables to do the same for external tables. However, I get this error message:
│ on main.tf line 115, in resource "snowflake_external_table_grant" "read_only": │ 115: resource "snowflake_external_table_grant" "read_only" { │ │ The argument "schema_name" is required, but no definition was found.
Careful review of the documentation shows that schema is marked required for external table grant:
schema_name (String) The name of the schema containing the current or future external tables on which to grant privileges.
However, later in the same documentation, it has this text (identical to the the table grant document):
on_future (Boolean) When this is set to true and a schema_name is provided, apply this grant on all future external tables in the given schema. When this is true and no schema_name is provided apply this grant on all future external tables in the given database. The external_table_name and shares fields must be unset in order to use on_future.
Expected behavior
The documentation should be consistent. This documentation was clearly copied and pasted, then the behavior was changed. However, the documentation was not completely updated, leading to a confusing and misleading document.
Code samples and commands
https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/table_grant
Grants user defined read only privileges to the role on the future tables
resource "snowflake_table_grant" "read_only" { provider = snowflake.securityadmin enable_multiple_grants = true for_each = toset(var.read_only_privileges["table"])
database_name = var.database privilege = each.key on_future = true roles = [var.read_only_access_role_name] }
https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/external_table_grant
Grants user defined read only privileges to the role on the future external tables
resource "snowflake_external_table_grant" "read_only" { provider = snowflake.securityadmin enable_multiple_grants = true for_each = toset(var.read_only_privileges["external_table"])
database_name = var.database privilege = each.key on_future = true roles = [var.read_only_access_role_name] }
Additional context
It would be nice if the schema was not required. It would be preferable to be able to grant this permission when the database is created in advance of knowledge of what the future schemas might be.
Same with function_grant. The documentation says schema_name is optional when on_future is set to true. But the following error is thrown
Error: Missing required argument
│
│ on future_database_grants.tf line 4, in resource "snowflake_function_grant" "dna_dev_function_usage_future":
│ 4: resource snowflake_function_grant "dna_dev_function_usage_future" {
│
│ The argument "schema_name" is required, but no definition was found.
