Closed adrian-montero-hkkd closed 10 months ago
@adrian-montero-hkkd
Hey, from the error message, it seems that the error occurred in the resource that wanted to grant privileges on_schema, not on_object_account, and to resolve the error you have to pass the fully qualified schema name (probably somewhere in your config on_schema.schema_name = "<schema_name>"
, but should be on_schema.schema_name = "\"<database_name>\".\"<schema_name>\""
). It's similar to this issue.
Please see and let me know if that resolves your issue.
I'm actually trying to do the grant at the db level. So that wouldn't work. Right now I'm using the previous snowflake_database_grant but I get the deprecated warning (but it does work, the permissions are granted successfully):
resource "snowflake_database_grant" "db_grant_usage_to_fivetran_role" {
provider = snowflake.securityadmin
database_name = snowflake_database.fivetran_database.name
privilege = "USAGE"
roles = [ snowflake_role.fivetran_role.name ]
enable_multiple_grants = true
}
I was expecting it to work since it is an example just like the one in the provider docs:
##################################
### account object privileges
##################################
# list of privileges
resource "snowflake_grant_privileges_to_role" "g3" {
privileges = ["CREATE", "MONITOR"]
role_name = snowflake_role.r.name
on_account_object {
object_type = "DATABASE"
object_name = snowflake_database.d.name
}
}
I would expect to have to provide a fully qualifier if I were granting the create table permission, not the create schema, which wouldn't make much sense to grant at a schema level, since well, I want the user to be able to create new schemas.
Thanks for the help.
@adrian-montero-hkkd Hey, so maybe what I wrote is unclear, but the example and the code you provided look correct and they should work. What I was saying is that it looks like the error is pointing to another resource, not to the one you provided. The error looks to reference a "snowflake_grant_privileges_to_role" resource that uses on_schema instead of on_account_object like in your example.
Thanks. You are right, that was not the problematic block. Changed it for the fully qualified schema name and it worked.
Terraform CLI and Provider Versions
I'm using TF Cloud version 1.6.3
Terraform Configuration
Expected Behavior
I expected TF/ the snowflake provider to create a db_grants_to_fivetran_role resource and apply the grants in the SF instance.
Actual Behavior
Error: Plugin did not respond The plugin encountered an error, and failed to respond to the plugin6.(*GRPCProvider).ApplyResourceChange call. The plugin logs may contain more details.
Steps to Reproduce
terraform apply
How much impact is this issue causing?
High
Logs
No response
Additional Information
Error Log from provider:
Stack trace from the terraform-provider-snowflake_v0.79.0 plugin:
panic: runtime error: index out of range [1] with length 1
goroutine 101 [running]: github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk.NewDatabaseObjectIdentifierFromFullyQualifiedName({0xc0010d6090?, 0x1df9b46?}) github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk/identifier_helpers.go:159 +0xcc github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/resources.configureAccountRoleGrantPrivilegeOptions(0xc001296de0?, {0xc0012d3c10, 0x1, 0x1}, 0x0?, 0xc000afacf0) github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/resources/grant_privileges_to_role.go:748 +0x8f1 github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/resources.CreateGrantPrivilegesToRole(0x0?, {0x1d3ff80?, 0xc0005b36c0?}) github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/resources/grant_privileges_to_role.go:460 +0x226 github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(Resource).create(0x20b4e60?, {0x20b4e60?, 0xc0012c4810?}, 0xd?, {0x1d3ff80?, 0xc0005b36c0?}) github.com/hashicorp/terraform-plugin-sdk/v2@v2.29.0/helper/schema/resource.go:766 +0x178 github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(Resource).Apply(0xc00002a540, {0x20b4e60, 0xc0012c4810}, 0xc0012ccc30, 0xc0012bc300, {0x1d3ff80, 0xc0005b36c0}) github.com/hashicorp/terraform-plugin-sdk/v2@v2.29.0/helper/schema/resource.go:909 +0xa7e github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(GRPCProviderServer).ApplyResourceChange(0xc00091cc18, {0x20b4e60?, 0xc0012c44b0?}, 0xc0012d6050) github.com/hashicorp/terraform-plugin-sdk/v2@v2.29.0/helper/schema/grpc_provider.go:1060 +0xe8d github.com/hashicorp/terraform-plugin-mux/tf5to6server.v5tov6Server.ApplyResourceChange({{0x20d4480?, 0xc00091cc18?}}, {0x20b4e60, 0xc0012c44b0}, 0x0?) github.com/hashicorp/terraform-plugin-mux@v0.12.0/tf5to6server/tf5to6server.go:37 +0x5a github.com/hashicorp/terraform-plugin-mux/tf6muxserver.(muxServer).ApplyResourceChange(0x20b4db8?, {0x20b4e60?, 0xc00095f050?}, 0xc0013045f0) github.com/hashicorp/terraform-plugin-mux@v0.12.0/tf6muxserver/mux_server_ApplyResourceChange.go:36 +0x1b5 github.com/hashicorp/terraform-plugin-go/tfprotov6/tf6server.(server).ApplyResourceChange(0xc000927e00, {0x20b4e60?, 0xc00095e840?}, 0xc0009621c0) github.com/hashicorp/terraform-plugin-go@v0.19.0/tfprotov6/tf6server/server.go:857 +0x574 github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/tfplugin6._Provider_ApplyResourceChange_Handler({0x1ce79a0?, 0xc000927e00}, {0x20b4e60, 0xc00095e840}, 0xc000962150, 0x0) github.com/hashicorp/terraform-plugin-go@v0.19.0/tfprotov6/internal/tfplugin6/tfplugin6_grpc.pb.go:467 +0x170 google.golang.org/grpc.(Server).processUnaryRPC(0xc0002634a0, {0x20c4d00, 0xc000590680}, 0xc0011b4b40, 0xc000ac63f0, 0x2e01958, 0x0) google.golang.org/grpc@v1.58.2/server.go:1376 +0xdd2 google.golang.org/grpc.(Server).handleStream(0xc0002634a0, {0x20c4d00, 0xc000590680}, 0xc0011b4b40, 0x0) google.golang.org/grpc@v1.58.2/server.go:1753 +0xa36 google.golang.org/grpc.(Server).serveStreams.func1.1() google.golang.org/grpc@v1.58.2/server.go:998 +0x98 created by google.golang.org/grpc.(*Server).serveStreams.func1 google.golang.org/grpc@v1.58.2/server.go:996 +0x18c
Error: The terraform-provider-snowflake_v0.79.0 plugin crashed!
This is always indicative of a bug within the plugin. It would be immensely helpful if you could report the crash with the plugin's maintainers so that it can be fixed. The output above should help diagnose the issue.