From 013cf99af361275731ca50a327da36e8606968e8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Gniewek-W=C4=99grzyn?=
 <dominik.gniewek@getindata.com>
Date: Tue, 20 Feb 2024 15:43:03 +0100
Subject: [PATCH 1/2] fix: grant DB schema privileges on existing schemas

---
 main.tf | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/main.tf b/main.tf
index 591048a..f9ca770 100644
--- a/main.tf
+++ b/main.tf
@@ -26,7 +26,7 @@ module "snowflake_default_role" {
   for_each = local.default_roles
 
   source  = "getindata/role/snowflake"
-  version = "1.0.3"
+  version = "1.4.0"
 
   context         = module.this.context
   enabled         = local.create_default_roles && each.value.enabled
@@ -45,7 +45,7 @@ module "snowflake_custom_role" {
   for_each = local.custom_roles
 
   source  = "getindata/role/snowflake"
-  version = "1.0.3"
+  version = "1.4.0"
 
   context         = module.this.context
   enabled         = local.enabled && each.value.enabled
@@ -107,3 +107,15 @@ resource "snowflake_schema_grant" "this" {
   privilege     = each.key
   roles         = each.value
 }
+
+resource "snowflake_schema_grant" "existing" {
+  for_each = local.enabled ? transpose({ for role_name, role in local.roles : local.roles[role_name].name =>
+    lookup(local.roles_definition[role_name], "schema_grants", [])
+    if lookup(local.roles_definition[role_name], "enabled", true)
+  }) : {}
+
+  database_name = one(snowflake_database.this[*].name)
+  on_all        = true
+  privilege     = each.key
+  roles         = each.value
+}

From 6142de67e7b2847e00cfe545acede94872bde045 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Gniewek-W=C4=99grzyn?=
 <dominik.gniewek@getindata.com>
Date: Tue, 20 Feb 2024 15:48:10 +0100
Subject: [PATCH 2/2] chore: ci fixes + readme

---
 .github/workflows/pre-commit.yml | 4 ----
 .pre-commit-config.yaml          | 5 +----
 README.md                        | 5 +++--
 3 files changed, 4 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
index 652dff0..3363345 100644
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -12,7 +12,3 @@ on:
 jobs:
   main:
     uses: getindata/github-workflows/.github/workflows/tf-pre-commit.yml@v1
-    with:
-      # tflint v0.46.0 is the latest version we can use with pre-commit v0.1.20
-      # See .pre-commit-config.yaml for more details.
-      tflint-version: v0.46.0
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 2c59029..8aa4d46 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -2,14 +2,11 @@ repos:
   - repo: https://github.com/gruntwork-io/pre-commit
     # Stick to v0.1.20 until this bug is fixed: https://github.com/gruntwork-io/pre-commit/issues/102
     # When updating, also check if tflint version in pre-commit workflow can be updated.
-    rev: "v0.1.20" # Get the latest from: https://github.com/gruntwork-io/pre-commit/releases
+    rev: "v0.1.23" # Get the latest from: https://github.com/gruntwork-io/pre-commit/releases
     hooks:
       - id: terraform-validate # It should be the first step as it runs terraform init required by tflint
       - id: terraform-fmt
       - id: tflint
-        args:
-          - --module
-          - --config=.tflint.hcl
 
   - repo: https://github.com/terraform-docs/terraform-docs
     rev: "v0.16.0" # Get the latest from: https://github.com/terraform-docs/terraform-docs/releases
diff --git a/README.md b/README.md
index fa98821..55162ab 100644
--- a/README.md
+++ b/README.md
@@ -86,8 +86,8 @@ module "snowflake_database" {
 |------|--------|---------|
 | <a name="module_database_label"></a> [database\_label](#module\_database\_label) | cloudposse/label/null | 0.25.0 |
 | <a name="module_roles_deep_merge"></a> [roles\_deep\_merge](#module\_roles\_deep\_merge) | Invicton-Labs/deepmerge/null | 0.1.5 |
-| <a name="module_snowflake_custom_role"></a> [snowflake\_custom\_role](#module\_snowflake\_custom\_role) | getindata/role/snowflake | 1.0.3 |
-| <a name="module_snowflake_default_role"></a> [snowflake\_default\_role](#module\_snowflake\_default\_role) | getindata/role/snowflake | 1.0.3 |
+| <a name="module_snowflake_custom_role"></a> [snowflake\_custom\_role](#module\_snowflake\_custom\_role) | getindata/role/snowflake | 1.4.0 |
+| <a name="module_snowflake_default_role"></a> [snowflake\_default\_role](#module\_snowflake\_default\_role) | getindata/role/snowflake | 1.4.0 |
 | <a name="module_snowflake_schema"></a> [snowflake\_schema](#module\_snowflake\_schema) | getindata/schema/snowflake | 1.5.0 |
 | <a name="module_this"></a> [this](#module\_this) | cloudposse/label/null | 0.25.0 |
 
@@ -120,6 +120,7 @@ module "snowflake_database" {
 |------|------|
 | [snowflake_database.this](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/database) | resource |
 | [snowflake_database_grant.this](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/database_grant) | resource |
+| [snowflake_schema_grant.existing](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/schema_grant) | resource |
 | [snowflake_schema_grant.this](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/schema_grant) | resource |
 <!-- END_TF_DOCS -->