Skip to content

Latest commit

 

History

History

complete

README.md

Complete Example

resource "snowflake_database" "this" {
  name = "TEST_DB"
}

resource "snowflake_schema" "this" {
  database = snowflake_database.this.name
  name     = "BRONZE"
}

resource "snowflake_table" "table_1" {
  database = snowflake_schema.this.database
  schema   = snowflake_schema.this.name
  name     = "TEST_TABLE_1"

  column {
    name     = "identity"
    type     = "NUMBER(38,0)"
    nullable = true

    identity {
      start_num = 1
      step_num  = 3
    }
  }
}

resource "snowflake_table" "table_2" {
  database = snowflake_schema.this.database
  schema   = snowflake_schema.this.name
  name     = "TEST_TABLE_2"

  column {
    name     = "identity"
    type     = "NUMBER(38,0)"
    nullable = true

    identity {
      start_num = 1
      step_num  = 3
    }
  }
}

resource "snowflake_database_role" "db_role_1" {
  database = snowflake_database.this.name
  name     = "DB_ROLE_1"
}

resource "snowflake_database_role" "db_role_2" {
  database = snowflake_database.this.name
  name     = "DB_ROLE_2"
}

resource "snowflake_database_role" "db_role_3" {
  database = snowflake_database.this.name
  name     = "DB_ROLE_3"
}

module "snowflake_database_role" {
  source  = "../../"
  context = module.this.context

  database_name = snowflake_database.this.name
  name          = "TEST_DB_ROLE"


  parent_database_role = snowflake_database_role.db_role_1.name
  granted_database_roles = [
    snowflake_database_role.db_role_2.name,
    snowflake_database_role.db_role_3.name
  ]
  database_grants = [
    {
      privileges = ["USAGE", "CREATE SCHEMA"]
    },
  ]

  schema_grants = [
    {
      schema_name = snowflake_schema.this.name
      privileges  = ["USAGE"]
    },
    {
      future_schemas_in_database = true
      all_schemas_in_database    = true
      privileges                 = ["USAGE"]
    },
  ]

  schema_objects_grants = {
    "TABLE" = [
      {
        privileges  = ["SELECT"]
        object_name = snowflake_table.table_1.name
        schema_name = snowflake_schema.this.name
      },
      {
        all_privileges = true
        object_name    = snowflake_table.table_2.name
        schema_name    = snowflake_schema.this.name
      }
    ]
    "ALERT" = [
      {
        all_privileges = true
        on_future      = true
        on_all         = true
      }
    ]
  }
}

Usage

terraform init
terraform plan -out tfplan
terraform apply tfplan

Inputs

Name Description Type Default Required
context_templates A map of context templates to use for generating user names map(string) n/a yes

Modules

Name Source Version
snowflake_database_role_1 ../../ n/a
snowflake_database_role_2 ../../ n/a
snowflake_database_role_3 ../../ n/a

Outputs

Name Description
snowflake_database_role_1 Snowflake database role outputs
snowflake_database_role_2 Snowflake database role outputs
snowflake_database_role_3 Snowflake database role outputs

Providers

Name Version
snowflake >=0.90

Requirements

Name Version
terraform >= 1.3
context >=0.4.0
snowflake >=0.90

Resources

Name Type
snowflake_account_role.role_1 resource
snowflake_account_role.role_2 resource
snowflake_database.this resource
snowflake_database_role.db_role_1 resource
snowflake_database_role.db_role_2 resource
snowflake_database_role.db_role_3 resource
snowflake_grant_privileges_to_share.this resource
snowflake_schema.this resource
snowflake_share.this resource
snowflake_table.table_1 resource
snowflake_table.table_2 resource