[Bug]: Usage grant on function results in plugin crash

[arielbachetti]

Terraform CLI Version

1.9.5

Terraform Provider Version

0.95.0

Terraform Configuration

resource "snowflake_grant_privileges_to_account_role" "accountadmin_functions_grants" {
  for_each = toset([
    "${snowflake_function.commons_utils_create_primary_key.database}.${snowflake_function.commons_utils_create_primary_key.schema}.${snowflake_function.commons_utils_create_primary_key.name}",
    "${snowflake_function.commons_utils_get_publisher_code.database}.${snowflake_function.commons_utils_get_publisher_code.schema}.${snowflake_function.commons_utils_get_publisher_code.name}",
  ])

  account_role_name = "ACCOUNTADMIN"
  all_privileges    = true

  on_schema_object {
    object_type = "FUNCTION"
    object_name = each.value
  }

  depends_on = [
    time_sleep.wait_database_creation
  ]
}

Category

category:resource

Object type(s)

resource:grant_privileges_to_account_role

Expected Behavior

Successful apply

Actual Behavior

Got this provider crash:

╷
│ Error: Plugin did not respond
│ 
│ The plugin encountered an error, and failed to respond to the plugin6.(*GRPCProvider).ApplyResourceChange call. The
│ plugin logs may contain more details.
╵
╷
│ Error: Plugin did not respond
│ 
│ The plugin encountered an error, and failed to respond to the plugin6.(*GRPCProvider).ApplyResourceChange call. The
│ plugin logs may contain more details.
╵

Stack trace from the terraform-provider-snowflake_v0.95.0 plugin:

panic: runtime error: slice bounds out of range [:-1]

goroutine 84 [running]:
github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk.ParseSchemaObjectIdentifierWithArguments({0x140007941b0, 0x24})
        github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk/identifier_parsers.go:155 +0x234
github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/resources.getAccountRoleGrantOn(0x1400100e5f4?)
        github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/resources/grant_privileges_to_account_role.go:1106 +0xaa8
github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/resources.createGrantPrivilegesToAccountRoleIdFromSchema(0x10?)
        github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/resources/grant_privileges_to_account_role.go:1153 +0x1a0
github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/resources.CreateGrantPrivilegesToAccountRole({0x104551e40, 0x1400100abd0}, 0x0?, {0x104147d60?, 0x14000ba3700?})
        github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/resources/grant_privileges_to_account_role.go:415 +0xac
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).create(0x14000a2c0e0, {0x104551d98, 0x14000e15050}, 0xd?, {0x104147d60, 0x14000ba3700})
        github.com/hashicorp/terraform-plugin-sdk/v2@v2.33.0/helper/schema/resource.go:778 +0xe8
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).Apply(0x14000a2c0e0, {0x104551d98, 0x14000e15050}, 0x1400103d860, 0x14001008b80, {0x104147d60, 0x14000ba3700})
        github.com/hashicorp/terraform-plugin-sdk/v2@v2.33.0/helper/schema/resource.go:909 +0x86c
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ApplyResourceChange(0x140008281f8, {0x104551d98?, 0x14000e14ea0?}, 0x1400101b220)
        github.com/hashicorp/terraform-plugin-sdk/v2@v2.33.0/helper/schema/grpc_provider.go:1078 +0xb08
github.com/hashicorp/terraform-plugin-mux/tf5to6server.v5tov6Server.ApplyResourceChange({{0x104568f38?, 0x140008281f8?}}, {0x104551d98, 0x14000e14ea0}, 0x0?)
        github.com/hashicorp/terraform-plugin-mux@v0.15.0/tf5to6server/tf5to6server.go:47 +0x58
github.com/hashicorp/terraform-plugin-mux/tf6muxserver.(*muxServer).ApplyResourceChange(0x104551dd0?, {0x104551d98?, 0x14000e14ba0?}, 0x1400101b1d0)
        github.com/hashicorp/terraform-plugin-mux@v0.15.0/tf6muxserver/mux_server_ApplyResourceChange.go:36 +0x184
github.com/hashicorp/terraform-plugin-go/tfprotov6/tf6server.(*server).ApplyResourceChange(0x14000ba4c80, {0x104551d98?, 0x14000e14180?}, 0x1400100a000)
        github.com/hashicorp/terraform-plugin-go@v0.22.2/tfprotov6/tf6server/server.go:846 +0x2b0
github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/tfplugin6._Provider_ApplyResourceChange_Handler({0x1044b47e0?, 0x14000ba4c80}, {0x104551d98, 0x14000e14180}, 0x14001008000, 0x0)
        github.com/hashicorp/terraform-plugin-go@v0.22.2/tfprotov6/internal/tfplugin6/tfplugin6_grpc.pb.go:518 +0x164
google.golang.org/grpc.(*Server).processUnaryRPC(0x14000bfc200, {0x104551d98, 0x14000e140f0}, {0x104564460, 0x14000028300}, 0x1400106aa20, 0x14000aca900, 0x105395558, 0x0)
        google.golang.org/grpc@v1.63.2/server.go:1369 +0xba0
google.golang.org/grpc.(*Server).handleStream(0x14000bfc200, {0x104564460, 0x14000028300}, 0x1400106aa20)
        google.golang.org/grpc@v1.63.2/server.go:1780 +0xc80
google.golang.org/grpc.(*Server).serveStreams.func2.1()
        google.golang.org/grpc@v1.63.2/server.go:1019 +0x8c
created by google.golang.org/grpc.(*Server).serveStreams.func2 in goroutine 56
        google.golang.org/grpc@v1.63.2/server.go:1030 +0x150
panic: runtime error: slice bounds out of range [:-1]

goroutine 83 [running]:
github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk.ParseSchemaObjectIdentifierWithArguments({0x140001c43c0, 0x24})
        github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk/identifier_parsers.go:155 +0x234
github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/resources.getAccountRoleGrantOn(0x14000e12104?)
        github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/resources/grant_privileges_to_account_role.go:1106 +0xaa8
github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/resources.createGrantPrivilegesToAccountRoleIdFromSchema(0x10?)
        github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/resources/grant_privileges_to_account_role.go:1153 +0x1a0
github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/resources.CreateGrantPrivilegesToAccountRole({0x104551e40, 0x140006a4b60}, 0x0?, {0x104147d60?, 0x14000ba3700?})
        github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/resources/grant_privileges_to_account_role.go:415 +0xac
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).create(0x14000a2c0e0, {0x104551d98, 0x14000fad2f0}, 0xd?, {0x104147d60, 0x14000ba3700})
        github.com/hashicorp/terraform-plugin-sdk/v2@v2.33.0/helper/schema/resource.go:778 +0xe8
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).Apply(0x14000a2c0e0, {0x104551d98, 0x14000fad2f0}, 0x14000a215f0, 0x1400069e700, {0x104147d60, 0x14000ba3700})
        github.com/hashicorp/terraform-plugin-sdk/v2@v2.33.0/helper/schema/resource.go:909 +0x86c
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ApplyResourceChange(0x140008281f8, {0x104551d98?, 0x14000fad140?}, 0x14000ca41e0)
        github.com/hashicorp/terraform-plugin-sdk/v2@v2.33.0/helper/schema/grpc_provider.go:1078 +0xb08
github.com/hashicorp/terraform-plugin-mux/tf5to6server.v5tov6Server.ApplyResourceChange({{0x104568f38?, 0x140008281f8?}}, {0x104551d98, 0x14000fad140}, 0x0?)
        github.com/hashicorp/terraform-plugin-mux@v0.15.0/tf5to6server/tf5to6server.go:47 +0x58
github.com/hashicorp/terraform-plugin-mux/tf6muxserver.(*muxServer).ApplyResourceChange(0x104551dd0?, {0x104551d98?, 0x14000ec3f80?}, 0x14000ca40a0)
        github.com/hashicorp/terraform-plugin-mux@v0.15.0/tf6muxserver/mux_server_ApplyResourceChange.go:36 +0x184
github.com/hashicorp/terraform-plugin-go/tfprotov6/tf6server.(*server).ApplyResourceChange(0x14000ba4c80, {0x104551d98?, 0x14000ec2090?}, 0x140006a4150)
        github.com/hashicorp/terraform-plugin-go@v0.22.2/tfprotov6/tf6server/server.go:846 +0x2b0
github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/tfplugin6._Provider_ApplyResourceChange_Handler({0x1044b47e0?, 0x14000ba4c80}, {0x104551d98, 0x14000ec2090}, 0x1400069e200, 0x0)
        github.com/hashicorp/terraform-plugin-go@v0.22.2/tfprotov6/internal/tfplugin6/tfplugin6_grpc.pb.go:518 +0x164
google.golang.org/grpc.(*Server).processUnaryRPC(0x14000bfc200, {0x104551d98, 0x14000ec2000}, {0x104564460, 0x14000028300}, 0x1400106a900, 0x14000aca900, 0x105395558, 0x0)
        google.golang.org/grpc@v1.63.2/server.go:1369 +0xba0
google.golang.org/grpc.(*Server).handleStream(0x14000bfc200, {0x104564460, 0x14000028300}, 0x1400106a900)
        google.golang.org/grpc@v1.63.2/server.go:1780 +0xc80
google.golang.org/grpc.(*Server).serveStreams.func2.1()
        google.golang.org/grpc@v1.63.2/server.go:1019 +0x8c
created by google.golang.org/grpc.(*Server).serveStreams.func2 in goroutine 56
        google.golang.org/grpc@v1.63.2/server.go:1030 +0x150

Error: The terraform-provider-snowflake_v0.95.0 plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.

Steps to Reproduce

1. Create a snowflake_grant_privileges_to_account_role resource with object_type = "FUNCTION".
2. Run terraform apply.

So far it only happened with object_type = "FUNCTION". For TABLE works without issues.

How much impact is this issue causing?

Medium

Logs

No response

Additional Information

No response

Would you like to implement a fix?

• [ ] Yeah, I'll take it 😎

[sfc-gh-jmichalak]

Hi @arielbachetti 👋

Function's and procedure's fully qualified name must include arguments. So, in your config, it should be like object_name = "\"${var.database}\".\"${var.schema}\".\"${var.function_name}\"(${var.argument_type})"

If you manage this function in Terraform, we highly recommend using fully_qualified_name.

[arielbachetti]

Hey @sfc-gh-jmichalak !!

Thanks for your swift answer 😄

I can't use the fully_qualified_name with for_each because the first time the environment is being deployed (when function does not exist yet) it would fail as fully_qualified_name is not determined. I know it's not the best, but I'll go with building the name manually for now.