terraform-provider-snowflake icon indicating copy to clipboard operation
terraform-provider-snowflake copied to clipboard

Published 20 hours ago verified publisher icon Snowflake-Labs

Failed to apply tags to account-level objects

Open falconives opened this issue 3 years ago • 2 comments

Provider Version v0.25.28

Terraform Version v1.0.4

Describe the bug I wanted to create and apply tags to warehouses/databases/role etc through terraform. But tags are only shown in schema-level objects (e.g. table, etc.) but not in account-level objects (e.g. warehouses, databases, roles etc.

Expected behavior WITH_TAG cluster should shown in actual CREATE queries.

Code Sample

resource "snowflake_role" "role" {
  name = "TF_GENERIC_TEST_ROLE"
  tag {
    name     = snowflake_tag.classification.name
    database = snowflake_tag.classification.database
    schema   = snowflake_tag.classification.schema
    value    = "sensitive"
  }

  tag {
    name     = snowflake_tag.department.name
    database = snowflake_tag.department.database
    schema   = snowflake_tag.department.schema
    value    = "marketing"
  }
}

resource "snowflake_warehouse" "wh" {
  name = "TF_GENERIC_TEST_WH"
  tag {
    name     = snowflake_tag.classification.name
    database = snowflake_tag.classification.database
    schema   = snowflake_tag.classification.schema
    value    = "sensitive"
  }

  tag {
    name     = snowflake_tag.department.name
    database = snowflake_tag.department.database
    schema   = snowflake_tag.department.schema
    value    = "marketing"
  }
}

resource "snowflake_database" "db" {
  name = "TF_GENERIC_TEST_DB"
  tag {
    name     = snowflake_tag.classification.name
    database = snowflake_tag.classification.database
    schema   = snowflake_tag.classification.schema
    value    = "sensitive"
  }

  tag {
    name     = snowflake_tag.department.name
    database = snowflake_tag.department.database
    schema   = snowflake_tag.department.schema
    value    = "marketing"
  }
}

resource "snowflake_table" "test_table" {
  schema     = "PUBLIC"
  database   = "TF_GENERIC_TEST_DB"
  name       = "EXAMPLE_TABLE"
  depends_on = [snowflake_database.db]

  column {
    name = "column1"
    type = "VARCHAR(16)"
  }

  tag {
    name     = snowflake_tag.classification.name
    database = snowflake_tag.classification.database
    schema   = snowflake_tag.classification.schema
    value    = "sensitive"
  }

  tag {
    name     = snowflake_tag.department.name
    database = snowflake_tag.department.database
    schema   = snowflake_tag.department.schema
    value    = "marketing"
  }
}

Commands and Results Run terraform plan and terraform apply showing all successful with tags. For example:

resource "snowflake_warehouse" "wh" {
  name = "TF_GENERIC_TEST_WH"
  tag {
    name     = snowflake_tag.classification.name
      + warehouse_size                      = (known after apply)

      + tag {
          + database = "UTIL_DB"
          + name     = "CLASSIFICATION"
          + schema   = "PUBLIC"
          + value    = "sensitive"
        }
      + tag {
          + database = "UTIL_DB"
          + name     = "DEPARTMENT"
          + schema   = "PUBLIC"
          + value    = "marketing"
        }
    }

Additional Context I checked query history through Snowflake web console, the queries are:

CREATE ROLE "TF_GENERIC_TEST_ROLE"
CREATE DATABASE "TF_GENERIC_TEST_DB"
CREATE WAREHOUSE "TF_GENERIC_TEST_WH" MAX_CONCURRENCY_LEVEL=8 STATEMENT_TIMEOUT_IN_SECONDS=172800
CREATE TABLE "TF_GENERIC_TEST_DB"."PUBLIC"."EXAMPLE_TABLE" ("column1" VARCHAR(16) COMMENT '') DATA_RETENTION_TIME_IN_DAYS = 1 CHANGE_TRACKING = false WITH TAG ("UTIL_DB"."PUBLIC"."CLASSIFICATION" = "sensitive", "UTIL_DB"."PUBLIC"."DEPARTMENT" = "marketing")

falconives avatar Dec 08 '21 13:12 falconives

I can take a look at this shortly, looks like the sql generation on some of these resources isn't wired up for tags.

tampajohn avatar Dec 16 '21 15:12 tampajohn

@tampajohn Has this been looked at as it seems like it's has not been solved yet having virtually the same symptoms of not seeing the tags applied and not seeing in the query history. Is there some workaround to have tags applied via this provider specifically on warehouse level or not?

Gizzy1990 avatar May 19 '22 05:05 Gizzy1990

@falconives the tags blocks on resources has been deprecated in newer versions of the provider, and will be removed entirely in a future major release. There were a lot of issues with the tags block, one of which you have described here. Currently it is recommended to use the snowflake_tag_association block. Example use case for warehouse:

resource "snowflake_warehouse" "test_wh" {
  name           = "TEST_WH"
  warehouse_size = "XSMALL"
}

resource "snowflake_tag" "t" {
  name = "tag1"
  database = snowflake_database.db.name
  schema = snowflake_schema.s.name
}

resource "snowflake_tag_association" "ta" {
  tag_id = snowflake_tag.t.id
  tag_value ="value1"
  object_type = "WAREHOUSE"
  object_identifier {
    name = snowflake_warehouse.test_wh.name
  }
}

sfc-gh-swinkler avatar Mar 14 '23 18:03 sfc-gh-swinkler

Thank you Scott for resolving this issue! Much appreciated!

falconives avatar Mar 14 '23 18:03 falconives