Merge pull request #1 from getindata/initial_commit

feat: Initial sources of Snowflake Resource Monitor module

.github/workflows/pre-commit.yml

@@ -8,6 +8,7 @@ on:
 
 env:
   TERRAFORM_DOCS_VERSION: v0.16.0
+  TFLINT_VERSION: v0.41.0
 
 jobs:
   collectInputs:
@@ -21,7 +22,7 @@ jobs:
 
       - name: Get root directories
         id: dirs
-        uses: clowdhaus/terraform-composite-actions/directories@v1.3.0
+        uses: clowdhaus/terraform-composite-actions/directories@v1.8.3
 
   preCommitMinVersions:
     name: Min TF pre-commit
@@ -43,18 +44,18 @@ jobs:
       - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
         # Run only validate pre-commit check on min version supported
         if: ${{ matrix.directory !=  '.' }}
-        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.3.0
+        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3
         with:
           terraform-version: ${{ steps.minMax.outputs.minVersion }}
-          args: 'terraform-validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*'
+          args: "terraform-validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*"
 
       - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
         # Run only validate pre-commit check on min version supported
         if: ${{ matrix.directory ==  '.' }}
-        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.3.0
+        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3
         with:
           terraform-version: ${{ steps.minMax.outputs.minVersion }}
-          args: 'terraform-validate --color=always --show-diff-on-failure --files $(ls *.tf)'
+          args: "terraform-validate --color=always --show-diff-on-failure --files $(ls *.tf)"
 
   preCommitMaxVersion:
     name: Max TF pre-commit
@@ -75,7 +76,8 @@ jobs:
       - run: terraform init
 
       - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }}
-        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.3.0
+        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3
         with:
           terraform-version: ${{ steps.minMax.outputs.maxVersion }}
           terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }}
+          tflint-version: ${{ env.TFLINT_VERSION }}

.pre-commit-config.yaml

@@ -16,7 +16,7 @@ repos:
         args: ["."]
 
   - repo: https://github.com/bridgecrewio/checkov.git
-    rev: '2.0.1161' # Get the latest from: https://github.com/bridgecrewio/checkov/releases
+    rev: "2.2.168" # Get the latest from: https://github.com/bridgecrewio/checkov/releases
     hooks:
       - id: checkov
 

.terraform-docs.yml

@@ -2,6 +2,10 @@ formatter: "md tbl" # this is required
 
 version: ">= 0.14"
 
+recursive:
+  enabled: true
+  path: ./examples
+
 sections:
   hide: []
   show: [all]

examples/complete/.terraform-docs.yml

@@ -0,0 +1,57 @@
+formatter: "md tbl" # this is required
+
+version: ">= 0.14"
+
+header-from: main.tf
+
+sections:
+  hide: []
+  show: [all]
+
+content: |-
+  {{ .Header }}
+
+  {{ .Footer }}
+
+  {{ .Inputs }}
+
+  {{ .Modules }}
+
+  {{ .Outputs }}
+
+  {{ .Providers }}
+
+  {{ .Requirements }}
+
+  {{ .Resources }}
+
+output:
+  file: "README.md"
+  mode: inject
+  template: |-
+    <!-- BEGIN_TF_DOCS -->
+    {{ .Content }}
+    <!-- END_TF_DOCS -->
+
+output-values:
+  enabled: false
+  from: ""
+
+sort:
+  enabled: true
+  by: name
+
+settings:
+  anchor: true
+  color: true
+  default: true
+  description: false
+  escape: true
+  hide-empty: false
+  html: true
+  indent: 2
+  lockfile: false
+  read-comments: true
+  required: true
+  sensitive: true
+  type: true

