Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat!: Align with Snowflake provider changes #18

Merged
merged 2 commits into from
Jul 31, 2024
Merged

feat!: Align with Snowflake provider changes #18

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
15313dc
feat: align with Snowflake provider changes
dgniewek Jul 30, 2024
41c0bcc
ci: remove unneeded tflint configuration
dgniewek Jul 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 5 additions & 8 deletions .pre-commit-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,30 +1,27 @@
repos:
- repo: https://github.com/gruntwork-io/pre-commit
# Stick to v0.1.20 until this bug is fixed: https://github.com/gruntwork-io/pre-commit/issues/102
# When updating, also check if tflint version in pre-commit workflow can be updated.
rev: "v0.1.20" # Get the latest from: https://github.com/gruntwork-io/pre-commit/releases
rev: "v0.1.23" # Get the latest from: https://github.com/gruntwork-io/pre-commit/releases
hooks:
- id: terraform-validate # It should be the first step as it runs terraform init required by tflint
- id: terraform-fmt
- id: tflint
args:
- --module
- --config=.tflint.hcl
- "--config=__GIT_ROOT__/.tflint.hcl"

- repo: https://github.com/terraform-docs/terraform-docs
rev: "v0.16.0" # Get the latest from: https://github.com/terraform-docs/terraform-docs/releases
rev: "v0.18.0" # Get the latest from: https://github.com/terraform-docs/terraform-docs/releases
hooks:
- id: terraform-docs-go
args: ["."]

- repo: https://github.com/bridgecrewio/checkov.git
rev: "2.5.13" # Get the latest from: https://github.com/bridgecrewio/checkov/releases
rev: "3.2.213" # Get the latest from: https://github.com/bridgecrewio/checkov/releases
hooks:
- id: checkov
args: [--skip-check, "CKV_TF_1"] # Terraform module sources do not use a git url with a commit hash revision

- repo: https://github.com/pre-commit/pre-commit-hooks
rev: "v4.5.0" # Get the latest from: https://github.com/pre-commit/pre-commit-hooks/releases
rev: "v4.6.0" # Get the latest from: https://github.com/pre-commit/pre-commit-hooks/releases
hooks:
- id: check-merge-conflict
args: ["--assume-in-merge"]
Expand Down
17 changes: 8 additions & 9 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,12 +80,12 @@ module "resource_monitors" {
| <a name="input_notify_triggers"></a> [notify\_triggers](#input\_notify\_triggers) | A list of percentage thresholds at which to send an alert to subscribed users. | `list(number)` | `null` | no |
| <a name="input_notify_users"></a> [notify\_users](#input\_notify\_users) | Specifies the list of users to receive email notifications on resource monitors. | `list(string)` | `null` | no |
| <a name="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.<br>Characters matching the regex will be removed from the ID elements.<br>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
| <a name="input_roles"></a> [roles](#input\_roles) | Roles created on the Resource Monitor level | <pre>map(object({<br> enabled = optional(bool, true)<br> descriptor_name = optional(string, "snowflake-role")<br> comment = optional(string)<br> role_ownership_grant = optional(string)<br> granted_roles = optional(list(string))<br> granted_to_roles = optional(list(string))<br> granted_to_users = optional(list(string))<br> resource_monitor_grants = optional(list(string))<br> }))</pre> | `{}` | no |
| <a name="input_set_for_account"></a> [set\_for\_account](#input\_set\_for\_account) | Specifies whether the resource monitor should be applied globally to your Snowflake account. | `bool` | `true` | no |
| <a name="input_roles"></a> [roles](#input\_roles) | Roles created on the Resource Monitor level | <pre>map(object({<br> enabled = optional(bool, true)<br> descriptor_name = optional(string, "snowflake-role")<br> comment = optional(string)<br> role_ownership_grant = optional(string)<br> granted_roles = optional(list(string))<br> granted_to_roles = optional(list(string))<br> granted_to_users = optional(list(string))<br> resource_monitor_grants = optional(object({<br> all_privileges = optional(bool)<br> with_grant_option = optional(bool, false)<br> privileges = optional(list(string))<br> }))<br> }))</pre> | `{}` | no |
| <a name="input_set_for_account"></a> [set\_for\_account](#input\_set\_for\_account) | Specifies whether the resource monitor should be applied globally to your Snowflake account. | `bool` | `false` | no |
| <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
| <a name="input_start_timestamp"></a> [start\_timestamp](#input\_start\_timestamp) | The date and time when the resource monitor starts monitoring credit usage for the assigned warehouses. | `string` | `null` | no |
| <a name="input_suspend_immediate_triggers"></a> [suspend\_immediate\_triggers](#input\_suspend\_immediate\_triggers) | A list of percentage thresholds at which to immediately suspend all warehouses. | `list(number)` | `null` | no |
| <a name="input_suspend_triggers"></a> [suspend\_triggers](#input\_suspend\_triggers) | A list of percentage thresholds at which to suspend all warehouses. | `list(number)` | `null` | no |
| <a name="input_suspend_immediate_trigger"></a> [suspend\_immediate\_trigger](#input\_suspend\_immediate\_trigger) | The number that represents the percentage threshold at which to immediately suspend all warehouses. | `number` | `null` | no |
| <a name="input_suspend_trigger"></a> [suspend\_trigger](#input\_suspend\_trigger) | The number that represents the percentage threshold at which to suspend all warehouses. | `number` | `null` | no |
| <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).<br>Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |
| <a name="input_tenant"></a> [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no |
| <a name="input_warehouses"></a> [warehouses](#input\_warehouses) | A list of warehouse names to apply the resource monitor to. | `list(string)` | `null` | no |
Expand All @@ -96,8 +96,8 @@ module "resource_monitors" {
|------|--------|---------|
| <a name="module_monitor_label"></a> [monitor\_label](#module\_monitor\_label) | cloudposse/label/null | 0.25.0 |
| <a name="module_roles_deep_merge"></a> [roles\_deep\_merge](#module\_roles\_deep\_merge) | Invicton-Labs/deepmerge/null | 0.1.5 |
| <a name="module_snowflake_custom_role"></a> [snowflake\_custom\_role](#module\_snowflake\_custom\_role) | getindata/role/snowflake | 1.0.3 |
| <a name="module_snowflake_default_role"></a> [snowflake\_default\_role](#module\_snowflake\_default\_role) | getindata/role/snowflake | 1.0.3 |
| <a name="module_snowflake_custom_role"></a> [snowflake\_custom\_role](#module\_snowflake\_custom\_role) | getindata/role/snowflake | 2.1.0 |
| <a name="module_snowflake_default_role"></a> [snowflake\_default\_role](#module\_snowflake\_default\_role) | getindata/role/snowflake | 2.1.0 |
| <a name="module_this"></a> [this](#module\_this) | cloudposse/label/null | 0.25.0 |

