search

Snowflake-Labs / terraform-provider-snowflake

Terraform provider for managing Snowflake accounts
https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest
MIT License
552 stars 420 forks source link

[Bug]: Terraform import of snowflake_tag_masking_policy_association is not working correctly #3148

Open saugandhik-kipi opened 1 month ago

saugandhik-kipi commented 1 month ago

Terraform CLI Version

1.9.8

Terraform Provider Version

0.97.0

Terraform Configuration

While trying to import an existing terraform resource of snowflake_tag_masking_policy_association
using the below statement -
terraform import snowflake_tag_masking_policy_association.example 'ANALYTICS_PRODUCTION_DB.SNAPSHOTS.ON_CHURN_ARCHIVE'

as per the documentation.
https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/tag_masking_policy_association 
# format is tag database name | tag schema name | tag name | masking policy database | masking policy schema | masking policy name
terraform import module.tag.snowflake_tag_masking_policy_association.KIPI_ANALYSIS_DATA_MASKING_privacy_category_custom_PHI_REDACTED_MASK "KIPI_ANALYSIS|DATA_MASKING|PRIVACY_CATEGORY_CUSTOM|RAW_PRODUCTION_DB|PG_LOG_PUBLIC|PHI_REDACTED_MASK"

But while looking at the terraform state file I am not able to understand why everything is blank.
So this import statement is not able to import the resource correctly. 
Please help me on this.

Category

category:resource

Object type(s)

No response

Expected Behavior

tag_id = snowflake_tag.this.fully_qualified_name masking_policy_id = snowflake_masking_policy.example_masking_policy.fully_qualified_name

Actual Behavior

{ "address":"module.tag.snowflake_tag_masking_policy_association.KIPI_ANALYSIS_DATA_MASKING_privacy_category_custom_PHI_REDACTED_MASK", "mode":"managed", "type":"snowflake_tag_masking_policy_association", "name":"KIPI_ANALYSIS_DATA_MASKING_privacy_category_custom_PHI_REDACTED_MASK", "provider_name":"registry.terraform.io/snowflake-labs/snowflake", "schema_version":0, "values":{ "id":"KIPI_ANALYSIS|DATA_MASKING|PRIVACY_CATEGORY_CUSTOM|RAW_PRODUCTION_DB|PG_LOG_PUBLIC|PHI_REDACTED_MASK", "masking_policy_id":null, "tag_id":null }, "sensitive_values":{

                 }
              }

Steps to Reproduce

Import any snowflake_tag_masking_policy_association association in terraform state.

How much impact is this issue causing?

High

Logs

No response

Additional Information

image

Would you like to implement a fix?

sfc-gh-jmichalak commented 1 month ago

Hi @saugandhik-kipi 👋

This resource will be deprecated in one of the releases - please use snowflake_tag_association like this:

resource "snowflake_tag_association" "example" {
  object_identifier {
    name     = snowflake_masking_policy.example_masking_policy.name
    database = snowflake_masking_policy.example_masking_policy.database
    schema   = snowflake_masking_policy.example_masking_policy.schema
  }
  object_type = "MASKING POLICY"
  tag_id      = snowflake_tag.this.fully_qualified_name
  tag_value   = "<tag_value>"
}

you can import it with terraform import snowflake_tag_association.example 'KIPI_ANALYSIS.DATA_MASKING.PRIVACY_CATEGORY_CUSTOM'

If this still doesn't work, please provide logs with TF_LOG=DEBUG. Note that snowflake_tag_association will also be reworked soon.

saugandhik-kipi commented 1 month ago

Hi @sfc-gh-jmichalak , Having similar issue with snowflake_tag_association. Created a bug https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/3145

sfc-gh-jmichalak commented 1 month ago

Sorry, I didn't connect these two. As it was mentioned in the comment there, I'll handle this during tag rework, but still, snowflake_tag_masking_policy_association will probably be deprecated.