From fbe8c5db2aec7c6f1249bb26594e21275bb5c22e Mon Sep 17 00:00:00 2001 From: Piotr Sierkin Date: Tue, 11 Jul 2023 08:30:21 +0200 Subject: [PATCH 01/30] feat: add view grants --- locals.tf | 10 ++++++++++ main.tf | 11 +++++++++++ variables.tf | 12 ++++++++++++ 3 files changed, 33 insertions(+) diff --git a/locals.tf b/locals.tf index 53fea13..d06f859 100644 --- a/locals.tf +++ b/locals.tf @@ -43,4 +43,14 @@ locals { privilege = privilege } }]...) + + view_grants = merge([for view_grant in var.view_grants : { + for privilege in view_grant.privileges : "${view_grant.database_name}/${view_grant.schema_name}/${coalesce(view_grant.view_name, "on_future")}/${privilege}" => { + database_name = view_grant.database_name + schema_name = view_grant.schema_name + view_name = view_grant.view_name + on_future = view_grant.on_future + privilege = privilege + } + }]...) } diff --git a/main.tf b/main.tf index db20655..09dc4b7 100644 --- a/main.tf +++ b/main.tf @@ -76,6 +76,17 @@ resource "snowflake_external_table_grant" "this" { roles = [one(snowflake_role.this[*].name)] } +resource "snowflake_view_grant" "this" { + for_each = module.this.enabled ? local.view_grants : {} + + database_name = each.value.database_name + schema_name = each.value.schema_name + view_name = each.value.view_name + privilege = each.value.privilege + on_future = each.value.on_future + roles = [one(snowflake_role.this[*].name)] +} + resource "snowflake_account_grant" "this" { for_each = toset(module.this.enabled ? var.account_grants : []) diff --git a/variables.tf b/variables.tf index 1f41ae1..0d12114 100644 --- a/variables.tf +++ b/variables.tf @@ -77,6 +77,18 @@ variable "external_table_grants" { default = [] } +variable "view_grants" { + description = "Grants on a view level" + type = list(object({ + database_name = string + schema_name = string + view_name = optional(string) + on_future = optional(bool, false) + privileges = list(string) + })) + default = [] +} + variable "descriptor_name" { description = "Name of the descriptor used to form a resource name" type = string From 0a495e8d6a9bef9705550a63db538aa5d08264f6 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 11 Jul 2023 06:41:54 +0000 Subject: [PATCH 02/30] terraform-docs: automated action --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 4a103de..ef42796 100644 --- a/README.md +++ b/README.md @@ -95,6 +95,7 @@ module "snowflake_role" { | [table\_grants](#input\_table\_grants) | Grants on a table level | 
list(object({
    database_name = string
    schema_name   = string
    table_name    = optional(string)
    on_future     = optional(bool, false)
    privileges    = list(string)
  }))
| `[]` | no | | [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no | | [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no | +| [view\_grants](#input\_view\_grants) | Grants on a view level | 
list(object({
    database_name = string
    schema_name   = string
    view_name     = optional(string)
    on_future     = optional(bool, false)
    privileges    = list(string)
  }))
| `[]` | no | ## Modules @@ -135,6 +136,7 @@ module "snowflake_role" { | [snowflake_role_ownership_grant.this](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/role_ownership_grant) | resource | | [snowflake_schema_grant.this](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/schema_grant) | resource | | [snowflake_table_grant.this](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/table_grant) | resource | +| [snowflake_view_grant.this](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/view_grant) | resource | ## CONTRIBUTING From 3a8ec949e00aecb7c321946a963a2d5b7d2df72d Mon Sep 17 00:00:00 2001 From: Piotr Sierkin Date: Tue, 11 Jul 2023 09:38:47 +0200 Subject: [PATCH 03/30] chore: test on_future conflicts --- locals.