From 9f6745743daba831422627b5171df404373e9650 Mon Sep 17 00:00:00 2001 From: Jakub Michalak Date: Tue, 26 Nov 2024 16:52:25 +0100 Subject: [PATCH] fix: Small fixes and adjustments (#3226) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Changes included (they are really small or fix some wrong changes done during tag rework that were not released yet): - smaller fixes extracted from https://github.com/Snowflake-Labs/terraform-provider-snowflake/pull/3210/files - support tagging account for identifiers with org name - add notes about manually unassigning policies from objects, add a todo with an issue number - fix a wrong issue number in essential objects list Changes NOT included - rework tag_association resource - return nil from GetTag instead of failing - add more tests regarding tag/masking policy: assert that ALTER MASKING POLICY SET TAG differs from ALTER TAG SET MASKING POLICY - support IF EXISTS for unsetting tags ## Test Plan * [ ] acceptance tests * [ ] … ## References https://github.com/Snowflake-Labs/terraform-provider-snowflake/pull/3210 --- docs/resources/authentication_policy.md | 3 ++ docs/resources/masking_policy.md | 3 ++ docs/resources/network_policy.md | 3 ++ docs/resources/password_policy.md | 3 ++ docs/resources/row_access_policy.md | 3 ++ pkg/acceptance/helpers/context_client.go | 9 +++++ pkg/resources/authentication_policy.go | 1 + pkg/resources/masking_policy.go | 1 + pkg/resources/network_policy.go | 1 + pkg/resources/password_policy.go | 2 + pkg/resources/row_access_policy.go | 1 + pkg/sdk/tags_impl.go | 17 +++++++++ pkg/sdk/tags_test.go | 12 ------ pkg/sdk/tags_validations.go | 6 --- pkg/sdk/testint/tags_integration_test.go | 18 ++++++++- .../resources/authentication_policy.md.tmpl | 37 +++++++++++++++++++ templates/resources/masking_policy.md.tmpl | 3 ++ templates/resources/network_policy.md.tmpl | 3 ++ templates/resources/password_policy.md.tmpl | 37 +++++++++++++++++++ templates/resources/row_access_policy.md.tmpl | 3 ++ v1-preparations/ESSENTIAL_GA_OBJECTS.MD | 2 +- v1-preparations/REMAINING_GA_OBJECTS.MD | 2 +- 22 files changed, 149 insertions(+), 21 deletions(-) create mode 100644 templates/resources/authentication_policy.md.tmpl create mode 100644 templates/resources/password_policy.md.tmpl diff --git a/docs/resources/authentication_policy.md b/docs/resources/authentication_policy.md index e53ccb42ca..926acdd4fb 100644 --- a/docs/resources/authentication_policy.md +++ b/docs/resources/authentication_policy.md @@ -5,6 +5,9 @@ description: |- Resource used to manage authentication policy objects. For more information, check authentication policy documentation https://docs.snowflake.com/en/sql-reference/sql/create-authentication-policy. --- +> [!WARNING] +> According to Snowflake [docs](https://docs.snowflake.com/en/sql-reference/sql/drop-authentication-policy#usage-notes), an authentication policy cannot be dropped successfully if it is currently assigned to another object. Currently, the provider does not unassign such objects automatically. Before dropping the resource, list the assigned objects with `SELECT * from table(information_schema.policy_references(policy_name=>''));` and unassign them manually with `ALTER ...` or with updated Terraform configuration, if possible. + # snowflake_authentication_policy (Resource) Resource used to manage authentication policy objects. For more information, check [authentication policy documentation](https://docs.snowflake.com/en/sql-reference/sql/create-authentication-policy). diff --git a/docs/resources/masking_policy.md b/docs/resources/masking_policy.md index aa9bb89af4..cb34591a7f 100644 --- a/docs/resources/masking_policy.md +++ b/docs/resources/masking_policy.md @@ -7,6 +7,9 @@ description: |- !> **V1 release candidate** This resource was reworked and is a release candidate for the V1. We do not expect significant changes in it before the V1. We will welcome any feedback and adjust the resource if needed. Any errors reported will be resolved with a higher priority. We encourage checking this resource out before the V1 release. Please follow the [migration guide](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md#v0950--v0960) to use it. +> [!WARNING] +> According to Snowflake [docs](https://docs.snowflake.com/en/sql-reference/sql/drop-masking-policy#usage-notes), a masking policy cannot be dropped successfully if it is currently assigned to another object. Currently, the provider does not unassign such objects automatically. Before dropping the resource, list the assigned objects with `SELECT * from table(information_schema.policy_references(policy_name=>''));` and unassign them manually with `ALTER ...