Snowflake provider: Terraform Error while applying terraform destroy

Hi Guys,

I’m having the below issue while applying the Terraform destroy
error revoking privileges from account role: [grants_validations.go:44] exactly one of AccountRoleGrantPrivileges fields [AllPrivileges GlobalPrivileges AccountObjectPrivileges SchemaPrivileges SchemaObjectPrivileges]

Could you please help on this ?

main.tf :

# Define the custom role for TEST operations
resource "snowflake_role" "test_operations_role" {
  name    = "TEST_OPERATIONS_ROLE"
  comment = "Custom role for TEST operations"
}

# Inherit permissions from SYSADMIN
resource "snowflake_role_grants" "sysadmin_grant" {
  role_name = snowflake_role.test_operations_role.name

  roles = [
    "SYSADMIN",
  ]
}

# Create a Snowflake user for TEST DevOps
resource "snowflake_user" "test_devops_user" {
  name                 = "TEST_DEVOPS_USER"
  default_role         = snowflake_role.test_operations_role.name
  default_warehouse    = snowflake_warehouse.test_operations_wh.name
  rsa_public_key       = var.tf_user_public_key
  must_change_password = false
  comment              = "DevOps user for TEST"
  depends_on           = [snowflake_warehouse.test_operations_wh]
}

# Grant ACCOUNTADMIN role to TEST_USER
resource "snowflake_role_grants" "user_role_grants" {
  role_name = snowflake_role.test_operations_role.name

  roles = [
    "ACCOUNTADMIN",
  ]

  users = [
    snowflake_user.test_devops_user.name,
  ]
}

# Create the TEST operations database
resource "snowflake_database" "test_operations_db" {
  name    = "TEST_OPERATIONS_DB"
  comment = "Database for TEST Operations"
}

# Assign ownership of the database to TEST_OPERATIONS_ROLE
resource "snowflake_database_grant" "test_operations_db_grant" {
  database_name = snowflake_database.test_operations_db.name
  privilege     = "OWNERSHIP"
  roles         = [snowflake_role.test_operations_role.name]
}

# Create a schema within the TEST operations database
resource "snowflake_schema" "scaffolding_schema" {
  database = snowflake_database.test_operations_db.name
  name     = "SAMPLE"
  comment  = "Scaffolding schema for TEST Operations"
}

# Grant ownership of the schema to TEST_OPERATIONS_ROLE
resource "snowflake_grant_privileges_to_role" "scaffolding_schema_grant" {
  privileges = ["OWNERSHIP"]
  role_name  = snowflake_role.test_operations_role.name
  on_schema {
    schema_name = "\"${snowflake_database.test_operations_db.name}\".\"${snowflake_schema.scaffolding_schema.name}\""
  }
  depends_on = [snowflake_schema.scaffolding_schema]
}

# Create a Snowflake warehouse
resource "snowflake_warehouse" "test_operations_wh" {
  name                = var.warehouse_name
  warehouse_size      = var.warehouse_size
  auto_resume         = var.auto_resume
  auto_suspend        = var.auto_suspend
  min_cluster_count   = var.min_clusters
  max_cluster_count   = var.max_clusters
  scaling_policy      = var.scaling_policy
  initially_suspended = true
}

# Set ownership grants for the warehouse
resource "snowflake_grant_privileges_to_role" "test_operations_wh_grant" {
  role_name  = snowflake_role.test_operations_role.name
  privileges = ["OWNERSHIP"]
  on_account_object {
    object_type = "WAREHOUSE"
    object_name = snowflake_warehouse.test_operations_wh.name
  }
  depends_on = [snowflake_warehouse.test_operations_wh]
}

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.