examples/complete/README.md

@@ -0,0 +1,78 @@
+<!-- BEGIN_TF_DOCS -->
+# Complete example for Snowflake Resource Monitor module
+
+This example creates:
+
+* Resource monitor for warehouse, that will ill notify account
+  administrators and specified users when 50%, 80% of credit
+  quota is reached, will also suspend all warehouses assigned
+  to this monitor.
+* Resource monitor for account, that will notify account
+  administrators when 50%, 80%,90% of credit quota is reached,
+  will also suspend immediately (all running queries will be cancelled)
+  all warehouses in the account when 100% quota is reached.
+
+
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_additional_tag_map"></a> [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.<br>This is for some rare cases where resources want additional configuration of tags<br>and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no |
+| <a name="input_attributes"></a> [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,<br>in the order they appear in the list. New attributes are appended to the<br>end of the list. The elements of the list are joined by the `delimiter`<br>and treated as a single ID element. | `list(string)` | `[]` | no |
+| <a name="input_context"></a> [context](#input\_context) | Single object for setting entire context at once.<br>See description of individual variables for details.<br>Leave string and numeric variables as `null` to use default value.<br>Individual variable settings (non-null) override settings in context object,<br>except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | <pre>{<br>  "additional_tag_map": {},<br>  "attributes": [],<br>  "delimiter": null,<br>  "descriptor_formats": {},<br>  "enabled": true,<br>  "environment": null,<br>  "id_length_limit": null,<br>  "label_key_case": null,<br>  "label_order": [],<br>  "label_value_case": null,<br>  "labels_as_tags": [<br>    "unset"<br>  ],<br>  "name": null,<br>  "namespace": null,<br>  "regex_replace_chars": null,<br>  "stage": null,<br>  "tags": {},<br>  "tenant": null<br>}</pre> | no |
+| <a name="input_delimiter"></a> [delimiter](#input\_delimiter) | Delimiter to be used between ID elements.<br>Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no |
+| <a name="input_descriptor_formats"></a> [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.<br>Map of maps. Keys are names of descriptors. Values are maps of the form<br>`{<br>   format = string<br>   labels = list(string)<br>}`<br>(Type is `any` so the map values can later be enhanced to provide additional options.)<br>`format` is a Terraform format string to be passed to the `format()` function.<br>`labels` is a list of labels, in order, to pass to `format()` function.<br>Label values will be normalized before being passed to `format()` so they will be<br>identical to how they appear in `id`.<br>Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no |
+| <a name="input_enabled"></a> [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
+| <a name="input_environment"></a> [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
+| <a name="input_id_length_limit"></a> [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).<br>Set to `0` for unlimited length.<br>Set to `null` for keep the existing setting, which defaults to `0`.<br>Does not affect `id_full`. | `number` | `null` | no |
+| <a name="input_label_key_case"></a> [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.<br>Does not affect keys of tags passed in via the `tags` input.<br>Possible values: `lower`, `title`, `upper`.<br>Default value: `title`. | `string` | `null` | no |
+| <a name="input_label_order"></a> [label\_order](#input\_label\_order) | The order in which the labels (ID elements) appear in the `id`.<br>Defaults to ["namespace", "environment", "stage", "name", "attributes"].<br>You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. | `list(string)` | `null` | no |
+| <a name="input_label_value_case"></a> [label\_value\_case](#input\_label\_value\_case) | Controls the letter case of ID elements (labels) as included in `id`,<br>set as tag values, and output by this module individually.<br>Does not affect values of tags passed in via the `tags` input.<br>Possible values: `lower`, `title`, `upper` and `none` (no transformation).<br>Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs.<br>Default value: `lower`. | `string` | `null` | no |
+| <a name="input_labels_as_tags"></a> [labels\_as\_tags](#input\_labels\_as\_tags) | Set of labels (ID elements) to include as tags in the `tags` output.<br>Default is to include all labels.<br>Tags with empty values will not be included in the `tags` output.<br>Set to `[]` to suppress all generated tags.<br>**Notes:**<br>  The value of the `name` tag, if included, will be the `id`, not the `name`.<br>  Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be<br>  changed in later chained modules. Attempts to change it will be silently ignored. | `set(string)` | <pre>[<br>  "default"<br>]</pre> | no |
+| <a name="input_name"></a> [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.<br>This is the only ID element not also included as a `tag`.<br>The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no |
+| <a name="input_namespace"></a> [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
+| <a name="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.<br>Characters matching the regex will be removed from the ID elements.<br>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
+| <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).<br>Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |
+| <a name="input_tenant"></a> [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_account_resource_monitor"></a> [account\_resource\_monitor](#module\_account\_resource\_monitor) | ../../ | n/a |
+| <a name="module_this"></a> [this](#module\_this) | cloudposse/label/null | 0.25.0 |
+| <a name="module_warehouse_dbt"></a> [warehouse\_dbt](#module\_warehouse\_dbt) | getindata/warehouse/snowflake | 1.0.0 |
+| <a name="module_warehouse_resource_monitor"></a> [warehouse\_resource\_monitor](#module\_warehouse\_resource\_monitor) | ../../ | n/a |
+| <a name="module_warehouse_users"></a> [warehouse\_users](#module\_warehouse\_users) | getindata/warehouse/snowflake | 1.0.0 |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_account_resource_monitor"></a> [account\_resource\_monitor](#output\_account\_resource\_monitor) | Details of account resource monitor |
+| <a name="output_warehouse_resource_monitor"></a> [warehouse\_resource\_monitor](#output\_warehouse\_resource\_monitor) | Details of warehouse resource monitor |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_snowflake"></a> [snowflake](#provider\_snowflake) | ~> 0.47 |
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
+| <a name="requirement_snowflake"></a> [snowflake](#requirement\_snowflake) | ~> 0.47 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [snowflake_role.this_admin](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/role) | resource |
+| [snowflake_role.this_dev](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/role) | resource |
+| [snowflake_user.this_dbt](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/user) | resource |
+| [snowflake_user.this_user](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/user) | resource |
+<!-- END_TF_DOCS -->

