From 345c2688176d32752290c1940e5b24c749a3dc75 Mon Sep 17 00:00:00 2001 From: Peter Sherman Date: Fri, 24 May 2024 21:45:32 +0100 Subject: [PATCH] fix: default_role should ignore diffs of the form "thing" -> "\"thing\"" --- pkg/resources/common.go | 17 +++++++++++++++++ pkg/resources/user.go | 7 ++++++- 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/pkg/resources/common.go b/pkg/resources/common.go index 5cfbf007a4..4cb62e5145 100644 --- a/pkg/resources/common.go +++ b/pkg/resources/common.go @@ -1,6 +1,7 @@ package resources import ( + "fmt" "strings" "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/helpers" @@ -42,6 +43,22 @@ func suppressIdentifierQuoting(_, oldValue, newValue string, _ *schema.ResourceD } } +// Snowflake by nature requires identifiers with spaces to be surrounded by quotes. +// Why would you have an identifier with spaces, you ask? +// Well, for instance, if SAML usergroups are mapped directly to roles, +// then default_role might end up being "\"ENGINEERING STAFF\"", +// but this is read afterwards as "ENGINEERING STAFF", causing a permanent diff. +// This seems oddly specific, but this is a real issue we're having in production! + +// Suppress a diff of the nature "SOMETHING" -> "\"SOMETHING\"" +func suppressEscapeQuotes(_, oldValue, newValue string, _ *schema.ResourceData) bool { + if oldValue == "" || newValue == "" { + return false + } else { + return oldValue == fmt.Sprintf("\"%s\"", newValue) || newValue == fmt.Sprintf("\"%s\"", oldValue) + } +} + // TODO [SNOW-1325214]: address during stage resource rework func suppressCopyOptionsQuoting(_, oldValue, newValue string, _ *schema.ResourceData) bool { if oldValue == "" || newValue == "" { diff --git a/pkg/resources/user.go b/pkg/resources/user.go index fd539f0188..48e1e586af 100644 --- a/pkg/resources/user.go +++ b/pkg/resources/user.go @@ -18,6 +18,11 @@ var diffCaseInsensitive = func(k, old, new string, d *schema.ResourceData) bool return strings.EqualFold(old, new) } +var diffDefaultRole = func(k, old, new string, d *schema.ResourceData) bool { + return diffCaseInsensitive(k, old, new, d) || suppressEscapeQuotes(k, old, new, d) +} + + var userSchema = map[string]*schema.Schema{ "name": { Type: schema.TypeString, @@ -66,7 +71,7 @@ var userSchema = map[string]*schema.Schema{ Type: schema.TypeString, Optional: true, Computed: true, - DiffSuppressFunc: diffCaseInsensitive, + DiffSuppressFunc: diffDefaultRole, Description: "Specifies the role that is active by default for the user’s session upon login.", }, "default_secondary_roles": {