search

dbt-labs / dbt-snowflake

dbt-snowflake contains all of the code enabling dbt to work with Snowflake
https://getdbt.com
Apache License 2.0
276 stars 167 forks source link

[Bug] Materializations fail when database roles are used #1151

Open elventear opened 1 month ago

elventear commented 1 month ago

Is this a new bug in dbt-snowflake?

Current Behavior

DBT is failing to deploy a materialization during the grants revoke phase if the table has database roles applied to it. The failure stems from issuing the wrong syntax for database roles:

revoke <PRIVILEGE> on <TABLE> from <ROLE>;

where it should be:

revoke <PRIVILEGE> on <TABLE> from database role <ROLE>;

Reviewing the code the issue seems to stem from the macro default__apply_grants where it is getting both ROLE and DATABASE_ROLE entries in the results from SHOW GRANTS ON, but it is treating them all as account roles.

Expected Behavior

Deployment should not fail.

Steps To Reproduce

  1. create database role.
  2. create a database with grants on future tables to database role.
  3. deploy materialization to database created in 1.

Relevant log output

Log from failed deployment:

Database Error in model <model> (<model path>)
  002003 (02000): SQL compilation error:
  Role '<ROLE>' does not exist or not authorized.
  compiled Code at <compiled path>

### Environment

```markdown
- OS: linux
- Python: 3.11
- dbt-core: 1.8.3
- dbt-snowflake: 1.8.3

Additional Context

No response

lucasmazza commented 3 weeks ago

We are seeing a similar issue with our builds on when the role needs quoting - dbt-snowflake produces revoke <PRIVILEGE> on <TABLE> from downcased_role_name instead of revoke <PRIVILEGE> on <TABLE> from "downcased_role_name"