Skip to content

Commit

Permalink
Merge pull request #25 from getindata/feature/bump_database_version-a…
Browse files Browse the repository at this point in the history 
…dd_grants_to_existing_objects

feat: Bump snowflake-schema version and add support for add_grants_to_existing_objects feature flag
  • Loading branch information
@dgniewek
dgniewek authored Jan 11, 2024
2 parents c0572e9 + 6839eff commit 35da2c9
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 25 deletions.
4 changes: 2 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ module "snowflake_database" {
| <a name="input_namespace"></a> [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
| <a name="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.<br>Characters matching the regex will be removed from the ID elements.<br>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
| <a name="input_roles"></a> [roles](#input\_roles) | Roles created in the database scope | <pre>map(object({<br> enabled = optional(bool, true)<br> descriptor_name = optional(string, "snowflake-role")<br> comment = optional(string)<br> role_ownership_grant = optional(string)<br> granted_roles = optional(list(string))<br> granted_to_roles = optional(list(string))<br> granted_to_users = optional(list(string))<br> database_grants = optional(list(string))<br> schema_grants = optional(list(string))<br> }))</pre> | `{}` | no |
| <a name="input_schemas"></a> [schemas](#input\_schemas) | Schemas to be created in the database | <pre>map(object({<br> enabled = optional(bool, true)<br> skip_schema_creation = optional(bool, false)<br> descriptor_name = optional(string, "snowflake-schema")<br> comment = optional(string)<br> data_retention_days = optional(number, 1)<br> is_transient = optional(bool, false)<br> is_managed = optional(bool, false)<br> stages = optional(map(object({<br> enabled = optional(bool, true)<br> descriptor_name = optional(string, "snowflake-stage")<br> aws_external_id = optional(string)<br> comment = optional(string)<br> copy_options = optional(string)<br> credentials = optional(string)<br> directory = optional(string)<br> encryption = optional(string)<br> file_format = optional(string)<br> snowflake_iam_user = optional(string)<br> storage_integration = optional(string)<br> url = optional(string)<br> create_default_roles = optional(bool)<br> roles = optional(map(object({<br> enabled = optional(bool, true)<br> descriptor_name = optional(string, "snowflake-role")<br> comment = optional(string)<br> role_ownership_grant = optional(string)<br> granted_roles = optional(list(string))<br> granted_to_roles = optional(list(string))<br> granted_to_users = optional(list(string))<br> stage_grants = optional(list(string))<br> })), {})<br> })), {})<br> create_default_roles = optional(bool)<br> roles = optional(map(object({<br> enabled = optional(bool, true)<br> descriptor_name = optional(string, "snowflake-role")<br> comment = optional(string)<br> role_ownership_grant = optional(string)<br> granted_roles = optional(list(string))<br> granted_to_roles = optional(list(string))<br> granted_to_users = optional(list(string))<br> schema_grants = optional(list(string))<br> table_grants = optional(list(string))<br> external_table_grants = optional(list(string))<br> view_grants = optional(list(string))<br> materialized_view_grants = optional(list(string))<br> file_format_grants = optional(list(string))<br> function_grants = optional(list(string))<br> stage_grants = optional(list(string))<br> task_grants = optional(list(string))<br> procedure_grants = optional(list(string))<br> sequence_grants = optional(list(string))<br> stream_grants = optional(list(string))<br> })), {})<br> }))</pre> | `{}` | no |
| <a name="input_schemas"></a> [schemas](#input\_schemas) | Schemas to be created in the database | <pre>map(object({<br> enabled = optional(bool, true)<br> skip_schema_creation = optional(bool, false)<br> descriptor_name = optional(string, "snowflake-schema")<br> comment = optional(string)<br> data_retention_days = optional(number, 1)<br> is_transient = optional(bool, false)<br> is_managed = optional(bool, false)<br> stages = optional(map(object({<br> enabled = optional(bool, true)<br> descriptor_name = optional(string, "snowflake-stage")<br> aws_external_id = optional(string)<br> comment = optional(string)<br> copy_options = optional(string)<br> credentials = optional(string)<br> directory = optional(string)<br> encryption = optional(string)<br> file_format = optional(string)<br> snowflake_iam_user = optional(string)<br> storage_integration = optional(string)<br> url = optional(string)<br> create_default_roles = optional(bool)<br> roles = optional(map(object({<br> enabled = optional(bool, true)<br> descriptor_name = optional(string, "snowflake-role")<br> comment = optional(string)<br> role_ownership_grant = optional(string)<br> granted_roles = optional(list(string))<br> granted_to_roles = optional(list(string))<br> granted_to_users = optional(list(string))<br> stage_grants = optional(list(string))<br> })), {})<br> })), {})<br> create_default_roles = optional(bool)<br> add_grants_to_existing_objects = optional(bool)<br> roles = optional(map(object({<br> enabled = optional(bool, true)<br> descriptor_name = optional(string, "snowflake-role")<br> comment = optional(string)<br> role_ownership_grant = optional(string)<br> granted_roles = optional(list(string))<br> granted_to_roles = optional(list(string))<br> granted_to_users = optional(list(string))<br> add_grants_to_existing_objects = optional(bool)<br> schema_grants = optional(list(string))<br> table_grants = optional(list(string))<br> external_table_grants = optional(list(string))<br> view_grants = optional(list(string))<br> materialized_view_grants = optional(list(string))<br> file_format_grants = optional(list(string))<br> function_grants = optional(list(string))<br> stage_grants = optional(list(string))<br> task_grants = optional(list(string))<br> procedure_grants = optional(list(string))<br> sequence_grants = optional(list(string))<br> stream_grants = optional(list(string))<br> })), {})<br> }))</pre> | `{}` | no |
| <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
| <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).<br>Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |
| <a name="input_tenant"></a> [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no |
Expand All @@ -88,7 +88,7 @@ module "snowflake_database" {
| <a name="module_roles_deep_merge"></a> [roles\_deep\_merge](#module\_roles\_deep\_merge) | Invicton-Labs/deepmerge/null | 0.1.5 |
| <a name="module_snowflake_custom_role"></a> [snowflake\_custom\_role](#module\_snowflake\_custom\_role) | getindata/role/snowflake | 1.0.3 |
| <a name="module_snowflake_default_role"></a> [snowflake\_default\_role](#module\_snowflake\_default\_role) | getindata/role/snowflake | 1.0.3 |
| <a name="module_snowflake_schema"></a> [snowflake\_schema](#module\_snowflake\_schema) | getindata/schema/snowflake | 1.4.0 |
| <a name="module_snowflake_schema"></a> [snowflake\_schema](#module\_snowflake\_schema) | getindata/schema/snowflake | 1.5.0 |
| <a name="module_this"></a> [this](#module\_this) | cloudposse/label/null | 0.25.0 |

## Outputs
Expand Down
7 changes: 4 additions & 3 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ module "snowflake_schema" {
for_each = local.schemas

source = "getindata/schema/snowflake"
version = "1.4.0"
version = "1.5.0"

context = module.this.context
enabled = local.enabled && each.value.enabled
Expand All @@ -80,8 +80,9 @@ module "snowflake_schema" {

stages = each.value.stages

create_default_roles = coalesce(each.value.create_default_roles, var.create_default_roles)
roles = each.value.roles
create_default_roles = coalesce(each.value.create_default_roles, var.create_default_roles)
add_grants_to_existing_objects = coalesce(each.value.add_grants_to_existing_objects, false)
roles = each.value.roles
}

resource "snowflake_database_grant" "this" {
Expand Down
42 changes: 22 additions & 20 deletions variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,27 +100,29 @@ variable "schemas" {
stage_grants = optional(list(string))
})), {})
})), {})
create_default_roles = optional(bool)
create_default_roles = optional(bool)
add_grants_to_existing_objects = optional(bool)
roles = optional(map(object({
enabled = optional(bool, true)
descriptor_name = optional(string, "snowflake-role")
comment = optional(string)
role_ownership_grant = optional(string)
granted_roles = optional(list(string))
granted_to_roles = optional(list(string))
granted_to_users = optional(list(string))
schema_grants = optional(list(string))
table_grants = optional(list(string))
external_table_grants = optional(list(string))
view_grants = optional(list(string))
materialized_view_grants = optional(list(string))
file_format_grants = optional(list(string))
function_grants = optional(list(string))
stage_grants = optional(list(string))
task_grants = optional(list(string))
procedure_grants = optional(list(string))
sequence_grants = optional(list(string))
stream_grants = optional(list(string))
enabled = optional(bool, true)
descriptor_name = optional(string, "snowflake-role")
comment = optional(string)
role_ownership_grant = optional(string)
granted_roles = optional(list(string))
granted_to_roles = optional(list(string))
granted_to_users = optional(list(string))
add_grants_to_existing_objects = optional(bool)
schema_grants = optional(list(string))
table_grants = optional(list(string))
external_table_grants = optional(list(string))
view_grants = optional(list(string))
materialized_view_grants = optional(list(string))
file_format_grants = optional(list(string))
function_grants = optional(list(string))
stage_grants = optional(list(string))
task_grants = optional(list(string))
procedure_grants = optional(list(string))
sequence_grants = optional(list(string))
stream_grants = optional(list(string))
})), {})
}))
default = {}
Expand Down

0 comments on commit 35da2c9

Please sign in to comment.