diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
index 3363345..eb6ea81 100644
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -11,4 +11,4 @@ on:
jobs:
main:
- uses: getindata/github-workflows/.github/workflows/tf-pre-commit.yml@v1
+ uses: getindata/github-workflows/.github/workflows/tf-pre-commit.yml@v1.1.0
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 62a9646..1e6b876 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,28 +1,25 @@
repos:
- repo: https://github.com/gruntwork-io/pre-commit
- rev: "v0.1.24" # Get the latest from: https://github.com/gruntwork-io/pre-commit/releases
+ rev: "v0.1.25" # Get the latest from: https://github.com/gruntwork-io/pre-commit/releases
hooks:
- id: terraform-validate # It should be the first step as it runs terraform init required by tflint
- id: terraform-fmt
- id: tflint
- args:
- - --module
- #- "--config=__GIT_ROOT__/.tflint.hcl"
- repo: https://github.com/terraform-docs/terraform-docs
- rev: "v0.18.0" # Get the latest from: https://github.com/terraform-docs/terraform-docs/releases
+ rev: "v0.19.0" # Get the latest from: https://github.com/terraform-docs/terraform-docs/releases
hooks:
- id: terraform-docs-go
args: ["."]
- repo: https://github.com/bridgecrewio/checkov.git
- rev: "3.2.213" # Get the latest from: https://github.com/bridgecrewio/checkov/releases
+ rev: "3.2.350" # Get the latest from: https://github.com/bridgecrewio/checkov/releases
hooks:
- id: checkov
args: [--skip-check, "CKV_TF_1"] # Terraform module sources do not use a git url with a commit hash revision
- repo: https://github.com/pre-commit/pre-commit-hooks
- rev: "v4.6.0" # Get the latest from: https://github.com/pre-commit/pre-commit-hooks/releases
+ rev: "v5.0.0" # Get the latest from: https://github.com/pre-commit/pre-commit-hooks/releases
hooks:
- id: check-merge-conflict
args: ["--assume-in-merge"]
diff --git a/README.md b/README.md
index 688348b..c77ea50 100644
--- a/README.md
+++ b/README.md
@@ -137,8 +137,8 @@ List od code and variable (API) changes:
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [account\_grants](#input\_account\_grants) | Grants on a account level | list(object({
all_privileges = optional(bool)
with_grant_option = optional(bool, false)
privileges = optional(list(string), null)
})) | `[]` | no |
-| [account\_objects\_grants](#input\_account\_objects\_grants) | Grants on account object level.
Account objects list: USER \| RESOURCE MONITOR \| WAREHOUSE \| COMPUTE POOL \| DATABASE \| INTEGRATION \| FAILOVER GROUP \| REPLICATION GROUP \| EXTERNAL VOLUME
Object type is used as a key in the map.
Exmpale usage:account_object_grants = {
"WAREHOUSE" = [
{
all_privileges = true
with_grant_option = true
object_name = "TEST_USER"
}
]
"DATABASE" = [
{
privileges = ["CREATE SCHEMA", "CREATE DATABASE ROLE"]
object_name = "TEST_DATABASE"
},
{
privileges = ["CREATE SCHEMA"]
object_name = "OTHER_DATABASE"
}
]
}Note: You can find a list of all object types [here](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/grant_privileges_to_account_role#nested-schema-for-on_account_object) | map(list(object({
all_privileges = optional(bool)
with_grant_option = optional(bool, false)
privileges = optional(list(string), null)
object_name = string
}))) | `{}` | no |
+| [account\_grants](#input\_account\_grants) | Grants on a account level | list(object({
all_privileges = optional(bool)
with_grant_option = optional(bool, false)
privileges = optional(list(string), null)
})) | `[]` | no |
+| [account\_objects\_grants](#input\_account\_objects\_grants) | Grants on account object level.
Account objects list: USER \| RESOURCE MONITOR \| WAREHOUSE \| COMPUTE POOL \| DATABASE \| INTEGRATION \| FAILOVER GROUP \| REPLICATION GROUP \| EXTERNAL VOLUME
Object type is used as a key in the map.
