Open jarach opened 1 month ago
Hi @jarach π
It seems like it's an error on the Snowflake side. According to the docs, a query like GRANT READ ON ALL SECRETS IN SCHEMA "TEST"."PUBLIC" TO DATABASE ROLE "TEST"."TEST3"
should work, but it does not.
Please create a general Snowflake ticket for that. It would be great if you CC @sfc-gh-jmichalak @sfc-gh-asawicki @sfc-gh-jcieslak . We would like to know the result of it.
When this is fixed on the Snowflake side, it should work in the provider too, so I think no action is required on the provider side.
I opened a ticket #00851941. I was not able to add you on CC (to Watchers). I'll let you know the results.
Official answer from Snowflake support:
Unfortunately, these commands are currently not supported. A feature request for supporting bulk grants on SECRETS objects has been submitted to our engineering team. Currently, it's under review. I don't have any ETA when it will be available. I have copied this email to your Account Manager for visibility. Please follow up with your account team for future updates on this feature request. Please let us know if you have any additional questions or if you are agreeable to resolving the case.
I asked to either correct documentation or implement the "feature" as soon as possible.
Thanks. We can keep the issue open until it gets implemented on the Snowflake side.
Terraform CLI Version
1.9.5
Terraform Provider Version
0.94.1
Terraform Configuration
Category
category:grants
Object type(s)
resource:grant_privileges_to_database_role
Expected Behavior
Grant privileges to ALL SECRETS in DATABASE.SCHEMA
Actual Behavior
Error: An error occurred when granting privileges to database role
with module.main.snowflake_grant_privileges_to_database_role.test, on ....\modules\main\test.tf line 7, in resource "snowflake_grant_privileges_to_database_role" "test": 7: resource "snowflake_grant_privileges_to_database_role" "test" {
Id: "DEV_HME_RAW_DB"."DBR_TEST_SC"|false|false|READ|OnSchemaObject|OnAll|SECRETS|InSchema|"DEV_HME_RAW_DB"."SECRETS_SC" Database role name: {DEV_HME_RAW_DB DBR_TEST_SC} Error: 001003 (42000): SQL compilation error: syntax error line 1 at position 26 unexpected 'IN'.
Steps to Reproduce
Apply provided terraform piece of code.
How much impact is this issue causing?
Low
Logs
No response
Additional Information
'snowflake_grant_privileges_to_database_role' is working for other schema object like: TABLES, VIEWS, STAGES, etc.
Would you like to implement a fix?