[General Usage]: How to pass argument_data_types using snowflake_grant_privileges_to_account_role

[hiromu166]

Terraform CLI Version

1.8.4

Terraform Provider Version

0.92.0

Terraform Configuration

terraform {
  required_providers {
    snowflake = {
      source  = "Snowflake-Labs/snowflake"
      version = ">= 0.92.0"
    }
  }
}

provider "snowflake" {
  alias = "account_admin"
  role  = "ACCOUNTADMIN"
}

provider "snowflake" {
  alias = "sys_admin"
  role  = "SYSADMIN"
}

provider "snowflake" {
  alias = "security_admin"
  role  = "SECURITYADMIN"
}

resource "snowflake_procedure" "unload_to_gcs" {
  provider = snowflake.sys_admin
  name     = "UNLOAD_TO_GCS"
  database = snowflake_database.gcs_integration.name // defined in other file
  schema   = snowflake_schema.gcs_integration.name // defined in other file
  language = "JAVASCRIPT"
  arguments {
    name = "TARGET_DATABASE"
    type = "VARCHAR"
  }
  arguments {
    name = "TARGET_SCHEMA"
    type = "VARCHAR"
  }
  arguments {
    name = "STAGE_DATABASE"
    type = "VARCHAR"
  }
  comment             = "Unload data to GCS"
  return_type         = "VARCHAR"
  execute_as          = "CALLER"
  null_input_behavior = "RETURNS NULL ON NULL INPUT"
  statement           = file("${path.module}/procedure.js") // defined in other file
}

resource "snowflake_grant_privileges_to_account_role" "procedure_grant" {
  privileges        = ["USAGE"]
  account_role_name = data.snowflake_current_role.this.name
  on_schema_object {
    object_type = "PROCEDURE"
    object_name = "\"${snowflake_database.gcs_integration.name}\".\"${snowflake_schema.gcs_integration.name}\".\"${snowflake_procedure.unload_to_gcs.name}\""
  }
}

Category

category:grants

Object type(s)

resource:grant_privileges_to_account_role

Expected Behavior

When using snowflake_grant_privileges_to_account_role to target "PROCEDURE", I believe it is necessary to have something equivalent to the argument_data_types parameter, which existed as an argument in the traditional snowflake_procedure_grant.

Actual Behavior

╷
│ Error: An error occurred when granting privileges to account role
│
│ with module.snowflake_integration.snowflake_grant_privileges_to_account_role.procedure_grant,
│ on modules/snowflake_integration/procedure.tf line 27, in resource "snowflake_grant_privileges_to_account_role" "procedure_grant":
│ 27: resource "snowflake_grant_privileges_to_account_role" "procedure_grant" ***
│
│ Id:
│ "TERRAFORM"|false|false|USAGE|OnSchemaObject|OnObject|PROCEDURE|"DATABASE"."SCHEMA"."UNLOAD_TO_GCS"
│ Account role name: TERRAFORM
│ Error: 090208 (42601): Argument types of function 'UNLOAD_TO_GCS' must be
│ specified.
╵

Steps to Reproduce

1. Terraform Configuration part
2. terraform apply

How much impact is this issue causing?

Medium

Logs

No response

Additional Information

No response

[sfc-gh-asawicki]

Hey @hiromu166. Thanks for reaching out to us.

I am pretty sure we have described it in one of the open issues. Let me find this one for you.

[sfc-gh-asawicki]

It's described in #2375. We will add this to known issues today (here: https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/CREATING_ISSUES.md#faq).

[hiromu166]

Thank you for your response. I apologize for missing the previously discussed issue. After referring to #2375 , I was able to resolve the error.

[sfc-gh-asawicki]

Great to hear that! We will add it to https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/CREATING_ISSUES.md#faq, so that it is not necessary to browse through the issues.