examples/complete/main.tf

@@ -0,0 +1,184 @@
+/*
+* # Complete example for Snowflake Resource Monitor module
+*
+* This example creates:
+*
+* * Resource monitor for warehouse, that will ill notify account 
+*   administrators and specified users when 50%, 80% of credit 
+*   quota is reached, will also suspend all warehouses assigned 
+*   to this monitor.
+* * Resource monitor for account, that will notify account 
+*   administrators when 50%, 80%,90% of credit quota is reached,
+*   will also suspend immediately (all running queries will be cancelled)
+*   all warehouses in the account when 100% quota is reached.
+*/
+
+resource "snowflake_user" "this_user" {
+  name         = "Example user"
+  login_name   = "example_user"
+  comment      = "Example snowflake user."
+  password     = "P@55w0rd"
+  display_name = "Example User"
+  email        = "[email protected]"
+
+  must_change_password = true
+}
+
+resource "snowflake_user" "this_dbt" {
+  name       = "DBT user"
+  login_name = "dbt_user"
+  comment    = "DBT user."
+}
+
+
+resource "snowflake_role" "this_admin" {
+  name    = "ADMIN"
+  comment = "Role for Snowflake Administrators"
+}
+
+resource "snowflake_role" "this_dev" {
+  name    = "USER"
+  comment = "Role for Snowflake Users"
+}
+
+module "warehouse_users" {
+  source  = "getindata/warehouse/snowflake"
+  version = "1.0.0"
+
+  name    = "warehouse_users"
+  comment = "warehouse for users"
+
+  warehouse_size = "x-small"
+
+  auto_resume         = true
+  auto_suspend        = 600
+  initially_suspended = true
+
+  create_default_roles = true
+
+  roles = {
+    usage = {
+      granted_to_roles = ["USER"]
+    }
+  }
+}
+
+module "warehouse_dbt" {
+  source  = "getindata/warehouse/snowflake"
+  version = "1.0.0"
+
+  name    = "warehouse_dbt"
+  comment = "warehouse for dbt usage"
+
+  warehouse_size = "x-small"
+
+  auto_resume         = true
+  auto_suspend        = 600
+  initially_suspended = true
+
+  create_default_roles = true
+
+  roles = {
+    usage = {
+      granted_to_users = ["dbt_user"]
+    }
+  }
+}
+
+/*
+ * Resource monitor for warehouse
+ * Will notify account administrators and specified users when 
+ * 50%, 80% of credit quota is reached.
+ * Will notify account administrators plus specified users and 
+ * suspend all warehouses assigned to this monitor.
+*/
+module "warehouse_resource_monitor" {
+  source = "../../"
+
+  descriptor_formats = {
+    snowflake-role = {
+      labels = ["attributes", "name"]
+      format = "%v_%v"
+    }
+    snowflake-resource-monitor = {
+      labels = ["name", "attributes"]
+      format = "%v_%v"
+    }
+  }
+
+  enabled = true
+
+  name       = "warehouse"
+  attributes = ["resource", "monitor"]
+
+  credit_quota = 20
+
+  frequency       = "MONTHLY"
+  start_timestamp = "2022-12-01T00:00:00"
+  end_timestamp   = "2023-03-31T00:00:00"
+
+  suspend_triggers = [100]
+  notify_triggers  = [50, 80]
+  notify_users     = ["example_user"]
+
+  warehouses = [module.warehouse_users.warehouse.name]
+
+  create_default_roles = true
+
+  roles = {
+    admin = {
+      granted_to_roles = [snowflake_role.this_admin.name]
+    }
+    custom_role = {
+      privileges       = ["MONITOR", "MODIFY"]
+      granted_to_roles = [snowflake_role.this_dev.name]
+      granted_to_users = [snowflake_user.this_user.name]
+    }
+  }
+}
+
+/* 
+ * Resource monitor for account.
+ * Will notify account administrators when 50%, 80%,90%
+ * of credit quota is reached.
+ * Will notify account administrators and suspend immediately 
+ * (all running queries will be cancelled) all warehouses in
+ * the accouny when 100% quota is reached.
+*/
+module "account_resource_monitor" {
+  source = "../../"
+
+  descriptor_formats = {
+    snowflake-role = {
+      labels = ["attributes", "name"]
+      format = "%v_%v"
+    }
+    snowflake-resource-monitor = {
+      labels = ["name", "attributes"]
+      format = "%v_%v"
+    }
+  }
+
+  enabled         = true
+  set_for_account = true
+
+  name       = "account"
+  attributes = ["resource", "monitor"]
+
+  credit_quota = 200
+
+  frequency = "MONTHLY"
+
+  notify_triggers            = [50, 80, 90]
+  notify_users               = ["example_user"]
+  suspend_immediate_triggers = [100]
+
+  create_default_roles = true
+
+  roles = {
+    admin = {
+      granted_to_roles = [snowflake_role.this_admin.name]
+    }
+  }
+
+}