## Outputs
Expand All @@ -121,21 +121,20 @@ module "resource_monitors" {

| Name | Version |
|------|---------|
| <a name="provider_snowflake"></a> [snowflake](#provider\_snowflake) | ~> 0.54 |
| <a name="provider_snowflake"></a> [snowflake](#provider\_snowflake) | ~> 0.94 |

## Requirements

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
| <a name="requirement_snowflake"></a> [snowflake](#requirement\_snowflake) | ~> 0.54 |
| <a name="requirement_snowflake"></a> [snowflake](#requirement\_snowflake) | ~> 0.94 |

## Resources

| Name | Type |
|------|------|
| [snowflake_resource_monitor.this](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/resource_monitor) | resource |
| [snowflake_resource_monitor_grant.this](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/resource_monitor_grant) | resource |
<!-- END_TF_DOCS -->

## CONTRIBUTING
Expand Down
57 changes: 0 additions & 57 deletions examples/complete/.terraform-docs.yml
View file
Open in desktop

This file was deleted.

8 changes: 4 additions & 4 deletions examples/complete/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,9 +43,9 @@ This example creates:
|------|--------|---------|
| <a name="module_account_resource_monitor"></a> [account\_resource\_monitor](#module\_account\_resource\_monitor) | ../../ | n/a |
| <a name="module_this"></a> [this](#module\_this) | cloudposse/label/null | 0.25.0 |
| <a name="module_warehouse_dbt"></a> [warehouse\_dbt](#module\_warehouse\_dbt) | getindata/warehouse/snowflake | 1.0.0 |
| <a name="module_warehouse_dbt"></a> [warehouse\_dbt](#module\_warehouse\_dbt) | getindata/warehouse/snowflake | 2.2.0 |
| <a name="module_warehouse_resource_monitor"></a> [warehouse\_resource\_monitor](#module\_warehouse\_resource\_monitor) | ../../ | n/a |
| <a name="module_warehouse_users"></a> [warehouse\_users](#module\_warehouse\_users) | getindata/warehouse/snowflake | 1.0.0 |
| <a name="module_warehouse_users"></a> [warehouse\_users](#module\_warehouse\_users) | getindata/warehouse/snowflake | 2.2.0 |

## Outputs

Expand All @@ -71,8 +71,8 @@ This example creates:

| Name | Type |
|------|------|
| [snowflake_role.this_admin](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/role) | resource |
| [snowflake_role.this_dev](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/role) | resource |
| [snowflake_account_role.this_admin](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/account_role) | resource |
| [snowflake_account_role.this_dev](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/account_role) | resource |
| [snowflake_user.this_dbt](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/user) | resource |
| [snowflake_user.this_user](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/user) | resource |
<!-- END_TF_DOCS -->
62 changes: 35 additions & 27 deletions examples/complete/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,36 +14,31 @@
*/

resource "snowflake_user" "this_user" {
name = "Example user"
login_name = "example_user"
comment = "Example snowflake user."
password = "P@55w0rd"
display_name = "Example User"
email = "[email protected]"
name = "example_user"
comment = "Example snowflake user."