` or with updated Terraform configuration, if possible. + # snowflake_masking_policy (Resource) Resource used to manage masking policies. For more information, check [masking policies documentation](https://docs.snowflake.com/en/sql-reference/sql/create-masking-policy). diff --git a/docs/resources/network_policy.md b/docs/resources/network_policy.md index aaa3bc02c5..f6eda6e0d8 100644 --- a/docs/resources/network_policy.md +++ b/docs/resources/network_policy.md @@ -7,6 +7,9 @@ description: |- !> **V1 release candidate** This resource was reworked and is a release candidate for the V1. We do not expect significant changes in it before the V1. We will welcome any feedback and adjust the resource if needed. Any errors reported will be resolved with a higher priority. We encourage checking this resource out before the V1 release. Please follow the [migration guide](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md#v0920--v0930) to use it. +> [!WARNING] +> According to Snowflake [docs](https://docs.snowflake.com/en/sql-reference/sql/drop-network-policy#usage-notes), a network policy cannot be dropped successfully if it is currently assigned to another object. Currently, the provider does not unassign such objects automatically. Before dropping the resource, list the assigned objects with `SELECT * from table(information_schema.policy_references(policy_name=>''));` and unassign them manually with `ALTER ...` or with updated Terraform configuration, if possible. + # snowflake_network_policy (Resource) Resource used to control network traffic. For more information, check an [official guide](https://docs.snowflake.com/en/user-guide/network-policies) on controlling network traffic with network policies. diff --git a/docs/resources/password_policy.md b/docs/resources/password_policy.md index 3214efcf68..c88f79b2f5 100644 --- a/docs/resources/password_policy.md +++ b/docs/resources/password_policy.md @@ -5,6 +5,9 @@ description: |- A password policy specifies the requirements that must be met to create and reset a password to authenticate to Snowflake. --- +> [!WARNING] +> According to Snowflake [docs](https://docs.snowflake.com/en/sql-reference/sql/drop-password-policy#usage-notes), a password policy cannot be dropped successfully if it is currently assigned to another object. Currently, the provider does not unassign such objects automatically. Before dropping the resource, list the assigned objects with `SELECT * from table(information_schema.policy_references(policy_name=>''));` and unassign them manually with `ALTER ...` or with updated Terraform configuration, if possible. + # snowflake_password_policy (Resource) A password policy specifies the requirements that must be met to create and reset a password to authenticate to Snowflake. diff --git a/docs/resources/row_access_policy.md b/docs/resources/row_access_policy.md index 1d1951dcb0..0023f99391 100644 --- a/docs/resources/row_access_policy.md +++ b/docs/resources/row_access_policy.md @@ -7,6 +7,9 @@ description: |- !> **V1 release candidate** This resource was reworked and is a release candidate for the V1. We do not expect significant changes in it before the V1. We will welcome any feedback and adjust the resource if needed. Any errors reported will be resolved with a higher priority. We encourage checking this resource out before the V1 release. Please follow the [migration guide](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md#v0950--v0960) to use it. +> [!WARNING] +> According to Snowflake [docs](https://docs.snowflake.com/en/sql-reference/sql/drop-row-access-policy#usage-notes), a row access policy cannot be dropped successfully if it is currently assigned to another object. Currently, the provider does not unassign such objects automatically. Before dropping the resource, list the assigned objects with `SELECT * from table(information_schema.policy_references(policy_name=>''));` and unassign them manually with `ALTER ...