terraform-provider-snowflake icon indicating copy to clipboard operation
terraform-provider-snowflake copied to clipboard

Published 20 hours ago verified publisher icon Snowflake-Labs

While upgrading terraform-snowflake provider from 0.80.0 to 0.87.0, the snowflake function grant fails

Open GomathiMa opened this issue 1 year ago • 2 comments

Terraform CLI and Provider Versions

Terraform Version: 1.5.4 and snowflake provider version : 0.87.0

Terraform Configuration

resource "snowflake_grant_privileges_to_account_role" “xx_grant” {
  privileges        = ["USAGE"]
  account_role_name = “xx_role”
  on_schema_object {
    object_type = "FUNCTION"
    object_name = "\"${snowflake_database.xx_db.name}\”.\”XX_SCHEMA\”.\”XX_FUNCTION\”(OBJECT)"
  }
  depends_on = [xx_function]
}

Expected Behavior

Grants to be successful

Actual Behavior

│ Error: Unable to parse the identifier

│ Unable to parse the identifier:

│ "XX_DB”.”XX_SCHEMA.”XX”_FUNCTION(OBJECT). Make sure

│ you are using the correct form of the fully qualified name for this field:

│ <database_name>.<schema_name>..

│ Original Error: unable to read identifier:

│ "XX_DB”.”XX”_SCHEMA.”XX”_FUNCTION(OBJECT), err =

│ parse error on line 1, column 56: extraneous or missing " in quoted-field

Steps to Reproduce

  1. terraform apply

How much impact is this issue causing?

High

Logs

No response

Additional Information

Request to provide an example of how the snowflake function grant script should be while using the provider 0.87.0

GomathiMa avatar Apr 12 '24 15:04 GomathiMa

Hey, This is related to the way identifiers for functions and procedures are represented. For now, it's possible to grant on function, but it's not possible to quote the function name (otherwise the internal identifier parser fails). See the below example:

resource "snowflake_function" "test" {
  name            = "test_function_name"
  schema          = snowflake_schema.test.name
  database        = snowflake_database.test.name
  language        = "python"
  runtime_version = "3.8"
  return_type     = "NUMBER(38,0)"
  statement       = "def add_two(i): return i + 2"
  handler         = "add_two"
  arguments {
    name = "i"
    type = "number"
  }
}

resource "snowflake_grant_privileges_to_account_role" "test" {
  account_role_name = "TEST_ROLE"
  privileges = [ "USAGE" ]
  on_schema_object {
    object_type = "FUNCTION"
    object_name = "\"${snowflake_database.test.name}\".\"${snowflake_schema.test.name}\".${snowflake_function.test.name}(number)" # here
  }
}

Notice snowflake_function doesn't have quotes, thus it always has to be upper-case and lower-case functions won't work for now (because we would need quotes for that, without quotes Snowflake automatically makes an identifier upper-case). Treat it as a workaround for now, we'll be working on it during identifiers rework.

sfc-gh-jcieslak avatar Apr 15 '24 05:04 sfc-gh-jcieslak

Thanks for coming back to us @sfc-gh-jcieslak

I am looking forward to an approach for function IDs being solved long term by the work you mentioned.

alexander-williamson avatar Apr 15 '24 11:04 alexander-williamson

Hi @GomathiMa @alexander-williamson 👋 The fix for this issue was released in a new provider version (v0.95.0). Please upgrade using the migration guide.

sfc-gh-jmichalak avatar Sep 09 '24 12:09 sfc-gh-jmichalak

Great! Thank for your hard work!

alexander-williamson avatar Sep 09 '24 14:09 alexander-williamson

Thanks @sfc-gh-jcieslak for getting this issue resolved!

GomathiMa avatar Sep 24 '24 13:09 GomathiMa