Exmpale usage:account_object_grants = {
"WAREHOUSE" = [
{
all_privileges = true
with_grant_option = true
object_name = "TEST_USER"
}
]
"DATABASE" = [
{
privileges = ["CREATE SCHEMA", "CREATE DATABASE ROLE"]
object_name = "TEST_DATABASE"
},
{
privileges = ["CREATE SCHEMA"]
object_name = "OTHER_DATABASE"
}
]
}Note: You can find a list of all object types [here](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/grant_privileges_to_account_role#nested-schema-for-on_account_object) | map(list(object({
all_privileges = optional(bool)
with_grant_option = optional(bool, false)
privileges = optional(list(string), null)
object_name = string
}))) | `{}` | no |
| [comment](#input\_comment) | Role description | `string` | `null` | no |
| [context\_templates](#input\_context\_templates) | Map of context templates used for naming conventions - this variable supersedes `naming_scheme.properties` and `naming_scheme.delimiter` configuration | `map(string)` | `{}` | no |
| [granted\_database\_roles](#input\_granted\_database\_roles) | Database Roles granted to this role | `list(string)` | `[]` | no |
@@ -146,10 +146,10 @@ List od code and variable (API) changes:
| [granted\_to\_roles](#input\_granted\_to\_roles) | Roles which this role is granted to | `list(string)` | `[]` | no |
| [granted\_to\_users](#input\_granted\_to\_users) | Users which this role is granted to | `list(string)` | `[]` | no |
| [name](#input\_name) | Name of the resource | `string` | n/a | yes |
-| [name\_scheme](#input\_name\_scheme) | Naming scheme configuration for the resource. This configuration is used to generate names using context provider:
- `properties` - list of properties to use when creating the name - is superseded by `var.context_templates`
- `delimiter` - delimited used to create the name from `properties` - is superseded by `var.context_templates`
- `context_template_name` - name of the context template used to create the name
- `replace_chars_regex` - regex to use for replacing characters in property-values created by the provider - any characters that match the regex will be removed from the name
- `extra_values` - map of extra label-value pairs, used to create a name | object({
properties = optional(list(string), ["environment", "name"])
delimiter = optional(string, "_")
context_template_name = optional(string, "snowflake-role")
replace_chars_regex = optional(string, "[^a-zA-Z0-9_]")
extra_values = optional(map(string))
}) | `{}` | no |
+| [name\_scheme](#input\_name\_scheme) | Naming scheme configuration for the resource. This configuration is used to generate names using context provider:
- `properties` - list of properties to use when creating the name - is superseded by `var.context_templates`
- `delimiter` - delimited used to create the name from `properties` - is superseded by `var.context_templates`
- `context_template_name` - name of the context template used to create the name
- `replace_chars_regex` - regex to use for replacing characters in property-values created by the provider - any characters that match the regex will be removed from the name
- `extra_values` - map of extra label-value pairs, used to create a name
- `uppercase` - convert name to uppercase | object({
properties = optional(list(string), ["environment", "name"])
delimiter = optional(string, "_")
context_template_name = optional(string, "snowflake-role")
replace_chars_regex = optional(string, "[^a-zA-Z0-9_]")
extra_values = optional(map(string))
uppercase = optional(bool, true)
}) | `{}` | no |
| [role\_ownership\_grant](#input\_role\_ownership\_grant) | The name of the role to grant ownership | `string` | `null` | no |
-| [schema\_grants](#input\_schema\_grants) | Grants on a schema level | list(object({
all_privileges = optional(bool)
with_grant_option = optional(bool, false)
privileges = optional(list(string), null)
all_schemas_in_database = optional(bool, false)
future_schemas_in_database = optional(bool, false)
database_name = string
schema_name = optional(string, null)
})) | `[]` | no |
-| [schema\_objects\_grants](#input\_schema\_objects\_grants) | Grants on a schema object level
Example usage:schema_objects_grants = {
"TABLE" = [
{
privileges = ["SELECT"]
object_name = snowflake_table.table_1.name
schema_name = snowflake_schema.this.name
},
{
all_privileges = true
object_name = snowflake_table.table_2.name
schema_name = snowflake_schema.this.name
}
]
"ALERT" = [
{
all_privileges = true
on_future = true
on_all = true
}
]
}Note: If you don't provide a schema\_name, the grants will be created for all objects of that type in the database.
