Skip to content

Latest commit

 

History

History
143 lines (107 loc) · 12.5 KB

README.md

File metadata and controls

143 lines (107 loc) · 12.5 KB

Snowflake Database Terraform Module

Snowflake Terraform

License Release

We help companies turn their data into assets

Terraform module for Snowflake Shared Database management.

  • Creates Snowflake Shared database
  • Can create custom Snowflake account roles with role-to-role assignments
  • Can create a set of default account roles to simplify access management:
    • READONLY - granted IMPORTED_PRIVILEGES privilege on the database

USAGE

module "snowflake_shared_database" {
  source = "getindata/shared-database/snowflake"
  # version  = "x.x.x"

  name       = "SHARED_DATABASE"
  from_share = "<orgname.accountname.sharename>"

  create_default_roles = true
}

EXAMPLES

  • Simple - Basic usage of the module
  • Complete - Advanced usage of the module

Inputs

Name Description Type Default Required
catalog The database parameter that specifies the default catalog to use for Iceberg tables string null no
comment Specifies a comment for the database string null no
context_templates Map of context templates used for naming conventions - this variable supersedes naming_scheme.properties and naming_scheme.delimiter configuration map(string) {} no
create_default_roles Whether the default roles should be created bool false no
default_ddl_collation Specifies a default collation specification for all schemas and tables added to the database. string null no
enable_console_output If true, enables stdout/stderr fast path logging for anonymous stored procedures bool null no
external_volume The database parameter that specifies the default external volume to use for Iceberg tables string null no
from_share A fully qualified path to a share from which the database will be created. A fully qualified path follows the format of <organization_name>.<account_name>.<share_name> string n/a yes
log_level Specifies the severity level of messages that should be ingested and made available in the active event table. Valid options are: [TRACE DEBUG INFO WARN ERROR FATAL OFF] string null no
name Name of the resource string n/a yes
name_scheme Naming scheme configuration for the resource. This configuration is used to generate names using context provider:
- properties - list of properties to use when creating the name - is superseded by var.context_templates
- delimiter - delimited used to create the name from properties - is superseded by var.context_templates
- context_template_name - name of the context template used to create the name
- replace_chars_regex - regex to use for replacing characters in property-values created by the provider - any characters that match the regex will be removed from the name
- extra_values - map of extra label-value pairs, used to create a name
- uppercase - convert name to uppercase		 
object({
    properties            = optional(list(string), ["environment", "name"])
    delimiter             = optional(string, "_")
    context_template_name = optional(string, "snowflake-shared-database")
    replace_chars_regex   = optional(string, "[^a-zA-Z0-9_]")
    extra_values          = optional(map(string))
    uppercase             = optional(bool, true)
  })
 {} no
quoted_identifiers_ignore_case If true, the case of quoted identifiers is ignored bool null no
replace_invalid_characters If true, invalid characters are replaced with the replacement character bool null no
roles Account roles created on the Shared Database level 
map(object({
    name_scheme = optional(object({
      properties            = optional(list(string))
      delimiter             = optional(string)
      context_template_name = optional(string)
      replace_chars_regex   = optional(string)
      extra_labels          = optional(map(string))
      uppercase             = optional(bool)
    }))
    comment              = optional(string)
    role_ownership_grant = optional(string)
    granted_roles        = optional(list(string))
    granted_to_roles     = optional(list(string))
    granted_to_users     = optional(list(string))
    database_grants = optional(object({
      privileges = optional(list(string))
    }))
  }))
 {} no
storage_serialization_policy The storage serialization policy for Iceberg tables that use Snowflake as the catalog. Valid options are: [COMPATIBLE OPTIMIZED] string null no
suspend_task_after_num_failures How many times a task must fail in a row before it is automatically suspended. 0 disables auto-suspending number null no
task_auto_retry_attempts Maximum automatic retries allowed for a user task number null no
trace_level Controls how trace events are ingested into the event table. Valid options are: [ALWAYS ON_EVENT OFF] string null no
user_task_managed_initial_warehouse_size The initial size of warehouse to use for managed warehouses in the absence of history string null no
user_task_minimum_trigger_interval_in_seconds Minimum amount of time between Triggered Task executions in seconds number null no
user_task_timeout_ms User task execution timeout in milliseconds number null no

Modules

Name Source Version
roles_deep_merge Invicton-Labs/deepmerge/null 0.1.5
snowflake_custom_role getindata/role/snowflake 3.1.0
snowflake_default_role getindata/role/snowflake 3.1.0

Outputs

Name Description
catalog The database parameter that specifies the default catalog to use for Iceberg tables
comment The comment for the database
default_ddl_collation Specifies a default collation specification for all schemas and tables added to the database.
enable_console_output If true, enables stdout/stderr fast path logging for anonymous stored procedures
external_volume The database parameter that specifies the default external volume to use for Iceberg tables
from_share The name of the share from which the database is created
log_level Specifies the severity level of messages that should be ingested and made available in the active event table. Valid options are: [TRACE DEBUG INFO WARN ERROR FATAL OFF]
name Name of the database
quoted_identifiers_ignore_case If true, the case of quoted identifiers is ignored
roles Snowflake Roles
storage_serialization_policy The storage serialization policy for Iceberg tables that use Snowflake as the catalog. Valid options are: [COMPATIBLE OPTIMIZED]
suspend_task_after_num_failures How many times a task must fail in a row before it is automatically suspended. 0 disables auto-suspending
task_auto_retry_attempts Maximum automatic retries allowed for a user task
trace_level Controls how trace events are ingested into the event table. Valid options are: [ALWAYS ON_EVENT OFF]
user_task_managed_initial_warehouse_size The initial size of warehouse to use for managed warehouses in the absence of history
user_task_minimum_trigger_interval_in_seconds Minimum amount of time between Triggered Task executions in seconds
user_task_timeout_ms User task execution timeout in milliseconds

Providers

Name Version
context >=0.4.0
snowflake >= 0.94.0

Requirements

Name Version
terraform >= 1.3
context >=0.4.0
snowflake >= 0.94.0

Resources

Name Type
snowflake_shared_database.this resource
context_label.this data source

CONTRIBUTING

Contributions are very welcomed!

Start by reviewing contribution guide and our code of conduct. After that, start coding and ship your changes by creating a new PR.

LICENSE

Apache 2 Licensed. See LICENSE for full details.

AUTHORS

Made with contrib.rocks.