[Bug]: Tag masking policy associations not properly registered in the state after import

Terraform CLI Version

1.5.7

Terraform Provider Version

0.92.0

Terraform Configuration

resource "snowflake_tag_masking_policy_association" "authorized_role_mask_date" {
  for_each          = snowflake_tag.authorized_role
  tag_id            = "\"${each.value.database}\".\"${each.value.schema}\".\"${each.value.name}\""
  masking_policy_id = "\"${snowflake_masking_policy.mask_date[each.key].database}\".\"${snowflake_masking_policy.mask_date[each.key].schema}\".\"${snowflake_masking_policy.mask_date[each.key].name}\""
}

Object type(s)

No response

Expected Behavior

For a recently imported tag masking policy association to be stored as it is in the database.

Example state representation of one instance:

    {
      "mode": "managed",
      "type": "snowflake_tag_masking_policy_association",
      "name": "authorized_role_mask_date",
      "provider": "provider[\"registry.terraform.io/snowflake-labs/snowflake\"]",
      "instances": [
        {
          "index_key": "de-dev",
          "schema_version": 0,
          "attributes": {
            "id": "PICNIC_DE_DEV|PUBLIC|AUTHORIZED_ROLE|PICNIC_DE_DEV|PUBLIC|MASK_DATE",
            "masking_policy_id": "\"PICNIC_DE_DEV\".\"PUBLIC\".\"MASK_DATE\"",
            "tag_id": "\"PICNIC_DE_DEV\".\"PUBLIC\".\"AUTHORIZED_ROLE\""
          },
          "sensitive_attributes": [],
          "private": "bnVsbA==",
          "dependencies": [
            "snowflake_database.market",
            "snowflake_masking_policy.mask_date",
            "snowflake_tag.authorized_role"
          ]
        }
      }

Actual Behavior

Tag masking policy association is stored in the state without a tag_id and masking_policy_id.

Example state representation:

    {
      "mode": "managed",
      "type": "snowflake_tag_masking_policy_association",
      "name": "authorized_role_mask_date",
      "provider": "provider[\"registry.terraform.io/snowflake-labs/snowflake\"]",
      "instances": [
        {
          "index_key": "de-dev",
          "schema_version": 0,
          "attributes": {
            "id": "PICNIC_DE_DEV|PUBLIC|AUTHORIZED_ROLE|PICNIC_DE_DEV|PUBLIC|MASK_DATE",
            "masking_policy_id": null,
            "tag_id": null
          },
          "sensitive_attributes": [],
          "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ=="
        }
      }

Steps to Reproduce

Assuming that the masking policy was already created via terraform:

terraform state rm 'snowflake_tag_masking_policy_association.authorized_role_mask_date["de-dev"]'
terraform import 'snowflake_tag_masking_policy_association.authorized_role_mask_date["de-dev"]' 'PICNIC_DE_DEV|PUBLIC|AUTHORIZED_ROLE|PICNIC_DE_DEV|PUBLIC|MASK_DATE'
terraform apply

Result:

  # snowflake_tag_masking_policy_association.authorized_role_mask_date["de-dev"] must be replaced
-/+ resource "snowflake_tag_masking_policy_association" "authorized_role_mask_date" {
      ~ id                = "PICNIC_DE_DEV|PUBLIC|AUTHORIZED_ROLE|PICNIC_DE_DEV|PUBLIC|MASK_DATE" -> (known after apply)
      + masking_policy_id = "\"PICNIC_DE_DEV\".\"PUBLIC\".\"MASK_DATE\"" # forces replacement
      + tag_id            = "\"PICNIC_DE_DEV\".\"PUBLIC\".\"AUTHORIZED_ROLE\"" # forces replacement
    }

How much impact is this issue causing?

Medium

Logs

No response

Additional Information

This was quite problematic for me when migrating from version 0.66 to version 0.92 of the provider as the definition of this resource changed so I had to remove the old version from the state and reimport all masking policy tag associations.

Although, the fact that this resource is not properly registered in the state demands replacement, which is not an ideal scenario as I wouldn't want to change this association.

Would you like to implement a fix?

[ ] Yeah, I'll take it 😎

Snowflake-Labs / terraform-provider-snowflake