Merge pull request #20 from getindata/feature/add_dynamic_tables_opti…

…mize_permissions_and_refactor

feat: Bump snowflake-role module, add dynamic_table support, refactor grants for existing objects

README.md

@@ -109,7 +109,7 @@ which can be executed manually in Snowflake account.
 | <a name="input_name"></a> [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.<br>This is the only ID element not also included as a `tag`.<br>The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
 | <a name="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.<br>Characters matching the regex will be removed from the ID elements.<br>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
-| <a name="input_roles"></a> [roles](#input\_roles) | Roles created in the scheme scope | <pre>map(object({<br>    enabled                        = optional(bool, true)<br>    comment                        = optional(string)<br>    role_ownership_grant           = optional(string)<br>    granted_roles                  = optional(list(string))<br>    granted_to_roles               = optional(list(string))<br>    granted_to_users               = optional(list(string))<br>    add_grants_to_existing_objects = optional(bool)<br>    schema_grants                  = optional(list(string))<br>    table_grants                   = optional(list(string))<br>    external_table_grants          = optional(list(string))<br>    view_grants                    = optional(list(string))<br>    materialized_view_grants       = optional(list(string))<br>    file_format_grants             = optional(list(string))<br>    function_grants                = optional(list(string))<br>    stage_grants                   = optional(list(string))<br>    task_grants                    = optional(list(string))<br>    procedure_grants               = optional(list(string))<br>    sequence_grants                = optional(list(string))<br>    stream_grants                  = optional(list(string))<br>  }))</pre> | `{}` | no |
+| <a name="input_roles"></a> [roles](#input\_roles) | Roles created in the scheme scope | <pre>map(object({<br>    enabled                        = optional(bool, true)<br>    comment                        = optional(string)<br>    role_ownership_grant           = optional(string)<br>    granted_roles                  = optional(list(string))<br>    granted_to_roles               = optional(list(string))<br>    granted_to_users               = optional(list(string))<br>    add_grants_to_existing_objects = optional(bool)<br>    schema_grants                  = optional(list(string))<br>    table_grants                   = optional(list(string))<br>    dynamic_table_grants           = optional(list(string))<br>    external_table_grants          = optional(list(string))<br>    view_grants                    = optional(list(string))<br>    materialized_view_grants       = optional(list(string))<br>    file_format_grants             = optional(list(string))<br>    function_grants                = optional(list(string))<br>    stage_grants                   = optional(list(string))<br>    task_grants                    = optional(list(string))<br>    procedure_grants               = optional(list(string))<br>    sequence_grants                = optional(list(string))<br>    stream_grants                  = optional(list(string))<br>  }))</pre> | `{}` | no |
 | <a name="input_skip_schema_creation"></a> [skip\_schema\_creation](#input\_skip\_schema\_creation) | Should schema creation be skipped but allow all other resources to be created. Useful if schema already exsists but you want to add e.g. access roles | `bool` | `false` | no |
 | <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
 | <a name="input_stages"></a> [stages](#input\_stages) | Stages to be created in the schema | <pre>map(object({<br>    enabled              = optional(bool, true)<br>    descriptor_name      = optional(string, "snowflake-stage")<br>    aws_external_id      = optional(string)<br>    comment              = optional(string)<br>    copy_options         = optional(string)<br>    credentials          = optional(string)<br>    directory            = optional(string)<br>    encryption           = optional(string)<br>    file_format          = optional(string)<br>    snowflake_iam_user   = optional(string)<br>    storage_integration  = optional(string)<br>    url                  = optional(string)<br>    create_default_roles = optional(bool)<br>    roles = optional(map(object({<br>      enabled              = optional(bool, true)<br>      comment              = optional(string)<br>      role_ownership_grant = optional(string)<br>      granted_roles        = optional(list(string))<br>      granted_to_roles     = optional(list(string))<br>      granted_to_users     = optional(list(string))<br>      stage_grants         = optional(list(string))<br>    })), {})<br>  }))</pre> | `{}` | no |
@@ -122,8 +122,8 @@ which can be executed manually in Snowflake account.
 |------|--------|---------|
 | <a name="module_roles_deep_merge"></a> [roles\_deep\_merge](#module\_roles\_deep\_merge) | Invicton-Labs/deepmerge/null | 0.1.5 |
 | <a name="module_schema_label"></a> [schema\_label](#module\_schema\_label) | cloudposse/label/null | 0.25.0 |
-| <a name="module_snowflake_custom_role"></a> [snowflake\_custom\_role](#module\_snowflake\_custom\_role) | getindata/role/snowflake | 1.0.3 |
-| <a name="module_snowflake_default_role"></a> [snowflake\_default\_role](#module\_snowflake\_default\_role) | getindata/role/snowflake | 1.0.3 |
+| <a name="module_snowflake_custom_role"></a> [snowflake\_custom\_role](#module\_snowflake\_custom\_role) | getindata/role/snowflake | 1.3.0 |
+| <a name="module_snowflake_default_role"></a> [snowflake\_default\_role](#module\_snowflake\_default\_role) | getindata/role/snowflake | 1.3.0 |
 | <a name="module_snowflake_stage"></a> [snowflake\_stage](#module\_snowflake\_stage) | getindata/stage/snowflake | 1.0.0 |
 | <a name="module_this"></a> [this](#module\_this) | cloudposse/label/null | 0.25.0 |
 
@@ -137,8 +137,6 @@ which can be executed manually in Snowflake account.
 | <a name="output_is_transient"></a> [is\_transient](#output\_is\_transient) | Is schema transient |
 | <a name="output_name"></a> [name](#output\_name) | Name of the schema |
 | <a name="output_roles"></a> [roles](#output\_roles) | Snowflake Roles |
-| <a name="output_roles_grant_on_all_statements"></a> [roles\_grant\_on\_all\_statements](#output\_roles\_grant\_on\_all\_statements) | Generates GRANT ON ALL type of statements according to provided role definitions.<br>    This is useful if the module is created with `skip_schema_creation` option in cases like zero-copy clone<br>    and all access roles are meant to be created.<br>    Related Snowflake provider GitHub issue:<br>    https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/250 |
-| <a name="output_roles_revoke_on_all_statements"></a> [roles\_revoke\_on\_all\_statements](#output\_roles\_revoke\_on\_all\_statements) | Generates REVOKE ON ALL type of statements according to provided role definitions.<br>    This is useful if the module is created with `skip_schema_creation` option in cases like zero-copy clone<br>    and all access roles are meant to be created.<br>    Related Snowflake provider GitHub issue:<br>    https://github.com/Snowflake-Labs/terraform-provider-snowflake/issues/250 |
 | <a name="output_stages"></a> [stages](#output\_stages) | Schema stages |
 
 ## Providers
@@ -160,25 +158,30 @@ which can be executed manually in Snowflake account.
 |------|------|
 | [snowflake_external_table_grant.existing](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/external_table_grant) | resource |
 | [snowflake_external_table_grant.this](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/external_table_grant) | resource |
+| [snowflake_file_format_grant.existing](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/file_format_grant) | resource |
 | [snowflake_file_format_grant.this](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/file_format_grant) | resource |
+| [snowflake_function_grant.existing](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/function_grant) | resource |
 | [snowflake_function_grant.this](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/function_grant) | resource |
+| [snowflake_grant_privileges_to_role.dynamic_table](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/grant_privileges_to_role) | resource |
+| [snowflake_grant_privileges_to_role.existing_dynamic_table](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/grant_privileges_to_role) | resource |
 | [snowflake_materialized_view_grant.existing](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/materialized_view_grant) | resource |
 | [snowflake_materialized_view_grant.this](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/materialized_view_grant) | resource |
+| [snowflake_procedure_grant.existing](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/procedure_grant) | resource |
 | [snowflake_procedure_grant.this](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/procedure_grant) | resource |
 | [snowflake_schema.this](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/schema) | resource |
 | [snowflake_schema_grant.this](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/schema_grant) | resource |
+| [snowflake_sequence_grant.existing](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/sequence_grant) | resource |
 | [snowflake_sequence_grant.this](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/sequence_grant) | resource |
+| [snowflake_stage_grant.existing](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/stage_grant) | resource |
 | [snowflake_stage_grant.this](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/stage_grant) | resource |
+| [snowflake_stream_grant.existing](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/stream_grant) | resource |
 | [snowflake_stream_grant.this](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/stream_grant) | resource |
 | [snowflake_table_grant.existing](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/table_grant) | resource |
 | [snowflake_table_grant.this](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/table_grant) | resource |
+| [snowflake_task_grant.existing](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/task_grant) | resource |
 | [snowflake_task_grant.this](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/task_grant) | resource |
 | [snowflake_view_grant.existing](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/view_grant) | resource |
 | [snowflake_view_grant.this](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/view_grant) | resource |
-| [snowflake_external_tables.this](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/data-sources/external_tables) | data source |
-| [snowflake_materialized_views.this](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/data-sources/materialized_views) | data source |
-| [snowflake_tables.this](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/data-sources/tables) | data source |
-| [snowflake_views.this](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/data-sources/views) | data source |
 <!-- END_TF_DOCS -->
 
 ## CONTRIBUTING