FUTURE GRANTS are updated everytime

[amit0904]

Provider Version

0.56.0

Terraform Version

1.3.6

Describe the bug

For resource "snowflake_table_grant", "snowflake_schema_grant", "snowflake_view_grant" provider does record FUTURE grants in state file. Changes are applied at each run with "+create" for role name.

error message

#resource.snowflake_schema_grant.future_schema_grant will be updated in-place
~ resource "snowflake_schema_grant" "future_schema_grant" {
    id                     = "DEV_DB|||USAGE|DEV_DB_READ_ONLY|false"
  ~ roles                  = [
      + "DEV_DB_READ_ONLY",
    ]
    # (5 unchanged attributes hidden)
}

Expected behavior

No updates should be applied.

Code samples and commands

resource "snowflake_schema_grant" "future_schema_grant" {
  provider      = snowflake.securityadmin
  database_name ="DEV_DB"

  privilege = "USAGE"
  roles     = ["DEV_DB_READ_ONLY"]

  enable_multiple_grants = true
  on_future              = true
  with_grant_option      = false
}

[systematics78]

this is because you have to change the id for all resources which is granting permissions. for example database_grants and etc.
for example:
terraform state list | grep "snowflake_schema_grant." | xargs terraform state rm
terraform state list | grep "snowflake_role_grants" | xargs terraform state rm

it will recreate new resources after with correct id.. and nothing will be updated after

[amit0904]

@systematics78 - Thank you for your reply.

I would have assumed the same, that it updates the id but then I checked snowflake and saw the grant queries getting executed.
At each apply I get these resources marked for change.

[jelledv]

I also just upgraded my Terraform Provider from 0.49.0 to 0.58.0. Every apply, drift was detected for role grants and database grants. I was able to resolve the role grants drift, by removing the resources from the state and reapplying as @systematics78 mentioned:
terraform state list | grep "snowflake_role_grants" | sed "s/\(.*\)/'\1'/" | xargs terraform state rm

But that didn't do the trick for snowflake_database_grants . Still drift there for every apply

[collin-luma]

I'm seeing the same behavior with snowflake_table_grant, but for individual table grants (which precludes the on_future option). I tried @systematics78 and @jelledv 's terraform state rm suggestion; still seeing these resources modified on every single terraform apply.

I'm using Snowflake provider version 0.53.0

[jacobcbeaudin]

I am also observing this bug and documented it in #1981

[sfc-gh-jcieslak]

Hey 👋
Closing the issue as it's referring to the deprecated resource and we're not supporting them. Please, try to use the latest provider version with the non-deprecated resources (e.g. snowflake_grant_privileges_to_account_role). If the issue persists on the non-deprecated resource (or the feature is present in Snowflake, but not in the provider), please create a new GitHub issue. The migration guide may help during migration to the latest resources. Here's a list of the latest, non-deprecated, grant resources:

Resources
snowflake_grant_privileges_to_database_role
snowflake_grant_privileges_to_account_role
snowflake_grant_account_role
snowflake_grant_database_role
snowflake_grant_application_role (coming soon)
snowflake_grant_privileges_to_share
snowflake_grant_ownership (coming soon)

Data sources
snowflake_grants