generated from getindata/terraform-module-template
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
93 lines (78 loc) · 2.6 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
resource "snowflake_database" "this" {
name = "USERS_DB"
}
resource "snowflake_schema" "this" {
name = "TEST_SCHEMA"
database = snowflake_database.this.name
}
resource "snowflake_account_role" "role_1" {
name = "ROLE_1"
}
resource "snowflake_database_role" "db_role_1" {
database = snowflake_database.this.name
name = "DB_ROLE_1"
}
resource "snowflake_database_role" "db_role_2" {
database = snowflake_database.this.name
name = "DB_ROLE_2"
}
resource "snowflake_database_role" "db_role_3" {
database = snowflake_database.this.name
name = "DB_ROLE_3"
}
module "internal_stage_1" {
source = "../../"
context_templates = var.context_templates
name = "INGEST"
schema = snowflake_schema.this.name
database = snowflake_database.this.name
comment = "This is my ingest stage"
create_default_roles = true
roles = {
readonly = { # Modifies readonly default database role
granted_to_database_roles = [
"${snowflake_database.this.name}.${snowflake_database_role.db_role_1.name}"
]
granted_database_roles = [
"${snowflake_database.this.name}.${snowflake_database_role.db_role_2.name}",
"${snowflake_database.this.name}.${snowflake_database_role.db_role_3.name}"
]
stage_grants = ["READ", "WRITE"]
}
admin = { # Modifies admin default database role
granted_database_roles = [
"${snowflake_database.this.name}.${snowflake_database_role.db_role_2.name}",
]
}
role_1 = { # Database role created by user input
granted_to_roles = [snowflake_account_role.role_1.name]
granted_to_database_roles = ["${snowflake_database.this.name}.${snowflake_database_role.db_role_3.name}"]
all_privileges = true
with_grant_option = true
on_future = true
on_all = true
}
role_2 = { # Database role created by user input
granted_to_database_roles = ["${snowflake_database.this.name}.${snowflake_database_role.db_role_3.name}"]
stage_grants = ["READ", "WRITE"]
with_grant_option = false
on_future = true
on_all = false
}
}
stage_ownership_grant = snowflake_account_role.role_1.name
}
module "internal_stage_2" {
source = "../../"
#context_templates = var.context_templates
name = "stage_2"
name_scheme = {
context_template_name = "snowflake-project-stage"
extra_values = {
project = "project"
}
uppercase = false
}
schema = snowflake_schema.this.name
database = snowflake_database.this.name
}