Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: snowflake_warehouses data resource has issues when 'SYSTEM$STREAMLIT_NOTEBOOK_WH' is included and with_describe = true #2999

Closed
1 task
AaronCoquet-Easypark opened this issue Aug 15, 2024 · 2 comments
Closed
1 task

[Bug]: snowflake_warehouses data resource has issues when 'SYSTEM$STREAMLIT_NOTEBOOK_WH' is included and with_describe = true #2999

AaronCoquet-Easypark opened this issue Aug 15, 2024 · 2 comments
Assignees
@sfc-gh-jmichalak
Labels
bug Used to mark issues with provider's incorrect behavior

Comments

@AaronCoquet-Easypark
Copy link

Terraform CLI Version

1.9.4

Terraform Provider Version

0.94.1

Terraform Configuration

data snowflake_warehouses all_wh {
  # This provider is the "sysadmin" role
  provider = snowflake.sysadmin
  # This is the default; it's included for reference
  with_describe = true
}

Category

category:data_source

Object type(s)

data_source:warehouses

Expected Behavior

The resource data.snowflake_warehouses.all_wh should return a complex, deeply-nested object that contains details about all warehouses that sysadmin can see.

Actual Behavior

Terraform throws an error indicating that sysadmin doesn't "have permissions to operate on" the object, and planning fails.

Steps to Reproduce

  1. Create a new Snowflake instance
  2. < Do all of the things needed to be able to use Terraform on the new instance, including a user that can use the sysadmin role >
  3. create a provider that uses the sysadmin role
  4. create a data resource of type snowflake_warehouses
  5. ensure that the data resource has either:
  • with_describe = true
  • the with_describe attribute not specified
  1. terraform plan

How much impact is this issue causing?

Low

Logs

https://gist.github.com/AaronCoquet-Easypark/846a45bb8af6558ff762cd7feecd1e65

Additional Information

Relates to Support ticket 00826888

Known workarounds:

  • Grant sysadmin permissions on that particular warehouse
  • set with_describe = false
  • specify a warehouse with the like parameter

Would you like to implement a fix?

  • Yeah, I'll take it 😎
@AaronCoquet-Easypark AaronCoquet-Easypark added the bug Used to mark issues with provider's incorrect behavior label Aug 15, 2024
@sfc-gh-jmichalak
Copy link
Collaborator

Hi, @AaronCoquet-Easypark 👋 Thanks for reporting this issue. Currently, we call DESCRIBE without checking for appropriate privileges in all the datasources, and users are responsible for granting proper privileges.

For now, please continue with the granted MONITOR privilege, or with with_describe = false, or with the like filter.

According to docs, the PUBLIC role is granted USAGE privilege. I think that by default, it could also be granted MONITOR for PUBLIC/SYSADMIN. I'll ask the warehouse team.

In the future, we'll consider checking for appropriate grants in the provider, or not failing the whole operation where information from DESCRIBE is not crucial for handling data sources/resources correctly.

@sfc-gh-jmichalak
Copy link
Collaborator

I'm closing this issue since it has many workarounds, and it was caused by incorrect privileges. I've created a ticket for making further improvements in handling this in the provider.

@sfc-gh-jmichalak sfc-gh-jmichalak self-assigned this Oct 18, 2024
@sfc-gh-asawicki sfc-gh-asawicki mentioned this issue Jan 29, 2025
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sfc-gh-jmichalak sfc-gh-jmichalak

Labels
bug Used to mark issues with provider's incorrect behavior
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AaronCoquet-Easypark @sfc-gh-jmichalak