search

Snowflake-Labs / terraform-provider-snowflake

Terraform provider for managing Snowflake accounts
https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest
MIT License
549 stars 420 forks source link

[Feature]: Add the newly introduced privilege "MANAGE SHARE TARGET" #3153

Open arjungk1992 opened 3 weeks ago

arjungk1992 commented 3 weeks ago

Use Cases or Problem Statement

A new privilege MANAGE SHARE TARGET was added to Snowflake. Trying to manage this through terraform results in 

Error: expected privilege to be one of ["IMPORT SHARE" "APPLY PASSWORD POLICY" "APPLY TAG" "ATTACH POLICY" "CREATE USER" "EXECUTE TASK" "OVERRIDE SHARE RESTRICTIONS" "PURCHASE DATA EXCHANGE LISTING" "APPLY MASKING POLICY" "APPLY ROW ACCESS POLICY" "APPLY SESSION POLICY" "CREATE ROLE" "MONITOR SECURITY" "CREATE FAILOVER GROUP" "MONITOR" "MANAGE WAREHOUSES" "MONITOR EXECUTION" "PROVISION APPLICATION" "MANAGE USER SUPPORT CASES" "RESOLVE ALL" "CREATE INTEGRATION" "CREATE WAREHOUSE" "MANAGE GRANTS" "EXECUTE MANAGED TASK" "MANAGE ORGANIZATION SUPPORT CASES" "ALL PRIVILEGES" "CREATE CREDENTIAL" "CREATE DATA EXCHANGE LISTING" "CREATE NETWORK POLICY" "MONITOR USAGE" "MANAGE ACCOUNT SUPPORT CASES" "AUDIT" "CREATE ACCOUNT" "CREATE DATABASE" "CREATE SHARE"], got MANAGE SHARE TARGET

Checking the privilege list here looks like this new privilege is indeed missing. I can open a PR with this privilege added in if that's all it takes to get this added.

Category

category:grants

Object type(s)

No response

Proposal

I propose adding this missing privilege in.

How much impact is this issue causing?

Low

Additional Information

No response

Would you like to implement a fix?

sfc-gh-asawicki commented 3 weeks ago

Hey @arjungk1992. Thanks for reaching out to us.

We will add this privilege soon.

jgrobbel commented 1 week ago

Hey @arjungk1992. Thanks for reaching out to us.

We will add this privilege soon.

This has hit us too, now that the 2024_07 is now the default for new accounts. We have disabled the bundle for now but look forward to MANAGE SHARE TARGET getting added to the list of privileges. Is there an ETA?

sfc-gh-asawicki commented 1 week ago

Hey @arjungk1992 @jgrobbel.

Which resources and versions of the provider you are using? I have just tested the newest provider version and this new privilege works after bundle enable with snowflake_grant_privileges_to_account_role resource.

jgrobbel commented 1 week ago

Hey @arjungk1992 @jgrobbel.

Which resources and versions of the provider you are using? I have just tested the newest provider version and this new privilege works after bundle enable with snowflake_grant_privileges_to_account_role resource.

Error: expected privilege to be one of ["APPLY MASKING POLICY" "APPLY SESSION POLICY" "CREATE FAILOVER GROUP" "EXECUTE TASK" "IMPORT SHARE" "MONITOR EXECUTION" "CREATE ROLE" "CREATE SHARE" "PURCHASE DATA EXCHANGE LISTING" "APPLY PASSWORD POLICY" "CREATE DATA EXCHANGE LISTING" "MONITOR SECURITY" "MANAGE ACCOUNT SUPPORT CASES" "CREATE CREDENTIAL" "CREATE DATABASE" "MANAGE GRANTS" "MONITOR" "OVERRIDE SHARE RESTRICTIONS" "RESOLVE ALL" "APPLY ROW ACCESS POLICY" "ATTACH POLICY" "CREATE ACCOUNT" "MANAGE ORGANIZATION SUPPORT CASES" "MANAGE USER SUPPORT CASES" "PROVISION APPLICATION" "ALL PRIVILEGES" "APPLY TAG" "AUDIT" "CREATE USER" "MANAGE WAREHOUSES" "MONITOR USAGE" "EXECUTE MANAGED TASK" "CREATE INTEGRATION" "CREATE WAREHOUSE" "CREATE NETWORK POLICY"], got MANAGE SHARE TARGET

with snowflake_account_grant.snowflakeonawstfstack_datareconcileroidc_accountCreator_XX["MANAGE SHARE TARGET"],

Here is the resource + version.

https://registry.terraform.io/providers/Snowflake-Labs/snowflake/0.90.0/docs/resources/account_grant

sfc-gh-asawicki commented 1 week ago

Hey @jgrobbel. This is the old grant resource that is no longer supported. Check https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md#old-grant-resources-removal.