https://github.com/getindata/terraform-snowflake-shared-database
Terraform module for managing Shared Databases in Snowflake
https://github.com/getindata/terraform-snowflake-shared-database
Last synced: 3 months ago
JSON representation
Terraform module for managing Shared Databases in Snowflake
- Host: GitHub
- URL: https://github.com/getindata/terraform-snowflake-shared-database
- Owner: getindata
- License: apache-2.0
- Created: 2024-09-17T12:15:36.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2025-02-18T15:53:44.000Z (over 1 year ago)
- Last Synced: 2025-02-18T16:33:33.305Z (over 1 year ago)
- Language: HCL
- Size: 77.1 KB
- Stars: 1
- Watchers: 6
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Codeowners: CODEOWNERS
Awesome Lists containing this project
README
# Snowflake Database Terraform Module
We help companies turn their data into assets
---
Terraform module for Snowflake Shared Database management.
* Creates Snowflake Shared database
* Can create custom Snowflake account roles with role-to-role assignments
* Can create a set of default account roles to simplify access management:
* `READONLY` - granted `IMPORTED_PRIVILEGES` privilege on the database
## Breaking changes in v2.x of the module
- Due to rename of Snowflake terraform provider source, all `versions.tf` files were updated accordingly.
Please keep in mind to mirror this change in your own repos also.
For more information about provider rename, refer to [Snowflake documentation](https://github.com/snowflakedb/terraform-provider-snowflake/blob/main/SNOWFLAKEDB_MIGRATION.md).
## USAGE
```terraform
module "snowflake_shared_database" {
source = "getindata/shared-database/snowflake"
# version = "x.x.x"
name = "SHARED_DATABASE"
from_share = ""
create_default_roles = true
}
```
## EXAMPLES
- [Simple](examples/simple) - Basic usage of the module
- [Complete](examples/complete) - Advanced usage of the module
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [catalog](#input\_catalog) | The database parameter that specifies the default catalog to use for Iceberg tables | `string` | `null` | no |
| [comment](#input\_comment) | Specifies a comment for the database | `string` | `null` | no |
| [context\_templates](#input\_context\_templates) | Map of context templates used for naming conventions - this variable supersedes `naming_scheme.properties` and `naming_scheme.delimiter` configuration | `map(string)` | `{}` | no |
| [create\_default\_roles](#input\_create\_default\_roles) | Whether the default roles should be created | `bool` | `false` | no |
| [default\_ddl\_collation](#input\_default\_ddl\_collation) | Specifies a default collation specification for all schemas and tables added to the database. | `string` | `null` | no |
| [enable\_console\_output](#input\_enable\_console\_output) | If true, enables stdout/stderr fast path logging for anonymous stored procedures | `bool` | `null` | no |
| [external\_volume](#input\_external\_volume) | The database parameter that specifies the default external volume to use for Iceberg tables | `string` | `null` | no |
| [from\_share](#input\_from\_share) | A fully qualified path to a share from which the database will be created. A fully qualified path follows the format of `..` | `string` | n/a | yes |
| [log\_level](#input\_log\_level) | Specifies the severity level of messages that should be ingested and made available in the active event table. Valid options are: [TRACE DEBUG INFO WARN ERROR FATAL OFF] | `string` | `null` | no |
| [name](#input\_name) | Name of the resource | `string` | n/a | yes |
| [name\_scheme](#input\_name\_scheme) | Naming scheme configuration for the resource. This configuration is used to generate names using context provider:
- `properties` - list of properties to use when creating the name - is superseded by `var.context_templates`
- `delimiter` - delimited used to create the name from `properties` - is superseded by `var.context_templates`
- `context_template_name` - name of the context template used to create the name
- `replace_chars_regex` - regex to use for replacing characters in property-values created by the provider - any characters that match the regex will be removed from the name
- `extra_values` - map of extra label-value pairs, used to create a name
- `uppercase` - convert name to uppercase |
object({
properties = optional(list(string), ["environment", "name"])
delimiter = optional(string, "_")
context_template_name = optional(string, "snowflake-shared-database")
replace_chars_regex = optional(string, "[^a-zA-Z0-9_]")
extra_values = optional(map(string))
uppercase = optional(bool, true)
}) | `{}` | no |
| [quoted\_identifiers\_ignore\_case](#input\_quoted\_identifiers\_ignore\_case) | If true, the case of quoted identifiers is ignored | `bool` | `null` | no |
| [replace\_invalid\_characters](#input\_replace\_invalid\_characters) | If true, invalid characters are replaced with the replacement character | `bool` | `null` | no |
| [roles](#input\_roles) | Account roles created on the Shared Database level | map(object({
name_scheme = optional(object({
properties = optional(list(string))
delimiter = optional(string)
context_template_name = optional(string)
replace_chars_regex = optional(string)
extra_labels = optional(map(string))
uppercase = optional(bool)
}))
comment = optional(string)
