-
Notifications
You must be signed in to change notification settings - Fork 178
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug] Materializations fail when database roles are used #1151
Comments
We are seeing a similar issue with our builds on when the role needs quoting - dbt-snowflake produces |
@elventear I'm having issues reproducing this. I'll list what I did to reproduce your issue and maybe you can point out the difference?
CREATE DATABASE ROLE BLOCKING_DB_ROLE;
GRANT ALL PRIVILEGES ON FUTURE TABLES IN DATABASE DBT_TEST TO DATABASE ROLE BLOCKING_DB_ROLE;
{{ config(
materialized='table'
) }}
select 1 as id
models:
+copy_grants: true
dbt run
dbt run
dbt run --full-refresh The above all ran fine for me. I'm using a user with all privileges on future schemas and future tables as well as create schema. I created a test case outlining the above: #1188. Hopefully I'm just missing something and you could point it out. |
My models:
+grants:
select:
- SOME_ROLE And I don't have |
Aha! This worked (in the sense that it failed with the error you provided). Thanks! I'll take a look. |
It looks like this was due to a combination of a few things:
It looks like removing database roles in the filter fixes this. Thanks for reporting and for following up @elventear! |
@mikealfare I think the problem goes beyond what you described last. A quick, short term, solution would be for dbt to filter out the database roles out when it's listing the roles with |
Agreed. Perhaps I could have stated it more clearly, but I was trying to include this scenario above.
This is exactly what I did. I did it in the python method that standardizes the grants config instead of the sql, but that was the approach. Regarding the "short term" qualifier, I don't believe that |
Thank for the explanation and fixing the issued. |
Is this a new bug in dbt-snowflake?
Current Behavior
DBT is failing to deploy a materialization during the grants revoke phase if the table has database roles applied to it. The failure stems from issuing the wrong syntax for database roles:
where it should be:
Reviewing the code the issue seems to stem from the macro
default__apply_grants
where it is getting bothROLE
andDATABASE_ROLE
entries in the results fromSHOW GRANTS ON
, but it is treating them all as account roles.Expected Behavior
Deployment should not fail.
Steps To Reproduce
Relevant log output
Additional Context
No response
The text was updated successfully, but these errors were encountered: