Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: changing masking policy on a column requires FORCE #2186

Closed

Conversation

malduarte
Copy link
Contributor

@malduarte malduarte commented Nov 10, 2023

Attempting to change masking policy without FORCE would cause the following error:

003529 (42601): Specified column already attached to another masking policy. A column cannot be attached to multiple masking policies. Please drop the current association in order to attach a new masking policy.

This PR adds FORCE to the generated ALTER statement and improves error information if masking policy change fails to apply.

Test Plan

Added TestAcc_TableWithMaskingPolicy that

  • creates 2 masking policies (pol1 and pol1)
  • creates single column table using masking policy pol1
  • changes masking policy from pol1 to pol2

References

See docs: https://docs.snowflake.com/en/user-guide/security-column-intro#replace-a-masking-policy-on-a-column
Attempting to change masking policy without FORCE would cause the following error:

003529 (42601): Specified column already attached to another masking policy. A column cannot be attached to multiple masking policies. Please drop the current association in order to attach a new masking policy.

This PR adds FORCE to the generated ALTER statement.

It also adds table acceptance tests that cover masking policy creation and change
@malduarte malduarte force-pushed the update_masking_policy branch from a2528d6 to fe03432 Compare November 10, 2023 12:24
@sfc-gh-asawicki
Copy link
Collaborator

Hey @malduarte. Thanks for the contribution.

Unfortunately, we are currently changing the implementation used in resources as a part of our ongoing SDK rewrite. This means we will eliminate table implementation residing in the snowflake package.

However, we will add this behavior as a part of the process.

@malduarte
Copy link
Contributor Author

@sfc-gh-asawicki Is there an active branch? I'm happy to submit the MR there

@sfc-gh-asawicki
Copy link
Collaborator

sfc-gh-asawicki commented Nov 14, 2023

Yes, there is an open PR: #2042. There will be a subsequent PR that will replace current resource implementation with the one in the linked PR but there is no branch for that yet.

sfc-gh-asawicki added a commit that referenced this pull request Feb 2, 2024
- Migrate tables resource and datasource
- Remove old implementation
- Fix issue with masking policies update (check #2186)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants