Merge branch 'dev' into listing-data-source

# Conflicts:
#	MIGRATION_GUIDE.md

Author: sfc-gh-jcieslak

CONTRIBUTING.md

@@ -114,6 +114,8 @@ Every introduced change should be tested. Depending on the type of the change it
 - adding/modifying existing integration tests (e.g. adding missing SDK invocations)
 - adding/modifying existing acceptance tests (e.g. fixing the parameter on the resource level)
 
+When writing acceptance tests, use the configuration and assertion generators instead of manually writing config strings. See [this guide](./pkg/acceptance/bettertestspoc/README.md) for more details.
+
 It's best to discuss with us what checks we expect prior to making the change.
 
 ### Describe the breaking changes

MIGRATION_GUIDE.md

@@ -33,6 +33,9 @@ This data source focuses on base query commands (SHOW LISTINGS and DESCRIBE LIST
 
 This feature will be marked as a stable feature in future releases. Breaking changes are expected, even without bumping the major version. To use this feature, add `snowflake_listings_datasource` to `preview_features_enabled` field in the provider configuration.
 
+### *(improvement)* New fields in user resources and data sources output fields
+We adjusted the `show_output` by adding the missing `has_workload_identity ` field. This concerns `user`, `service_user`, and `legacy_service_user` resources and `users` data source.
+
 ## v2.10.x ➞ v2.11.0
 
 ### *(new feature)* snowflake_notebook

Makefile

@@ -73,7 +73,7 @@ test-acceptance: ## run acceptance tests
 	TF_ACC=1 TEST_SF_TF_REQUIRE_TEST_OBJECT_SUFFIX=1 TEST_SF_TF_REQUIRE_GENERATED_RANDOM_VALUE=1 SF_TF_ACC_TEST_ENABLE_ALL_PREVIEW_FEATURES=true go test --tags=non_account_level_tests -run "^TestAcc_" -v -cover -timeout=150m ./pkg/testacc
 
 test-account-level-features: ## run integration and acceptance test modifying account
-	TF_ACC=1 TEST_SF_TF_REQUIRE_TEST_OBJECT_SUFFIX=1 TEST_SF_TF_REQUIRE_GENERATED_RANDOM_VALUE=1 SF_TF_ACC_TEST_ENABLE_ALL_PREVIEW_FEATURES=true go test --tags=account_level_tests -run "^(TestAcc_|TestInt_)" -v -cover -timeout=45m ./pkg/testacc ./pkg/sdk/testint
+	TF_ACC=1 TEST_SF_TF_REQUIRE_TEST_OBJECT_SUFFIX=1 TEST_SF_TF_REQUIRE_GENERATED_RANDOM_VALUE=1 SF_TF_ACC_TEST_ENABLE_ALL_PREVIEW_FEATURES=true go test --tags=account_level_tests -run "^(TestAcc_|TestInt_)" -v -cover -timeout=60m ./pkg/testacc ./pkg/sdk/testint
 
 test-integration: ## run SDK integration tests
 	TEST_SF_TF_REQUIRE_TEST_OBJECT_SUFFIX=1 TEST_SF_TF_REQUIRE_GENERATED_RANDOM_VALUE=1 go test --tags=non_account_level_tests -run "^TestInt_" -v -cover -timeout=60m ./pkg/sdk/testint

docs/data-sources/users.md

@@ -150,6 +150,7 @@ Read-Only:
 - `ext_authn_uid` (String)
 - `first_name` (String)
 - `has_mfa` (Boolean)
+- `has_workload_identity` (Boolean)
 - `last_name` (String)
 - `login_name` (String)
 - `middle_name` (String)
@@ -951,6 +952,7 @@ Read-Only:
 - `has_mfa` (Boolean)
 - `has_password` (Boolean)
 - `has_rsa_public_key` (Boolean)
+- `has_workload_identity` (Boolean)
 - `last_name` (String)
 - `last_success_login` (String)
 - `locked_until_time` (String)

docs/guides/performance_benchmarks.md

@@ -131,7 +131,11 @@ We can observe that in some scenarios, we have 2x-4x improvement. However, for t
 