You can find a list of all object types [here](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/grant_privileges_to_database_role#object_type) | map(list(object({
all_privileges = optional(bool)
with_grant_option = optional(bool)
privileges = optional(list(string))
object_name = optional(string)
on_all = optional(bool, false)
schema_name = optional(string)
database_name = string
on_future = optional(bool, false)
}))) | `{}` | no |
+| [schema\_grants](#input\_schema\_grants) | Grants on a schema level | list(object({
all_privileges = optional(bool)
with_grant_option = optional(bool, false)
privileges = optional(list(string), null)
all_schemas_in_database = optional(bool, false)
future_schemas_in_database = optional(bool, false)
database_name = string
schema_name = optional(string, null)
})) | `[]` | no |
+| [schema\_objects\_grants](#input\_schema\_objects\_grants) | Grants on a schema object level
Example usage:schema_objects_grants = {
"TABLE" = [
{
privileges = ["SELECT"]
object_name = snowflake_table.table_1.name
schema_name = snowflake_schema.this.name
},
{
all_privileges = true
object_name = snowflake_table.table_2.name
schema_name = snowflake_schema.this.name
}
]
"ALERT" = [
{
all_privileges = true
on_future = true
on_all = true
}
]
}Note: If you don't provide a schema\_name, the grants will be created for all objects of that type in the database.
You can find a list of all object types [here](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/grant_privileges_to_database_role#object_type) | map(list(object({
all_privileges = optional(bool)
with_grant_option = optional(bool)
privileges = optional(list(string))
object_name = optional(string)
on_all = optional(bool, false)
schema_name = optional(string)
database_name = string
on_future = optional(bool, false)
}))) | `{}` | no |
## Modules
@@ -166,7 +166,7 @@ No modules.
| Name | Version |
|------|---------|
| [context](#provider\_context) | >=0.4.0 |
-| [snowflake](#provider\_snowflake) | ~> 0.94 |
+| [snowflake](#provider\_snowflake) | >= 0.94 |
## Requirements
@@ -174,7 +174,7 @@ No modules.
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3 |
| [context](#requirement\_context) | >=0.4.0 |
-| [snowflake](#requirement\_snowflake) | ~> 0.94 |
+| [snowflake](#requirement\_snowflake) | >= 0.94 |
## Resources
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index e779af5..565f720 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -158,13 +158,14 @@ module "snowflake_role_1" {
module "snowflake_role_2" {
source = "../../"
- name = "SAMPLE_TEST_2"
+ name = "sample_test_2"
context_templates = var.context_templates
name_scheme = {
context_template_name = "snowflake-project-role"
extra_values = {
- project = "PROJECT"
+ project = "project"
}
+ uppercase = false
}
account_grants = [
@@ -186,7 +187,7 @@ module "snowflake_role_2" {
module "snowflake_role_3" {
source = "../../"
- name = "SAMPLE-TEST-3"
+ name = "sample-test-3"
name_scheme = {
properties = ["name", "schema", "environment"]
delimiter = "_"
diff --git a/main.tf b/main.tf
index 96b3cb1..93e6781 100644
--- a/main.tf
+++ b/main.tf
@@ -12,7 +12,7 @@ data "context_label" "this" {
}
resource "snowflake_account_role" "this" {
- name = data.context_label.this.rendered
+ name = var.name_scheme.uppercase ? upper(data.context_label.this.rendered) : data.context_label.this.rendered
comment = var.comment
}
moved {
diff --git a/variables.tf b/variables.tf
index d28eeca..949d20c 100644
--- a/variables.tf
+++ b/variables.tf
@@ -182,6 +182,7 @@ variable "name_scheme" {
- `context_template_name` - name of the context template used to create the name
- `replace_chars_regex` - regex to use for replacing characters in property-values created by the provider - any characters that match the regex will be removed from the name
- `extra_values` - map of extra label-value pairs, used to create a name
+ - `uppercase` - convert name to uppercase
EOT
type = object({
properties = optional(list(string), ["environment", "name"])
@@ -189,6 +190,7 @@ variable "name_scheme" {
context_template_name = optional(string, "snowflake-role")
replace_chars_regex = optional(string, "[^a-zA-Z0-9_]")
extra_values = optional(map(string))
+ uppercase = optional(bool, true)
})
default = {}
}
diff --git a/versions.tf b/versions.tf
index 77e3221..a0f09f7 100644
--- a/versions.tf
+++ b/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
snowflake = {
source = "Snowflake-Labs/snowflake"
- version = "~> 0.94"
+ version = ">= 0.94"
}
context = {
source = "cloudposse/context"