-
Notifications
You must be signed in to change notification settings - Fork 427
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature]: Add the newly introduced privilege "MANAGE SHARE TARGET" #3153
Comments
Hey @arjungk1992. Thanks for reaching out to us. We will add this privilege soon. |
This has hit us too, now that the 2024_07 is now the default for new accounts. We have disabled the bundle for now but look forward to |
Hey @arjungk1992 @jgrobbel. Which resources and versions of the provider you are using? I have just tested the newest provider version and this new privilege works after bundle enable with |
Error: expected privilege to be one of ["APPLY MASKING POLICY" "APPLY SESSION POLICY" "CREATE FAILOVER GROUP" "EXECUTE TASK" "IMPORT SHARE" "MONITOR EXECUTION" "CREATE ROLE" "CREATE SHARE" "PURCHASE DATA EXCHANGE LISTING" "APPLY PASSWORD POLICY" "CREATE DATA EXCHANGE LISTING" "MONITOR SECURITY" "MANAGE ACCOUNT SUPPORT CASES" "CREATE CREDENTIAL" "CREATE DATABASE" "MANAGE GRANTS" "MONITOR" "OVERRIDE SHARE RESTRICTIONS" "RESOLVE ALL" "APPLY ROW ACCESS POLICY" "ATTACH POLICY" "CREATE ACCOUNT" "MANAGE ORGANIZATION SUPPORT CASES" "MANAGE USER SUPPORT CASES" "PROVISION APPLICATION" "ALL PRIVILEGES" "APPLY TAG" "AUDIT" "CREATE USER" "MANAGE WAREHOUSES" "MONITOR USAGE" "EXECUTE MANAGED TASK" "CREATE INTEGRATION" "CREATE WAREHOUSE" "CREATE NETWORK POLICY"], got MANAGE SHARE TARGET with snowflake_account_grant.snowflakeonawstfstack_datareconcileroidc_accountCreator_XX["MANAGE SHARE TARGET"], Here is the resource + version. https://registry.terraform.io/providers/Snowflake-Labs/snowflake/0.90.0/docs/resources/account_grant |
Hey @jgrobbel. This is the old grant resource that is no longer supported. Check https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md#old-grant-resources-removal. |
Apply various fixes: - Fix handling compute pool privileges (#2717) - Fail to reproduce the problem with password policy user attachment (#3005) - Adapt user to BCR Bundle 2024_08 (#3125) - Loosen identifier validations - parentheses (#3127) - check below - Prove MANAGE SHARE TARGET works correctly (#3153) On the identifier validation topic: ParseIdentifierString should generally allow parentheses. It should validate them for the identifiers for functions, procedures, etc. Because of that: - this validation was removed - method usages were analyzed to check what consequences it has throughout the provider - DecodeSnowflakeAccountIdentifier - OK, account level identifier - DecodeSnowflakeParameterID - buildOptsForGrantsOn (grants datasource) - NOK, had to fix the logic - ContainsIdentifierIgnoringQuotes - OK, transitively used only in network policies - TestDecodeSnowflakeParameterID - OK - IsValidIdentifier - OK, used for other identifier types - pkg/resource - OK, used in streams, table constraints and tag masking policy associations - suppressIdentifierQuoting - used in non-grant resources with non-argument identifier types - OK - used in grant resources - OK, the validation will be relaxed for now, diff suppression won't work correctly for the identifiers with arguments, will be addressed with functions/procedures rework (multi-field validation could be handled for such cases, issue added; references: hashicorp/terraform-plugin-sdk#354, hashicorp/terraform-plugin-sdk#233) - suppressIdentifierQuotingPartiallyQualifiedName - as above; currently used only for streams - parseIdentifier - used by other identifier types (type constraints added) - ParseObjectIdentifierString - OK, used for other identifier types (ParseSchemaObjectIdentifierWithArguments is dedicated for identifier with arguments) - ParseSchemaObjectIdentifierWithArguments - OK, we split the input string on first opening paren (so there are no other opening parens there) - Test_ParseIdentifierString - tests adjusted for the removed validation Others: - Remove unused privileges.go file - Fix preview resources list for V1 References: - #2717 - #3005 - #3125 - #3127 - #3153
## [0.98.0](v0.97.0...v0.98.0) (2024-11-08) Feature scope readiness for V1: [link](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/v1-preparations/ESSENTIAL_GA_OBJECTS.MD) ([Roadmap reference](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/ROADMAP.md#wrap-up-the-functional-scope)). :exclamation: Migration guide: [v0.97.0 -> v0.98.0](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md#v0970--v0980) ### 🎉 What's new - New resources: - authentication_policy ([#3098](#3098)), references [#2880](#2880) - external_volume ([#3106](#3106)), partially references [#2980](#2980) - stream_on_directory_table ([#3129](#3129)) - stream_on_view ([#3150](#3150)) - primary_connection, secondary_connection ([#3162](#3162)) - secret_with_basic_authentication, secret_with_generic_string, secret_with_oauth_authorization_code_grant, secret_with_oauth_client_credentials ([#3110](#3110)), ([#3141](#3141)) - New data sources: - connections ([#3155](#3155)), ([#3173](#3173)) - secrets ([#3131](#3131)) - Reworked: - provider configuration hierarchy ([#3166](#3166)), references [#1881](#1881), [#2145](#2145), [#2925](#2925), [#2983](#2983), [#3104](#3104) - provider configuration fields ([#3152](#3152)) streams data source ([#3151](#3151)) - SDK upgrades: - Upgrade tag SDK ([#3126](#3126)) - Recreate streams when they are stale ([#3129](#3129)) ### 🔧 Misc - Add object renaming research summary ([#3172](#3172)) - Test support for object renaming ([#3130](#3130)), ([#3147](#3147)), ([#3154](#3154)) - Add tests to issue [#3117](#3117) ([#3133](#3133)) - New roadmap entry ([#3158](#3158)) - Test more authentication methods ([#3178](#3178)) - Minor fixes ([#3174](#3174)) ### 🐛 Bug fixes - Apply various fixes ([#3176](#3176)), this addresses BCR 2024_08, references [#2717](#2717), [#3005](#3005), [#3125](#3125), [#3127](#3127), [#3153](#3153) - Connection and secret data sources tests ([#3177](#3177)) - Fix grant import docs ([#3183](#3183)), resolves [#3179](https://github.com/Snowflake-Labs/terraform-provider-snowflake/discussions/3179) - Fix user resource import ([#3181](#3181)) - Handle external type changes in stream resources ([#3164](#3164)) - Do not use OR REPLACE on initial creation in resources with copy_grants ([#3129](#3129)) - Address issue [#2201](#2201) by introducing new stream resources Co-authored-by: snowflake-release-please[bot] <105954990+snowflake-release-please[bot]@users.noreply.github.com>
Hey @jgrobbel. Were you able to verify that the new grant resource works for you? |
Hey @sfc-gh-asawicki, I only managed to confirm that the resource we are using in our current provider is indeed deprecated and that we need to move to the new one. I have not managed to do that yet - instead we have disabled the 2024_07 bundle in Snowflake, but time is running out as it will go to Generally Enabled in Jan 2025. |
Use Cases or Problem Statement
A new privilege MANAGE SHARE TARGET was added to Snowflake. Trying to manage this through terraform results in
Checking the privilege list here looks like this new privilege is indeed missing. I can open a PR with this privilege added in if that's all it takes to get this added.
Category
category:grants
Object type(s)
No response
Proposal
I propose adding this missing privilege in.
How much impact is this issue causing?
Low
Additional Information
No response
Would you like to implement a fix?
The text was updated successfully, but these errors were encountered: