feat: Add fully_qualified_name to all resources (#2990)

- add `fully_qualified_name` to relevent resources - some resources had `qualified_name` already, so this field was removed in favor of the new one, with proper state migrators and acceptance tests - mention this in the migration guide - also with a list of not relevant resources  ## Test Plan  * [x] acceptance tests  ## References
Snowflake-Labs · Aug 14, 2024 · 1b0462f · 1b0462f
1 parent 00ae1c5
commit 1b0462f
Show file tree

Hide file tree

Showing 185 changed files with 1,074 additions and 388 deletions.
diff --git a/MIGRATION_GUIDE.md b/MIGRATION_GUIDE.md
@@ -6,7 +6,40 @@ across different versions.
 
 ## v0.94.x ➞ v0.95.0
 
-### snowflake_warehouse resource changes
+### New `fully_qualified_name` field in the resources.
+We added a new `fully_qualified_name` to snowflake resources. This should help with referencing other resources in fields that expect a fully qualified name. For example, instead of
+writing
+
+```object_name = “\”${snowflake_table.database}\”.\”${snowflake_table.schema}\”.\”${snowflake_table.name}\””```
+
+ now we can write
+
+```object_name = snowflake_table.fully_qualified_name```
+
+See [example usage](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/grant_privileges_to_account_role).
+
+Some of the resources are excluded from this change:
+- deprecated resources
+  - `snowflake_database_old`
+  - `snowflake_oauth_integration`
+  - `snowflake_saml_integration`
+- resources for which fully qualified name is not appropriate
+  - `snowflake_account_parameter`
+  - `snowflake_account_password_policy_attachment`
+  - `snowflake_network_policy_attachment`
+  - `snowflake_session_parameter`
+  - `snowflake_table_constraint`
+  - `snowflake_table_column_masking_policy_application`
+  - `snowflake_tag_masking_policy_association`
+  - `snowflake_tag_association`
+  - `snowflake_user_password_policy_attachment`
+  - `snowflake_user_public_keys`
+  - grant resources
+
+#### *(breaking change)* removed `qualified_name` from `snowflake_masking_policy`, `snowflake_network_rule`, `snowflake_password_policy` and `snowflake_table`
+Because of introducing a new `fully_qualified_name` field for all of the resources, `qualified_name` was removed from `snowflake_masking_policy`, `snowflake_network_rule`,  `snowflake_password_policy` and `snowflake_table`. Please adjust your configurations. State is automatically migrated.
+
+### snowflake_user resource changes
 
 #### *(breaking change)* user parameters added to snowflake_user resource
 
@@ -461,7 +494,7 @@ resource "snowflake_database" "test" {
 }
 ```
 
-If you had `from_database` set, you should follow our [resource migration guide](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/docs/technical-documentation/resource_migration.md) to remove 
+If you had `from_database` set, you should follow our [resource migration guide](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/docs/technical-documentation/resource_migration.md) to remove
 the database from state to later import it in the newer version of the provider.
 Otherwise, it may cause issues when migrating to v0.93.0.
 For now, we're dropping the possibility to create a clone database from other databases.

diff --git a/docs/resources/account.md b/docs/resources/account.md
@@ -60,6 +60,7 @@ resource "snowflake_account" "ac1" {
 
 ### Read-Only
 
+- `fully_qualified_name` (String) Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
 - `id` (String) The ID of this resource.
 - `is_org_admin` (Boolean) Indicates whether the ORGADMIN role is enabled in an account. If TRUE, the role is enabled.
 

diff --git a/docs/resources/account_password_policy_attachment.md b/docs/resources/account_password_policy_attachment.md
@@ -19,7 +19,7 @@ resource "snowflake_password_policy" "default" {
 }
 
 resource "snowflake_account_password_policy_attachment" "attachment" {
-  password_policy = snowflake_password_policy.default.qualified_name
+  password_policy = snowflake_password_policy.default.fully_qualified_name
 }
 ```
 

diff --git a/docs/resources/account_role.md b/docs/resources/account_role.md
@@ -39,6 +39,7 @@ resource "snowflake_account_role" "complete" {
 
 ### Read-Only
 
+- `fully_qualified_name` (String) Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
 - `id` (String) The ID of this resource.
 - `show_output` (List of Object) Outputs the result of `SHOW ROLES` for the given role. (see [below for nested schema](#nestedatt--show_output))
 

diff --git a/docs/resources/alert.md b/docs/resources/alert.md
@@ -47,6 +47,7 @@ resource "snowflake_alert" "alert" {
 
 ### Read-Only
 
+- `fully_qualified_name` (String) Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
 - `id` (String) The ID of this resource.
 
 <a id="nestedblock--alert_schedule"></a>

diff --git a/docs/resources/api_authentication_integration_with_authorization_code_grant.md b/docs/resources/api_authentication_integration_with_authorization_code_grant.md
@@ -60,6 +60,7 @@ resource "snowflake_api_authentication_integration_with_authorization_code_grant
 ### Read-Only
 
 - `describe_output` (List of Object) Outputs the result of `DESCRIBE SECURITY INTEGRATIONS` for the given security integration. (see [below for nested schema](#nestedatt--describe_output))
+- `fully_qualified_name` (String) Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
 - `id` (String) The ID of this resource.
 - `show_output` (List of Object) Outputs the result of `SHOW SECURITY INTEGRATIONS` for the given security integration. (see [below for nested schema](#nestedatt--show_output))
 

diff --git a/docs/resources/api_authentication_integration_with_client_credentials.md b/docs/resources/api_authentication_integration_with_client_credentials.md
@@ -57,6 +57,7 @@ resource "snowflake_api_authentication_integration_with_client_credentials" "tes
 ### Read-Only
 
 - `describe_output` (List of Object) Outputs the result of `DESCRIBE SECURITY INTEGRATIONS` for the given security integration. (see [below for nested schema](#nestedatt--describe_output))
+- `fully_qualified_name` (String) Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
 - `id` (String) The ID of this resource.
 - `show_output` (List of Object) Outputs the result of `SHOW SECURITY INTEGRATIONS` for the given security integration. (see [below for nested schema](#nestedatt--show_output))
 

diff --git a/docs/resources/api_authentication_integration_with_jwt_bearer.md b/docs/resources/api_authentication_integration_with_jwt_bearer.md
@@ -61,6 +61,7 @@ resource "snowflake_api_authentication_integration_with_jwt_bearer" "test" {
 ### Read-Only
 
 - `describe_output` (List of Object) Outputs the result of `DESCRIBE SECURITY INTEGRATIONS` for the given security integration. (see [below for nested schema](#nestedatt--describe_output))
+- `fully_qualified_name` (String) Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
 - `id` (String) The ID of this resource.
 - `show_output` (List of Object) Outputs the result of `SHOW SECURITY INTEGRATIONS` for the given security integration. (see [below for nested schema](#nestedatt--show_output))
 

diff --git a/docs/resources/api_integration.md b/docs/resources/api_integration.md
@@ -66,6 +66,7 @@ resource "snowflake_api_integration" "gcp" {
 - `azure_consent_url` (String)
 - `azure_multi_tenant_app_name` (String)
 - `created_on` (String) Date and time when the API integration was created.
+- `fully_qualified_name` (String) Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
 - `id` (String) The ID of this resource.
 
 ## Import

diff --git a/docs/resources/cortex_search_service.md b/docs/resources/cortex_search_service.md
@@ -75,6 +75,7 @@ resource "snowflake_cortex_search_service" "test" {
 ### Read-Only
 
 - `created_on` (String) Creation date for the given Cortex search service.
+- `fully_qualified_name` (String) Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
 - `id` (String) The ID of this resource.
 
 ## Import

diff --git a/docs/resources/database.md b/docs/resources/database.md
@@ -109,6 +109,7 @@ resource "snowflake_database" "primary" {
 
 ### Read-Only
 
+- `fully_qualified_name` (String) Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
 - `id` (String) The ID of this resource.
 
 <a id="nestedblock--replication"></a>

diff --git a/docs/resources/database_role.md b/docs/resources/database_role.md
@@ -33,6 +33,7 @@ resource "snowflake_database_role" "db_role" {
 
 ### Read-Only
 
+- `fully_qualified_name` (String) Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
 - `id` (String) The ID of this resource.
 
 ## Import

diff --git a/docs/resources/dynamic_table.md b/docs/resources/dynamic_table.md
@@ -52,6 +52,7 @@ resource "snowflake_dynamic_table" "dt" {
 - `cluster_by` (String) The clustering key for the dynamic table.
 - `created_on` (String) Time when this dynamic table was created.
 - `data_timestamp` (String) Timestamp of the data in the base object(s) that is included in the dynamic table.
+- `fully_qualified_name` (String) Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
 - `id` (String) The ID of this resource.
 - `is_clone` (Boolean) TRUE if the dynamic table has been cloned, else FALSE.
 - `is_replica` (Boolean) TRUE if the dynamic table is a replica. else FALSE.

diff --git a/docs/resources/email_notification_integration.md b/docs/resources/email_notification_integration.md
@@ -36,6 +36,7 @@ resource "snowflake_email_notification_integration" "email_int" {
 
 ### Read-Only
 
+- `fully_qualified_name` (String) Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
 - `id` (String) The ID of this resource.
 
 ## Import

diff --git a/docs/resources/external_function.md b/docs/resources/external_function.md
@@ -60,6 +60,7 @@ resource "snowflake_external_function" "test_ext_func" {
 ### Read-Only
 
 - `created_on` (String) Date and time when the external function was created.
+- `fully_qualified_name` (String) Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
 - `id` (String) The ID of this resource.
 
 <a id="nestedblock--arg"></a>

diff --git a/docs/resources/external_oauth_integration.md b/docs/resources/external_oauth_integration.md
@@ -86,6 +86,7 @@ resource "snowflake_external_oauth_integration" "test" {
 ### Read-Only
 
 - `describe_output` (List of Object) Outputs the result of `DESCRIBE SECURITY INTEGRATIONS` for the given security integration. (see [below for nested schema](#nestedatt--describe_output))
+- `fully_qualified_name` (String) Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
 - `id` (String) The ID of this resource.
 - `related_parameters` (List of Object) Paramteres related to this security integration. (see [below for nested schema](#nestedatt--related_parameters))
 - `show_output` (List of Object) Outputs the result of `SHOW SECURITY INTEGRATIONS` for the given security integration. (see [below for nested schema](#nestedatt--show_output))

diff --git a/docs/resources/external_table.md b/docs/resources/external_table.md
@@ -57,6 +57,7 @@ resource "snowflake_external_table" "external_table" {
 
 ### Read-Only
 
+- `fully_qualified_name` (String) Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
 - `id` (String) The ID of this resource.
 - `owner` (String) Name of the role that owns the external table.
 

diff --git a/docs/resources/failover_group.md b/docs/resources/failover_group.md
@@ -68,6 +68,7 @@ resource "snowflake_failover_group" "target_failover_group" {
 
 ### Read-Only
 
+- `fully_qualified_name` (String) Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
 - `id` (String) The ID of this resource.
 
 <a id="nestedblock--from_replica"></a>

diff --git a/docs/resources/file_format.md b/docs/resources/file_format.md
@@ -67,6 +67,7 @@ resource "snowflake_file_format" "example_file_format" {
 
 ### Read-Only
 
+- `fully_qualified_name` (String) Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
 - `id` (String) The ID of this resource.
 
 ## Import

diff --git a/docs/resources/function.md b/docs/resources/function.md
@@ -114,6 +114,7 @@ resource "snowflake_function" "sql_test" {
 
 ### Read-Only
 
+- `fully_qualified_name` (String) Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
 - `id` (String) The ID of this resource.
 
 <a id="nestedblock--arguments"></a>

diff --git a/docs/resources/grant_ownership.md b/docs/resources/grant_ownership.md
@@ -62,7 +62,7 @@ resource "snowflake_database_role" "test" {
 }
 
 resource "snowflake_grant_ownership" "test" {
-  database_role_name  = "\"${snowflake_database_role.test.database}\".\"${snowflake_database_role.test.name}\""
+  database_role_name  = snowflake_database_role.test.fully_qualified_name
   outbound_privileges = "REVOKE"
   on {
     object_type = "SCHEMA"

diff --git a/docs/resources/grant_privileges_to_account_role.md b/docs/resources/grant_privileges_to_account_role.md
@@ -22,6 +22,11 @@ resource "snowflake_database" "db" {
   name = "database"
 }
 
+resource "snowflake_schema" "my_schema" {
+  database = snowflake_database.db.name
+  name     = "my_schema"
+}
+
 resource "snowflake_account_role" "db_role" {
   name = "role_name"
 }
@@ -124,7 +129,7 @@ resource "snowflake_grant_privileges_to_account_role" "example" {
   privileges        = ["MODIFY", "CREATE TABLE"]
   account_role_name = snowflake_account_role.db_role.name
   on_schema {
-    schema_name = "\"${snowflake_database.db.name}\".\"my_schema\"" # note this is a fully qualified name!
+    schema_name = snowflake_schema.my_schema.fully_qualified_name # note this is a fully qualified name!
   }
 }
 
@@ -134,7 +139,7 @@ resource "snowflake_grant_privileges_to_account_role" "example" {
 resource "snowflake_grant_privileges_to_account_role" "example" {
   account_role_name = snowflake_account_role.db_role.name
   on_schema {
-    schema_name = "\"${snowflake_database.db.name}\".\"my_schema\"" # note this is a fully qualified name!
+    schema_name = snowflake_schema.my_schema.fully_qualified_name # note this is a fully qualified name!
   }
   all_privileges    = true
   with_grant_option = true
@@ -174,7 +179,7 @@ resource "snowflake_grant_privileges_to_account_role" "example" {
   account_role_name = snowflake_account_role.db_role.name
   on_schema_object {
     object_type = "VIEW"
-    object_name = "\"${snowflake_database.db.name}\".\"my_schema\".\"my_view\"" # note this is a fully qualified name!
+    object_name = snowflake_view.my_view.fully_qualified_name # note this is a fully qualified name!
   }
 }
 
@@ -185,7 +190,7 @@ resource "snowflake_grant_privileges_to_account_role" "example" {
   account_role_name = snowflake_account_role.db_role.name
   on_schema_object {
     object_type = "VIEW"
-    object_name = "\"${snowflake_database.db.name}\".\"my_schema\".\"my_view\"" # note this is a fully qualified name!
+    object_name = snowflake_view.my_view.fully_qualified_name # note this is a fully qualified name!
   }
   all_privileges    = true
   with_grant_option = true
@@ -214,7 +219,7 @@ resource "snowflake_grant_privileges_to_account_role" "example" {
   on_schema_object {
     all {
       object_type_plural = "TABLES"
-      in_schema          = "\"${snowflake_database.db.name}\".\"my_schema\"" # note this is a fully qualified name!
+      in_schema          = snowflake_schema.my_schema.fully_qualified_name # note this is a fully qualified name!
     }
   }
 }
@@ -242,7 +247,7 @@ resource "snowflake_grant_privileges_to_account_role" "example" {
   on_schema_object {
     future {
       object_type_plural = "TABLES"
-      in_schema          = "\"${snowflake_database.db.name}\".\"my_schema\"" # note this is a fully qualified name!
+      in_schema          = snowflake_schema.my_schema.fully_qualified_name # note this is a fully qualified name!
     }
   }
 }