From 6b00f74cd37e349e3befe963e8c1552cffd786d1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Gniewek-W=C4=99grzyn?=
 <dominik.gniewek@getindata.com>
Date: Thu, 11 Jan 2024 12:09:48 +0100
Subject: [PATCH 1/2] feat: bump snowflake-schema + support for
 add_grants_to_existing_objects

---
 main.tf      |  7 ++++---
 variables.tf | 42 ++++++++++++++++++++++--------------------
 2 files changed, 26 insertions(+), 23 deletions(-)

diff --git a/main.tf b/main.tf
index 3b75c5e..591048a 100644
--- a/main.tf
+++ b/main.tf
@@ -64,7 +64,7 @@ module "snowflake_schema" {
   for_each = local.schemas
 
   source  = "getindata/schema/snowflake"
-  version = "1.4.0"
+  version = "1.5.0"
 
   context         = module.this.context
   enabled         = local.enabled && each.value.enabled
@@ -80,8 +80,9 @@ module "snowflake_schema" {
 
   stages = each.value.stages
 
-  create_default_roles = coalesce(each.value.create_default_roles, var.create_default_roles)
-  roles                = each.value.roles
+  create_default_roles           = coalesce(each.value.create_default_roles, var.create_default_roles)
+  add_grants_to_existing_objects = coalesce(each.value.add_grants_to_existing_objects, false)
+  roles                          = each.value.roles
 }
 
 resource "snowflake_database_grant" "this" {
diff --git a/variables.tf b/variables.tf
index edf122c..c9a8a50 100644
--- a/variables.tf
+++ b/variables.tf
@@ -100,27 +100,29 @@ variable "schemas" {
         stage_grants         = optional(list(string))
       })), {})
     })), {})
-    create_default_roles = optional(bool)
+    create_default_roles           = optional(bool)
+    add_grants_to_existing_objects = optional(bool)
     roles = optional(map(object({
-      enabled                  = optional(bool, true)
-      descriptor_name          = optional(string, "snowflake-role")
-      comment                  = optional(string)
-      role_ownership_grant     = optional(string)
-      granted_roles            = optional(list(string))
-      granted_to_roles         = optional(list(string))
-      granted_to_users         = optional(list(string))
-      schema_grants            = optional(list(string))
-      table_grants             = optional(list(string))
-      external_table_grants    = optional(list(string))
-      view_grants              = optional(list(string))
-      materialized_view_grants = optional(list(string))
-      file_format_grants       = optional(list(string))
-      function_grants          = optional(list(string))
-      stage_grants             = optional(list(string))
-      task_grants              = optional(list(string))
-      procedure_grants         = optional(list(string))
-      sequence_grants          = optional(list(string))
-      stream_grants            = optional(list(string))
+      enabled                        = optional(bool, true)
+      descriptor_name                = optional(string, "snowflake-role")
+      comment                        = optional(string)
+      role_ownership_grant           = optional(string)
+      granted_roles                  = optional(list(string))
+      granted_to_roles               = optional(list(string))
+      granted_to_users               = optional(list(string))
+      add_grants_to_existing_objects = optional(bool)
+      schema_grants                  = optional(list(string))
+      table_grants                   = optional(list(string))
+      external_table_grants          = optional(list(string))
+      view_grants                    = optional(list(string))
+      materialized_view_grants       = optional(list(string))
+      file_format_grants             = optional(list(string))
+      function_grants                = optional(list(string))
+      stage_grants                   = optional(list(string))
+      task_grants                    = optional(list(string))
+      procedure_grants               = optional(list(string))
+      sequence_grants                = optional(list(string))
+      stream_grants                  = optional(list(string))
     })), {})
   }))
   default = {}

From 6839eff1a2a1437914e6ee7aa2231cddc2bfdf4c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Gniewek-W=C4=99grzyn?=
 <dominik.gniewek@getindata.com>
Date: Thu, 11 Jan 2024 12:13:46 +0100
Subject: [PATCH 2/2] docs: update README