role_ownership_grant = optional(string)
granted_roles = optional(list(string))
granted_to_roles = optional(list(string))
granted_to_users = optional(list(string))
database_grants = optional(object({
privileges = optional(list(string))
}))
})) | `{}` | no |
| [storage\_serialization\_policy](#input\_storage\_serialization\_policy) | The storage serialization policy for Iceberg tables that use Snowflake as the catalog. Valid options are: [COMPATIBLE OPTIMIZED] | `string` | `null` | no |
| [suspend\_task\_after\_num\_failures](#input\_suspend\_task\_after\_num\_failures) | How many times a task must fail in a row before it is automatically suspended. 0 disables auto-suspending | `number` | `null` | no |
| [task\_auto\_retry\_attempts](#input\_task\_auto\_retry\_attempts) | Maximum automatic retries allowed for a user task | `number` | `null` | no |
| [trace\_level](#input\_trace\_level) | Controls how trace events are ingested into the event table. Valid options are: [ALWAYS ON\_EVENT OFF] | `string` | `null` | no |
| [user\_task\_managed\_initial\_warehouse\_size](#input\_user\_task\_managed\_initial\_warehouse\_size) | The initial size of warehouse to use for managed warehouses in the absence of history | `string` | `null` | no |
| [user\_task\_minimum\_trigger\_interval\_in\_seconds](#input\_user\_task\_minimum\_trigger\_interval\_in\_seconds) | Minimum amount of time between Triggered Task executions in seconds | `number` | `null` | no |
| [user\_task\_timeout\_ms](#input\_user\_task\_timeout\_ms) | User task execution timeout in milliseconds | `number` | `null` | no |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [roles\_deep\_merge](#module\_roles\_deep\_merge) | Invicton-Labs/deepmerge/null | 0.1.5 |
| [snowflake\_custom\_role](#module\_snowflake\_custom\_role) | getindata/role/snowflake | 4.0.0 |
| [snowflake\_default\_role](#module\_snowflake\_default\_role) | getindata/role/snowflake | 4.0.0 |
## Outputs
| Name | Description |
|------|-------------|
| [catalog](#output\_catalog) | The database parameter that specifies the default catalog to use for Iceberg tables |
| [comment](#output\_comment) | The comment for the database |
| [default\_ddl\_collation](#output\_default\_ddl\_collation) | Specifies a default collation specification for all schemas and tables added to the database. |
| [enable\_console\_output](#output\_enable\_console\_output) | If true, enables stdout/stderr fast path logging for anonymous stored procedures |
| [external\_volume](#output\_external\_volume) | The database parameter that specifies the default external volume to use for Iceberg tables |
| [from\_share](#output\_from\_share) | The name of the share from which the database is created |
| [log\_level](#output\_log\_level) | Specifies the severity level of messages that should be ingested and made available in the active event table. Valid options are: [TRACE DEBUG INFO WARN ERROR FATAL OFF] |
| [name](#output\_name) | Name of the database |
| [quoted\_identifiers\_ignore\_case](#output\_quoted\_identifiers\_ignore\_case) | If true, the case of quoted identifiers is ignored |
| [roles](#output\_roles) | Snowflake Roles |
| [storage\_serialization\_policy](#output\_storage\_serialization\_policy) | The storage serialization policy for Iceberg tables that use Snowflake as the catalog. Valid options are: [COMPATIBLE OPTIMIZED] |
| [suspend\_task\_after\_num\_failures](#output\_suspend\_task\_after\_num\_failures) | How many times a task must fail in a row before it is automatically suspended. 0 disables auto-suspending |
| [task\_auto\_retry\_attempts](#output\_task\_auto\_retry\_attempts) | Maximum automatic retries allowed for a user task |
| [trace\_level](#output\_trace\_level) | Controls how trace events are ingested into the event table. Valid options are: [ALWAYS ON\_EVENT OFF] |
| [user\_task\_managed\_initial\_warehouse\_size](#output\_user\_task\_managed\_initial\_warehouse\_size) | The initial size of warehouse to use for managed warehouses in the absence of history |
| [user\_task\_minimum\_trigger\_interval\_in\_seconds](#output\_user\_task\_minimum\_trigger\_interval\_in\_seconds) | Minimum amount of time between Triggered Task executions in seconds |
| [user\_task\_timeout\_ms](#output\_user\_task\_timeout\_ms) | User task execution timeout in milliseconds |
## Providers
| Name | Version |
|------|---------|
| [context](#provider\_context) | >=0.4.0 |
| [snowflake](#provider\_snowflake) | >= 0.94.0 |
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3 |
| [context](#requirement\_context) | >=0.4.0 |
| [snowflake](#requirement\_snowflake) | >= 0.94.0 |
## Resources
| Name | Type |
|------|------|
| [snowflake_shared_database.this](https://registry.terraform.io/providers/snowflakedb/snowflake/latest/docs/resources/shared_database) | resource |
| [context_label.this](https://registry.terraform.io/providers/cloudposse/context/latest/docs/data-sources/label) | data source |
## CONTRIBUTING
Contributions are very welcomed!
Start by reviewing [contribution guide](CONTRIBUTING.md) and our [code of conduct](CODE_OF_CONDUCT.md). After that, start coding and ship your changes by creating a new PR.
## LICENSE
Apache 2 Licensed. See [LICENSE](LICENSE) for full details.
## AUTHORS
Made with [contrib.rocks](https://contrib.rocks).