` or with updated Terraform configuration, if possible. + # snowflake_row_access_policy (Resource) Resource used to manage row access policy objects. For more information, check [row access policy documentation](https://docs.snowflake.com/en/sql-reference/sql/create-row-access-policy). diff --git a/pkg/acceptance/helpers/context_client.go b/pkg/acceptance/helpers/context_client.go index e2186026e9..6c5b4bda46 100644 --- a/pkg/acceptance/helpers/context_client.go +++ b/pkg/acceptance/helpers/context_client.go @@ -63,6 +63,15 @@ func (c *ContextClient) CurrentUser(t *testing.T) sdk.AccountObjectIdentifier { return currentUser } +func (c *ContextClient) CurrentAccountIdentifier(t *testing.T) sdk.AccountIdentifier { + t.Helper() + + details, err := c.client().CurrentSessionDetails(context.Background()) + require.NoError(t, err) + + return sdk.NewAccountIdentifier(details.OrganizationName, details.AccountName) +} + func (c *ContextClient) IsRoleInSession(t *testing.T, id sdk.AccountObjectIdentifier) bool { t.Helper() ctx := context.Background() diff --git a/pkg/resources/authentication_policy.go b/pkg/resources/authentication_policy.go index 85c00356a1..851cbe67d9 100644 --- a/pkg/resources/authentication_policy.go +++ b/pkg/resources/authentication_policy.go @@ -491,6 +491,7 @@ func DeleteContextAuthenticationPolicy(ctx context.Context, d *schema.ResourceDa } } + // TODO(SNOW-1818849): unassign policies before dropping if err := client.AuthenticationPolicies.Drop(ctx, sdk.NewDropAuthenticationPolicyRequest(id).WithIfExists(true)); err != nil { return diag.FromErr(err) } diff --git a/pkg/resources/masking_policy.go b/pkg/resources/masking_policy.go index 282e8ce644..4acd32bbb1 100644 --- a/pkg/resources/masking_policy.go +++ b/pkg/resources/masking_policy.go @@ -366,6 +366,7 @@ func DeleteMaskingPolicy(ctx context.Context, d *schema.ResourceData, meta any) return diag.FromErr(err) } + // TODO(SNOW-1818849): unassign policies before dropping err = client.MaskingPolicies.Drop(ctx, id, &sdk.DropMaskingPolicyOptions{IfExists: sdk.Pointer(true)}) if err != nil { return diag.Diagnostics{ diff --git a/pkg/resources/network_policy.go b/pkg/resources/network_policy.go index 07cab78f28..26ab6a1b31 100644 --- a/pkg/resources/network_policy.go +++ b/pkg/resources/network_policy.go @@ -377,6 +377,7 @@ func DeleteContextNetworkPolicy(ctx context.Context, d *schema.ResourceData, met return diag.FromErr(err) } + // TODO(SNOW-1818849): unassign policies before dropping err = client.NetworkPolicies.Drop(ctx, sdk.NewDropNetworkPolicyRequest(id).WithIfExists(true)) if err != nil { return diag.Diagnostics{ diff --git a/pkg/resources/password_policy.go b/pkg/resources/password_policy.go index da3cf85038..f450ef6104 100644 --- a/pkg/resources/password_policy.go +++ b/pkg/resources/password_policy.go @@ -437,6 +437,8 @@ func DeletePasswordPolicy(ctx context.Context, d *schema.ResourceData, meta any) client := meta.(*provider.Context).Client objectIdentifier := helpers.DecodeSnowflakeID(d.Id()).(sdk.SchemaObjectIdentifier) + + // TODO(SNOW-1818849): unassign policies before dropping err := client.PasswordPolicies.Drop(ctx, objectIdentifier, nil) if err != nil { return diag.FromErr(err) diff --git a/pkg/resources/row_access_policy.go b/pkg/resources/row_access_policy.go index f1028a7f82..12c3050cb3 100644 --- a/pkg/resources/row_access_policy.go +++ b/pkg/resources/row_access_policy.go @@ -306,6 +306,7 @@ func DeleteRowAccessPolicy(ctx context.Context, d *schema.ResourceData, meta any client := meta.(*provider.Context).Client + // TODO(SNOW-1818849): unassign policies before dropping err = client.RowAccessPolicies.Drop(ctx, sdk.NewDropRowAccessPolicyRequest(id).WithIfExists(sdk.Pointer(true))) if err != nil { return diag.Diagnostics{ diff --git a/pkg/sdk/tags_impl.go b/pkg/sdk/tags_impl.go index d0e534ae57..e80c934ff1 100644 --- a/pkg/sdk/tags_impl.go +++ b/pkg/sdk/tags_impl.go @@ -149,6 +149,14 @@ func (s *SetTagRequest) toOpts() *setTagOptions { o.column = String(id.Name()) } } + // TODO(SNOW-1818976): Remove this workaround. Currently ALTER "ORGNAME"."ACCOUNTNAME" SET TAG does not work, but ALTER "ACCOUNTNAME" does. + if o.objectType == ObjectTypeAccount { + id, ok := o.objectName.(AccountIdentifier) + if ok { + o.objectName = NewAccountIdentifierFromFullyQualifiedName(id.AccountName()) + } + } + return o } @@ -167,5 +175,14 @@ func (s *UnsetTagRequest) toOpts() *unsetTagOptions { o.column = String(id.Name()) } } + + // TODO(SNOW-1818976): Remove this workaround. Currently ALTER "ORGNAME"."ACCOUNTNAME" SET TAG does not work, but ALTER "ACCOUNTNAME" does. + if o.objectType == ObjectTypeAccount { + id, ok := o.objectName.