 ## Terraform CLI version
 
-In Terraform 1.10.0 ([release notes](https://github.com/hashicorp/terraform/releases/tag/v1.10.0)), the performance of the state processing has been improved (see [PR](https://github.com/hashicorp/terraform/pull/35558)), namely internal encoding and decoding of big graphs. If the planning stage takes a long time, even before the provider sends a request to Snowflake, consider upgrading to at least this version.
+HashiCorp released two performance improvements between Terraform ~1.8 and ~1.13:
+* [core: move change encoding outside of core](https://github.com/hashicorp/terraform/pull/35558) - This improvement in Terraform 1.10.0 ([release notes](https://github.com/hashicorp/terraform/releases/tag/v1.10.0)) enhances the performance of state processing, namely internal encoding and decoding of big graphs.
+* [reduce instance change lookups in GetResource](https://github.com/hashicorp/terraform/pull/37154) - This improvement in Terraform 1.13.0 ([release notes](https://github.com/hashicorp/terraform/releases/tag/v1.13.0)) improves resource instance lookups during operations.
+
+If the planning stage takes a long time, even before the provider sends a request to Snowflake, consider upgrading to at least version 1.13.0. These improvements may significantly benefit your performance, especially when working with large workloads.
 
 ## Suggestions for users
 

docs/resources/legacy_service_user.md

@@ -1011,6 +1011,7 @@ Read-Only:
 - `has_mfa` (Boolean)
 - `has_password` (Boolean)
 - `has_rsa_public_key` (Boolean)
+- `has_workload_identity` (Boolean)
 - `last_name` (String)
 - `last_success_login` (String)
 - `locked_until_time` (String)

docs/resources/materialized_view.md

@@ -7,6 +7,10 @@ description: |-
 
 !> **Caution: Preview Feature** This feature is considered a preview feature in the provider, regardless of the state of the resource in Snowflake. We do not guarantee its stability. It will be reworked and marked as a stable feature in future releases. Breaking changes are expected, even without bumping the major version. To use this feature, add the relevant feature name to `preview_features_enabled` field in the [provider configuration](https://registry.terraform.io/providers/snowflakedb/snowflake/latest/docs#schema). Please always refer to the [Getting Help](https://github.com/snowflakedb/terraform-provider-snowflake?tab=readme-ov-file#getting-help) section in our Github repo to best determine how to get help for your questions.
 
+~> **Important** The `or_replace` parameter controls whether the provider uses `CREATE OR REPLACE MATERIALIZED VIEW` during create and recreate operations. However, any change to the fields causing recreation will **always trigger delete and create operations** of the materialized view, regardless of the `or_replace` setting.
+This means setting `or_replace = true` does **not** enable in-place updates when you modify the `statement` field specifically. Changes to `statement` will cause downtime as the view is dropped and recreated. The `or_replace` parameter is primarily useful to overwrite an existing view during initial resource creation.
+This behavior is a known limitation and may be improved in future versions of the provider.
+
 !> **Sensitive values** This resource's `statement` field is not marked as sensitive in the provider. Ensure that no personal data, sensitive data, export-controlled data, or other regulated data is entered as metadata when using the provider. If you use one of these fields, they may be present in logs, so ensure that the provider logs are properly restricted. For more information, see [Sensitive values limitations](../#sensitive-values-limitations) and [Metadata fields in Snowflake](https://docs.snowflake.com/en/sql-reference/metadata).
 
 # snowflake_materialized_view (Resource)
@@ -45,14 +49,14 @@ SQL
 - `database` (String) The database in which to create the view. Don't use the | character.
 - `name` (String) Specifies the identifier for the view; must be unique for the schema in which the view is created.
 - `schema` (String) The schema in which to create the view. Don't use the | character.
-- `statement` (String) Specifies the query used to create the view.
+- `statement` (String) Specifies the query used to create the view. Changing this value will trigger a drop and recreate of the materialized view.
 - `warehouse` (String) The warehouse name.
 
