GRANT SELECT TO ALL #284
Comments
aaronsteers
added
the
feature-request
|
Would love to help implement this! |
|
It would be great to have this! |
|
Would be great to have |
|
Having this would be awesome |
|
+1 on the awesomeness of having something like this 👍 |
|
+1 - I can specify that I want to grant select on all future tables, but not all existing ones! Would like the same functionality applied to snowflake_schema_grant too (e.g., grant usage on all schemas in database blah) |
|
Hey @tnightengale, @JimFawkes, @a2m1, @JavierLopezT, @juangesino , and @gnilrets... I just created a provider that allows us to declare resource "snowsql_exec" "dcl" {
name = local.name
create {
statements = <<-EOT
GRANT ALL PRIVILEGES ON ALL TABLES IN DATABASE ${snowflake_database.database.name} TO ROLE ${snowflake_role.role.name};
GRANT ALL PRIVILEGES ON FUTURE TABLES IN DATABASE ${snowflake_database.database.name} TO ROLE ${snowflake_role.role.name};
EOT
}
delete {
statements = <<-EOT
REVOKE ALL PRIVILEGES ON ALL TABLES IN DATABASE ${snowflake_database.database.name} FROM ROLE ${snowflake_role.role.name};
REVOKE ALL PRIVILEGES ON FUTURE TABLES IN DATABASE ${snowflake_database.database.name} FROM ROLE ${snowflake_role.role.name};
EOT
}
}Check out the terraform-provider-snowsql snowsql_exec resource documentation for more information. |
|
+1 this would be fantastic |
|
Any news about this one? |
There is no possible use a list ? Like in null_resources with for_each and triggers? I want to use the snowsql with more than 130 commands. |
You could create snowflake tables using a
The local_exec null_resource would work to run Snowsql commands. However, in addition to having terraform installs, operators would also have to ensure that Snowsql is install and configured correctly. You would also not have any logic for deletion, so all the snowflake objects created with the null resource would have to be manually destroyed.
The snowsql provider uses the same golang lib as the snowflake provider. I not familiar with any limits on how many statements you provide for a single transaction. Cheers! hope that helps |
Yea, i'm using null_resource with local-exec snowsql commands, i receive a list using for_each and formatlist for db,schema,roles. My guess is about your provider, i'm trying to create a list and for_each to run in sequence in create statements. But its seems its not possible. My idea is something like this: I just start this discussion, because i'm trying to migrate to your provider aswell. |
no it is definitely supported and encouraged. Could you please create an issue in the snowsql provider? I would be able to help more over there. Somebody else might have the same question as you and I would like scope this to the snowsql project if possible. |
|
@aidanmelen Done. Thanks bro |
|
Can we close this issue? |
|
+1, currently working around this using data sources + for_each and it's quite tedious |
No, please, we want the feature, not workarounds. |
|
Hi what is the status of this issue? |
|
We are closing this issue as part of a cleanup described in announcement. If you believe that the issue is still valid in v0.89.0, please open a new ticket. |
Is your feature request related to a problem? Please describe.
I'm not sure how to replicate my existing snowflake grants into terraform without access to an option for
ALL TABLES IN SCHEMA/DATABASE.Describe the solution you'd like
Just as "future" tables/views are supported in grants, the request would be to support granting access to "all" tables/views.
Describe alternatives you've considered
I considered creating a "task" resource to manually declare the grants - however, that "task" resource appears to be missing an "undo_sql_statement" to provide an "undo"/"destroy" capability, for instance when permission is changed/revoked.
Additional context
Add any other context or screenshots about the feature request here.
The text was updated successfully, but these errors were encountered: