search

hashicorp / terraform

Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
https://www.terraform.io
Other
42.76k stars 9.56k forks source link

How do I actually use snowflake_masking_policy #35870

Closed aleenprd closed 4 weeks ago

aleenprd commented 4 weeks ago

Terraform Version

tofu --version
OpenTofu v1.8.1
on darwin_arm64
+ provider registry.opentofu.org/snowflake-labs/snowflake v0.94.1

Terraform Configuration Files

N/A

Debug Output

│ Error: Missing required argument │ │ on masking_policies.tf line 8, in resource "snowflake_masking_policy" "test": │ 8: resource "snowflake_masking_policy" "test" { │ │ The argument "masking_expression" is required, but no definition was found. ╵ ╷ │ Error: Insufficient signature blocks │ │ on masking_policies.tf line 8, in resource "snowflake_masking_policy" "test": │ 8: resource "snowflake_masking_policy" "test" { │ │ At least 1 "signature" blocks are required. ╵ ╷ │ Error: Unsupported block type │ │ on masking_policies.tf line 12, in resource "snowflake_masking_policy" "test": │ 12: argument { │ │ Blocks of type "argument" are not expected here. ╵ ╷ │ Error: Unsupported argument │ │ on masking_policies.tf line 16, in resource "snowflake_masking_policy" "test": │ 16: body = <<-EOF │ │ An argument named "body" is not expected here. ╵ (groupone-openfotu-snowflake-iac-py3.10) alincristianpreda@Alins-MacBook-Pro app % tofu plan ╷ │ Error: Missing required argument │ │ on masking_policies.tf line 1, in resource "snowflake_masking_policy" "test": │ 1: resource "snowflake_masking_policy" "test" { │ │ The argument "masking_expression" is required, but no definition was found. ╵ ╷ │ Error: Insufficient signature blocks │ │ on masking_policies.tf line 1, in resource "snowflake_masking_policy" "test": │ 1: resource "snowflake_masking_policy" "test" { │ │ At least 1 "signature" blocks are required. ╵ ╷ │ Error: Unsupported block type │ │ on masking_policies.tf line 5, in resource "snowflake_masking_policy" "test": │ 5: argument { │ │ Blocks of type "argument" are not expected here. ╵ ╷ │ Error: Unsupported argument │ │ on masking_policies.tf line 9, in resource "snowflake_masking_policy" "test": │ 9: body = <<-EOF │ │ An argument named "body" is not expected here.

Expected Behavior

create the resource using:

resource "snowflake_masking_policy" "test" {
  name     = "EXAMPLE_MASKING_POLICY"
  database = "EXAMPLE_DB"
  schema   = "EXAMPLE_SCHEMA"
  argument {
    name = "ARG1"
    type = "VARCHAR"
  }
  body             = <<-EOF
  case
    when current_role() in ('ROLE_A') then
      ARG1
    when is_role_in_session( 'ROLE_B' ) then
      'ABC123'
    else
      '******'
  end
EOF
  return_data_type = "VARCHAR"
}

Actual Behavior

syntax errors

Steps to Reproduce

terraform plan

Additional Context

Documentation: https://registry.tf-registry-prod-use1.terraform.io/providers/Snowflake-Labs/snowflake/0.97.0/docs/resources/masking_policy

References

I can't create masking policies using Terraform/Opentofu. Starting from the basic examples, it gives a bunch of confusing errors:

resource "snowflake_masking_policy" "test" { name = "EXAMPLE_MASKING_POLICY" database = "EXAMPLE_DB" schema = "EXAMPLE_SCHEMA" argument { name = "ARG1" type = "VARCHAR" } body = <<-EOF case when current_role() in ('ROLE_A') then ARG1 when is_role_in_session( 'ROLE_B' ) then 'ABC123' else '**' end EOF return_data_type = "VARCHAR" }

aleenprd commented 4 weeks ago

dumb me didn't check provider version