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 89f2d72..fa98821 100644
--- a/README.md
+++ b/README.md
@@ -75,7 +75,7 @@ module "snowflake_database" {
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
 | <a name="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.<br>Characters matching the regex will be removed from the ID elements.<br>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
 | <a name="input_roles"></a> [roles](#input\_roles) | Roles created in the database scope | <pre>map(object({<br>    enabled              = optional(bool, true)<br>    descriptor_name      = optional(string, "snowflake-role")<br>    comment              = optional(string)<br>    role_ownership_grant = optional(string)<br>    granted_roles        = optional(list(string))<br>    granted_to_roles     = optional(list(string))<br>    granted_to_users     = optional(list(string))<br>    database_grants      = optional(list(string))<br>    schema_grants        = optional(list(string))<br>  }))</pre> | `{}` | no |
-| <a name="input_schemas"></a> [schemas](#input\_schemas) | Schemas to be created in the database | <pre>map(object({<br>    enabled              = optional(bool, true)<br>    skip_schema_creation = optional(bool, false)<br>    descriptor_name      = optional(string, "snowflake-schema")<br>    comment              = optional(string)<br>    data_retention_days  = optional(number, 1)<br>    is_transient         = optional(bool, false)<br>    is_managed           = optional(bool, false)<br>    stages = optional(map(object({<br>      enabled              = optional(bool, true)<br>      descriptor_name      = optional(string, "snowflake-stage")<br>      aws_external_id      = optional(string)<br>      comment              = optional(string)<br>      copy_options         = optional(string)<br>      credentials          = optional(string)<br>      directory            = optional(string)<br>      encryption           = optional(string)<br>      file_format          = optional(string)<br>      snowflake_iam_user   = optional(string)<br>      storage_integration  = optional(string)<br>      url                  = optional(string)<br>      create_default_roles = optional(bool)<br>      roles = optional(map(object({<br>        enabled              = optional(bool, true)<br>        descriptor_name      = optional(string, "snowflake-role")<br>        comment              = optional(string)<br>        role_ownership_grant = optional(string)<br>        granted_roles        = optional(list(string))<br>        granted_to_roles     = optional(list(string))<br>        granted_to_users     = optional(list(string))<br>        stage_grants         = optional(list(string))<br>      })), {})<br>    })), {})<br>    create_default_roles = optional(bool)<br>    roles = optional(map(object({<br>      enabled                  = optional(bool, true)<br>      descriptor_name          = optional(string, "snowflake-role")<br>      comment                  = optional(string)<br>      role_ownership_grant     = optional(string)<br>      granted_roles            = optional(list(string))<br>      granted_to_roles         = optional(list(string))<br>      granted_to_users         = optional(list(string))<br>      schema_grants            = optional(list(string))<br>      table_grants             = optional(list(string))<br>      external_table_grants    = optional(list(string))<br>      view_grants              = optional(list(string))<br>      materialized_view_grants = optional(list(string))<br>      file_format_grants       = optional(list(string))<br>      function_grants          = optional(list(string))<br>      stage_grants             = optional(list(string))<br>      task_grants              = optional(list(string))<br>      procedure_grants         = optional(list(string))<br>      sequence_grants          = optional(list(string))<br>      stream_grants            = optional(list(string))<br>    })), {})<br>  }))</pre> | `{}` | no |
+| <a name="input_schemas"></a> [schemas](#input\_schemas) | Schemas to be created in the database | <pre>map(object({<br>    enabled              = optional(bool, true)<br>    skip_schema_creation = optional(bool, false)<br>    descriptor_name      = optional(string, "snowflake-schema")<br>    comment              = optional(string)<br>    data_retention_days  = optional(number, 1)<br>    is_transient         = optional(bool, false)<br>    is_managed           = optional(bool, false)<br>    stages = optional(map(object({<br>      enabled              = optional(bool, true)<br>      descriptor_name      = optional(string, "snowflake-stage")<br>      aws_external_id      = optional(string)<br>      comment              = optional(string)<br>      copy_options         = optional(string)<br>      credentials          = optional(string)<br>      directory            = optional(string)<br>      encryption           = optional(string)<br>      file_format          = optional(string)<br>      snowflake_iam_user   = optional(string)<br>      storage_integration  = optional(string)<br>      url                  = optional(string)<br>      create_default_roles = optional(bool)<br>      roles = optional(map(object({<br>        enabled              = optional(bool, true)<br>        descriptor_name      = optional(string, "snowflake-role")<br>        comment              = optional(string)<br>        role_ownership_grant = optional(string)<br>        granted_roles        = optional(list(string))<br>        granted_to_roles     = optional(list(string))<br>        granted_to_users     = optional(list(string))<br>        stage_grants         = optional(list(string))<br>      })), {})<br>    })), {})<br>    create_default_roles           = optional(bool)<br>    add_grants_to_existing_objects = optional(bool)<br>    roles = optional(map(object({<br>      enabled                        = optional(bool, true)<br>      descriptor_name                = optional(string, "snowflake-role")<br>      comment                        = optional(string)<br>      role_ownership_grant           = optional(string)<br>      granted_roles                  = optional(list(string))<br>      granted_to_roles               = optional(list(string))<br>      granted_to_users               = optional(list(string))<br>      add_grants_to_existing_objects = optional(bool)<br>      schema_grants                  = optional(list(string))<br>      table_grants                   = optional(list(string))<br>      external_table_grants          = optional(list(string))<br>      view_grants                    = optional(list(string))<br>      materialized_view_grants       = optional(list(string))<br>      file_format_grants             = optional(list(string))<br>      function_grants                = optional(list(string))<br>      stage_grants                   = optional(list(string))<br>      task_grants                    = optional(list(string))<br>      procedure_grants               = optional(list(string))<br>      sequence_grants                = optional(list(string))<br>      stream_grants                  = optional(list(string))<br>    })), {})<br>  }))</pre> | `{}` | no |
 | <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).<br>Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |
 | <a name="input_tenant"></a> [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no |
@@ -88,7 +88,7 @@ module "snowflake_database" {
 | <a name="module_roles_deep_merge"></a> [roles\_deep\_merge](#module\_roles\_deep\_merge) | Invicton-Labs/deepmerge/null | 0.1.5 |
 | <a name="module_snowflake_custom_role"></a> [snowflake\_custom\_role](#module\_snowflake\_custom\_role) | getindata/role/snowflake | 1.0.3 |
 | <a name="module_snowflake_default_role"></a> [snowflake\_default\_role](#module\_snowflake\_default\_role) | getindata/role/snowflake | 1.0.3 |
-| <a name="module_snowflake_schema"></a> [snowflake\_schema](#module\_snowflake\_schema) | getindata/schema/snowflake | 1.4.0 |
+| <a name="module_snowflake_schema"></a> [snowflake\_schema](#module\_snowflake\_schema) | getindata/schema/snowflake | 1.5.0 |
 | <a name="module_this"></a> [this](#module\_this) | cloudposse/label/null | 0.25.0 |
 
 ## Outputs