generated from getindata/terraform-module-template
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathlocals.tf
73 lines (66 loc) · 1.89 KB
/
locals.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
locals {
context_template = lookup(var.context_templates, var.name_scheme.context_template_name, null)
default_role_naming_scheme = {
properties = ["prefix", "environment", "warehouse", "name"]
context_template_name = "snowflake-warehouse-role"
extra_values = {
prefix = "whs"
warehouse = var.name
}
uppercase = var.name_scheme.uppercase
}
default_roles_definition = {
usage = {
comment = null
granted_roles = []
warehouse_grants = {
all_privileges = null
privileges = ["USAGE", "OPERATE"]
with_grant_option = false
}
},
monitor = {
comment = null
granted_roles = []
warehouse_grants = {
privileges = ["MONITOR"]
all_privileges = null
with_grant_option = false
}
},
admin = {
comment = null
granted_roles = []
warehouse_grants = {
all_privileges = true
privileges = null
with_grant_option = false
}
}
}
provided_roles = { for role_name, role in var.roles : role_name => {
for k, v in role : k => v
if v != null
} }
roles_definition = module.roles_deep_merge.merged
default_roles = {
for role_name, role in local.roles_definition : role_name => role
if contains(keys(local.default_roles_definition), role_name) && var.create_default_roles
}
custom_roles = {
for role_name, role in local.roles_definition : role_name => role
if !contains(keys(local.default_roles_definition), role_name)
}
roles = {
for role_name, role in merge(
module.snowflake_default_role,
module.snowflake_custom_role
) : role_name => role
if role_name != null
}
}
module "roles_deep_merge" {
source = "Invicton-Labs/deepmerge/null"
version = "0.1.5"
maps = [local.default_roles_definition, local.provided_roles]
}