search

Snowflake-Labs / terraform-provider-snowflake

Terraform provider for managing Snowflake accounts
https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest
MIT License
546 stars 419 forks source link

[Bug]: Behaviour change bundle 2024_08 breaks the user resource #3125

Open Relativity74205 opened 2 weeks ago

Relativity74205 commented 2 weeks ago

Terraform CLI Version

0.96.0

Terraform Provider Version

1.8.4

Terraform Configuration

terraform {
  required_version = ">= 1.2.9"
}

terraform {
  required_providers {
    snowflake = {
      source  = "Snowflake-Labs/snowflake"
      version = "0.96.0"
    }
  }
  backend "http" {}
}

provider "snowflake" {
  user          = var.USER
  private_key   = file(var.SSH_KEY_SNOWFLAKE_TF_P8_KEY_FILE)
  account       = var.account
  role          = "PUBLIC"
  authenticator = "JWT"
}

provider "snowflake" {
  alias         = "security"
  user          = var.USER
  private_key   = file(var.SSH_KEY_SNOWFLAKE_TF_P8_KEY_FILE)
  account       = var.account
  role          = "SECURITYADMIN"
  authenticator = "JWT"
}

provider "snowflake" {
  alias         = "sys"
  user          = var.USER
  private_key   = file(var.SSH_KEY_SNOWFLAKE_TF_P8_KEY_FILE)
  account       = var.account
  role          = "SYSADMIN"
  authenticator = "JWT"
}

provider "snowflake" {
  alias         = "account"
  user          = var.USER
  private_key   = file(var.SSH_KEY_SNOWFLAKE_TF_P8_KEY_FILE)
  account       = var.account
  role          = "ACCOUNTADMIN"
  authenticator = "JWT" # only needed because of terraform provider bug. May be removed in future.
}

provider "snowflake" {
  alias         = "user"
  user          = var.USER
  private_key   = file(var.SSH_KEY_SNOWFLAKE_TF_P8_KEY_FILE)
  account       = var.account
  role          = "USERADMIN"
  authenticator = "JWT"
}

Category

category:resource

Object type(s)

resource:user

Expected Behavior

No terraform plan errors for the user resource with behaviour change bundle 2024_08.

Actual Behavior

When activating the behaviour change bundle 2024_08 on our dev environment, we get the following errors when running terraform plan:

 Error: sql: Scan error on column index 14, name "default_namespace": converting NULL to string is unsupported

   with module.etl_user-exaflake.snowflake_user.user,
   on ../modules_components/technical_user/main.tf line 7, in resource "snowflake_user" "user":
    7: resource "snowflake_user" "user" {

Steps to Reproduce

  1. Create a user with some fields unset (e.g. default_namespace) with terraform
  2. Activate the bevaiour change bundle 2024_08 on an account: SELECT SYSTEM$ENABLE_BEHAVIOR_CHANGE_BUNDLE('2024_08');
  3. Run terraform apply

How much impact is this issue causing?

High

Logs

No response

Additional Information

The error is most probably the following change: https://docs.snowflake.com/en/release-notes/bcr-bundles/2024_08/bcr-1798 This causes the output of the SHOW USERS command to change:

When setting the default_namespace for the user to a value, the same error happens then with other fields, e.g. ext_authn_uid or mins_to_unlock.

I would like to implement a fix, however, I haven't found so far the place in the code, which causes the error.

Would you like to implement a fix?

Relativity74205 commented 2 weeks ago

Perhaps this bug was already fixed by https://github.com/Snowflake-Labs/terraform-provider-snowflake/pull/3119 by @sfc-gh-asawicki...

Perhaps I will have some time in the next days to go with the debugger through the code to find the correct place. However, perhaps some of you guys knows it directly.

sfc-gh-asawicki commented 2 weeks ago

Hey @Relativity74205. Thanks for reaching out to us.

AFAIK the bundle will be enabled by default in January, so we still have some time to address this. We should be able to adjust provider logic with this breaking change next week. Until then, do not enable the bundle while using the provider.

simonepm commented 2 weeks ago

The issue is also on field 'ext_authn_uid' and all the field becoming "" -> null in bundle 2024_08

The problem for default_namespace can be solved by setting a default namespace in bundle 2024_07 and then activating bundle 2024_08 only afterward.

Unfortunately for ext_authn_uid there is not solution as is a read-only parameter!

Relativity74205 commented 1 week ago

@sfc-gh-asawicki I think I found and fixed the problem, here is the PR: https://github.com/Snowflake-Labs/terraform-provider-snowflake/pull/3144. Can you please have a look? If this is fine, it would be great, if it could be merged for the next release. In fact, we would like the activate the breaking change bundle as soon as possible, as we need one of the features in it (python 3.11 for streamlit).