(AccountIdentifier) + if ok { + o.objectName = NewAccountIdentifierFromFullyQualifiedName(id.AccountName()) + } + } + return o } diff --git a/pkg/sdk/tags_test.go b/pkg/sdk/tags_test.go index 0979537b27..94ed4c641c 100644 --- a/pkg/sdk/tags_test.go +++ b/pkg/sdk/tags_test.go @@ -377,12 +377,6 @@ func TestTagSet(t *testing.T) { assertOptsInvalidJoinedErrors(t, opts, errors.New("tagging for object type SEQUENCE is not supported")) }) - t.Run("validation: unsupported account", func(t *testing.T) { - opts := defaultOpts() - opts.objectType = ObjectTypeAccount - assertOptsInvalidJoinedErrors(t, opts, errors.New("tagging for object type ACCOUNT is not supported - use Tags.SetOnCurrentAccount instead")) - }) - t.Run("set with all optional", func(t *testing.T) { opts := defaultOpts() opts.SetTags = []TagAssociation{ @@ -434,12 +428,6 @@ func TestTagUnset(t *testing.T) { assertOptsInvalidJoinedErrors(t, opts, errors.New("tagging for object type SEQUENCE is not supported")) }) - t.Run("validation: unsupported account", func(t *testing.T) { - opts := defaultOpts() - opts.objectType = ObjectTypeAccount - assertOptsInvalidJoinedErrors(t, opts, errors.New("tagging for object type ACCOUNT is not supported - use Tags.UnsetOnCurrentAccount instead")) - }) - t.Run("unset with all optional", func(t *testing.T) { opts := defaultOpts() opts.UnsetTags = []ObjectIdentifier{ diff --git a/pkg/sdk/tags_validations.go b/pkg/sdk/tags_validations.go index f6fd74b83b..25a219c533 100644 --- a/pkg/sdk/tags_validations.go +++ b/pkg/sdk/tags_validations.go @@ -154,9 +154,6 @@ func (opts *setTagOptions) validate() error { if !canBeAssociatedWithTag(opts.objectType) { return fmt.Errorf("tagging for object type %s is not supported", opts.objectType) } - if opts.objectType == ObjectTypeAccount { - return fmt.Errorf("tagging for object type ACCOUNT is not supported - use Tags.SetOnCurrentAccount instead") - } return errors.Join(errs...) } @@ -171,8 +168,5 @@ func (opts *unsetTagOptions) validate() error { if !canBeAssociatedWithTag(opts.objectType) { return fmt.Errorf("tagging for object type %s is not supported", opts.objectType) } - if opts.objectType == ObjectTypeAccount { - return fmt.Errorf("tagging for object type ACCOUNT is not supported - use Tags.UnsetOnCurrentAccount instead") - } return errors.Join(errs...) } diff --git a/pkg/sdk/testint/tags_integration_test.go b/pkg/sdk/testint/tags_integration_test.go index d16d74d661..c3d9414750 100644 --- a/pkg/sdk/testint/tags_integration_test.go +++ b/pkg/sdk/testint/tags_integration_test.go @@ -324,7 +324,7 @@ func TestInt_TagsAssociations(t *testing.T) { require.ErrorContains(t, err, "sql: Scan error on column index 0, name \"TAG\": converting NULL to string is unsupported") } - t.Run("TestInt_TagAssociationForAccount", func(t *testing.T) { + t.Run("TestInt_TagAssociationForAccountLocator", func(t *testing.T) { id := testClientHelper().Ids.AccountIdentifierWithLocator() err := client.Accounts.Alter(ctx, &sdk.AlterAccountOptions{ SetTag: tags, @@ -358,6 +358,22 @@ func TestInt_TagsAssociations(t *testing.T) { require.ErrorContains(t, err, "sql: Scan error on column index 0, name \"TAG\": converting NULL to string is unsupported") }) + t.Run("TestInt_TagAssociationForAccount", func(t *testing.T) { + id := testClientHelper().Context.CurrentAccountIdentifier(t) + err := client.Tags.Set(ctx, sdk.NewSetTagRequest(sdk.ObjectTypeAccount, id).WithSetTags(tags)) + require.NoError(t, err) + + returnedTagValue, err := client.SystemFunctions.GetTag(ctx, tag.ID(), id, sdk.ObjectTypeAccount) + require.NoError(t, err) + assert.Equal(t, tagValue, returnedTagValue) + + err = client.Tags.Unset(ctx, sdk.NewUnsetTagRequest(sdk.ObjectTypeAccount, id).WithUnsetTags(unsetTags)) + require.NoError(t, err) + + _, err = client.SystemFunctions.GetTag(ctx, tag.ID(), id, sdk.ObjectTypeAccount) + require.ErrorContains(t, err, "sql: Scan error on column index 0, name \"TAG\": converting NULL to string is unsupported") + }) + accountObjectTestCases := []struct { name string objectType sdk.ObjectType diff --git a/templates/resources/authentication_policy.md.tmpl b/templates/resources/authentication_policy.md.tmpl new file mode 100644 index 0000000000..93b46362ee --- /dev/null +++ b/templates/resources/authentication_policy.md.tmpl @@ -0,0 +1,37 @@ +--- +page_title: "{{.Name}} {{.Type}} - {{.ProviderName}}" +subcategory: "" +description: |- +{{ if gt (len (split .Description "")) 1 -}} +{{ index (split .Description "") 1 | plainmarkdown | trimspace | prefixlines " " }} +{{- else -}} +{{ .Description | plainmarkdown | trimspace | prefixlines " " }} +{{- end }} +--- + +> [!WARNING] +> According to Snowflake [docs](https://docs.snowflake.com/en/sql-reference/sql/drop-authentication-policy#usage-notes), an authentication policy cannot be dropped successfully if it is currently assigned to another object. Currently, the provider does not unassign such objects automatically. Before dropping the resource, list the assigned objects with `SELECT * from table(information_schema.policy_references(policy_name=>''));` and unassign them manually with `ALTER ...