must_change_password = true
}

resource "snowflake_user" "this_dbt" {
name = "DBT user"
login_name = "dbt_user"
comment = "DBT user."
name = "dbt_user"
comment = "DBT user."
}


resource "snowflake_role" "this_admin" {
resource "snowflake_account_role" "this_admin" {
name = "ADMIN"
comment = "Role for Snowflake Administrators"
}

resource "snowflake_role" "this_dev" {
resource "snowflake_account_role" "this_dev" {
name = "USER"
comment = "Role for Snowflake Users"
}

module "warehouse_users" {
source = "getindata/warehouse/snowflake"
version = "1.0.0"
version = "2.2.0"

name = "warehouse_users"
comment = "warehouse for users"
Expand All @@ -65,7 +60,7 @@ module "warehouse_users" {

module "warehouse_dbt" {
source = "getindata/warehouse/snowflake"
version = "1.0.0"
version = "2.2.0"

name = "warehouse_dbt"
comment = "warehouse for dbt usage"
Expand All @@ -83,6 +78,8 @@ module "warehouse_dbt" {
granted_to_users = ["dbt_user"]
}
}

depends_on = [snowflake_user.this_dbt]
}

/*
Expand Down Expand Up @@ -114,27 +111,36 @@ module "warehouse_resource_monitor" {
credit_quota = 20

frequency = "MONTHLY"
start_timestamp = "2022-12-01T00:00:00"
end_timestamp = "2023-03-31T00:00:00"
start_timestamp = formatdate("YYYY-MM-DD HH:MM", timeadd(timestamp(), "1h"))
end_timestamp = formatdate("YYYY-MM-DD HH:MM", timeadd(timestamp(), "1000h"))

suspend_triggers = [100]
notify_triggers = [50, 80]
notify_users = ["example_user"]
suspend_trigger = 100
notify_triggers = [50, 80]

warehouses = [module.warehouse_users.warehouse.name]

create_default_roles = true

roles = {
admin = {
granted_to_roles = [snowflake_role.this_admin.name]
granted_to_roles = [snowflake_account_role.this_admin.name]
}
custom_role = {
resource_monitor_grants = ["MONITOR", "MODIFY"]
granted_to_roles = [snowflake_role.this_dev.name]
granted_to_users = [snowflake_user.this_user.name]
resource_monitor_grants = {
privileges = ["MONITOR", "MODIFY"]
}
granted_to_roles = [snowflake_account_role.this_dev.name]
granted_to_users = [nonsensitive(snowflake_user.this_user.name)]
}
}


depends_on = [
snowflake_account_role.this_dev,
snowflake_account_role.this_admin,
snowflake_user.this_user,
module.warehouse_users.warehouse,
]
}

/*
Expand Down Expand Up @@ -167,18 +173,20 @@ module "account_resource_monitor" {

credit_quota = 200

frequency = "MONTHLY"
start_timestamp = formatdate("YYYY-MM-DD HH:MM", timeadd(timestamp(), "1h"))
frequency = "MONTHLY"

notify_triggers = [50, 80, 90]
notify_users = ["example_user"]
suspend_immediate_triggers = [100]
notify_triggers = [50, 80, 90]
suspend_immediate_trigger = 100

create_default_roles = true

roles = {
admin = {
granted_to_roles = [snowflake_role.this_admin.name]
granted_to_roles = [snowflake_account_role.this_admin.name]
}
}

depends_on = [snowflake_account_role.this_admin]

}
57 changes: 0 additions & 57 deletions examples/simple/.terraform-docs.yml
View file
Open in desktop

This file was deleted.

5 changes: 1 addition & 4 deletions examples/simple/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,10 +30,7 @@ No providers.

## Requirements

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
| <a name="requirement_snowflake"></a> [snowflake](#requirement\_snowflake) | ~> 0.54 |
No requirements.

## Resources

Expand Down
4 changes: 2 additions & 2 deletions examples/simple/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,6 @@ module "resource_monitor" {

credit_quota = 200

notify_triggers = [50, 80, 90]
suspend_triggers = [100]
notify_triggers = [50, 80, 90]
suspend_trigger = 100
}
1 change: 0 additions & 1 deletion examples/simple/providers.tf
View file
Open in desktop

This file was deleted.

9 changes: 0 additions & 9 deletions examples/simple/versions.tf
View file
Open in desktop

This file was deleted.

Loading
Loading