generated from getindata/terraform-module-template
-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.tf
215 lines (186 loc) · 7.46 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
variable "name" {
description = "Name of the resource"
type = string
}
variable "type" {
description = "Type of the user. Valid values are PERSON, SERVICE, LEGACY_SERVICE"
type = string
default = "PERSON"
validation {
condition = contains(["PERSON", "SERVICE", "LEGACY_SERVICE"], var.type)
error_message = "Only PERSON, SERVICE, LEGACY_SERVICE values are supported by Snowflake provider."
}
}
variable "login_name" {
description = "The name users use to log in. If not supplied, snowflake will use name instead."
type = string
default = null
}
variable "display_name" {
description = "Name displayed for the user in the Snowflake web interface."
type = string
default = null
}
variable "comment" {
description = "Comment / description of Snowflake user"
type = string
default = null
}
variable "email" {
description = "Email address for the user"
type = string
default = null
}
variable "first_name" {
description = "First name of the user (works only with `type = PERSON`)"
type = string
default = null
}
variable "middle_name" {
description = "Middle name of the user (works only with `type = PERSON`)"
type = string
default = null
}
variable "last_name" {
description = "Last name of the user (works only with `type = PERSON`)"
type = string
default = null
}
variable "default_namespace" {
description = "Specifies the namespace (database only or database and schema) that is active by default for the user's session upon login."
type = string
default = null
}
variable "default_warehouse" {
description = "Specifies the virtual warehouse that is active by default for the user's session upon login."
type = string
default = null
}
variable "default_role" {
description = "Specifies the role that is active by default for the user's session upon login."
type = string
default = null
}
variable "default_secondary_roles_option" {
description = <<EOT
Specifies the secondary roles that are active for the user’s session upon login.
Valid values are (case-insensitive): DEFAULT | NONE | ALL
EOT
type = string
default = "DEFAULT"
validation {
condition = contains(["DEFAULT", "ALL", "NONE"], var.default_secondary_roles_option)
error_message = "Only DEFAULT | NONE | ALL value is supported by Snowflake provider."
}
}
variable "rsa_public_key" {
description = "Specifies the user's RSA public key; used for key-pair authentication. Must be on 1 line without header and trailer."
type = string
default = null
}
variable "rsa_public_key_2" {
description = <<EOT
Specifies the user's second RSA public key; used to rotate the public and private keys
for key-pair authentication based on an expiration schedule set by your organization.
Must be on 1 line without header and trailer."
EOT
type = string
default = null
}
variable "generate_rsa_key" {
description = <<EOT
Whether automatically generate an RSA key - IMPORTANT
The private key generated by this resource will be stored
unencrypted in your Terraform state file.
Use of this resource for production deployments is not recommended.
EOT
type = bool
default = false
}
variable "generate_password" {
description = "Generate a random password using Terraform"
type = bool
default = false
}
variable "must_change_password" {
description = "Should the user change the password on login. Should be set to true for non service account users"
type = bool
default = true
}
variable "grant_default_roles" {
description = "Whether to grant default_role to Snowflake User"
type = bool
default = true
}
variable "ignore_changes_on_defaults" {
description = "Whether to ignore configuration of `default_warehouse`, `default_role` and `default_namespace` (works only with `type = PERSON`)"
type = bool
default = false
}
variable "query_tag" {
description = "Optional string that can be used to tag queries and other SQL statements executed within a session."
type = string
default = null
}
variable "timezone" {
description = "Specifies the time zone for the session. You can specify a time zone name or a link name from release 2021a of the IANA Time Zone Database (e.g. America/Los_Angeles, Europe/London, UTC, Etc/GMT, etc.)."
type = string
default = null
}
variable "network_policy" {
description = " Specifies the network policy to enforce for your account. Network policies enable restricting access to your account based on users’ IP address."
type = string
default = null
}
variable "trace_level" {
description = "Controls how trace events are ingested into the event table."
type = string
default = null
}
variable "log_level" {
description = "Specifies the severity level of messages that should be ingested and made available in the active event table. Messages at the specified level (and at more severe levels) are ingested."
type = string
default = null
}
variable "enable_unredacted_query_syntax_error" {
description = <<EOT
Controls whether query text is redacted if a SQL query fails due to a syntax or parsing error. If FALSE, the content of a failed query is redacted in the views, pages, and functions that provide a query history.
Only users with a role that is granted or inherits the AUDIT privilege can set the ENABLE_UNREDACTED_QUERY_SYNTAX_ERROR parameter.
When using the ALTER USER command to set the parameter to TRUE for a particular user, modify the user that you want to see the query text, not the user who executed the query (if those are different users).
EOT
type = bool
default = null
}
variable "disable_mfa" {
description = "Disable Multi-Factor Authentication for the user (works only with `type = PERSON`)"
type = bool
default = false
}
variable "disabled" {
description = "Specifies whether the user is disabled, which prevents logging in and aborts all the currently-running queries for the user."
type = bool
default = false
}
variable "name_scheme" {
description = <<EOT
Naming scheme configuration for the resource. This configuration is used to generate names using context provider:
- `properties` - list of properties to use when creating the name - is superseded by `var.context_templates`
- `delimiter` - delimited used to create the name from `properties` - is superseded by `var.context_templates`
- `context_template_name` - name of the context template used to create the name
- `replace_chars_regex` - regex to use for replacing characters in property-values created by the provider - any characters that match the regex will be removed from the name
- `extra_values` - map of extra label-value pairs, used to create a name
EOT
type = object({
properties = optional(list(string), ["environment", "name"])
delimiter = optional(string, "_")
context_template_name = optional(string, "snowflake-user")
replace_chars_regex = optional(string, "[^a-zA-Z0-9_]")
extra_values = optional(map(string))
})
default = {}
}
variable "context_templates" {
description = "Map of context templates used for naming conventions - this variable supersedes `naming_scheme.properties` and `naming_scheme.delimiter` configuration"
type = map(string)
default = {}
}