` or with updated Terraform configuration, if possible. + +# {{.Name}} ({{.Type}}) + +{{ .Description | trimspace }} + +{{ if .HasExample -}} +## Example Usage + +{{ tffile (printf "examples/resources/%s/resource.tf" .Name)}} + +-> **Note** Instead of using fully_qualified_name, you can reference objects managed outside Terraform by constructing a correct ID, consult [identifiers guide](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/guides/identifiers#new-computed-fully-qualified-name-field-in-resources). + + +{{- end }} + +{{ .SchemaMarkdown | trimspace }} +{{- if .HasImport }} + +## Import + +Import is supported using the following syntax: + +{{ codefile "shell" (printf "examples/resources/%s/import.sh" .Name)}} +{{- end }} diff --git a/templates/resources/masking_policy.md.tmpl b/templates/resources/masking_policy.md.tmpl index e09e58f03f..8c42e823de 100644 --- a/templates/resources/masking_policy.md.tmpl +++ b/templates/resources/masking_policy.md.tmpl @@ -11,6 +11,9 @@ description: |- !> **V1 release candidate** This resource was reworked and is a release candidate for the V1. We do not expect significant changes in it before the V1. We will welcome any feedback and adjust the resource if needed. Any errors reported will be resolved with a higher priority. We encourage checking this resource out before the V1 release. Please follow the [migration guide](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md#v0950--v0960) to use it. +> [!WARNING] +> According to Snowflake [docs](https://docs.snowflake.com/en/sql-reference/sql/drop-masking-policy#usage-notes), a masking policy cannot be dropped successfully if it is currently assigned to another object. Currently, the provider does not unassign such objects automatically. Before dropping the resource, list the assigned objects with `SELECT * from table(information_schema.policy_references(policy_name=>''));` and unassign them manually with `ALTER ...` or with updated Terraform configuration, if possible. + # {{.Name}} ({{.Type}}) {{ .Description | trimspace }} diff --git a/templates/resources/network_policy.md.tmpl b/templates/resources/network_policy.md.tmpl index 28e2af568d..c509e6a3e9 100644 --- a/templates/resources/network_policy.md.tmpl +++ b/templates/resources/network_policy.md.tmpl @@ -11,6 +11,9 @@ description: |- !> **V1 release candidate** This resource was reworked and is a release candidate for the V1. We do not expect significant changes in it before the V1. We will welcome any feedback and adjust the resource if needed. Any errors reported will be resolved with a higher priority. We encourage checking this resource out before the V1 release. Please follow the [migration guide](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md#v0920--v0930) to use it. +> [!WARNING] +> According to Snowflake [docs](https://docs.snowflake.com/en/sql-reference/sql/drop-network-policy#usage-notes), a network policy cannot be dropped successfully if it is currently assigned to another object. Currently, the provider does not unassign such objects automatically. Before dropping the resource, list the assigned objects with `SELECT * from table(information_schema.policy_references(policy_name=>''));` and unassign them manually with `ALTER ...` or with updated Terraform configuration, if possible. + # {{.Name}} ({{.Type}}) {{ .Description | trimspace }} diff --git a/templates/resources/password_policy.md.tmpl b/templates/resources/password_policy.md.tmpl new file mode 100644 index 0000000000..28771e2c07 --- /dev/null +++ b/templates/resources/password_policy.md.tmpl @@ -0,0 +1,37 @@ +--- +page_title: "{{.Name}} {{.Type}} - {{.ProviderName}}" +subcategory: "" +description: |- +{{ if gt (len (split .Description "")) 1 -}} +{{ index (split .Description "") 1 | plainmarkdown | trimspace | prefixlines " " }} +{{- else -}} +{{ .Description | plainmarkdown | trimspace | prefixlines " " }} +{{- end }} +--- + +> [!WARNING] +> According to Snowflake [docs](https://docs.snowflake.com/en/sql-reference/sql/drop-password-policy#usage-notes), a password policy cannot be dropped successfully if it is currently assigned to another object. Currently, the provider does not unassign such objects automatically. Before dropping the resource, list the assigned objects with `SELECT * from table(information_schema.policy_references(policy_name=>''));` and unassign them manually with `ALTER ...