Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Row access policy always marked as changed when using heredoc style SQLs #2053

Open
fredriv opened this issue Sep 12, 2023 · 4 comments
Open

Row access policy always marked as changed when using heredoc style SQLs #2053

fredriv opened this issue Sep 12, 2023 · 4 comments
Labels
bug Used to mark issues with provider's incorrect behavior category:resource resource:row_access_policy Issue connected to the snowflake_row_access_policy resource

Comments

@fredriv
Copy link

fredriv commented Sep 12, 2023

Provider Version

0.70.1

Terraform Version

1.5.4

Describe the bug

When configuring the row access expression of a snowflake_row_access_policy using heredoc instead of a regular string, the resource is always marked as changed by terraform plan/apply.

Expected behavior

I expect the resource to not be marked as changed after applying it.

Code samples and commands

Example config to trigger the issue:

resource "snowflake_row_access_policy" "example_row_access_policy" {
  name     = "EXAMPLE_ROW_ACCESS_POLICY"
  database = "EXAMPLE_DB"
  schema   = "EXAMPLE_SCHEMA"
  signature = {
    A = "VARCHAR",
    B = "VARCHAR"
  }
  row_access_expression = <<-EOT
    case
      when current_role() in ('ANALYST') then true
      else false
    end
EOT
}

Additional context

I suspect this is a similar issue as in #534?
@fredriv fredriv added the bug Used to mark issues with provider's incorrect behavior label Sep 12, 2023
@fredriv fredriv changed the title Row access policy gets updated with heredoc style SQLs Row access policy always marked as changed when using heredoc style SQLs Sep 12, 2023
@fredriv
Copy link
Author

fredriv commented Sep 12, 2023

Or perhaps related to #1422 / #1097?

@fredriv fredriv mentioned this issue Sep 12, 2023
Closed
@fredriv
Copy link
Author

fredriv commented Jan 10, 2024

Verified that it's an issue with trailing newline in the heredoc style row access expression, similar to #1422 / #1097.

I moved the expression to a local variable and changed the row access policy resource to use row_access_expression = trim(local.expression, "\n") and the issue disappeared.

@sfc-gh-jcieslak sfc-gh-jcieslak added category:resource resource:row_access_policy Issue connected to the snowflake_row_access_policy resource labels May 20, 2024
@sfc-gh-jmichalak
Copy link
Collaborator

Hi @fredriv 👋
Sorry for a late response from our side. We are currently reworking row access policies. The issues you mentioned are related to other resources, but #1151 is related to row access policies as well. To be sure, could you paste terraform apply output?

@sfc-gh-jmichalak sfc-gh-jmichalak mentioned this issue Sep 11, 2024
Merged
2 tasks
sfc-gh-jmichalak added a commit that referenced this issue Sep 13, 2024
@sfc-gh-jmichalak
feat: Row access policy resource v1 (#3063)
13cd694 
<!-- Feel free to delete comments as you fill this in -->

<!-- summary of changes -->
- add show and desc output
- rename fields
- change signature to arguments
- implement renaming
- fix permadiff on body
- adjust identifiers handling
- adjust examples
- gen resource asserts (config builders are not working because we have
a required list argument)
- improve handling data types
- move parsing signature to sdk
- support proper casing in arg names

## Test Plan
<!-- detail ways in which this PR has been tested or needs to be tested
-->
* [x] acceptance tests
<!-- add more below if you think they are relevant -->
* [ ] …

## References
<!-- issues documentation links, etc  -->
https://docs.snowflake.com/en/sql-reference/sql/create-row-access-policy

#2053

#1151
## TODO (next PR)
- rework data source
sfc-gh-fbudzynski pushed a commit that referenced this issue Sep 19, 2024
@sfc-gh-jmichalak @sfc-gh-fbudzynski
feat: Row access policy resource v1 (#3063)
6c420a4 
<!-- Feel free to delete comments as you fill this in -->

<!-- summary of changes -->
- add show and desc output
- rename fields
- change signature to arguments
- implement renaming
- fix permadiff on body
- adjust identifiers handling
- adjust examples
- gen resource asserts (config builders are not working because we have
a required list argument)
- improve handling data types
- move parsing signature to sdk
- support proper casing in arg names

## Test Plan
<!-- detail ways in which this PR has been tested or needs to be tested
-->
* [x] acceptance tests
<!-- add more below if you think they are relevant -->
* [ ] …

## References
<!-- issues documentation links, etc  -->
https://docs.snowflake.com/en/sql-reference/sql/create-row-access-policy

#2053

#1151
## TODO (next PR)
- rework data source
@sfc-gh-jmichalak
Copy link
Collaborator

Hi, we've released v0.96.0, which includes adjusting and fixing row access policies. Please upgrade with the migration guide.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Used to mark issues with provider's incorrect behavior category:resource resource:row_access_policy Issue connected to the snowflake_row_access_policy resource
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@fredriv @sfc-gh-jcieslak @sfc-gh-jmichalak