Open
Description
Terraform CLI Version
1.3.8
Terraform Provider Version
1.0.2
Company Name
No response
Terraform Configuration
I have a bunch of users that I provision with the `snowflake_user` resource.
I just added
`default_secondary_roles_option = "NONE"`Category
category:resource
Object type(s)
resource:user
Expected Behavior
I expect it to propose 3 user modifications that add
~ default_secondary_roles_option = "DEFAULT" -> "NONE"
Actual Behavior
This was the plan after adding the default_secondary_roles_option:
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# module.snowflake_purpose[0].snowflake_user.purpose_env["alerting_acc"] will be updated in-place
~ resource "snowflake_user" "purpose_env" {
~ default_secondary_roles_option = "DEFAULT" -> "NONE"
id = "ALERTING_ACC"
name = "ALERTING_ACC"
~ network_policy = "REDACTED" -> (known after apply)
~ show_output = [
- {
- comment = "purpose-based user for alerting in the acc environment"
- created_on = "2025-01-30 15:23:02.53 -0800 PST"
- days_to_expiry = ""
- default_namespace = "ACC.P_ALERTING"
- default_role = "ALERTING_ACC"
- default_secondary_roles = ""
- default_warehouse = "ALERTING_ACC"
- disabled = false
- display_name = "ALERTING_ACC"
- expires_at_time = "0001-01-01 00:00:00 +0000 UTC"
- last_success_login = "0001-01-01 00:00:00 +0000 UTC"
- locked_until_time = "0001-01-01 00:00:00 +0000 UTC"
- login_name = "ALERTING_ACC"
- name = "ALERTING_ACC"
- owner = "ACCOUNTADMIN"
- snowflake_lock = false
- type = ""
},
] -> (known after apply)
# (65 unchanged attributes hidden)
}
# module.snowflake_purpose[0].snowflake_user.purpose_env["alerting_dev"] will be updated in-place
~ resource "snowflake_user" "purpose_env" {
id = "ALERTING_DEV"
name = "ALERTING_DEV"
~ network_policy = "REDACTED" -> (known after apply)
# (67 unchanged attributes hidden)
}
# module.snowflake_purpose[0].snowflake_user.purpose_env["alerting_pro"] will be updated in-place
~ resource "snowflake_user" "purpose_env" {
id = "ALERTING_PRO"
name = "ALERTING_PRO"
~ network_policy = "REDACTED" -> (known after apply)
# (67 unchanged attributes hidden)
}
Plan: 0 to add, 3 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
It is literally in a for_each loop around these 3 users, so they have the exact same property, but only ACC got applied?
I refresh and run again, No changes. Your infrastructure matches the configuration.
I check Snowflake with show users and indeed, only the ALERTING_ACC user has now got [] filled in.
Steps to Reproduce
- Have 3 users provisioned by terraform in a for_each loop
resource "snowflake_user" "purpose_env" {
for_each = toset(["DEV","ACC","PRO"]
name = upper(each.value)
comment = "test"
password = test
disabled = false
}
- Provision the users
- Add this line to the config
default_secondary_roles_option = "NONE" - Observe that not all users get applied
- terraform apply again
- Observe that no changes are proposed
How much impact is this issue causing?
Low
Logs
No response
Additional Information
No response
Would you like to implement a fix?
- Yeah, I'll take it 😎