diff --git a/pkg/resources/user_password_policy_attachment.go b/pkg/resources/user_password_policy_attachment.go index 2c4e8d2ba8..567f6a40e5 100644 --- a/pkg/resources/user_password_policy_attachment.go +++ b/pkg/resources/user_password_policy_attachment.go @@ -78,13 +78,20 @@ func ReadUserPasswordPolicyAttachment(d *schema.ResourceData, meta any) error { return err } + passwordPolicyReferences := make([]sdk.PolicyReference, 0) + for _, policyReference := range policyReferences { + if policyReference.PolicyKind == "PASSWORD_POLICY" { + passwordPolicyReferences = append(passwordPolicyReferences, policyReference) + } + } + // Note: this should never happen, but just in case: so far, Snowflake only allows one Password Policy per user. - if len(policyReferences) > 1 { + if len(passwordPolicyReferences) > 1 { return fmt.Errorf("internal error: multiple policy references attached to a user. This should never happen") } // Note: this means the resource has been deleted outside of Terraform. - if len(policyReferences) == 0 { + if len(passwordPolicyReferences) == 0 { d.SetId("") return nil } @@ -95,9 +102,9 @@ func ReadUserPasswordPolicyAttachment(d *schema.ResourceData, meta any) error { if err := d.Set( "password_policy_name", sdk.NewSchemaObjectIdentifier( - *policyReferences[0].PolicyDb, - *policyReferences[0].PolicySchema, - policyReferences[0].PolicyName, + *passwordPolicyReferences[0].PolicyDb, + *passwordPolicyReferences[0].PolicySchema, + passwordPolicyReferences[0].PolicyName, ).FullyQualifiedName()); err != nil { return err } diff --git a/pkg/resources/user_password_policy_attachment_acceptance_test.go b/pkg/resources/user_password_policy_attachment_acceptance_test.go index 5c3613a36a..285593ba1d 100644 --- a/pkg/resources/user_password_policy_attachment_acceptance_test.go +++ b/pkg/resources/user_password_policy_attachment_acceptance_test.go @@ -35,7 +35,6 @@ func TestAcc_UserPasswordPolicyAttachment(t *testing.T) { resource.TestCheckResourceAttr("snowflake_user_password_policy_attachment.ppa", "password_policy_name", sdk.NewSchemaObjectIdentifier(acc.TestDatabaseName, acc.TestSchemaName, passwordPolicyName).FullyQualifiedName()), resource.TestCheckResourceAttr("snowflake_user_password_policy_attachment.ppa", "id", fmt.Sprintf("%s|%s", sdk.NewAccountObjectIdentifier(userName).FullyQualifiedName(), sdk.NewSchemaObjectIdentifier(acc.TestDatabaseName, acc.TestSchemaName, passwordPolicyName).FullyQualifiedName())), ), - Destroy: false, }, // UPDATE { @@ -86,6 +85,7 @@ func userPasswordPolicyAttachmentConfig(userName, databaseName, schemaName, pass resource "snowflake_user" "user" { name = "%s" } + resource "snowflake_password_policy" "pp" { database = "%s" schema = "%s" diff --git a/pkg/sdk/policy_references.go b/pkg/sdk/policy_references.go index b4f6225851..6e782009bf 100644 --- a/pkg/sdk/policy_references.go +++ b/pkg/sdk/policy_references.go @@ -51,7 +51,7 @@ type PolicyReference struct { TagDatabase *string TagSchema *string TagName *string - PolicyStatus string + PolicyStatus *string } type policyReferenceDBRow struct { @@ -68,7 +68,7 @@ type policyReferenceDBRow struct { TagDatabase sql.NullString `db:"TAG_DATABASE"` TagSchema sql.NullString `db:"TAG_SCHEMA"` TagName sql.NullString `db:"TAG_NAME"` - PolicyStatus string `db:"POLICY_STATUS"` + PolicyStatus sql.NullString `db:"POLICY_STATUS"` } func (row policyReferenceDBRow) convert() *PolicyReference { @@ -77,7 +77,6 @@ func (row policyReferenceDBRow) convert() *PolicyReference { PolicyKind: row.PolicyKind, RefEntityName: row.RefEntityName, RefEntityDomain: row.RefEntityDomain, - PolicyStatus: row.PolicyStatus, } if row.PolicyDb.Valid { policyReference.PolicyDb = &row.PolicyDb.String @@ -106,5 +105,8 @@ func (row policyReferenceDBRow) convert() *PolicyReference { if row.TagName.Valid { policyReference.TagName = &row.TagName.String } + if row.TagName.Valid { + policyReference.PolicyStatus = &row.PolicyStatus.String + } return &policyReference }