Skip to content

Commit 35da2c9

Browse files
dgniewekdgniewek
authored
Merge pull request #25 from getindata/feature/bump_database_version-add_grants_to_existing_objects
feat: Bump snowflake-schema version and add support for add_grants_to_existing_objects feature flag
2 parents c0572e9 + 6839eff commit 35da2c9

File tree

3 files changed

+28
-25
lines changed

3 files changed

+28
-25
lines changed

README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -75,7 +75,7 @@ module "snowflake_database" {
7575
| <a name="input_namespace"></a> [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
7676
| <a name="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.<br>Characters matching the regex will be removed from the ID elements.<br>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
7777
| <a name="input_roles"></a> [roles](#input\_roles) | Roles created in the database scope | <pre>map(object({<br> enabled = optional(bool, true)<br> descriptor_name = optional(string, "snowflake-role")<br> comment = optional(string)<br> role_ownership_grant = optional(string)<br> granted_roles = optional(list(string))<br> granted_to_roles = optional(list(string))<br> granted_to_users = optional(list(string))<br> database_grants = optional(list(string))<br> schema_grants = optional(list(string))<br> }))</pre> | `{}` | no |
78-
| <a name="input_schemas"></a> [schemas](#input\_schemas) | Schemas to be created in the database | <pre>map(object({<br> enabled = optional(bool, true)<br> skip_schema_creation = optional(bool, false)<br> descriptor_name = optional(string, "snowflake-schema")<br> comment = optional(string)<br> data_retention_days = optional(number, 1)<br> is_transient = optional(bool, false)<br> is_managed = optional(bool, false)<br> stages = optional(map(object({<br> enabled = optional(bool, true)<br> descriptor_name = optional(string, "snowflake-stage")<br> aws_external_id = optional(string)<br> comment = optional(string)<br> copy_options = optional(string)<br> credentials = optional(string)<br> directory = optional(string)<br> encryption = optional(string)<br> file_format = optional(string)<br> snowflake_iam_user = optional(string)<br> storage_integration = optional(string)<br> url = optional(string)<br> create_default_roles = optional(bool)<br> roles = optional(map(object({<br> enabled = optional(bool, true)<br> descriptor_name = optional(string, "snowflake-role")<br> comment = optional(string)<br> role_ownership_grant = optional(string)<br> granted_roles = optional(list(string))<br> granted_to_roles = optional(list(string))<br> granted_to_users = optional(list(string))<br> stage_grants = optional(list(string))<br> })), {})<br> })), {})<br> create_default_roles = optional(bool)<br> roles = optional(map(object({<br> enabled = optional(bool, true)<br> descriptor_name = optional(string, "snowflake-role")<br> comment = optional(string)<br> role_ownership_grant = optional(string)<br> granted_roles = optional(list(string))<br> granted_to_roles = optional(list(string))<br> granted_to_users = optional(list(string))<br> schema_grants = optional(list(string))<br> table_grants = optional(list(string))<br> external_table_grants = optional(list(string))<br> view_grants = optional(list(string))<br> materialized_view_grants = optional(list(string))<br> file_format_grants = optional(list(string))<br> function_grants = optional(list(string))<br> stage_grants = optional(list(string))<br> task_grants = optional(list(string))<br> procedure_grants = optional(list(string))<br> sequence_grants = optional(list(string))<br> stream_grants = optional(list(string))<br> })), {})<br> }))</pre> | `{}` | no |
78+
| <a name="input_schemas"></a> [schemas](#input\_schemas) | Schemas to be created in the database | <pre>map(object({<br> enabled = optional(bool, true)<br> skip_schema_creation = optional(bool, false)<br> descriptor_name = optional(string, "snowflake-schema")<br> comment = optional(string)<br> data_retention_days = optional(number, 1)<br> is_transient = optional(bool, false)<br> is_managed = optional(bool, false)<br> stages = optional(map(object({<br> enabled = optional(bool, true)<br> descriptor_name = optional(string, "snowflake-stage")<br> aws_external_id = optional(string)<br> comment = optional(string)<br> copy_options = optional(string)<br> credentials = optional(string)<br> directory = optional(string)<br> encryption = optional(string)<br> file_format = optional(string)<br> snowflake_iam_user = optional(string)<br> storage_integration = optional(string)<br> url = optional(string)<br> create_default_roles = optional(bool)<br> roles = optional(map(object({<br> enabled = optional(bool, true)<br> descriptor_name = optional(string, "snowflake-role")<br> comment = optional(string)<br> role_ownership_grant = optional(string)<br> granted_roles = optional(list(string))<br> granted_to_roles = optional(list(string))<br> granted_to_users = optional(list(string))<br> stage_grants = optional(list(string))<br> })), {})<br> })), {})<br> create_default_roles = optional(bool)<br> add_grants_to_existing_objects = optional(bool)<br> roles = optional(map(object({<br> enabled = optional(bool, true)<br> descriptor_name = optional(string, "snowflake-role")<br> comment = optional(string)<br> role_ownership_grant = optional(string)<br> granted_roles = optional(list(string))<br> granted_to_roles = optional(list(string))<br> granted_to_users = optional(list(string))<br> add_grants_to_existing_objects = optional(bool)<br> schema_grants = optional(list(string))<br> table_grants = optional(list(string))<br> external_table_grants = optional(list(string))<br> view_grants = optional(list(string))<br> materialized_view_grants = optional(list(string))<br> file_format_grants = optional(list(string))<br> function_grants = optional(list(string))<br> stage_grants = optional(list(string))<br> task_grants = optional(list(string))<br> procedure_grants = optional(list(string))<br> sequence_grants = optional(list(string))<br> stream_grants = optional(list(string))<br> })), {})<br> }))</pre> | `{}` | no |
7979
| <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
8080
| <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).<br>Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |
8181
| <a name="input_tenant"></a> [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no |
@@ -88,7 +88,7 @@ module "snowflake_database" {
8888
| <a name="module_roles_deep_merge"></a> [roles\_deep\_merge](#module\_roles\_deep\_merge) | Invicton-Labs/deepmerge/null | 0.1.5 |
8989
| <a name="module_snowflake_custom_role"></a> [snowflake\_custom\_role](#module\_snowflake\_custom\_role) | getindata/role/snowflake | 1.0.3 |
9090
| <a name="module_snowflake_default_role"></a> [snowflake\_default\_role](#module\_snowflake\_default\_role) | getindata/role/snowflake | 1.0.3 |
91-
| <a name="module_snowflake_schema"></a> [snowflake\_schema](#module\_snowflake\_schema) | getindata/schema/snowflake | 1.4.0 |
91+
| <a name="module_snowflake_schema"></a> [snowflake\_schema](#module\_snowflake\_schema) | getindata/schema/snowflake | 1.5.0 |
9292
| <a name="module_this"></a> [this](#module\_this) | cloudposse/label/null | 0.25.0 |
9393

9494
## Outputs

main.tf

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -64,7 +64,7 @@ module "snowflake_schema" {
6464
for_each = local.schemas
6565

6666
source = "getindata/schema/snowflake"
67-
version = "1.4.0"
67+
version = "1.5.0"
6868

6969
context = module.this.context
7070
enabled = local.enabled && each.value.enabled
@@ -80,8 +80,9 @@ module "snowflake_schema" {
8080

8181
stages = each.value.stages
8282

83-
create_default_roles = coalesce(each.value.create_default_roles, var.create_default_roles)
84-
roles = each.value.roles
83+
create_default_roles = coalesce(each.value.create_default_roles, var.create_default_roles)
84+
add_grants_to_existing_objects = coalesce(each.value.add_grants_to_existing_objects, false)
85+
roles = each.value.roles
8586
}
8687

8788
resource "snowflake_database_grant" "this" {

variables.tf

Lines changed: 22 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -100,27 +100,29 @@ variable "schemas" {
100100
stage_grants = optional(list(string))
101101
})), {})
102102
})), {})
103-
create_default_roles = optional(bool)
103+
create_default_roles = optional(bool)
104+
add_grants_to_existing_objects = optional(bool)
104105
roles = optional(map(object({
105-
enabled = optional(bool, true)
106-
descriptor_name = optional(string, "snowflake-role")
107-
comment = optional(string)
108-
role_ownership_grant = optional(string)
109-
granted_roles = optional(list(string))
110-
granted_to_roles = optional(list(string))
111-
granted_to_users = optional(list(string))
112-
schema_grants = optional(list(string))
113-
table_grants = optional(list(string))
114-
external_table_grants = optional(list(string))
115-
view_grants = optional(list(string))
116-
materialized_view_grants = optional(list(string))
117-
file_format_grants = optional(list(string))
118-
function_grants = optional(list(string))
119-
stage_grants = optional(list(string))
120-
task_grants = optional(list(string))
121-
procedure_grants = optional(list(string))
122-
sequence_grants = optional(list(string))
123-
stream_grants = optional(list(string))
106+
enabled = optional(bool, true)
107+
descriptor_name = optional(string, "snowflake-role")
108+
comment = optional(string)
109+
role_ownership_grant = optional(string)
110+
granted_roles = optional(list(string))
111+
granted_to_roles = optional(list(string))
112+
granted_to_users = optional(list(string))
113+
add_grants_to_existing_objects = optional(bool)
114+
schema_grants = optional(list(string))
115+
table_grants = optional(list(string))
116+
external_table_grants = optional(list(string))
117+
view_grants = optional(list(string))
118+
materialized_view_grants = optional(list(string))
119+
file_format_grants = optional(list(string))
120+
function_grants = optional(list(string))
121+
stage_grants = optional(list(string))
122+
task_grants = optional(list(string))
123+
procedure_grants = optional(list(string))
124+
sequence_grants = optional(list(string))
125+
stream_grants = optional(list(string))
124126
})), {})
125127
}))
126128
default = {}

0 commit comments

Comments
 (0)