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locals.tf b/locals.tf index d06f859..fb44e6f 100644 --- a/locals.tf +++ b/locals.tf @@ -45,7 +45,7 @@ locals { }]...) view_grants = merge([for view_grant in var.view_grants : { - for privilege in view_grant.privileges : "${view_grant.database_name}/${view_grant.schema_name}/${coalesce(view_grant.view_name, "on_future")}/${privilege}" => { + for privilege in view_grant.privileges : "${view_grant.database_name}/${view_grant.schema_name}/${view_grant.view_name}/${privilege}" => { database_name = view_grant.database_name schema_name = view_grant.schema_name view_name = view_grant.view_name From 7e90acfc8bf32a778f271ebe3bff99e315ecef22 Mon Sep 17 00:00:00 2001 From: Piotr Sierkin Date: Tue, 11 Jul 2023 09:47:57 +0200 Subject: [PATCH 04/30] chore: remove on future --- locals.tf | 1 - main.tf | 1 - variables.tf | 1 - 3 files changed, 3 deletions(-) diff --git a/locals.tf b/locals.tf index fb44e6f..0d9582a 100644 --- a/locals.tf +++ b/locals.tf @@ -49,7 +49,6 @@ locals { database_name = view_grant.database_name schema_name = view_grant.schema_name view_name = view_grant.view_name - on_future = view_grant.on_future privilege = privilege } }]...) diff --git a/main.tf b/main.tf index 09dc4b7..e9ff656 100644 --- a/main.tf +++ b/main.tf @@ -83,7 +83,6 @@ resource "snowflake_view_grant" "this" { schema_name = each.value.schema_name view_name = each.value.view_name privilege = each.value.privilege - on_future = each.value.on_future roles = [one(snowflake_role.this[*].name)] } diff --git a/variables.tf b/variables.tf index 0d12114..4354a5f 100644 --- a/variables.tf +++ b/variables.tf @@ -83,7 +83,6 @@ variable "view_grants" { database_name = string schema_name = string view_name = optional(string) - on_future = optional(bool, false) privileges = list(string) })) default = [] From d89fb8dc046c21d9c271a86a24cceda6b881aa3e Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 11 Jul 2023 07:48:19 +0000 Subject: [PATCH 05/30] terraform-docs: automated action --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ef42796..b12b644 100644 --- a/README.md +++ b/README.md @@ -95,7 +95,7 @@ module "snowflake_role" { | [table\_grants](#input\_table\_grants) | Grants on a table level | 
list(object({
    database_name = string
    schema_name   = string
    table_name    = optional(string)
    on_future     = optional(bool, false)
    privileges    = list(string)
  }))
| `[]` | no | | [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no | | [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no | -| [view\_grants](#input\_view\_grants) | Grants on a view level | 
list(object({
    database_name = string
    schema_name   = string
    view_name     = optional(string)
    on_future     = optional(bool, false)
    privileges    = list(string)
  }))
| `[]` | no | +| [view\_grants](#input\_view\_grants) | Grants on a view level | 
list(object({
    database_name = string
    schema_name   = string
    view_name     = optional(string)
    privileges    = list(string)
  }))
| `[]` | no | ## Modules From 8870cd6cbcd748bd69e6980f91f207d33081666e Mon Sep 17 00:00:00 2001 From: Piotr Sierkin Date: Tue, 11 Jul 2023 09:58:13 +0200 Subject: [PATCH 06/30] chore: revert changes --- locals.tf | 3 ++- main.tf | 1 + variables.tf | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/locals.tf b/locals.tf index 0d9582a..d06f859 100644 --- a/locals.tf +++ b/locals.tf @@ -45,10 +45,11 @@ locals { }]...) view_grants = merge([for view_grant in var.view_grants : { - for privilege in view_grant.privileges : "${view_grant.database_name}/${view_grant.schema_name}/${view_grant.view_name}/${privilege}" => { + for privilege in view_grant.privileges : "${view_grant.database_name}/${view_grant.schema_name}/${coalesce(view_grant.view_name, "on_future")}/${privilege}" => { database_name = view_grant.database_name schema_name = view_grant.schema_name view_name = view_grant.view_name + on_future = view_grant.on_future privilege = privilege } }]...) diff --git a/main.tf b/main.tf index e9ff656..09dc4b7 100644 --- a/main.tf +++ b/main.tf @@ -83,6 +83,7 @@ resource "snowflake_view_grant" "this" { schema_name = each.value.schema_name view_name = each.value.view_name privilege = each.value.privilege + on_future = each.value.on_future roles = [one(snowflake_role.this[*].name)] } diff --git a/variables.tf b/variables.tf index 4354a5f..0d12114 100644 --- a/variables.tf +++ b/variables.tf @@ -83,6 +83,7 @@ variable "view_grants" { database_name = string schema_name = string view_name = optional(string) + on_future = optional(bool, false) privileges = list(string) })) default = [] From 4080d9d3535a57c7abacb3346b53cb0b9e80c58a Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 11 Jul 2023 07:58:39 +0000 Subject: [PATCH 07/30] terraform-docs: automated action --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b12b644..ef42796 100644 --- a/README.md +++ b/README.md @@ -95,7 +95,7 @@ module "snowflake_role" { | [table\_grants](#input\_table\_grants) | Grants on a table level | 
list(object({
    database_name = string
    schema_name   = string
    table_name    = optional(string)
    on_future     = optional(bool, false)
    privileges    = list(string)
  }))
| `[]` | no | | [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no | | [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no | -| [view\_grants](#input\_view\_grants) | Grants on a view level | 
list(object({
    database_name = string
    schema_name   = string
    view_name     = optional(string)
    privileges    = list(string)
  }))
| `[]` | no | +| [view\_grants](#input\_view\_grants) | Grants on a view level | 
list(object({
    database_name = string
    schema_name   = string
    view_name     = optional(string)
    on_future     = optional(bool, false)
    privileges    = list(string)
  }))
| `[]` | no | ## Modules From bfdf8f1fcffb21ff1635a56a914162297d5999b5 Mon Sep 17 00:00:00 2001 From: Piotr Sierkin Date: Tue, 11 Jul 2023 10:07:14 +0200 Subject: [PATCH 08/30] chore: test without coalesce --- locals.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locals.tf b/locals.tf index d06f859..fb44e6f 100644 --- a/locals.tf +++ b/locals.tf @@ -45,7 +45,7 @@ locals { }]...) view_grants = merge([for view_grant in var.view_grants : { - for privilege in view_grant.privileges : "${view_grant.database_name}/${view_grant.schema_name}/${coalesce(view_grant.view_name, "on_future")}/${privilege}" => { + for privilege in view_grant.privileges : "${view_grant.database_name}/${view_grant.schema_name}/${view_grant.view_name}/${privilege}" => { database_name = view_grant.database_name schema_name = view_grant.schema_name view_name = view_grant.view_name From c5b0c4703d3496f4f1fc6945f654266ab9943af5 Mon Sep 17 00:00:00 2001 From: Piotr Sierkin Date: Tue, 11 Jul 2023 10:18:26 +0200 Subject: [PATCH 09/30] chore: revert changes --- locals.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locals.tf b/locals.tf index fb44e6f..d06f859 100644 --- a/locals.tf +++ b/locals.tf @@ -45,7 +45,7 @@ locals { }]...) view_grants = merge([for view_grant in var.view_grants : { - for privilege in view_grant.privileges : "${view_grant.database_name}/${view_grant.schema_name}/${view_grant.view_name}/${privilege}" => { + for privilege in view_grant.privileges : "${view_grant.database_name}/${view_grant.schema_name}/${coalesce(view_grant.view_name, "on_future")}/${privilege}" => { database_name = view_grant.database_name schema_name = view_grant.schema_name view_name = view_grant.view_name From 3e4a396b149228da9f31bdffe651da6b54ec3341 Mon Sep 17 00:00:00 2001 From: Piotr Sierkin Date: Tue, 11 Jul 2023 10:54:47 +0200 Subject: [PATCH 10/30] chore: test --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 0d12114..83f7393 100644 --- a/variables.tf +++ b/variables.tf @@ -83,7 +83,7 @@ variable "view_grants" { database_name = string schema_name = string view_name = optional(string) - on_future = optional(bool, false) + on_future = false privileges = list(string) })) default = [] From b0760f70b95404a1c128714ed022c4033ef29015 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 11 Jul 2023 08:56:17 +0000 Subject: [PATCH 11/30] terraform-docs: automated action --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ef42796..b86ad09 100644 --- a/README.md +++ b/README.md @@ -95,7 +95,7 @@ module "snowflake_role" { | [table\_grants](#input\_table\_grants) | Grants on a table level | 
