Open denzhel opened 2 months ago
Hey @denzhel . Thanks for reaching out to us.
The user resource is currently being redesigned as part of https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/ROADMAP.md#preparing-essential-ga-objects-for-the-provider-v1. This happens because DEFAULT_ROLE
is not wrapped in '
. As a workaround, you can use roles without -
or use unsafe_execute. cc @sfc-gh-asawicki
Hi @sfc-gh-jmichalak ,
Either of those are not an option for us, we have dozens of users that were created with the previous provider we had.
We use -
through out all of our users.
We're unable to create new users.
When will the redesign happen ?
@sfc-gh-asawicki is currently working on user redesign and this should be fixed in v0.94 in the next few weeks.
Hey @denzhel.
First of all, please do not do 40+ versions migrations, it's recommended to do versions-by-version migration iteratively, following our guidelines: https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md#migration-guide.
You can use provider aliasing to manage users with the older version of the provider (https://developer.hashicorp.com/terraform/language/providers/configuration#alias-multiple-provider-configurations).
Hey @denzhel.
First of all, please do not do 40+ versions migrations, it's recommended to do versions-by-version migration iteratively, following our guidelines: https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md#migration-guide.
You can use provider aliasing to manage users with the older version of the provider (https://developer.hashicorp.com/terraform/language/providers/configuration#alias-multiple-provider-configurations).
You are right, it was a mistake on our end that we've waited for so long before upgrading the provider. I will take your tip into a consideration and will try to implement the unsafe_execute - will see what are the implications.
Thanks for your honest and quick reply !
Can you please suggest what to set on the revert
command ?
resource "snowflake_unsafe_execute" "default_role" {
for_each = try(!var.first_time_setup && var.config.enabled ? local.service_accounts : tomap(false), {})
depends_on = [snowflake_user.service_account]
execute = "ALTER USER ${each.key} SET DEFAULT_ROLE = ${each.value.default_role != "" ? upper(each.value.default_role) : each.key}"
revert = "???"
}```
You can either do ALTER USER ${each.key} UNSET DEFAULT_ROLE
to unset this field (will be NULL after), or do a no-op with SELECT 1
, it's up to you.
I'm just thinking of a scenario of deleting the user, once it happens the revert command will fail due to the missing user.
Fixed in https://github.com/Snowflake-Labs/terraform-provider-snowflake/pull/2947 (not released yet).
Hey @denzhel.
We have just released v0.95.0 of the provider. It contains a reworked snowflake_user
resource. Please consult the migration guide.
Terraform CLI Version
1.5.5
Terraform Provider Version
0.92.0
Terraform Configuration
Category
category:resource
Object type(s)
resource:user
Expected Behavior
Users to be created with a default_role that contains a hyphen as we created up until the upgrade from
0.56.1
to0.92.0
Actual Behavior
Query from Snowflake's UI:
Steps to Reproduce
"SA-TEST"
How much impact is this issue causing?
High
Logs
No response
Additional Information
No response
Would you like to implement a fix?