Skip to content

Instantly share code, notes, and snippets.

View Causb1A's full-sized avatar

Adrian Causby Causb1A

8 followers · 6 following
  • London UK
View GitHub Profile
@Causb1A
Causb1A / he.yaml
Last active September 19, 2022 20:20
- Role: Admin_Role
Users:
- Usename1
- Username2
- Username3
- Role: Developer_Role
Users:
- Usename4
- Username5
@Causb1A
Causb1A / role.yaml
Created September 19, 2022 19:55
- grant:
grant_resource_name: "schema"
role_name: "${user_role_name}"
privilege:
- "MONITOR"
- "USAGE"
- "ADD SEARCH OPTIMIZATION"
- grant:
grant_resource_name: "schema"
role_name: "${admin_role_name}"
@Causb1A
Causb1A / example_provider.tf
Created September 18, 2022 21:19
provider "snowflake" {
// required
username = "..."
account = "..."
region = "..."
// optional, at exactly one must be set
password = "..."
oauth_access_token = "..."
private_key_path = "..."
@Causb1A
Causb1A / resource_grant_resource_list.tf
Created July 9, 2022 06:43
resource snowflake_database_grant grant_database {
count = var.database_resource
database_name = var.database_name
privilege = var.privileges
roles = [var.role_name]
with_grant_option = false
}
resource snowflake_schema_grant grant_schema {
count = var.schema_resource
@Causb1A
Causb1A / role_grants_example2.tf
Created July 9, 2022 06:41
module "snowflake_role_grants" {
source = "../snowflake_role_grants"
database_name = var.database_name
warehouse_name = var.warehouse_name
stage_name = var.stage_name
schema_name = var.schema_name
role_name = var.role_name
privileges = var.privileges
file_format = var.file_format_name
database_resource = 0
@Causb1A
Causb1A / snowflake_role_grants_module_use.tf
Last active July 9, 2022 06:36
module "snowflake_role_grants" {
source = "../snowflake_role_grants"
database_name = var.database_name
warehouse_name = var.warehouse_name
stage_name = var.stage_name
schema_name = var.schema_name
role_name = var.role_name
privileges = var.privileges
file_format = var.file_format_name
database_resource = 1
@Causb1A
Causb1A / snowflake_res_Ex.tf
Created July 7, 2022 10:40
resource "snowflake_schema_grant" "grant" {
for_each = { for entry in local.config_privileges : "${entry.grant_resource_name}.${entry.role_name}.${entry.privileges}" => entry }
database_name = var.database_name
schema_name = var.schema_name
privilege = each.privilege
roles = [each.role_name]
with_grant_option = false
}
@Causb1A
Causb1A / locals_example.tf
Created July 7, 2022 10:18
locals {
grant_config = yamldecode(templatefile("role_permissions.yaml", {
user_role_name = "user role name"
admin_role_name = "admin role name"
}))
config_privileges = distinct(flatten([
for each_grant in local.grant_config : [
for privilege in each_grant.privilege : {
grant_resource_name = each_grant.grant_resource_name
@Causb1A
Causb1A / yamml_file_example.yaml
Created July 5, 2022 10:55
- grant:
grant_resource_name: "schema"
role_name: "${user_role_name}"
privilege:
- "MONITOR"
- "USAGE"
- "ADD SEARCH OPTIMIZATION"
- grant:
grant_resource_name: "schema"
role_name: "${admin_role_name}"
@Causb1A
Causb1A / locals.tf
Created July 5, 2022 10:52
locals {
grant_config = yamldecode(templatefile("role_permissions.yaml", {
user_role_name = "user role name"
admin_role_name = "admin role name"
}))
config_privileges = distinct(flatten([
for each_grant in local.grant_config : [
for privilege in each_grant.privilege : {
grant_resource_name = each_grant.grant_resource_name