list(object({
    database_name = string
    schema_name   = string
    table_name    = optional(string)
    on_future     = optional(bool, false)
    privileges    = list(string)
  }))
| `[]` | no | | [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no | | [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no | -| [view\_grants](#input\_view\_grants) | Grants on a view level | 
list(object({
    database_name = string
    schema_name   = string
    view_name     = optional(string)
    on_future     = optional(bool, false)
    privileges    = list(string)
  }))
| `[]` | no | +| [view\_grants](#input\_view\_grants) | Grants on a view level | 
list(object({
    database_name = string
    schema_name   = string
    view_name     = optional(string)
    on_future     = false
    privileges    = list(string)
  }))
| `[]` | no | ## Modules From 317c2d9660aff568a3fa7ad15474da4d70c41567 Mon Sep 17 00:00:00 2001 From: Piotr Sierkin Date: Tue, 11 Jul 2023 10:59:36 +0200 Subject: [PATCH 12/30] test --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 83f7393..e20724b 100644 --- a/variables.tf +++ b/variables.tf @@ -83,7 +83,7 @@ variable "view_grants" { database_name = string schema_name = string view_name = optional(string) - on_future = false + on_future = optional(bool) privileges = list(string) })) default = [] From f1b83825520a403e6aa7ddff963201e07c67b542 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 11 Jul 2023 08:59:59 +0000 Subject: [PATCH 13/30] terraform-docs: automated action --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b86ad09..ceedc24 100644 --- a/README.md +++ b/README.md @@ -95,7 +95,7 @@ module "snowflake_role" { | [table\_grants](#input\_table\_grants) | Grants on a table level | 
list(object({
    database_name = string
    schema_name   = string
    table_name    = optional(string)
    on_future     = optional(bool, false)
    privileges    = list(string)
  }))
| `[]` | no | | [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no | | [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no | -| [view\_grants](#input\_view\_grants) | Grants on a view level | 
list(object({
    database_name = string
    schema_name   = string
    view_name     = optional(string)
    on_future     = false
    privileges    = list(string)
  }))
| `[]` | no | +| [view\_grants](#input\_view\_grants) | Grants on a view level | 
list(object({
    database_name = string
    schema_name   = string
    view_name     = optional(string)
    on_future     = optional(bool)
    privileges    = list(string)
  }))
| `[]` | no | ## Modules From cc1b13b3035df8c31bfbfbe6858becc28f4bd79c Mon Sep 17 00:00:00 2001 From: Piotr Sierkin Date: Tue, 11 Jul 2023 11:21:41 +0200 Subject: [PATCH 14/30] chore: test --- locals.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locals.tf b/locals.tf index d06f859..7475d9d 100644 --- a/locals.tf +++ b/locals.tf @@ -49,7 +49,7 @@ locals { database_name = view_grant.database_name schema_name = view_grant.schema_name view_name = view_grant.view_name - on_future = view_grant.on_future + on_future = coalesce(view_grant.on_future, false) privilege = privilege } }]...) From b226ed426189d496755e6cf627e87773db038229 Mon Sep 17 00:00:00 2001 From: Piotr Sierkin Date: Tue, 11 Jul 2023 11:36:53 +0200 Subject: [PATCH 15/30] chore: update --- locals.