Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Ubuntu] Error creating snowflake_procedure, snowflake_user and snowflake_warehouse ressources #2542

Closed
HoudaSebti opened this issue Feb 22, 2024 · 3 comments
Closed

[Ubuntu] Error creating snowflake_procedure, snowflake_user and snowflake_warehouse ressources #2542

HoudaSebti opened this issue Feb 22, 2024 · 3 comments
Labels
general-usage General help/usage questions

Comments

@HoudaSebti
Copy link

Terraform CLI and Provider Versions

Terraform version: 1.5.7
Provider version: 0.84.1

Ubuntu Distribution:

Description: Ubuntu 22.04.3 LTS
Release: 22.04
Codename: jammy

Terraform Configuration

resource "snowflake_warehouse" "INTEGRATION_WAREHOUSE" {
  provider          = snowflake.account_admin
  name              = "QA_INTEGRATION"
  warehouse_size    = var.integration_warehouse_size
  auto_suspend      = 60
  auto_resume       = true
  min_cluster_count = 1
  max_cluster_count = 1
  scaling_policy    = "STANDARD"
}

resource "snowflake_user" "USER_TALEND" {
  provider          = snowflake.account_admin
  name              = "QA_TALEND"
  login_name        = "QA_TALEND"
  comment           = "Service account for TALEND in ${var.env}"
  default_warehouse = snowflake_warehouse.TALEND_WAREHOUSE.name
  default_role      = snowflake_role.INTEGRATION_ROLE.name
  rsa_public_key    = var.service_accounts_public_keys["TALEND"]

}

resource "snowflake_procedure" "psa_data_transformation_procedure" {
  name        = "PSA_DATA_TRANSFORMATION"
  provider    = snowflake.account_admin
  database    = snowflake_database.DWH.name
  schema      = snowflake_schema.DWH_SCHEMAS["PSA"].name
  comment     = "Procedure that executes the merge sql script that reads from STREAMs defined on Debeziun tables and updates the Tables defined in PSA schema."
  language    = "JAVASCRIPT"
  arguments {
    name = "PSA_BATCH_NUM"
    type = "FLOAT"
  }
  arguments {
    name = "PSA_PARALLEL_BATCHES"
    type = "FLOAT"
  }
  return_type = "FLOAT"
  execute_as  = "CALLER"
  statement   = <<EOT
//some java_script_code
EOT
}

Expected Behavior

Creation of the ressources

Actual Behavior

│ Error: 003001 (42501): SQL access control error:
│ Insufficient privileges to operate on warehouse 'QA_INTEGRATION'

│ with snowflake_warehouse.INTEGRATION_WAREHOUSE,
│ on warehouse.tf line 1, in resource "snowflake_warehouse" "INTEGRATION_WAREHOUSE":
│ 1: resource "snowflake_warehouse" "INTEGRATION_WAREHOUSE" {


│ Error: 003001 (42501): SQL access control error:
│ Insufficient privileges to operate on user 'QA_TALEND'

│ with snowflake_user.USER_TALEND,
│ on user.tf line 45, in resource "snowflake_user" "USER_TALEND":
│ 45: resource "snowflake_user" "USER_TALEND" {


│ Error: 002003 (02000): SQL compilation error:
│ Procedure 'DWH_QA.PSA.PSA_DATA_TRANSFORMATION' does not exist or not authorized.

│ with snowflake_procedure.psa_data_transformation_procedure,
│ on procedure.tf line 6, in resource "snowflake_procedure" "psa_data_transformation_procedure":
│ 6: resource "snowflake_procedure" "psa_data_transformation_procedure" {

Steps to Reproduce

  1. terraform plan

How much impact is this issue causing?

High

Logs

No response

Additional Information

Hello,

When running a terraform plan over this configuration on Ubuntu jammy, I get these errors, even if i am using the snowflake provider with an account admin role (the highest in terms of privileges):

provider "snowflake" { alias = "account_admin" username = "terraform-snowflake" account = "TL66483" authenticator = "JWT" region = "europe-west4.gcp" private_key = $some_private_key role = "ACCOUNTADMIN" }

Note that my colleagues using Mac do not have this problem.
--> we suspect that this problem is OS related (I am using Ubuntu jammy)

Could you please have a look?
Thanks !
@HoudaSebti HoudaSebti added the bug Used to mark issues with provider's incorrect behavior label Feb 22, 2024
@HoudaSebti HoudaSebti changed the title Error creating snowflake_procedure, snowflake_user and snowflake_warehouse ressources on Ubuntu [Ubuntu] Error creating snowflake_procedure, snowflake_user and snowflake_warehouse ressources Feb 22, 2024
@sfc-gh-asawicki sfc-gh-asawicki added general-usage General help/usage questions and removed bug Used to mark issues with provider's incorrect behavior labels Feb 23, 2024
@sfc-gh-asawicki
Copy link
Collaborator

Hey @HoudaSebti. Thanks for reporting the issue.

The OS problem here is highly unlikely. The more likely possibility is that you have a profile config or env variable which causes the provider to be set with a different config (consult #2242 #2294). There is a fix incoming #2551.

What you should do:

  1. Bump to 0.86.0 to check if the error persists.
  2. Check if you have any SNOWFLAKE_* envs set up.
  3. Check if you have $home/.snowflake/config set up.
  4. Wait for v0.87.0 to check if the error persists.

@HoudaSebti
Copy link
Author

Hey @sfc-gh-asawicki .Thanks for your quick reply !
This was indeed the problem, I had a SNOWFLAKE_ROLE environment variable defined in my ~/.bashrc
Unsetting that environment var and bumping to v0.86.0 solved the issue .

Thanks!

@sfc-gh-asawicki
Copy link
Collaborator

Great to hear that! I am closing the issue then.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
general-usage General help/usage questions
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@HoudaSebti @sfc-gh-asawicki