forked from Snowflake-Labs/terraform-provider-snowflake
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge remote-tracking branch 'chanzuckerberg/master'
- Loading branch information
Showing
60 changed files
with
889 additions
and
694 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
--- | ||
name: Bug report | ||
about: Create a report to help us improve | ||
title: '' | ||
labels: bug | ||
assignees: '' | ||
|
||
--- | ||
|
||
**Provider Version** | ||
|
||
The provider version you are using. | ||
|
||
**Terraform Version** | ||
|
||
The version of Terraform you were using when the bug was encountered. | ||
|
||
**Describe the bug** | ||
|
||
A clear and concise description of what the bug is. | ||
|
||
**Expected behavior** | ||
|
||
A clear and concise description of what you expected to happen. | ||
|
||
**Code samples and commands** | ||
|
||
Please add code examples and commands that were run to cause the problem. | ||
|
||
**Additional context** | ||
|
||
Add any other context about the problem here. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
--- | ||
name: Feature request | ||
about: Suggest an idea for this project | ||
title: '' | ||
labels: feature-request | ||
assignees: '' | ||
|
||
--- | ||
|
||
**Is your feature request related to a problem? Please describe.** | ||
|
||
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] | ||
|
||
**Describe the solution you'd like** | ||
|
||
A clear and concise description of what you want to happen. | ||
|
||
**Describe alternatives you've considered** | ||
|
||
A clear and concise description of any alternative solutions or features you've considered. | ||
|
||
**Additional context** | ||
|
||
Add any other context or screenshots about the feature request here. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,111 @@ | ||
package main | ||
|
||
import ( | ||
"fmt" | ||
"log" | ||
"os" | ||
"path" | ||
"sort" | ||
"strings" | ||
|
||
"github.com/chanzuckerberg/terraform-provider-snowflake/pkg/provider" | ||
"github.com/hashicorp/terraform-plugin-sdk/helper/schema" | ||
"github.com/olekukonko/tablewriter" | ||
) | ||
|
||
func main() { | ||
docsPath := "docs/resources" | ||
|
||
resources := provider.Provider().ResourcesMap | ||
|
||
for name, resource := range resources { | ||
shortName := strings.TrimPrefix(name, "snowflake_") | ||
|
||
f, err := os.Create(path.Join(docsPath, fmt.Sprintf("%s.md", shortName))) | ||
if err != nil { | ||
log.Fatal(err) | ||
} | ||
|
||
_, err = f.WriteString(fmt.Sprintf("\n# %s\n\n", name)) | ||
if err != nil { | ||
log.Fatalf("unable to write doc file %#v", err) | ||
} | ||
|
||
_, err = f.WriteString("<!-- These docs are auto-generated by code in ./docgen, run by with make docs. Manual edits will be overwritten. -->\n\n") | ||
if err != nil { | ||
log.Fatalf("unable to write doc file %#v", err) | ||
} | ||
|
||
if strings.HasSuffix(name, "_grant") { | ||
grant_resource_name := strings.Replace(name, "_grant", "", -1) | ||
granted_to_name := strings.Replace(grant_resource_name, "snowflake_", "", -1) | ||
_, err := f.WriteString(fmt.Sprintf( | ||
`**Note**: The %s resource creates exclusive attachments of grants. | ||
Across the entire Snowflake account, all of the %ss to which a single grant is attached must be declared | ||
by a single %s resource. This means that even any %s that have the attached | ||
grant via any other mechanism (including other Terraform resources) will have that attached grant revoked by this resource. | ||
These resources do not enforce exclusive attachment of a grant, it is the user's responsibility to enforce this. | ||
`, name, granted_to_name, name, grant_resource_name)) | ||
if err != nil { | ||
log.Fatalf("unable to write doc file %#v", err) | ||
} | ||
_, err = f.WriteString("\n") | ||
if err != nil { | ||
log.Fatalf("unable to write doc file %#v", err) | ||
} | ||
} | ||
_, err = f.WriteString("## properties\n\n") | ||
if err != nil { | ||
log.Fatalf("unable to write doc file %#v", err) | ||
} | ||
|
||
table := tablewriter.NewWriter(f) | ||
table.SetAutoWrapText(false) | ||
table.SetHeader([]string{"name", "type", "description", "optional", " required", "computed", "default"}) | ||