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locals.tf b/locals.tf index 7475d9d..d06f859 100644 --- a/locals.tf +++ b/locals.tf @@ -49,7 +49,7 @@ locals { database_name = view_grant.database_name schema_name = view_grant.schema_name view_name = view_grant.view_name - on_future = coalesce(view_grant.on_future, false) + on_future = view_grant.on_future privilege = privilege } }]...) From 2be8d974d5ac176c838d8ca6646111f5c9664d3d Mon Sep 17 00:00:00 2001 From: Piotr Sierkin Date: Tue, 11 Jul 2023 11:57:45 +0200 Subject: [PATCH 16/30] chore: demo without on_future --- locals.tf | 3 +-- variables.tf | 1 - 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/locals.tf b/locals.tf index d06f859..0d9582a 100644 --- a/locals.tf +++ b/locals.tf @@ -45,11 +45,10 @@ locals { }]...) view_grants = merge([for view_grant in var.view_grants : { - for privilege in view_grant.privileges : "${view_grant.database_name}/${view_grant.schema_name}/${coalesce(view_grant.view_name, "on_future")}/${privilege}" => { + for privilege in view_grant.privileges : "${view_grant.database_name}/${view_grant.schema_name}/${view_grant.view_name}/${privilege}" => { database_name = view_grant.database_name schema_name = view_grant.schema_name view_name = view_grant.view_name - on_future = view_grant.on_future privilege = privilege } }]...) diff --git a/variables.tf b/variables.tf index e20724b..4354a5f 100644 --- a/variables.tf +++ b/variables.tf @@ -83,7 +83,6 @@ variable "view_grants" { database_name = string schema_name = string view_name = optional(string) - on_future = optional(bool) privileges = list(string) })) default = [] From 14876f4e1c39e7fa3c16e8d7dd465bed8ce06ef9 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 11 Jul 2023 09:58:08 +0000 Subject: [PATCH 17/30] terraform-docs: automated action --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ceedc24..b12b644 100644 --- a/README.md +++ b/README.md @@ -95,7 +95,7 @@ module "snowflake_role" { | [table\_grants](#input\_table\_grants) | Grants on a table level | 
list(object({
    database_name = string
    schema_name   = string
    table_name    = optional(string)
    on_future     = optional(bool, false)
    privileges    = list(string)
  }))
| `[]` | no | | [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no | | [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no | -| [view\_grants](#input\_view\_grants) | Grants on a view level | 
list(object({
    database_name = string
    schema_name   = string
    view_name     = optional(string)
    on_future     = optional(bool)
    privileges    = list(string)
  }))
| `[]` | no | +| [view\_grants](#input\_view\_grants) | Grants on a view level | 
list(object({
    database_name = string
    schema_name   = string
    view_name     = optional(string)
    privileges    = list(string)
  }))
| `[]` | no | ## Modules From a720be662de985ade3d295f98ca2486777413f33 Mon Sep 17 00:00:00 2001 From: Piotr Sierkin Date: Tue, 11 Jul 2023 14:29:54 +0200 Subject: [PATCH 18/30] chore: remove on_future --- main.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/main.tf b/main.tf index 09dc4b7..e9ff656 100644 --- a/main.tf +++ b/main.tf @@ -83,7 +83,6 @@ resource "snowflake_view_grant" "this" { schema_name = each.value.schema_name view_name = each.value.view_name privilege = each.value.privilege - on_future = each.value.on_future roles = [one(snowflake_role.this[*].name)] } From 960ec5784b1d2f68503af1558e23f19ed83cb2a0 Mon Sep 17 00:00:00 2001 From: Piotr Sierkin Date: Tue, 11 Jul 2023 18:23:32 +0200 Subject: [PATCH 19/30] chore: add on_future --- locals.tf | 3 ++- main.tf | 1 + variables.tf | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/locals.tf b/locals.tf index 0d9582a..d06f859 100644 --- a/locals.tf +++ b/locals.tf @@ -45,10 +45,11 @@ locals { }]...) view_grants = merge([for view_grant in var.view_grants : { - for privilege in view_grant.privileges : "${view_grant.database_name}/${view_grant.schema_name}/${view_grant.view_name}/${privilege}" => { + for privilege in view_grant.privileges : "${view_grant.database_name}/${view_grant.schema_name}/${coalesce(view_grant.view_name, "on_future")}/${privilege}" => { database_name = view_grant.database_name schema_name = view_grant.schema_name view_name = view_grant.view_name + on_future = view_grant.on_future privilege = privilege } }]...) diff --git a/main.tf b/main.tf index e9ff656..09dc4b7 100644 --- a/main.tf +++ b/main.tf @@ -83,6 +83,7 @@ resource "snowflake_view_grant" "this" { schema_name = each.value.schema_name view_name = each.value.view_name privilege = each.value.privilege + on_future = each.value.on_future roles = [one(snowflake_role.this[*].name)] } diff --git a/variables.tf b/variables.tf index 4354a5f..e20724b 100644 --- a/variables.tf +++ b/variables.tf @@ -83,6 +83,7 @@ variable "view_grants" { database_name = string schema_name = string view_name = optional(string) + on_future = optional(bool) privileges = list(string) })) default = [] From 66f68ae9a5df75d0c7803725edfda968a2e5d6e8 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 11 Jul 2023 16:23:59 +0000 Subject: [PATCH 20/30] terraform-docs: automated action --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b12b644..ceedc24 100644 --- a/README.md +++ b/README.md @@ -95,7 +95,7 @@ module "snowflake_role" { | [table\_grants](#input\_table\_grants) | Grants on a table level | 
list(object({
    database_name = string
    schema_name   = string
    table_name    = optional(string)
    on_future     = optional(bool, false)
    privileges    = list(string)
  }))
| `[]` | no | | [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no | | [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no | -| [view\_grants](#input\_view\_grants) | Grants on a view level | 
list(object({
    database_name = string
    schema_name   = string
    view_name     = optional(string)
    privileges    = list(string)
  }))
| `[]` | no | +| [view\_grants](#input\_view\_grants) | Grants on a view level | 
list(object({
    database_name = string
    schema_name   = string
    view_name     = optional(string)
    on_future     = optional(bool)
    privileges    = list(string)
  }))
| `[]` | no | ## Modules From 1e72d773fcde169b0a49617fd84653133b8c61b9 Mon Sep 17 00:00:00 2001 From: Piotr Sierkin Date: Tue, 11 Jul 2023 18:50:23 +0200 Subject: [PATCH 21/30] fix: pre-commit --- .pre-commit-config.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 0d64bfd..dc5ff18 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -6,6 +6,7 @@ repos: args: - --module - --config=.tflint.hcl + - --chdir=. - id: terraform-validate - id: terraform-fmt From 407b72277e03c6d2892b927560c4791c75c5c025 Mon Sep 17 00:00:00 2001 From: Piotr Sierkin Date: Tue, 11 Jul 2023 18:53:08 +0200 Subject: [PATCH 22/30] test --- .pre-commit-config.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index dc5ff18..5cba7a7 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -3,10 +3,6 @@ repos: rev: "v0.1.17" # Get the latest from: https://github.com/gruntwork-io/pre-commit/releases hooks: - id: tflint - args: - - --module - - --config=.tflint.hcl - - --chdir=. - id: terraform-validate - id: terraform-fmt From 465016ca8e77056699eb8472d107e50da8178c0b Mon Sep 17 00:00:00 2001 From: Piotr Sierkin Date: Tue, 11 Jul 2023 18:58:02 +0200 Subject: [PATCH 23/30] test --- .pre-commit-config.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 5cba7a7..0d64bfd 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -3,6 +3,9 @@ repos: rev: "v0.1.17" # Get the latest from: https://github.com/gruntwork-io/pre-commit/releases hooks: - id: tflint + args: + - --module + - --config=.tflint.hcl - id: terraform-validate - id: terraform-fmt From 35478387fd7627766d73fda8d602a8bafb11e47b Mon Sep 17 00:00:00 2001 From: Piotr Sierkin Date: Tue, 11 Jul 2023 19:02:37 +0200 Subject: [PATCH 24/30] test --- .github/workflows/pre-commit.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 4b6de9a..aae7eca 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -8,6 +8,7 @@ on: env: TERRAFORM_DOCS_VERSION: v0.16.0 + TFLINT_VERSION: v0.45.0 jobs: collectInputs: @@ -79,3 +80,4 @@ jobs: with: terraform-version: ${{ steps.minMax.outputs.maxVersion }} terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }} + tflint-version: ${{ env.TFLINT_VERSION }} From a4b57e1628cf630ba3b354dc6cd16c5fc1d9b4e7 Mon Sep 17 00:00:00 2001 From: Piotr Sierkin Date: Tue, 11 Jul 2023 19:05:36 +0200 Subject: [PATCH 25/30] test --- .github/workflows/pre-commit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index aae7eca..6afea93 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -8,7 +8,7 @@ on: env: TERRAFORM_DOCS_VERSION: v0.16.0 - TFLINT_VERSION: v0.45.0 + TFLINT_VERSION: v0.43.0 jobs: collectInputs: From 02d95dd4275a2aba461b5aa6ad5b74d9bb8d930c Mon Sep 17 00:00:00 2001 From: Piotr Sierkin Date: Tue, 11 Jul 2023 19:08:54 +0200 Subject: [PATCH 26/30] chore: update workflow --- .github/workflows/pre-commit.