Open aleenprd opened 3 weeks ago
This is an issue with the way Titan handles deferred name resolution. Titan assumes you intend for the schema TITAN_TEST_SCHEMA
to live inside of the database TITAN_TEST_DB
since you have one and only one database specified. Titan automatically connects those two resources together, but that breaks the grant.
You can work around this bug by explicitly connecting the schema to the database. There are a few ways but the most straightforward is this 1-line change:
schema = Schema(
name="TITAN_TEST_SCHEMA",
comment="This is a schema used for testing purposes of titan[core].",
database=database,
)
I see. I believe this worked a couple of months before though, no? I only just picked it up again but updated to latest version.
I think it should also be best practice for me to be more specific in the declaration as well though.
Thanks for the quick reply!
@teej Hey Teej, perhaps you know what I am doing wrong here (same type of error).I structured my repo like this so I am using names to pass references between resources, not the objects themselves.
Error:
titan.blueprint.MissingResourceException: Resource urn::redacted:role/TITAN_TEST_DB_ROLE required by urn::redacted:table/TITAN_TEST_DB.TITAN_TEST_SCHEMA.TITAN_TEST_TABLE not found or failed to fetch
I am declaring them like:
titan_test_db = Database(
name="TITAN_TEST_DB",
comment="This is a database used for testing of titan[core].",
transient=True,
owner="SYSADMIN",
data_retention_time_in_days=None,
max_data_extension_time_in_days=None,
#tags={"group": "titan", "purpose": "testing"},
)
titan_test_schema = Schema(
name="TITAN_TEST_SCHEMA",
comment="This is a schema used for testing purposes of titan[core].",
database = "TITAN_TEST_DB",
transient=True,
owner="SYSADMIN",
data_retention_time_in_days=None,
max_data_extension_time_in_days=None,
#tags={"group": "titan", "purpose": "testing"},
)
titan_test_table = Table(
name="TITAN_TEST_TABLE",
columns=[
{"name": "col1", "data_type": "STRING"},
{"name": "col2", "data_type": "NUMBER"},
{"name": "col3", "data_type": "TIMESTAMP"}
],
owner="TITAN_TEST_DB_ROLE",
comment="This is a sample table used to test titan[core].",
#tags={"group": "titan", "purpose": "test"},
schema="TITAN_TEST_SCHEMA",
database="TITAN_TEST_DB",
)
titan_test_db_role = DatabaseRole(
name="TITAN_TEST_DB_ROLE",
database="TITAN_TEST_DB",
comment="This role is for database-specific access control used to test titan[core].",
owner="USERADMIN",
#tags={"group": "titan", "purpose": "testing"},
)
role_to_role_grants = [
RoleGrant(role="TITAN_TEST_DB_ROLE", to_role="SECURITYADMIN"),
RoleGrant(role="TITAN_TEST_ROLE", to_role="SECURITYADMIN"),
]
role_to_user_grants = [
RoleGrant(role="TITAN_TEST_DB_ROLE", to_user="TITAN_TEST_USER"),
RoleGrant(role="TITAN_TEST_ROLE", to_user="TITAN_TEST_USER"),
]
logger.info("Concatenating all resources...")
# NB for Teej: these are imported from app/resources
resources = (
database_roles.all_database_roles
+ databases.all_databases
+ grants.all_grants
+ network_policies_and_rules.all_network_policies
+ network_policies_and_rules.all_network_rules
+ role_grants.all_role_grants
+ roles.all_roles
+ schemas.all_schemas
+ tables.all_tables
+ users.all_users
+ views.all_views
+ warehouses.all_warehouses
)
logger.info("Creating the blueprint...")
bp = Blueprint(
run_mode="create-or-update",
dry_run=True,
resources=resources
)
logger.info("Planning the infrastructure...")
plan = bp.plan(connection)
Is it simply not possible to chain them like that, using just names? Or is something else off?
I think this is an issue with database roles. I'll see if I can repro.
Running this will error due to:
Should't Titan create all of these resources???