Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Add grant privileges to share resource #2447

Merged
merged 9 commits into from
Feb 1, 2024
Merged

feat: Add grant privileges to share resource #2447

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
0bc150f
wip
sfc-gh-jcieslak Jan 29, 2024
f6bf17d
wip
sfc-gh-jcieslak Jan 30, 2024
8a20d91
wip
sfc-gh-jcieslak Jan 30, 2024
393e030
wip
sfc-gh-jcieslak Jan 30, 2024
7a97d22
wip
sfc-gh-jcieslak Jan 30, 2024
8181051
Merge branch 'main' into implement-grant-privileges-to-share
sfc-gh-jcieslak Jan 31, 2024
d1be669
changes after review
sfc-gh-jcieslak Jan 31, 2024
7665938
add documentation
sfc-gh-jcieslak Feb 1, 2024
8a74e67
Merge branch 'main' into implement-grant-privileges-to-share
sfc-gh-jcieslak Feb 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
142 changes: 142 additions & 0 deletions docs/resources/grant_privileges_to_share.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,142 @@
---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "snowflake_grant_privileges_to_share Resource - terraform-provider-snowflake"
subcategory: ""
description: |-

---

~> **Note** This is a preview resource. It's ready for general use. In case of any errors, please file an issue in our GitHub repository.

# snowflake_grant_privileges_to_share (Resource)



## Example Usage

```terraform
##################################
### on database
##################################

resource "snowflake_grant_privileges_to_share" "example" {
to_share = snowflake_share.example.name
privileges = ["USAGE"]
on_database = snowflake_database.example.name
sfc-gh-asawicki marked this conversation as resolved.
Show resolved Hide resolved
}

## ID: "\"share_name\"|USAGE|OnDatabase|\"database_name\""
sfc-gh-asawicki marked this conversation as resolved.
Show resolved Hide resolved

##################################
### on schema
##################################

resource "snowflake_grant_privileges_to_share" "example" {
to_share = snowflake_share.example.name
privileges = ["USAGE"]
on_schema = "${snowflake_database.example.name}.${snowflake_schema.example.name}"
}

## ID: "\"share_name\"|USAGE|OnSchema|\"database_name\".\"schema_name\""

##################################
### on table
##################################

resource "snowflake_grant_privileges_to_share" "example" {
to_share = snowflake_share.example.name
privileges = ["SELECT"]
on_table = "${snowflake_database.example.name}.${snowflake_schema.example.name}.${snowflake_table.example.name}"
}

## ID: "\"share_name\"|SELECT|OnTable|\"database_name\".\"schema_name\".\"table_name\""

##################################
### on all tables in schema
##################################

resource "snowflake_grant_privileges_to_share" "example" {
to_share = snowflake_share.example.name
privileges = ["SELECT"]
on_all_tables_in_schema = "${snowflake_database.example.name}.${snowflake_schema.example.name}"
}

## ID: "\"share_name\"|SELECT|OnAllTablesInSchema|\"database_name\".\"schema_name\""

##################################
### on tag
##################################

resource "snowflake_grant_privileges_to_share" "example" {
to_share = snowflake_share.example.name
privileges = ["READ"]
on_tag = "${snowflake_database.example.name}.${snowflake_schema.example.name}.${snowflake_tag.example.name}"
}

## ID: "\"share_name\"|READ|OnTag|\"database_name\".\"schema_name\".\"tag_name\""

##################################
### on view
##################################

resource "snowflake_grant_privileges_to_share" "example" {
to_share = snowflake_share.example.name
privileges = ["SELECT"]
on_view = "${snowflake_database.example.name}.${snowflake_schema.example.name}.${snowflake_view.example.name}"
}

## ID: "\"share_name\"|SELECT|OnView|\"database_name\".\"schema_name\".\"view_name\""
```

<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `privileges` (Set of String) The privileges to grant on the share. See available list of privileges: https://docs.snowflake.com/en/sql-reference/sql/grant-privilege-share#syntax
- `to_share` (String) The fully qualified name of the share on which privileges will be granted.

### Optional

- `on_all_tables_in_schema` (String) The fully qualified identifier for the schema for which the specified privilege will be granted for all tables.
- `on_database` (String) The fully qualified name of the database on which privileges will be granted.
- `on_schema` (String) The fully qualified name of the schema on which privileges will be granted.
- `on_table` (String) The fully qualified name of the table on which privileges will be granted.
- `on_tag` (String) The fully qualified name of the tag on which privileges will be granted.
- `on_view` (String) The fully qualified name of the view on which privileges will be granted.

### Read-Only

- `id` (String) The ID of this resource.

## Import

~> **Note** All the ..._name parts should be fully qualified names, e.g. for database object it is `"<database_name>"."<object_name>"`

Import is supported using the following syntax:

`terraform import "<share_name>|<privileges>|<grant_type>|<grant_identifier>"`

where:
- share_name - fully qualified identifier
- privileges - list of privileges, comma separated. See the available privileges for given object types: https://docs.snowflake.com/en/sql-reference/sql/grant-privilege-share#syntax
- grant_type - enum
- grant_identifier - fully qualified identifier

### OnDatabase
`terraform import "<share_name>|<privileges>|OnDatabase|<database_name>"`

### OnSchema
`terraform import "<share_name>|<privileges>|OnSchema|<database_name>.<schema_name>"`

### OnTable
`terraform import "<share_name>|<privileges>|OnTable|<database_name>.<schema_name>.<table_name>"`

### OnSchema
`terraform import "<share_name>|<privileges>|OnAllTablesInSchema|<database_name>.<schema_name>"`

### OnTag
`terraform import "<share_name>|<privileges>|OnTag|<database_name>.<schema_name>.<tag_name>"`

### OnView
`terraform import "<share_name>|<privileges>|OnView|<database_name>.<schema_name>.<view_name>"`
71 changes: 71 additions & 0 deletions examples/resources/snowflake_grant_privileges_to_share/resource.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
##################################
### on database
##################################

resource "snowflake_grant_privileges_to_share" "example" {
to_share = snowflake_share.example.name
privileges = ["USAGE"]
on_database = snowflake_database.example.name
}

## ID: "\"share_name\"|USAGE|OnDatabase|\"database_name\""

##################################
### on schema
##################################

resource "snowflake_grant_privileges_to_share" "example" {
to_share = snowflake_share.example.name
privileges = ["USAGE"]
on_schema = "${snowflake_database.example.name}.${snowflake_schema.example.name}"
}

## ID: "\"share_name\"|USAGE|OnSchema|\"database_name\".\"schema_name\""

##################################
### on table
##################################

resource "snowflake_grant_privileges_to_share" "example" {
to_share = snowflake_share.example.name
privileges = ["SELECT"]
on_table = "${snowflake_database.example.name}.${snowflake_schema.example.name}.${snowflake_table.example.name}"
}

## ID: "\"share_name\"|SELECT|OnTable|\"database_name\".\"schema_name\".\"table_name\""

##################################
### on all tables in schema
##################################

resource "snowflake_grant_privileges_to_share" "example" {
to_share = snowflake_share.example.name
privileges = ["SELECT"]
on_all_tables_in_schema = "${snowflake_database.example.name}.${snowflake_schema.example.name}"
}

## ID: "\"share_name\"|SELECT|OnAllTablesInSchema|\"database_name\".\"schema_name\""

##################################
### on tag
##################################

resource "snowflake_grant_privileges_to_share" "example" {
to_share = snowflake_share.example.name
privileges = ["READ"]
on_tag = "${snowflake_database.example.name}.${snowflake_schema.example.name}.${snowflake_tag.example.name}"
}

## ID: "\"share_name\"|READ|OnTag|\"database_name\".\"schema_name\".\"tag_name\""

##################################
### on view
##################################

resource "snowflake_grant_privileges_to_share" "example" {
to_share = snowflake_share.example.name
privileges = ["SELECT"]
on_view = "${snowflake_database.example.name}.${snowflake_schema.example.name}.${snowflake_view.example.name}"
}

## ID: "\"share_name\"|SELECT|OnView|\"database_name\".\"schema_name\".\"view_name\""
1 change: 1 addition & 0 deletions pkg/provider/provider.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -448,6 +448,7 @@ func getResources() map[string]*schema.Resource {
"snowflake_grant_privileges_to_role": resources.GrantPrivilegesToRole(),
"snowflake_grant_privileges_to_account_role": resources.GrantPrivilegesToAccountRole(),
"snowflake_grant_privileges_to_database_role": resources.GrantPrivilegesToDatabaseRole(),
"snowflake_grant_privileges_to_share": resources.GrantPrivilegesToShare(),
"snowflake_managed_account": resources.ManagedAccount(),
"snowflake_masking_policy": resources.MaskingPolicy(),
"snowflake_materialized_view": resources.MaterializedView(),
Expand Down
2 changes: 1 addition & 1 deletion pkg/resources/grant_privileges_to_account_role.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -656,7 +656,7 @@ func DeleteGrantPrivilegesToAccountRole(ctx context.Context, d *schema.ResourceD
diag.Diagnostic{
Severity: diag.Error,
Summary: "An error occurred when revoking privileges from account role",
Detail: fmt.Sprintf("Id: %s\nAccount role name: %s\nError: %s", d.Id(), id.RoleName, err.Error()),
Detail: fmt.Sprintf("Id: %s\nAccount role name: %s\nError: %s", d.Id(), id.RoleName.FullyQualifiedName(), err.Error()),
},
}
}
Expand Down
Loading
Loading