search

Snowflake-Labs / terraform-provider-snowflake

Terraform provider for managing Snowflake accounts
https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest
MIT License
549 stars 419 forks source link

[Bug]: User network policy attachment gets deleted every apply #3058

Open Symbianx opened 1 month ago

Symbianx commented 1 month ago

Terraform CLI Version

1.4.6

Terraform Provider Version

0.95.0

Terraform Configuration

resource "snowflake_user" "user" {
  name                 = upper(var.name)
  password             = random_password.password.result
  must_change_password = false
  display_name         = upper(var.name)

  default_role      = var.default_role
  default_warehouse = var.default_warehouse
  default_namespace = var.default_namespace
}

resource "snowflake_network_policy" "default" {
  name            = "network-policy"
  allowed_ip_list = var.cidr_allow_list
}

resource "snowflake_network_policy_attachment" "default" {
  network_policy_name = snowflake_network_policy.default.name
  users               = [snowflake_user.user.name]
}

Category

category:resource

Object type(s)

No response

Expected Behavior

The network policy attached via the attachment resource gets attached to the user.

Actual Behavior

The user loses the network policy on every 2nd plan/apply.

This is made clear by the plan showing the network_policy being changed even though we don't set it in the resource:

# module.external_analytics_snowflake_user.snowflake_user.user will be updated in-place
~ resource "snowflake_user" "user" {
        id                                            = "REDACTED_USERNAME"
        name                                          = "REDACTED_USERNAME"
      ~ network_policy                                = "REDACTED_NETWORK_POLICY" -> (known after apply)
        # (64 unchanged attributes hidden)
    }

Steps to Reproduce

  1. Use the provided configuration to create just the user
  2. Create the network policy and attachment
  3. It works
  4. Plan again, the user resource will show a change in the network_policy

How much impact is this issue causing?

High

Logs

No response

Additional Information

No response

Would you like to implement a fix?

Symbianx commented 1 month ago

In case it's relevant, this started happening after an upgrade to 0.95.0

sfc-gh-asawicki commented 1 month ago

Hey @Symbianx. Thanks for reaching out to us.

The migration guide to v0.95.0 is missing this, but it will be added soon (maybe even today). Please check https://github.com/Snowflake-Labs/terraform-provider-snowflake/discussions/3048#discussioncomment-10587704.

This is expected behavior starting with v0.95.0.

sfc-gh-asawicki commented 1 month ago

Added here: https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/d5dac6005bf2d44f730e51bdab452fd1b4f1aaff/MIGRATION_GUIDE.md?plain=1#L318