Skip to content

getindata/terraform-snowflake-user

BranchesTags

Repository files navigation

Snowflake User Terraform Module

Snowflake Terraform

License Release

We help companies turn their data into assets

Terraform module for creating Snowflake user.

This module can:

  • Create and manage Snowflake Users
  • Automatically generate RSA private and public keys for the User
  • Automatically grant default_role and default_secondary_roles to the User

Usage

module "terraform_snowflake_user" {
  source = "getindata/terraform-snowflake/user"
  name = "snowflake-user"
}

Inputs

Name Description Type Default Required
additional_tag_map Additional key-value pairs to add to each map in tags_as_list_of_maps. Not added to tags or id.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration.		 map(string) {} no
attributes ID element. Additional attributes (e.g. workers or cluster) to add to id,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the delimiter
and treated as a single ID element.		 list(string) [] no
comment Comment / description of Snowflake user string null no
context Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as null to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional_tag_map, which are merged.		 any 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "descriptor_formats": {},
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "labels_as_tags": [
    "unset"
  ],
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {},
  "tenant": null
}
 no
default_namespace Specifies the namespace (database only or database and schema) that is active by default for the user's session upon login. string null no
default_role Specifies the role that is active by default for the user's session upon login. string null no
default_secondary_roles Specifies the set of secondary roles that are active for the user's session upon login.
Secondary roles are a set of roles that authorize any SQL action other than the execution of CREATE statements.
Currently only ["ALL"] value is supported		 list(string) [] no
default_warehouse Specifies the virtual warehouse that is active by default for the user's session upon login. string null no
delimiter Delimiter to be used between ID elements.
Defaults to - (hyphen). Set to "" to use no delimiter at all.		 string null no
descriptor_formats Describe additional descriptors to be output in the descriptors output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
{<br> format = string<br> labels = list(string)<br>}
(Type is any so the map values can later be enhanced to provide additional options.)
format is a Terraform format string to be passed to the format() function.
labels is a list of labels, in order, to pass to format() function.
Label values will be normalized before being passed to format() so they will be
identical to how they appear in id.
Default is {} (descriptors output will be empty).		 any {} no
descriptor_name Name of the descriptor used to form a Snowflake User name string "snowflake-user" no
display_name Name displayed for the user in the Snowflake web interface. string null no
email Email address for the user string null no
enabled Set to false to prevent the module from creating any resources bool null no
environment ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' string null no
first_name First name of the user string null no
generate_password Generate a random password using Terraform bool false no
generate_rsa_key Whether automatically generate an RSA key - IMPORTANT
The private key generated by this resource will be stored
unencrypted in your Terraform state file.
Use of this resource for production deployments is not recommended.		 bool false no
grant_default_roles Whether to grant default_role to Snowflake User bool true no
id_length_limit Limit id to this many characters (minimum 6).
Set to 0 for unlimited length.
Set to null for keep the existing setting, which defaults to 0.
Does not affect id_full.		 number null no
ignore_changes_on_defaults Whether to ignore configuration of default_warehouse, default_role and default_namespace bool false no
label_key_case Controls the letter case of the tags keys (label names) for tags generated by this module.
Does not affect keys of tags passed in via the tags input.
Possible values: lower, title, upper.
Default value: title.		 string null no
label_order The order in which the labels (ID elements) appear in the id.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present.		 list(string) null no
label_value_case Controls the letter case of ID elements (labels) as included in id,
set as tag values, and output by this module individually.
Does not affect values of tags passed in via the tags input.
Possible values: lower, title, upper and none (no transformation).
Set this to title and set delimiter to "" to yield Pascal Case IDs.
Default value: lower.		 string null no
labels_as_tags Set of labels (ID elements) to include as tags in the tags output.
Default is to include all labels.
Tags with empty values will not be included in the tags output.
Set to [] to suppress all generated tags.
Notes:
The value of the name tag, if included, will be the id, not the name.
Unlike other null-label inputs, the initial setting of labels_as_tags cannot be
changed in later chained modules. Attempts to change it will be silently ignored.		 set(string) 
[
  "default"
]
 no
last_name Last name of the user string null no
login_name The name users use to log in. If not supplied, snowflake will use name instead. string null no
must_change_password Should the user change the password on login. Should be set to true for non service account users bool true no
name ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a tag.
The "name" tag is set to the full id string. There is no tag with the value of the name input.		 string null no
namespace ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique string null no
regex_replace_chars Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, "/[^a-zA-Z0-9-]/" is used to remove all characters other than hyphens, letters and digits.		 string null no
rsa_public_key Specifies the user's RSA public key; used for key-pair authentication. Must be on 1 line without header and trailer. string null no
rsa_public_key_2 Specifies the user's second RSA public key; used to rotate the public and private keys
for key-pair authentication based on an expiration schedule set by your organization.
Must be on 1 line without header and trailer."		 string null no
stage ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' string null no
tags Additional tags (e.g. {'BusinessUnit': 'XYZ'}).
Neither the tag keys nor the tag values will be modified by this module.		 map(string) {} no
tenant ID element _(Rarely used, not included by default)_. A customer identifier, indicating who this instance of a resource is for string null no

Modules

Name Source Version
this cloudposse/label/null 0.25.0
user_label cloudposse/label/null 0.25.0

Outputs

Name Description
default_namespace Specifies the namespace (database only or database and schema) that is active by default for the user's session upon login
default_role Specifies the role that is active by default for the user's session upon login
default_warehouse Specifies the virtual warehouse that is active by default for the user's session upon login
disabled Whether user account is disabled
display_name Name displayed for the user in the Snowflake web interface
email Email address for the user
first_name First name of the user
last_name Last name of the user
login_name The name users use to log in
name Name of the user
password Password set for the user
rsa_private_key RSA Private key used for authentication

Providers

Name Version
random >= 3.0.0
snowflake ~> 0.94
tls ~> 4.0

Requirements

Name Version
terraform >= 1.3.0
random >= 3.0.0
snowflake ~> 0.94
tls ~> 4.0

Resources

Name Type
random_password.this resource
snowflake_grant_account_role.default_role resource
snowflake_user.defaults_not_enforced resource
snowflake_user.this resource
tls_private_key.this resource

CONTRIBUTING

Contributions are very welcomed!

Start by reviewing contribution guide and our code of conduct. After that, start coding and ship your changes by creating a new PR.

LICENSE

Apache 2 Licensed. See LICENSE for full details.

AUTHORS

Made with contrib.rocks.

About

Terraform module for creating snowflake users

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

2 stars

Watchers

6 watching

Forks

0 forks
Report repository

Releases 9

Version v1.4.1 Latest
Aug 6, 2024
+ 8 releases

Packages

No packages published

Contributors 8

Languages