` or with updated Terraform configuration, if possible. + +# {{.Name}} ({{.Type}}) + +{{ .Description | trimspace }} + +{{ if .HasExample -}} +## Example Usage + +{{ tffile (printf "examples/resources/%s/resource.tf" .Name)}} + +-> **Note** Instead of using fully_qualified_name, you can reference objects managed outside Terraform by constructing a correct ID, consult [identifiers guide](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/guides/identifiers#new-computed-fully-qualified-name-field-in-resources). + + +{{- end }} + +{{ .SchemaMarkdown | trimspace }} +{{- if .HasImport }} + +## Import + +Import is supported using the following syntax: + +{{ codefile "shell" (printf "examples/resources/%s/import.sh" .Name)}} +{{- end }} diff --git a/templates/resources/row_access_policy.md.tmpl b/templates/resources/row_access_policy.md.tmpl index e09e58f03f..eed337762b 100644 --- a/templates/resources/row_access_policy.md.tmpl +++ b/templates/resources/row_access_policy.md.tmpl @@ -11,6 +11,9 @@ description: |- !> **V1 release candidate** This resource was reworked and is a release candidate for the V1. We do not expect significant changes in it before the V1. We will welcome any feedback and adjust the resource if needed. Any errors reported will be resolved with a higher priority. We encourage checking this resource out before the V1 release. Please follow the [migration guide](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md#v0950--v0960) to use it. +> [!WARNING] +> According to Snowflake [docs](https://docs.snowflake.com/en/sql-reference/sql/drop-row-access-policy#usage-notes), a row access policy cannot be dropped successfully if it is currently assigned to another object. Currently, the provider does not unassign such objects automatically. Before dropping the resource, list the assigned objects with `SELECT * from table(information_schema.policy_references(policy_name=>''));` and unassign them manually with `ALTER ...` or with updated Terraform configuration, if possible. + # {{.Name}} ({{.Type}}) {{ .Description | trimspace }} diff --git a/v1-preparations/ESSENTIAL_GA_OBJECTS.MD b/v1-preparations/ESSENTIAL_GA_OBJECTS.MD index 96c1eea1d7..2f69537f57 100644 --- a/v1-preparations/ESSENTIAL_GA_OBJECTS.MD +++ b/v1-preparations/ESSENTIAL_GA_OBJECTS.MD @@ -32,7 +32,7 @@ newer provider versions. We will address these while working on the given object | STREAM | 🚀 | [#2975](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2975), [#2413](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2413), [#2201](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2201), [#1150](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1150) | | STREAMLIT | 🚀 | - | | TABLE | 👨‍💻 | [#2997](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2997), [#2844](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2844), [#2839](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2839), [#2735](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2735), [#2733](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2733), [#2683](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2683), [#2676](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2676), [#2674](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2674), [#2629](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2629), [#2418](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2418), [#2415](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2415), [#2406](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2406), [#2236](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2236), [#2035](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2035), [#1823](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1823), [#1799](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1799), [#1764](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1764), [#1600](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1600), [#1387](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1387), [#1272](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1272), [#1271](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1271), [#1248](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1248), [#1241](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1241), [#1146](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1146), [#1032](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1032), [#420](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/420) | -| TAG | 👨‍💻 | [#2943](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2902), [#2598](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2598), [#1910](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1910), [#1909](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1909), [#1862](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1862), [#1806](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1806), [#1657](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1657), [#1496](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1496), [#1443](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1443), [#1394](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1394), [#1372](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1372), [#1074](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1074) | +| TAG | 👨‍💻 | [#2943](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2943), [#2598](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2598), [#1910](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1910), [#1909](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1909), [#1862](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1862), [#1806](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1806), [#1657](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1657), [#1496](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1496), [#1443](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1443), [#1394](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1394), [#1372](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1372), [#1074](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1074) | | TASK | 👨‍💻 | [#3136](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/3136), [#1419](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1419), [#1250](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1250), [#1194](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1194), [#1088](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1088) | | VIEW | 🚀 | issues in the older versions: [resources](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues?q=label%3Aresource%3Aview+) and [datasources](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues?q=label%3Adata_source%3Aviews+) | | snowflake_unsafe_execute | 👨‍💻 | [#2934](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2934) | diff --git a/v1-preparations/REMAINING_GA_OBJECTS.MD b/v1-preparations/REMAINING_GA_OBJECTS.MD index fae960f8d3..97f8f7bade 100644 --- a/v1-preparations/REMAINING_GA_OBJECTS.MD +++ b/v1-preparations/REMAINING_GA_OBJECTS.MD @@ -22,7 +22,7 @@ Known issues lists open issues touching the given object. Note that some of thes | EXTERNAL ACCESS INTEGRATION | ❌ | [#2546](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2546) | | FAILOVER GROUP | ❌ | [#2516](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2516), [#2332](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2332), [#1418](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1418) | | MANAGED ACCOUNT | ❌ | - | -| NOTIFICATION INTEGRATION | ❌ | [#2966](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2966), [#2965](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2965), [#1051](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1051) | +| NOTIFICATION INTEGRATION | ❌ | [#3138](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/3138), [#2966](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2966), [#2965](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2965), [#1051](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1051) | | REPLICATION GROUP | ❌ | [#1602](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1602) | | SHARE | ❌ | [#3051](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/3051), [#2189](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2189), [#1279](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1279), [#630](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/630) | | STORAGE INTEGRATION | ❌ | [#3082](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/3082), [#2624](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/2624), [#1445](https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/1445) |