generated from getindata/terraform-module-template
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
153 lines (128 loc) · 6.33 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
data "context_label" "this" {
delimiter = local.context_template == null ? var.name_scheme.delimiter : null
properties = local.context_template == null ? var.name_scheme.properties : null
template = local.context_template
replace_chars_regex = var.name_scheme.replace_chars_regex
values = merge(
var.name_scheme.extra_values,
{ name = var.name }
)
}
resource "snowflake_database" "this" {
name = var.name_scheme.uppercase ? upper(data.context_label.this.rendered) : data.context_label.this.rendered
is_transient = var.is_transient
comment = var.comment
data_retention_time_in_days = var.data_retention_time_in_days
max_data_extension_time_in_days = var.max_data_extension_time_in_days
external_volume = var.external_volume
catalog = var.catalog
replace_invalid_characters = var.replace_invalid_characters
default_ddl_collation = var.default_ddl_collation
storage_serialization_policy = var.storage_serialization_policy
log_level = var.log_level
trace_level = var.trace_level
suspend_task_after_num_failures = var.suspend_task_after_num_failures
task_auto_retry_attempts = var.task_auto_retry_attempts
user_task_managed_initial_warehouse_size = var.user_task_managed_initial_warehouse_size
user_task_timeout_ms = var.user_task_timeout_ms
user_task_minimum_trigger_interval_in_seconds = var.user_task_minimum_trigger_interval_in_seconds
quoted_identifiers_ignore_case = var.quoted_identifiers_ignore_case
enable_console_output = var.enable_console_output
drop_public_schema_on_creation = var.drop_public_schema_on_creation
}
moved {
from = snowflake_database.this[0]
to = snowflake_database.this
}
module "snowflake_default_role" {
for_each = local.default_roles
source = "getindata/database-role/snowflake"
version = "2.1.0"
database_name = snowflake_database.this.name
context_templates = var.context_templates
name = each.key
name_scheme = merge(
local.default_role_naming_scheme,
lookup(each.value, "name_scheme", {})
)
comment = lookup(each.value, "comment", null)
granted_to_roles = lookup(each.value, "granted_to_roles", [])
granted_to_database_roles = lookup(each.value, "granted_to_database_roles", [])
granted_database_roles = lookup(each.value, "granted_database_roles", [])
database_grants = lookup(each.value, "database_grants", {})
schema_grants = lookup(each.value, "schema_grants", [])
schema_objects_grants = lookup(each.value, "schema_objects_grants", {})
}
module "snowflake_custom_role" {
for_each = local.custom_roles
source = "getindata/database-role/snowflake"
version = "2.1.0"
database_name = snowflake_database.this.name
context_templates = var.context_templates
name = each.key
name_scheme = merge(
local.default_role_naming_scheme,
lookup(each.value, "name_scheme", {})
)
comment = lookup(each.value, "comment", null)
granted_to_roles = lookup(each.value, "granted_to_roles", [])
granted_to_database_roles = lookup(each.value, "granted_to_database_roles", [])
granted_database_roles = lookup(each.value, "granted_database_roles", [])
database_grants = lookup(each.value, "database_grants", {})
schema_grants = lookup(each.value, "schema_grants", [])
schema_objects_grants = lookup(each.value, "schema_objects_grants", {})
}
module "snowflake_schema" {
for_each = var.schemas
source = "getindata/schema/snowflake"
version = "3.1.1"
context_templates = var.context_templates
name = each.key
name_scheme = merge({
uppercase = var.name_scheme.uppercase
extra_values = {
database = var.name
} },
lookup(each.value, "name_scheme", {})
)
is_transient = each.value.is_transient
with_managed_access = each.value.with_managed_access
comment = each.value.comment
database = snowflake_database.this.name
skip_schema_creation = each.value.skip_schema_creation
data_retention_time_in_days = each.value.data_retention_time_in_days
max_data_extension_time_in_days = each.value.max_data_extension_time_in_days
external_volume = each.value.external_volume
catalog = each.value.catalog
replace_invalid_characters = each.value.replace_invalid_characters
default_ddl_collation = each.value.default_ddl_collation
storage_serialization_policy = each.value.storage_serialization_policy
log_level = each.value.log_level
trace_level = each.value.trace_level
suspend_task_after_num_failures = each.value.suspend_task_after_num_failures
task_auto_retry_attempts = each.value.task_auto_retry_attempts
user_task_managed_initial_warehouse_size = each.value.user_task_managed_initial_warehouse_size
user_task_timeout_ms = each.value.user_task_timeout_ms
user_task_minimum_trigger_interval_in_seconds = each.value.user_task_minimum_trigger_interval_in_seconds
quoted_identifiers_ignore_case = each.value.quoted_identifiers_ignore_case
enable_console_output = each.value.enable_console_output
pipe_execution_paused = each.value.pipe_execution_paused
stages = each.value.stages
roles = each.value.roles
create_default_roles = coalesce(each.value.create_default_roles, var.create_default_roles)
}
resource "snowflake_grant_ownership" "database_ownership" {
count = var.database_ownership_grant != null ? 1 : 0
account_role_name = var.database_ownership_grant
outbound_privileges = "COPY"
on {
object_type = "DATABASE"
object_name = snowflake_database.this.name
}
# In order to create all resources before transferring ownership
depends_on = [
module.snowflake_default_role,
module.snowflake_custom_role,
module.snowflake_schema,
]
}