 ### Optional
 
 - `comment` (String) Specifies a comment for the view.
 - `is_secure` (Boolean) (Default: `false`) Specifies that the view is secure.
-- `or_replace` (Boolean) (Default: `false`) Overwrites the View if it exists.
+- `or_replace` (Boolean) (Default: `false`) Specifies whether to use CREATE OR REPLACE when creating the materialized view. Note: this does not enable in-place updates when other fields forcing object recreation change; such fields always trigger delete and create operations in Terraform plan.
 - `tag` (Block List, Deprecated) Definitions of a tag to associate with the resource. (see [below for nested schema](#nestedblock--tag))
 - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))
 

docs/resources/resource_monitor.md

@@ -68,7 +68,7 @@ resource "snowflake_resource_monitor" "complete" {
 - `frequency` (String) The frequency interval at which the credit usage resets to 0. Valid values are (case-insensitive): `MONTHLY` | `DAILY` | `WEEKLY` | `YEARLY` | `NEVER`. If you set a `frequency` for a resource monitor, you must also set `start_timestamp`. If you specify `NEVER` for the frequency, the credit usage for the warehouse does not reset. After removing this field from the config, the previously set value will be preserved on the Snowflake side, not the default value. That's due to Snowflake limitation and the lack of unset functionality for this parameter.
 - `notify_triggers` (Set of Number) Specifies a list of percentages of the credit quota. After reaching any of the values the users passed in the notify_users field will be notified (to receive the notification they should have notifications enabled). Values over 100 are supported.
 - `notify_users` (Set of String) Specifies the list of users (their identifiers) to receive email notifications on resource monitors. For more information about this resource, see [docs](./user).
-- `start_timestamp` (String) The date and time when the resource monitor starts monitoring credit usage for the assigned warehouses. If you set a `start_timestamp` for a resource monitor, you must also set `frequency`.  After removing this field from the config, the previously set value will be preserved on the Snowflake side, not the default value. That's due to Snowflake limitation and the lack of unset functionality for this parameter.
+- `start_timestamp` (String) The date and time when the resource monitor starts monitoring credit usage for the assigned warehouses. If you set a `start_timestamp` for a resource monitor, you must also set `frequency`. If you specify the special value `IMMEDIATELY`, the current date is used. In this case, the field of this value in `show_output` may be not consistent across different Terraform runs. After removing this field from the config, the previously set value will be preserved on the Snowflake side, not the default value. That's due to Snowflake limitation and the lack of unset functionality for this parameter.
 - `suspend_immediate_trigger` (Number) Represents a numeric value specified as a percentage of the credit quota. Values over 100 are supported. After reaching this value, all assigned warehouses immediately cancel any currently running queries or statements. In addition, this action sends a notification to all users who have enabled notifications for themselves.
 - `suspend_trigger` (Number) Represents a numeric value specified as a percentage of the credit quota. Values over 100 are supported. After reaching this value, all assigned warehouses while allowing currently running queries to complete will be suspended. No new queries can be executed by the warehouses until the credit quota for the resource monitor is increased. In addition, this action sends a notification to all users who have enabled notifications for themselves.
 - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))

docs/resources/service_user.md

@@ -1001,6 +1001,7 @@ Read-Only:
 - `has_mfa` (Boolean)
 - `has_password` (Boolean)
 - `has_rsa_public_key` (Boolean)
+- `has_workload_identity` (Boolean)
 - `last_name` (String)
 - `last_success_login` (String)
 - `locked_until_time` (String)

docs/resources/share.md

@@ -7,6 +7,14 @@ description: |-
 
 !> **Caution: Preview Feature** This feature is considered a preview feature in the provider, regardless of the state of the resource in Snowflake. We do not guarantee its stability. It will be reworked and marked as a stable feature in future releases. Breaking changes are expected, even without bumping the major version. To use this feature, add the relevant feature name to `preview_features_enabled` field in the [provider configuration](https://registry.terraform.io/providers/snowflakedb/snowflake/latest/docs#schema). Please always refer to the [Getting Help](https://github.com/snowflakedb/terraform-provider-snowflake?tab=readme-ov-file#getting-help) section in our Github repo to best determine how to get help for your questions.
 
+-> **Note** When adding or updating accounts in the `accounts` field, the provider creates a temporary database as a workaround for a Snowflake race condition. This is because accounts cannot be added to a share until after a database has been granted to the share, but database grants depend on the share existing first.
+The provider automatically:
+1. Creates a temporary database (named `TEMP_<share_name>_<timestamp>`)
+2. Grants `USAGE` and `REFERENCE_USAGE` privileges on the temporary database to the share
+3. Adds the specified accounts to the share
+4. Revokes the privileges and drops the temporary database
+This process is fully automated during the creation.
+
 # snowflake_share (Resource)