Closed matheus-fractal-river closed 5 days ago
Encountered same error when using on_schema
resource "snowflake_grant_privileges_to_role" "demo_schema" {
privileges = ["USAGE", "CREATE TABLE", "CREATE STAGE", "CREATE PIPE"]
role_name = snowflake_role.demo_connector_role.name
on_schema {
schema_name = snowflake_schema.demo_schema.name
}
}
Error log:
snowflake_grant_privileges_to_role.demo_schema: Creating...
╷
│ Error: Plugin did not respond
│
│ with snowflake_resource_monitor.demo,
│ on demo.tf line 7, in resource "snowflake_resource_monitor" "demo":
│ 7: resource "snowflake_resource_monitor" "demo" {
│
│ The plugin encountered an error, and failed to respond to the plugin.(*GRPCProvider).PlanResourceChange call. The plugin logs may contain more details.
╵
╷
│ Error: Plugin did not respond
│
│ with snowflake_grant_privileges_to_role.demo_schema,
│ on demo.tf line 57, in resource "snowflake_grant_privileges_to_role" "demo_schema":
│ 57: resource "snowflake_grant_privileges_to_role" "demo_schema" {
│
│ The plugin encountered an error, and failed to respond to the plugin.(*GRPCProvider).ApplyResourceChange call. The plugin logs may contain more details.
╵
Releasing state lock. This may take a few moments...
Stack trace from the terraform-provider-snowflake_v0.72.0 plugin:
panic: runtime error: index out of range [1] with length 1
goroutine 43 [running]:
github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk.NewDatabaseObjectIdentifierFromFullyQualifiedName({0x140008e5b30?, 0x14000ee4060?})
github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk/identifier_helpers.go:159 +0xb8
github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/resources.configureAccountRoleGrantPrivilegeOptions(0x14000e9fc20?, {0x14000ebac80, 0x4, 0x4}, 0x60?, 0x14000e86dd8)
github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/resources/grant_privileges_to_role.go:715 +0x730
github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/resources.CreateGrantPrivilegesToRole(0x0?, {0x1063d2760?, 0x14000a952b0?})
github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/resources/grant_privileges_to_role.go:456 +0x13c
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).create(0x1064108c0?, {0x1064108c0?, 0x14000eb56b0?}, 0xd?, {0x1063d2760?, 0x14000a952b0?})
github.com/hashicorp/terraform-plugin-sdk/v2@v2.29.0/helper/schema/resource.go:766 +0x134
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).Apply(0x140006861c0, {0x1064108c0, 0x14000eb56b0}, 0x14000e95ee0, 0x14000ec2480, {0x1063d2760, 0x14000a952b0})
github.com/hashicorp/terraform-plugin-sdk/v2@v2.29.0/helper/schema/resource.go:909 +0x8a0
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ApplyResourceChange(0x14000b12a20, {0x1064108c0?, 0x14000eb5590?}, 0x14000ea8960)
github.com/hashicorp/terraform-plugin-sdk/v2@v2.29.0/helper/schema/grpc_provider.go:1060 +0xb78
github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server.(*server).ApplyResourceChange(0x140001c8640, {0x1064108c0?, 0x14000eb4ba0?}, 0x14000df2ee0)
github.com/hashicorp/terraform-plugin-go@v0.19.0/tfprotov5/tf5server/server.go:859 +0x3bc
github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ApplyResourceChange_Handler({0x106385ca0?, 0x140001c8640}, {0x1064108c0, 0x14000eb4ba0}, 0x14000df2e70, 0x0)
github.com/hashicorp/terraform-plugin-go@v0.19.0/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:467 +0x170
google.golang.org/grpc.(*Server).processUnaryRPC(0x14000718d20, {0x10641fe20, 0x140004fcb60}, 0x14000eb3320, 0x14000b18e40, 0x106fccc78, 0x0)
google.golang.org/grpc@v1.57.0/server.go:1360 +0xcb4
google.golang.org/grpc.(*Server).handleStream(0x14000718d20, {0x10641fe20, 0x140004fcb60}, 0x14000eb3320, 0x0)
google.golang.org/grpc@v1.57.0/server.go:1737 +0x82c
google.golang.org/grpc.(*Server).serveStreams.func1.1()
google.golang.org/grpc@v1.57.0/server.go:982 +0x84
created by google.golang.org/grpc.(*Server).serveStreams.func1
google.golang.org/grpc@v1.57.0/server.go:980 +0x16c
Error: The terraform-provider-snowflake_v0.72.0 plugin crashed!
This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.
Also on 0.73.0
Happens in 0.76.0 as well:
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# snowflake_grant_privileges_to_role.schema will be created
+ resource "snowflake_grant_privileges_to_role" "schema" {
+ all_privileges = false
+ id = (known after apply)
+ on_account = false
+ privileges = [
+ "CREATE TABLE",
]
+ role_name = "DB_READER"
+ with_grant_option = false
+ on_schema {
+ schema_name = "my_schema"
}
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
snowflake_grant_privileges_to_role.schema: Creating...
╷
│ Error: Request cancelled
│
│ The plugin6.(*GRPCProvider).ApplyResourceChange request was cancelled.
╵
Stack trace from the terraform-provider-snowflake_v0.76.0 plugin:
panic: runtime error: index out of range [1] with length 1
goroutine 57 [running]:
github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk.NewDatabaseObjectIdentifierFromFullyQualifiedName({0x14000792920?, 0x14000e19b90?})
github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk/identifier_helpers.go:159 +0xb8
github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/resources.configureAccountRoleGrantPrivilegeOptions(0x14000a854c0?, {0x14000e15ac0, 0x1, 0x1}, 0x40?, 0x1400076acb8)
github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/resources/grant_privileges_to_role.go:715 +0x730
github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/resources.CreateGrantPrivilegesToRole(0x0?, {0x104435740?, 0x14000954680?})
github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/resources/grant_privileges_to_role.go:456 +0x13c
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).create(0x104477080?, {0x104477080?, 0x14000e0b650?}, 0xd?, {0x104435740?, 0x14000954680?})
github.com/hashicorp/terraform-plugin-sdk/v2@v2.29.0/helper/schema/resource.go:766 +0x134
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).Apply(0x14000b4c700, {0x104477080, 0x14000e0b650}, 0x14000d79450, 0x14000d67600, {0x104435740, 0x14000954680})
github.com/hashicorp/terraform-plugin-sdk/v2@v2.29.0/helper/schema/resource.go:909 +0x8a0
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ApplyResourceChange(0x14000980a20, {0x104477080?, 0x14000e0b470?}, 0x14000d5b9f0)
github.com/hashicorp/terraform-plugin-sdk/v2@v2.29.0/helper/schema/grpc_provider.go:1060 +0xb78
github.com/hashicorp/terraform-plugin-mux/tf5to6server.v5tov6Server.ApplyResourceChange({{0x104493ba0?, 0x14000980a20?}}, {0x104477080, 0x14000e0b470}, 0x0?)
github.com/hashicorp/terraform-plugin-mux@v0.12.0/tf5to6server/tf5to6server.go:37 +0x58
github.com/hashicorp/terraform-plugin-mux/tf6muxserver.(*muxServer).ApplyResourceChange(0x104476fd8?, {0x104477080?, 0x14000e0b140?}, 0x14000d5b9a0)
github.com/hashicorp/terraform-plugin-mux@v0.12.0/tf6muxserver/mux_server_ApplyResourceChange.go:36 +0x188
github.com/hashicorp/terraform-plugin-go/tfprotov6/tf6server.(*server).ApplyResourceChange(0x14000a5e320, {0x104477080?, 0x14000e0a750?}, 0x14000e0e070)
github.com/hashicorp/terraform-plugin-go@v0.19.0/tfprotov6/tf6server/server.go:857 +0x3bc
github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/tfplugin6._Provider_ApplyResourceChange_Handler({0x1043e26e0?, 0x14000a5e320}, {0x104477080, 0x14000e0a750}, 0x14000e0e000, 0x0)
github.com/hashicorp/terraform-plugin-go@v0.19.0/tfprotov6/internal/tfplugin6/tfplugin6_grpc.pb.go:467 +0x170
google.golang.org/grpc.(*Server).processUnaryRPC(0x1400027f2c0, {0x104486900, 0x14000208ea0}, 0x14000d90a20, 0x14000752c60, 0x1050a31d8, 0x0)
google.golang.org/grpc@v1.58.2/server.go:1376 +0xbe0
google.golang.org/grpc.(*Server).handleStream(0x1400027f2c0, {0x104486900, 0x14000208ea0}, 0x14000d90a20, 0x0)
google.golang.org/grpc@v1.58.2/server.go:1753 +0x82c
google.golang.org/grpc.(*Server).serveStreams.func1.1()
google.golang.org/grpc@v1.58.2/server.go:998 +0x84
created by google.golang.org/grpc.(*Server).serveStreams.func1
google.golang.org/grpc@v1.58.2/server.go:996 +0x16c
Error: The terraform-provider-snowflake_v0.76.0 plugin crashed!
This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.
The error is gone for on_schema
but it appears again when the on_schema_object.all
or on_schema_object.future
blocks are set.
Hey @matheus-fractal-river @kalinon @hieu-cc This issue seems to be connected to the fact that you specified not a fully qualified name for schema. Let's take an example from @kalinon:
resource "snowflake_grant_privileges_to_role" "demo_schema" {
privileges = ["USAGE", "CREATE TABLE", "CREATE STAGE", "CREATE PIPE"]
role_name = snowflake_role.demo_connector_role.name
on_schema {
schema_name = snowflake_schema.demo_schema.name -- this is not correct
schema_name = "\"${snowflake_database.demo_database.name}\".\"${snowflake_schema.demo_schema.name}\"" -- it should be like this
}
}
@matheus-fractal-river you must've provided the wrong configuration because it seems you have the same error, but none of your configurations have on_schema.schema_name
. Please close the issue if that's the case as it was just provider misuse.
Hey @matheus-fractal-river
Still waiting for the response. One thing to add is that snowflake_grant_privileges_to_role
is deprecated and there's a snowflake_grant_privileges_to_account_role
alternative ready in the newer versions of the provider. The issue may be caused by an outdated provider version.
Closing due to long inactivity. If the issue still persists open another gh issue. Thank You.
Provider Version
0.72.0
Terraform Version
v1.6.0
Describe the bug
I'm trying to run a terraform apply using a module that references a
snowflake_grant_privileges_to_role
with afor_each
command targeting a role created in the same module and a role provided via an external variable, which is resulting on this stack trace:Expected behavior
I expect the terraform apply to correctly manage the permissions for each role I included on my
for_each
block.Code samples and commands
This is the problem code:
Additional context
The reference found on the for_each session is both the snowflake_role.dbt_role resource created with:
And the external variable provided upon the module call like this: