-
Notifications
You must be signed in to change notification settings - Fork 427
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
43277a4
commit 16d1d7f
Showing
7 changed files
with
516 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
--- | ||
# generated by https://github.com/hashicorp/terraform-plugin-docs | ||
page_title: "snowflake_unsafe_execute Resource - terraform-provider-snowflake" | ||
subcategory: "" | ||
description: |- | ||
Experimental resource used for testing purposes only. Allows to execute ANY SQL statement. | ||
--- | ||
|
||
# snowflake_unsafe_execute (Resource) | ||
|
||
!> **Warning** This is a dangerous resource that allows executing **ANY** SQL statement. It may destroy resources if used incorrectly. It may behave incorrectly combined with other resources. Will be deleted in the upcoming versions. Use at your own risk. | ||
|
||
Experimental resource used for testing purposes only. Allows to execute ANY SQL statement. | ||
|
||
## Example Usage | ||
|
||
```terraform | ||
# create and destroy resource | ||
resource "snowflake_unsafe_execute" "test" { | ||
execute = "CREATE DATABASE ABC" | ||
revert = "DROP DATABASE ABC" | ||
} | ||
# create and destroy resource using qualified name | ||
resource "snowflake_unsafe_execute" "test" { | ||
execute = "CREATE DATABASE \"abc\"" | ||
revert = "DROP DATABASE \"abc\"" | ||
} | ||
# grant and revoke privilege USAGE to ROLE on database | ||
resource "snowflake_unsafe_execute" "test" { | ||
execute = "GRANT USAGE ON DATABASE ABC TO ROLE XYZ" | ||
revert = "REVOKE USAGE ON DATABASE ABC FROM ROLE XYZ" | ||
} | ||
# grant and revoke with for_each | ||
variable "database_grants" { | ||
type = list(object({ | ||
database_name = string | ||
role_id = string | ||
privileges = list(string) | ||
})) | ||
} | ||
resource "snowflake_unsafe_execute" "test" { | ||
for_each = { for index, db_grant in var.database_grants : index => db_grant } | ||
execute = "GRANT ${join(",", each.value.privileges)} ON DATABASE ${each.value.database_name} TO ROLE ${each.value.role_id}" | ||
revert = "REVOKE ${join(",", each.value.privileges)} ON DATABASE ${each.value.database_name} FROM ROLE ${each.value.role_id}" | ||
} | ||
``` | ||
|
||
<!-- schema generated by tfplugindocs --> | ||
## Schema | ||
|
||
### Required | ||
|
||
- `execute` (String) SQL statement to execute. | ||
- `revert` (String) SQL statement to revert the execute statement. Invoked when resource is deleted. | ||
|
||
### Read-Only | ||
|
||
- `id` (String) The ID of this resource. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
# create and destroy resource | ||
resource "snowflake_unsafe_execute" "test" { | ||
execute = "CREATE DATABASE ABC" | ||
revert = "DROP DATABASE ABC" | ||
} | ||
|
||
# create and destroy resource using qualified name | ||
resource "snowflake_unsafe_execute" "test" { | ||
execute = "CREATE DATABASE \"abc\"" | ||
revert = "DROP DATABASE \"abc\"" | ||
} | ||
|
||
# grant and revoke privilege USAGE to ROLE on database | ||
resource "snowflake_unsafe_execute" "test" { | ||
execute = "GRANT USAGE ON DATABASE ABC TO ROLE XYZ" | ||
revert = "REVOKE USAGE ON DATABASE ABC FROM ROLE XYZ" | ||
} | ||
|
||
# grant and revoke with for_each | ||
variable "database_grants" { | ||
type = list(object({ | ||
database_name = string | ||
role_id = string | ||
privileges = list(string) | ||
})) | ||
} | ||
|
||
resource "snowflake_unsafe_execute" "test" { | ||
for_each = { for index, db_grant in var.database_grants : index => db_grant } | ||
execute = "GRANT ${join(",", each.value.privileges)} ON DATABASE ${each.value.database_name} TO ROLE ${each.value.role_id}" | ||
revert = "REVOKE ${join(",", each.value.privileges)} ON DATABASE ${each.value.database_name} FROM ROLE ${each.value.role_id}" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
package resources | ||
|
||
import ( | ||
"context" | ||
"database/sql" | ||
"log" | ||
|
||
"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk" | ||
"github.com/hashicorp/go-uuid" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" | ||
) | ||
|
||
var unsafeExecuteSchema = map[string]*schema.Schema{ | ||
"execute": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
ForceNew: true, | ||
Description: "SQL statement to execute.", | ||
}, | ||
"revert": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
Description: "SQL statement to revert the execute statement. Invoked when resource is deleted.", | ||
}, | ||
} | ||
|
||
func UnsafeExecute() *schema.Resource { | ||
return &schema.Resource{ | ||
Create: ExecuteUnsafeSQLStatement, | ||
Read: schema.Noop, | ||
Delete: RevertUnsafeSQLStatement, | ||
Update: schema.Noop, | ||
|
||
Schema: unsafeExecuteSchema, | ||
|
||
DeprecationMessage: "Experimental resource. Will be deleted in the upcoming versions. Use at your own risk.", | ||
Description: "Experimental resource used for testing purposes only. Allows to execute ANY SQL statement.", | ||
} | ||
} | ||
|
||
func ExecuteUnsafeSQLStatement(d *schema.ResourceData, meta interface{}) error { | ||
db := meta.(*sql.DB) | ||
ctx := context.Background() | ||
client := sdk.NewClientFromDB(db) | ||
|
||
id, err := uuid.GenerateUUID() | ||
if err != nil { | ||
return err | ||
} | ||
|
||
executeStatement := d.Get("execute").(string) | ||
_, err = client.ExecUnsafe(ctx, executeStatement) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
d.SetId(id) | ||
log.Printf(`[DEBUG] SQL "%s" applied successfully\n`, executeStatement) | ||
|
||
return nil | ||
} | ||
|
||
func RevertUnsafeSQLStatement(d *schema.ResourceData, meta interface{}) error { | ||
db := meta.(*sql.DB) | ||
ctx := context.Background() | ||
client := sdk.NewClientFromDB(db) | ||
|
||
revertStatement := d.Get("revert").(string) | ||
_, err := client.ExecUnsafe(ctx, revertStatement) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
d.SetId("") | ||
log.Printf(`[DEBUG] SQL "%s" applied successfully\n`, revertStatement) | ||
|
||
return nil | ||
} |
Oops, something went wrong.