table.SetBorders(tablewriter.Border{Left: true, Top: false, Right: true, Bottom: false}) | ||
table.SetCenterSeparator("|") | ||
|
||
properties := make([]string, 0) | ||
for k := range resource.Schema { | ||
properties = append(properties, k) | ||
} | ||
sort.Strings(properties) | ||
for _, property := range properties { | ||
s := resource.Schema[property] | ||
table.Append([]string{property, typeString(s.Type), s.Description, boolString(s.Optional), boolString(s.Required), boolString(s.Computed), interfaceString(s.Default)}) | ||
} | ||
table.Render() | ||
f.Close() | ||
} | ||
} | ||
|
||
func typeString(t schema.ValueType) string { | ||
switch t { | ||
case schema.TypeBool: | ||
return "bool" | ||
case schema.TypeInt: | ||
return "int" | ||
case schema.TypeFloat: | ||
return "float" | ||
case schema.TypeString: | ||
return "string" | ||
case schema.TypeList: | ||
return "list" | ||
case schema.TypeMap: | ||
return "map" | ||
case schema.TypeSet: | ||
return "set" | ||
} | ||
return "?" | ||
} | ||
|
||
func boolString(t bool) string { | ||
return fmt.Sprintf("%t", t) | ||
} | ||
|
||
func interfaceString(t interface{}) string { | ||
if t == nil { | ||
return "" | ||
} | ||
return fmt.Sprintf("%#v", t) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
# Snowflake Provider | ||
|
||
This is a terraform provider plugin for managing [Snowflake](http://snowflakedb.com) accounts. | ||
Coverage is focused on part of Snowflake related to access control. | ||
|
||
## Example | ||
|
||
```hcl | ||
provider snowflake { | ||
// required | ||
username = "..." | ||
account = "..." | ||
region = "..." | ||
// optional, at exactly one must be set | ||
password = "..." | ||
oauth_access_token = "..." | ||
private_key_path = "..." | ||
// optional | ||
role = "..." | ||
} | ||
``` | ||
|
||
## Authentication | ||
|
||
The Snowflake provider support multiple ways to authenticate: | ||
|
||
* Password | ||
* OAuth Access Token | ||
* Browser Auth | ||
* Private Key | ||
|
||
In all cases account, username, and region are required. | ||
|
||
### Keypair Authentication Environment Variables | ||
|
||
You should generate the public and private keys and set up environment variables. | ||
|
||
```shell | ||
|
||
cd ~/.ssh | ||
openssl genrsa -out snowflake_key 4096 | ||
openssl rsa -in snowflake_key -pubout -out snowflake_key.pub | ||
``` | ||
|
||
To export the variables into your provider: | ||
|
||
```shell | ||
export SNOWFLAKE_USER="..." | ||
export SNOWFLAKE_PRIVATE_KEY_PATH="~/.ssh/snowflake_key" | ||
``` | ||
|
||
### OAuth Access Token | ||
|
||
If you have an OAuth access token, export these credentials as environment variables: | ||
|
||
```shell | ||
export SNOWFLAKE_USER='...' | ||
export SNOWFLAKE_OAUTH_ACCESS_TOKEN='...' | ||
``` | ||
|
||
Note that once this access token expires, you'll need to request a new one through an external application. | ||
|
||
### Username and Password Environment Variables | ||
|
||
If you choose to use Username and Password Authentication, export these credentials: | ||
|
||
```shell | ||
export SNOWFLAKE_USER='...' | ||
export SNOWFLAKE_PASSWORD='...' | ||
``` | ||
|
||
## Argument Reference | ||
|
||
In addition to [generic `provider` arguments](https://www.terraform.io/docs/configuration/providers.html) | ||
(e.g. `alias` and `version`), the following arguments are supported in the Snowflake | ||
`provider` block: | ||
|
||
* `account` - (required) The name of the Snowflake account. Can also come from the | ||
`SNOWFLAKE_ACCOUNT` environment variable. | ||
* `username` - (required) Username for username+password authentication. Can come from the | ||
`SNOWFLAKE_PASSWORD` environment variable. | ||
* `region` - (required) [Snowflake region](https://docs.snowflake.com/en/user-guide/intro-regions.html) to use. Can be source from the `SNOWFLAKE_REGION` environment variable. | ||
* `password` - (optional) Password for username+password auth. Cannot be used with `browser_auth` or | ||
`private_key_path`. Can be source from `SNOWFLAKE_PASSWORD` environment variable. | ||
* `oauth_access_token` - (optional) Token for use with OAuth. Generating the token is left to other | ||
tools. Cannot be used with `browser_auth`, `private_key_path` or `password`. Can be source from | ||
`SNOWFLAKE_OAUTH_ACCESS_TOKEN` environment variable. | ||
* `private_key_path` - (optional) Path to a private key for using keypair authentication.. Cannot be | ||
used with `browser_auth`, `oauth_access_token` or `password`. Can be source from | ||
`SNOWFLAKE_PRIVATE_KEY_PATH` environment variable. | ||
* `role` - (optional) Snowflake role to use for operations. If left unset, default role for user | ||
will be used. Can come from the `SNOWFLAKE_ROLE` environment variable. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
|
||
# snowflake_account_grant | ||
|
||
<!-- These docs are auto-generated by code in ./docgen, run by with make docs. Manual edits will be overwritten. --> | ||
|
||
**Note**: The snowflake_account_grant resource creates exclusive attachments of grants. | ||
Across the entire Snowflake account, all of the accounts to which a single grant is attached must be declared | ||
by a single snowflake_account_grant resource. This means that even any snowflake_account that have the attached | ||
grant via any other mechanism (including other Terraform resources) will have that attached grant revoked by this resource. | ||
These resources do not enforce exclusive attachment of a grant, it is the user's responsibility to enforce this. | ||
|
||
## properties | ||
|
||
| NAME | TYPE | DESCRIPTION | OPTIONAL | REQUIRED | COMPUTED | DEFAULT | | ||
|-----------|--------|---------------------------------------|----------|-----------|----------|---------| | ||
| privilege | string | The privilege to grant on the schema. | true | false | false | "USAGE" | | ||
| roles | set | Grants privilege to these roles. | true | false | false | | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
|
||
# snowflake_database | ||
|
||
<!-- These docs are auto-generated by code in ./docgen, run by with make docs. Manual edits will be overwritten. --> | ||
|
||
## properties | ||
|
||
| NAME | TYPE | DESCRIPTION | OPTIONAL | REQUIRED | COMPUTED | DEFAULT | | ||
|-----------------------------|--------|-------------------------------------------------------------------------------|----------|-----------|----------|---------| | ||
| comment | string | | true | false | false | "" | | ||
| data_retention_time_in_days | int | | true | false | true | | | ||
| from_database | string | Specify a database to create a clone from. | true | false | false | | | ||
| from_share | map | Specify a provider and a share in this map to create a database from a share. | true | false | false | | | ||
| name | string | | false | true | false | | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
|
||
# snowflake_database_grant | ||
|
||
<!-- These docs are auto-generated by code in ./docgen, run by with make docs. Manual edits will be overwritten. --> | ||
|
||
**Note**: The snowflake_database_grant resource creates exclusive attachments of grants. | ||
Across the entire Snowflake account, all of the databases to which a single grant is attached must be declared | ||
by a single snowflake_database_grant resource. This means that even any snowflake_database that have the attached | ||
grant via any other mechanism (including other Terraform resources) will have that attached grant revoked by this resource. | ||
These resources do not enforce exclusive attachment of a grant, it is the user's responsibility to enforce this. | ||
|
||
## properties | ||
|
||
| NAME | TYPE | DESCRIPTION | OPTIONAL | REQUIRED | COMPUTED | DEFAULT | | ||
|---------------|--------|--------------------------------------------------------|----------|-----------|----------|---------| | ||
| database_name | string | The name of the database on which to grant privileges. | false | true | false | | | ||
| privilege | string | The privilege to grant on the database. | true | false | false | "USAGE" | | ||
| roles | set | Grants privilege to these roles. | true | false | false | | | ||
| shares | set | Grants privilege to these shares. | true | false | false | | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
|
||
# snowflake_integration_grant | ||
|
||
<!-- These docs are auto-generated by code in ./docgen, run by with make docs. Manual edits will be overwritten. --> | ||
|
||
**Note**: The snowflake_integration_grant resource creates exclusive attachments of grants. | ||
Across the entire Snowflake account, all of the integrations to which a single grant is attached must be declared | ||
by a single snowflake_integration_grant resource. This means that even any snowflake_integration that have the attached | ||
grant via any other mechanism (including other Terraform resources) will have that attached grant revoked by this resource. | ||
These resources do not enforce exclusive attachment of a grant, it is the user's responsibility to enforce this. | ||
|
||
## properties | ||
|
||
| NAME | TYPE | DESCRIPTION | OPTIONAL | REQUIRED | COMPUTED | DEFAULT | | ||
|------------------|--------|------------------------------------------------------------------|----------|-----------|----------|---------| | ||
| integration_name | string | Identifier for the integration; must be unique for your account. | false | true | false | | | ||
| privilege | string | The privilege to grant on the integration. | true | false | false | "USAGE" | | ||
| roles | set | Grants privilege to these roles. | true | false | false | | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
|
||
# snowflake_managed_account | ||
|
||
<!-- These docs are auto-generated by code in ./docgen, run by with make docs. Manual edits will be overwritten. --> | ||
|
||
## properties | ||
|
||
| NAME | TYPE | DESCRIPTION | OPTIONAL | REQUIRED | COMPUTED | DEFAULT | | ||
|----------------|--------|------------------------------------------------------------------------------------------------------------------------------------------------|----------|-----------|----------|----------| | ||
| admin_name | string | Identifier, as well as login name, for the initial user in the managed account. This user serves as the account administrator for the account. | false | true | false | | | ||
| admin_password | string | Password for the initial user in the managed account. | false | true | false | | | ||
| cloud | string | Cloud in which the managed account is located. | false | false | true | | | ||
| comment | string | Specifies a comment for the managed account. | true | false | false | | | ||
| created_on | string | Date and time when the managed account was created. | false | false | true | | | ||
| locator | string | Display name of the managed account. | false | false | true | | | ||
| name | string | Identifier for the managed account; must be unique for your account. | false | true | false | | | ||
| region | string | Snowflake Region in which the managed account is located. | false | false | true | | | ||
| type | string | Specifies the type of managed account. | true | false | false | "READER" | | ||
| url | string | URL for accessing the managed account, particularly through the web interface. | false | false | true | | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
|
||
# snowflake_pipe | ||
|
||
<!-- These docs are auto-generated by code in ./docgen, run by with make docs. Manual edits will be overwritten. --> | ||
|
||
## properties | ||
|
||
| NAME | TYPE | DESCRIPTION | OPTIONAL | REQUIRED | COMPUTED | DEFAULT | | ||
|----------------------|--------|-----------------------------------------------------------------------------------------------------------------|----------|-----------|----------|---------| | ||
| auto_ingest | bool | Specifies a auto_ingest param for the pipe. | true | false | false | false | | ||
| comment | string | Specifies a comment for the pipe. | true | false | false | | | ||
| copy_statement | string | Specifies the copy statement for the pipe. | false | true | false | | | ||
| database | string | The database in which to create the pipe. | false | true | false | | | ||
| name | string | Specifies the identifier for the pipe; must be unique for the database and schema in which the pipe is created. | false | true | false | | | ||
| notification_channel | string | Amazon Resource Name of the Amazon SQS queue for the stage named in the DEFINITION column. | false | false | true | | | ||
| owner | string | Name of the role that owns the pipe. | false | false | true | | | ||
| schema | string | The schema in which to create the pipe. | false | true | false | | |
Oops, something went wrong.