search

Snowflake-Labs / terraform-provider-snowflake

Terraform provider for managing Snowflake accounts
https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest
MIT License
549 stars 420 forks source link

[Bug]: grant_privileges_to_database_role - on_database - argument not expected here error from terraform. #3071

Closed usbrandon closed 1 month ago

usbrandon commented 2 months ago

Terraform CLI Version

1.9.5

Terraform Provider Version

0.95.0

Terraform Configuration

# Grant CREATE SCHEMA on DB_DEV to ETLDEVELOPER role
resource "snowflake_grant_privileges_to_account_role" "create_schema_on_db_dev" {
  provider = snowflake.securityterraformer
  on_database = snowflake_database.db_dev.name
  privileges = ["CREATE SCHEMA"]
  account_role_name = "ETLDEVELOPER"
}

Category

category:grants

Object type(s)

resource:grant_privileges_to_database_role

Expected Behavior

I followed this pattern from the examples on the terraform repository documentation ##################################

on database privileges

##################################

list of privileges

resource "snowflake_grant_privileges_to_database_role" "example" { privileges = ["CREATE", "MONITOR"] database_role_name = snowflake_database_role.db_role.fully_qualified_name on_database = snowflake_database_role.db_role.database }

Actual Behavior

Terraform plan complained about the on_database parameter Error: Unsupported argument │ │ on database_role_grants.tf line 31, in resource "snowflake_grant_privileges_to_account_role" "create_schema_on_db_dev": │ 31: on_database = snowflake_database.db_dev.name │ │ An argument named "on_database" is not expected here.

Steps to Reproduce

You just have to use the block as suggested in the documentation example and then terraform plan or terraform validate to get it to throw the errors.

How much impact is this issue causing?

High

Logs

https://gist.github.com/usbrandon/cee0481cf62ab15a1645ccb78c6004cc

Additional Information

No response

Would you like to implement a fix?

sfc-gh-asawicki commented 2 months ago

Hey @usbrandon. Thanks for reaching out to us.

There is no on_database in this resource: https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/grant_privileges_to_account_role#example-usage. To grant on database follow the examples (search for on_account_object).

sfc-gh-asawicki commented 1 month ago

Closing the issue due to inactivity. Please create a new one if the issue persists in the newest version of the provider.