[Bug]: Resource snowflake_share does not correctly remove account

[maxnsdia]

Terraform CLI Version

1.9.8

Terraform Provider Version

0.97

Terraform Configuration

resource "snowflake_share" "share" {
  name         = myshare
  accounts     = [MYORG.A,MYORG.B,MYORG.C]
}

Category

category:resource

Object type(s)

resource:share

Expected Behavior

When I remove account B and C from above configuration, the accounts are removed from the share in snowflake.

Actual Behavior

If you remove MYORG.B and MYORG.C from above configuration it does not get removed.

It will correctly plan

 ~ resource "snowflake_share" "share" {
      ~ accounts             = [
            "MYORG.A",
          - "MYORG.B",
          - "MYORG.C",
        ]
        id                   = "myshare"
        name                 = "myshare"
        # (2 unchanged attributes hidden)

But it then runs this SQL command: ALTER SHARE "myshare" ADD ACCOUNTS = "MYORG"."A". This does not subtract anything. REMOVE ACCOUNTS (or maybe SET ACCOUNTS) would have to be used. https://docs.snowflake.com/en/sql-reference/sql/alter-share

Steps to Reproduce

• Create a share or use existing
• Add 2 accounts
• Remove 1
• It will plan removal but the apply will run a faulty SQL-command which does not remove anything.

How much impact is this issue causing?

Low

Logs

No response

Additional Information

No response

Would you like to implement a fix?

• [ ] Yeah, I'll take it 😎

[sfc-gh-jcieslak]

Hey @maxnsdia Thanks for reporting the issue. The implementation for shares is pretty old and is awaiting our refactor as part of stabilizing implementation of all resource. The update implementation seems wrong, but from what I can see it works, but only if you only add or remove the accounts during the plan/apply. So, the workaround for now is to separate add and remove actions into their own terraform runs. Currently, shares are on the remaining objects list and will be marked as preview after v1 (meaning the refactor will be done after v1).