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 6afea93..6bf9482 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -44,7 +44,7 @@ jobs: - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory != '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.3.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} args: 'terraform-validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*' @@ -52,7 +52,7 @@ jobs: - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory == '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.3.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} args: 'terraform-validate --color=always --show-diff-on-failure --files $(ls *.tf)' @@ -76,7 +76,7 @@ jobs: - run: terraform init - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.3.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3 with: terraform-version: ${{ steps.minMax.outputs.maxVersion }} terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }} From cd37eab0e8939dce8148f4cf7a3d644c53988213 Mon Sep 17 00:00:00 2001 From: Piotr Sierkin Date: Wed, 12 Jul 2023 09:21:29 +0200 Subject: [PATCH 27/30] chore: downgrade workflow version --- .github/workflows/pre-commit.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 6bf9482..e94d3d9 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -44,7 +44,7 @@ jobs: - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory != '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.6.0 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} args: 'terraform-validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*' @@ -52,7 +52,7 @@ jobs: - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory == '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.6.0 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} args: 'terraform-validate --color=always --show-diff-on-failure --files $(ls *.tf)' @@ -76,7 +76,7 @@ jobs: - run: terraform init - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.6.0 with: terraform-version: ${{ steps.minMax.outputs.maxVersion }} terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }} From 0f84e84f5e074733a25e0d92490f7c8d0a9d9a5e Mon Sep 17 00:00:00 2001 From: Piotr Sierkin Date: Wed, 12 Jul 2023 09:28:07 +0200 Subject: [PATCH 28/30] chore: run fmt --- locals.tf | 10 +++++----- main.tf | 12 ++++++------ 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/locals.tf b/locals.tf index d06f859..357cab0 100644 --- a/locals.tf +++ b/locals.tf @@ -46,11 +46,11 @@ locals { view_grants = merge([for view_grant in var.view_grants : { for privilege in view_grant.privileges : "${view_grant.database_name}/${view_grant.schema_name}/${coalesce(view_grant.view_name, "on_future")}/${privilege}" => { - database_name = view_grant.database_name - schema_name = view_grant.schema_name - view_name = view_grant.view_name - on_future = view_grant.on_future - privilege = privilege + database_name = view_grant.database_name + schema_name = view_grant.schema_name + view_name = view_grant.view_name + on_future = view_grant.on_future + privilege = privilege } }]...) } diff --git a/main.tf b/main.tf index 09dc4b7..c54684c 100644 --- a/main.tf +++ b/main.tf @@ -79,12 +79,12 @@ resource "snowflake_external_table_grant" "this" { resource "snowflake_view_grant" "this" { for_each = module.this.enabled ? local.view_grants : {} - database_name = each.value.database_name - schema_name = each.value.schema_name - view_name = each.value.view_name - privilege = each.value.privilege - on_future = each.value.on_future - roles = [one(snowflake_role.this[*].name)] + database_name = each.value.database_name + schema_name = each.value.schema_name + view_name = each.value.view_name + privilege = each.value.privilege + on_future = each.value.on_future + roles = [one(snowflake_role.this[*].name)] } resource "snowflake_account_grant" "this" { From fc26333c5ab9334b0e33d0563c1595cc97870a7f Mon Sep 17 00:00:00 2001 From: Piotr Sierkin Date: Wed, 12 Jul 2023 11:04:10 +0200 Subject: [PATCH 29/30] chore: standarize default value for `on_future` --- variables.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/variables.tf b/variables.tf index e20724b..2db370b 100644 --- a/variables.tf +++ b/variables.tf @@ -59,7 +59,7 @@ variable "table_grants" { database_name = string schema_name = string table_name = optional(string) - on_future = optional(bool, false) + on_future = optional(bool) privileges = list(string) })) default = [] @@ -71,7 +71,7 @@ variable "external_table_grants" { database_name = string schema_name = string external_table_name = optional(string) - on_future = optional(bool, false) + on_future = optional(bool) privileges = list(string) })) default = [] From b760d4b03c3fd1d4f39c637b47d50df03ff7e325 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 12 Jul 2023 09:04:35 +0000 Subject: [PATCH 30/30] terraform-docs: automated action --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ceedc24..3ca1d2e 100644 --- a/README.md +++ b/README.md @@ -77,7 +77,7 @@ module "snowflake_role" { | [descriptor\_name](#input\_descriptor\_name) | Name of the descriptor used to form a resource name | `string` | `"snowflake-role"` | no | | [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | | [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | -| [external\_table\_grants](#input\_external\_table\_grants) | Grants on a external table level | 
list(object({
    database_name       = string
    schema_name         = string
    external_table_name = optional(string)
    on_future           = optional(bool, false)
    privileges          = list(string)
  }))
| `[]` | no | +| [external\_table\_grants](#input\_external\_table\_grants) | Grants on a external table level | 
list(object({
    database_name       = string
    schema_name         = string
    external_table_name = optional(string)
    on_future           = optional(bool)
    privileges          = list(string)
  }))
| `[]` | no | | [granted\_roles](#input\_granted\_roles) | Roles granted to this role | `list(string)` | `[]` | no | | [granted\_to\_roles](#input\_granted\_to\_roles) | Roles which this role is granted to | `list(string)` | `[]` | no | | [granted\_to\_users](#input\_granted\_to\_users) | Users which this role is granted to | `list(string)` | `[]` | no | @@ -92,7 +92,7 @@ module "snowflake_role" { | [role\_ownership\_grant](#input\_role\_ownership\_grant) | The name of the role to grant ownership | `string` | `null` | no | | [schema\_grants](#input\_schema\_grants) | Grants on a schema level | 
list(object({
    database_name = string
    schema_name   = string
    privileges    = list(string)
  }))
| `[]` | no | | [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | -| [table\_grants](#input\_table\_grants) | Grants on a table level | 
list(object({
    database_name = string
    schema_name   = string
    table_name    = optional(string)
    on_future     = optional(bool, false)
    privileges    = list(string)
  }))
| `[]` | no | +| [table\_grants](#input\_table\_grants) | Grants on a table level | 
list(object({
    database_name = string
    schema_name   = string
    table_name    = optional(string)
    on_future     = optional(bool)
    privileges    = list(string)
  }))
| `[]` | no | | [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no | | [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no | | [view\_grants](#input\_view\_grants) | Grants on a view level | 
list(object({
    database_name = string
    schema_name   = string
    view_name     = optional(string)
    on_future     = optional(bool)
    privileges    = list(string)
  }))
| `[]` | no |