Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Privatelink host in provider's block #1905

Open
PLsergent opened this issue Jun 22, 2023 · 2 comments
Open

Privatelink host in provider's block #1905

PLsergent opened this issue Jun 22, 2023 · 2 comments
Labels
bug Used to mark issues with provider's incorrect behavior category:provider_config

Comments

@PLsergent
Copy link

Provider Version

0.66.1

Terraform Version

1.3.9

Describe the bug

Unable to authenticate using privatelink host "....privatelink.snowflakecomputing.com"

Expected behavior

Authenticate properly

Code

provider "snowflake" {
  account  = "${var.SNOWFLAKE_ORG}-${var.SNOWFLAKE_ACCOUNT}" # the Snowflake account identifier
  username = var.SNOWFLAKE_USERNAME                          # the Snowflake user name
  # Password defined with env variable SNOWFLAKE_PASSWORD
  role = "ACCOUNTADMIN"
  host = "app-${var.SNOWFLAKE_ORG}-${var.SNOWFLAKE_ACCOUNT}.privatelink.snowflakecomputing.com" # here
}

Additional context

I set up the Azure private link following the documentation: https://docs.snowflake.com/en/user-guide/privatelink-azure, everything is working properly since I'm able to access the UI with the privatelink host from a VM that is within the virtual network.

The problem is that I'd like to create a "network policy" on Snowflake using Terraform to restrict access to only the private IPs coming from the virtual network. But if I do then I can't use Terraform anymore since it is using the "public" host. Also, I'm using a pipeline running on VMSS instances hence the IPs are constantly changing so I can't whitelist my CI.
So I tried to use the privatelink host in the provider's block so the network policy won't block Terraform. But it's not working with the following error message. Is it even possible to use the privatelink host with the provider?
Thanks :)

Error message:

Error: could not retrieve session id err = 261004 (08004): failed to auth for unknown reason. HTTP: 405
@PLsergent PLsergent added the bug Used to mark issues with provider's incorrect behavior label Jun 22, 2023
@sfc-gh-swinkler
Copy link
Collaborator

@PLsergent I am wondering where Terraform is running, and if it is part of the virtual network that you have configured. I personally have not used the Azure privatelink before, but we do use a private Snowflake that I can only connect to when I am on the VPN, wondering if that is all similar. it looks like you have done the right thing by setting host. Perhaps the best next thing to do would be to schedule a call with you to investigate further. If you could please reach out to your Snowflake account representative and have them send a message to me that would be great.

@sfc-gh-asawicki
Copy link
Collaborator

Hey @PLsergent. Was this issue resolved?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Used to mark issues with provider's incorrect behavior category:provider_config
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@PLsergent @sfc-gh-swinkler @sfc-gh-jcieslak @sfc-gh-asawicki