Merge pull request #27 from getindata/fix/rollback_stage_default_roles

dgniewek · web-flow · commit 61f1cf522f86 · 2024-08-07T11:24:47.000+02:00
fix: Set stage default_roles using `create_default_roles` schema toggle
diff --git a/README.md b/README.md
@@ -103,7 +103,7 @@ For more information, refer to [variables.tf](variables.tf), list of inputs belo
 | <a name="input_roles"></a> [roles](#input\_roles) | Database roles created in the scheme scope | <pre>map(object({<br>    enabled                   = optional(bool, true)<br>    descriptor_name           = optional(string, "snowflake-database-role")<br>    role_ownership_grant      = optional(string)<br>    granted_to_roles          = optional(list(string))<br>    granted_to_database_roles = optional(list(string))<br>    granted_database_roles    = optional(list(string))<br>    schema_grants = optional(list(object({<br>      all_privileges    = optional(bool)<br>      with_grant_option = optional(bool, false)<br>      privileges        = optional(list(string), null)<br>    })))<br>    schema_objects_grants = optional(map(list(object({<br>      all_privileges    = optional(bool)<br>      with_grant_option = optional(bool)<br>      privileges        = optional(list(string), null)<br>      object_name       = optional(string)<br>      on_all            = optional(bool, false)<br>      on_future         = optional(bool, false)<br>    }))), {})<br>  }))</pre> | `{}` | no |
 | <a name="input_skip_schema_creation"></a> [skip\_schema\_creation](#input\_skip\_schema\_creation) | Should schema creation be skipped but allow all other resources to be created.<br>    Useful if schema already exsists but you want to add e.g. access roles." | `bool` | `false` | no |
 | <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
-| <a name="input_stages"></a> [stages](#input\_stages) | Stages to be created in the schema | <pre>map(object({<br>    enabled             = optional(bool, true)<br>    descriptor_name     = optional(string, "snowflake-stage")<br>    aws_external_id     = optional(string)<br>    comment             = optional(string)<br>    copy_options        = optional(string)<br>    credentials         = optional(string)<br>    directory           = optional(string)<br>    encryption          = optional(string)<br>    file_format         = optional(string)<br>    snowflake_iam_user  = optional(string)<br>    storage_integration = optional(string)<br>    url                 = optional(string)<br>    roles = optional(map(object({<br>      descriptor_name           = optional(string, "snowflake-database-role")<br>      with_grant_option         = optional(bool)<br>      granted_to_roles          = optional(list(string))<br>      granted_to_database_roles = optional(list(string))<br>      granted_database_roles    = optional(list(string))<br>      stage_grants              = optional(list(string))<br>      all_privileges            = optional(bool)<br>    })), ({}))<br>    create_default_roles = optional(bool, false)<br>  }))</pre> | `{}` | no |
+| <a name="input_stages"></a> [stages](#input\_stages) | Stages to be created in the schema | <pre>map(object({<br>    enabled             = optional(bool, true)<br>    descriptor_name     = optional(string, "snowflake-stage")<br>    aws_external_id     = optional(string)<br>    comment             = optional(string)<br>    copy_options        = optional(string)<br>    credentials         = optional(string)<br>    directory           = optional(string)<br>    encryption          = optional(string)<br>    file_format         = optional(string)<br>    snowflake_iam_user  = optional(string)<br>    storage_integration = optional(string)<br>    url                 = optional(string)<br>    roles = optional(map(object({<br>      descriptor_name           = optional(string, "snowflake-database-role")<br>      with_grant_option         = optional(bool)<br>      granted_to_roles          = optional(list(string))<br>      granted_to_database_roles = optional(list(string))<br>      granted_database_roles    = optional(list(string))<br>      stage_grants              = optional(list(string))<br>      all_privileges            = optional(bool)<br>    })), ({}))<br>    create_default_roles = optional(bool)<br>  }))</pre> | `{}` | no |
 | <a name="input_storage_serialization_policy"></a> [storage\_serialization\_policy](#input\_storage\_serialization\_policy) | The storage serialization policy for Iceberg tables that use Snowflake as the catalog.<br>Valid options are: [COMPATIBLE OPTIMIZED]. | `string` | `null` | no |
 | <a name="input_suspend_task_after_num_failures"></a> [suspend\_task\_after\_num\_failures](#input\_suspend\_task\_after\_num\_failures) | How many times a task must fail in a row before it is automatically suspended. 0 disables auto-suspending. | `number` | `null` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).<br>Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -131,9 +131,11 @@ module "this_schema" {
       create_default_roles = false
     }
     my_second_stage = {
-      comment = "Stage used to transform data from other source"
-
+      comment              = "Stage used to transform data from other source"
       create_default_roles = true
     }
+    my_third_stage = {
+      comment = "Stage used to transform data from other source"
+    }
   }
 }
diff --git a/main.tf b/main.tf
@@ -63,7 +63,7 @@ module "snowflake_stage" {
   url                 = each.value.url
   roles               = each.value.roles
 
-  create_default_roles = each.value.create_default_roles
+  create_default_roles = coalesce(each.value.create_default_roles, var.create_default_roles)
 }
 
 module "snowflake_default_role" {
diff --git a/variables.tf b/variables.tf
@@ -99,7 +99,7 @@ variable "stages" {
       stage_grants              = optional(list(string))
       all_privileges            = optional(bool)
     })), ({}))
-    create_default_roles = optional(bool, false)
+    create_default_roles = optional(bool)
   }))
   default = {}
 }

Original file line number	Diff line number	Diff line change
`@@ -131,9 +131,11 @@ module "this_schema" {`
`131`	`131`	`create_default_roles = false`
`132`	`132`	`}`
`133`	`133`	`my_second_stage = {`
`134`		`- comment = "Stage used to transform data from other source"`
`135`		`-`
	`134`	`+ comment = "Stage used to transform data from other source"`
`136`	`135`	`create_default_roles = true`
`137`	`136`	`}`
	`137`	`+ my_third_stage = {`
	`138`	`+ comment = "Stage used to transform data from other source"`
	`139`	`+ }`
`138`	`140`	`}`
`139`	`141`	`}`
Original file line number	Diff line number	Diff line change
`@@ -63,7 +63,7 @@ module "snowflake_stage" {`
`63`	`63`	`url = each.value.url`
`64`	`64`	`roles = each.value.roles`
`65`	`65`
`66`		`- create_default_roles = each.value.create_default_roles`
	`66`	`+ create_default_roles = coalesce(each.value.create_default_roles, var.create_default_roles)`
`67`	`67`	`}`
`68`	`68`
`69`	`69`	`module "snowflake_default_role" {`
Original file line number	Diff line number	Diff line change
`@@ -99,7 +99,7 @@ variable "stages" {`
`99`	`99`	`stage_grants = optional(list(string))`
`100`	`100`	`all_privileges = optional(bool)`
`101`	`101`	`})), ({}))`
`102`		`- create_default_roles = optional(bool, false)`
	`102`	`+ create_default_roles = optional(bool)`
`103`	`103`	`}))`
`104`	`104`	`default = {}`
`105`	`105`	`}`