Existing future grants on all tables/views in a database cause an error
In one of our Snowflake instances, we have run the following statements:
grant usage on future schemas in database raw to role transformer;
grant select on future tables in database raw to role transformer;This syntax was introduced a couple of months ago (IIRC)
When I run:
SHOW FUTURE GRANTS IN DATABASE rawI get back:
| created_on | privilege | grant_on | name | grant_to | grantee_name | grant_option |
|-------------------------------|-----------|----------|--------------|----------|--------------|--------------|
| 2020-02-03 12:19:32.000 -0800 | USAGE | SCHEMA | RAW.<SCHEMA> | ROLE | TRANSFORMER | false |
| 2020-02-03 12:19:32.000 -0800 | SELECT | TABLE | RAW.<TABLE> | ROLE | TRANSFORMER | false | It looks like permifrost is unable to handle the RAW.<SCHEMA> and RAW.<TABLE> value in the name filed. When I run permifrost grant permissions_spec.yml --diff, there's an error because table_split expects three parts (and table_split splits the name at . values).
This is what happens:
$ permifrost grant permissions_spec.yml --diff
Loading spec file
Checking spec file for errors
Checking that all entities in the spec file are defined in Snowflake
Fetching granted privileges from Snowflake
Generating permission Queries:
Processing role accountadmin
Processing role securityadmin
Processing role sysadmin
Processing role loader
Processing role reporter
Processing role transformer
Traceback (most recent call last):
File "/Users/claire/.pyenv/versions/permifrost/bin/permifrost", line 11, in <module>
load_entry_point('permifrost==0.1.0', 'console_scripts', 'permifrost')()
File "/Users/claire/.pyenv/versions/3.7.5/envs/permifrost/lib/python3.7/site-packages/permifrost/cli/__init__.py", line 6, in main
cli()
File "/Users/claire/.pyenv/versions/3.7.5/envs/permifrost/lib/python3.7/site-packages/click/core.py", line 764, in __call__
return self.main(*args, **kwargs)
File "/Users/claire/.pyenv/versions/3.7.5/envs/permifrost/lib/python3.7/site-packages/click/core.py", line 717, in main
rv = self.invoke(ctx)
File "/Users/claire/.pyenv/versions/3.7.5/envs/permifrost/lib/python3.7/site-packages/click/core.py", line 1137, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/Users/claire/.pyenv/versions/3.7.5/envs/permifrost/lib/python3.7/site-packages/click/core.py", line 956, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/Users/claire/.pyenv/versions/3.7.5/envs/permifrost/lib/python3.7/site-packages/click/core.py", line 555, in invoke
return callback(*args, **kwargs)
File "/Users/claire/.pyenv/versions/3.7.5/envs/permifrost/lib/python3.7/site-packages/permifrost/cli/permissions.py", line 49, in grant
sql_grant_queries = spec_loader.generate_permission_queries()
File "/Users/claire/.pyenv/versions/3.7.5/envs/permifrost/lib/python3.7/site-packages/permifrost/core/permissions/snowflake_spec_loader.py", line 678, in generate_permission_queries
self.entities["databases"],
File "/Users/claire/.pyenv/versions/3.7.5/envs/permifrost/lib/python3.7/site-packages/permifrost/core/permissions/utils/snowflake_grants.py", line 270, in generate_grant_privileges_to_role
role=role, tables=tables, shared_dbs=shared_dbs, spec_dbs=spec_dbs
File "/Users/claire/.pyenv/versions/3.7.5/envs/permifrost/lib/python3.7/site-packages/permifrost/core/permissions/utils/snowflake_grants.py", line 1140, in generate_table_and_view_grants
table_name = table_split[2]
IndexError: list index out of rangeAttached is is my permissions_spec.yml file (though I think this is more to do with our existing grants rather than the permissions I'm trying to grant)
permissions_spec.yml
Edited by Claire Carroll