From 2bbcddf3e511c359f38845c94b25494632caaeb6 Mon Sep 17 00:00:00 2001 From: Ryan King Date: Tue, 1 Dec 2020 21:58:00 -0800 Subject: [PATCH] [docs] switch to terraform-plugin-docs (#319) Rather than use our doc generation code, use , which is much more flexible. ## References * github.com/hashicorp/terraform-plugin-docs --- Makefile | 2 +- docgen/main.go | 112 ------------------ .../system_get_aws_sns_iam_policy.md | 31 +++-- docs/index.md | 28 ++++- docs/resources/account_grant.md | 33 +++--- docs/resources/database.md | 34 ++++-- docs/resources/database_grant.md | 46 ++++--- docs/resources/integration_grant.md | 38 +++--- docs/resources/managed_account.md | 47 +++++--- docs/resources/network_policy.md | 32 +++-- docs/resources/network_policy_attachment.md | 30 +++-- docs/resources/pipe.md | 45 ++++--- docs/resources/resource_monitor.md | 40 +++++-- docs/resources/resource_monitor_grant.md | 38 +++--- docs/resources/role.md | 28 +++-- docs/resources/role_grants.md | 30 +++-- docs/resources/schema.md | 36 ++++-- docs/resources/schema_grant.md | 50 ++++---- docs/resources/share.md | 30 +++-- docs/resources/stage.md | 54 +++++---- docs/resources/stage_grant.md | 50 ++++---- docs/resources/storage_integration.md | 57 +++++---- docs/resources/stream.md | 41 +++++-- docs/resources/table.md | 47 ++++++-- docs/resources/table_grant.md | 52 ++++---- docs/resources/task.md | 54 +++++---- docs/resources/user.md | 65 ++++++---- docs/resources/view.md | 38 ++++-- docs/resources/view_grant.md | 52 ++++---- docs/resources/warehouse.md | 54 +++++---- docs/resources/warehouse_grant.md | 38 +++--- examples/provider/provider.tf | 14 +++ go.mod | 2 +- go.sum | 17 ++- templates/index.md.tmpl | 90 ++++++++++++++ tools/tools.go | 7 ++ 36 files changed, 928 insertions(+), 534 deletions(-) delete mode 100644 docgen/main.go create mode 100644 examples/provider/provider.tf create mode 100644 templates/index.md.tmpl create mode 100644 tools/tools.go diff --git a/Makefile b/Makefile index ebf6be9c47..902458c158 100644 --- a/Makefile +++ b/Makefile @@ -101,7 +101,7 @@ clean: ## clean the repo .PHONY: clean docs: - go run ./docgen + go run github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs .PHONY: docs check-docs: docs ## check that docs have been generated diff --git a/docgen/main.go b/docgen/main.go deleted file mode 100644 index 12317ee075..0000000000 --- a/docgen/main.go +++ /dev/null @@ -1,112 +0,0 @@ -package main - -import ( - "fmt" - "log" - "os" - "path" - "sort" - "strings" - - "github.com/chanzuckerberg/terraform-provider-snowflake/pkg/provider" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - "github.com/olekukonko/tablewriter" -) - -func main() { - generateResourcesDocs("docs/data-sources", provider.Provider().DataSourcesMap) - generateResourcesDocs("docs/resources", provider.Provider().ResourcesMap) -} - -func generateResourcesDocs(docsPath string, resources map[string]*schema.Resource) { - for name, resource := range resources { - shortName := strings.TrimPrefix(name, "snowflake_") - - f, err := os.Create(path.Join(docsPath, fmt.Sprintf("%s.md", shortName))) - if err != nil { - log.Fatal(err) - } - - _, err = f.WriteString(fmt.Sprintf("\n# %s\n\n", name)) - if err != nil { - log.Fatalf("unable to write doc file %#v", err) - } - - _, err = f.WriteString("\n\n") - if err != nil { - log.Fatalf("unable to write doc file %#v", err) - } - - if strings.HasSuffix(name, "_grant") { - grant_resource_name := strings.Replace(name, "_grant", "", -1) - granted_to_name := strings.Replace(grant_resource_name, "snowflake_", "", -1) - _, err := f.WriteString(fmt.Sprintf( - `**Note**: The %s resource creates exclusive attachments of grants. - Across the entire Snowflake account, all of the %ss to which a single grant is attached must be declared - by a single %s resource. This means that even any %s that have the attached - grant via any other mechanism (including other Terraform resources) will have that attached grant revoked by this resource. - These resources do not enforce exclusive attachment of a grant, it is the user's responsibility to enforce this. - `, name, granted_to_name, name, grant_resource_name)) - if err != nil { - log.Fatalf("unable to write doc file %#v", err) - } - _, err = f.WriteString("\n") - if err != nil { - log.Fatalf("unable to write doc file %#v", err) - } - } - _, err = f.WriteString("## properties\n\n") - if err != nil { - log.Fatalf("unable to write doc file %#v", err) - } - - table := tablewriter.NewWriter(f) - table.SetAutoWrapText(false) - table.SetHeader([]string{"name", "type", "description", "optional", " required", "computed", "default"}) - table.SetBorders(tablewriter.Border{Left: true, Top: false, Right: true, Bottom: false}) - table.SetCenterSeparator("|") - - properties := make([]string, 0) - for k := range resource.Schema { - properties = append(properties, k) - } - sort.Strings(properties) - for _, property := range properties { - s := resource.Schema[property] - table.Append([]string{property, typeString(s.Type), s.Description, boolString(s.Optional), boolString(s.Required), boolString(s.Computed), interfaceString(s.Default)}) - } - table.Render() - f.Close() - } -} - -func typeString(t schema.ValueType) string { - switch t { - case schema.TypeBool: - return "bool" - case schema.TypeInt: - return "int" - case schema.TypeFloat: - return "float" - case schema.TypeString: - return "string" - case schema.TypeList: - return "list" - case schema.TypeMap: - return "map" - case schema.TypeSet: - return "set" - } - return "?" -} - -func boolString(t bool) string { - return fmt.Sprintf("%t", t) -} - -func interfaceString(t interface{}) string { - if t == nil { - return "" - } - return fmt.Sprintf("%#v", t) -} diff --git a/docs/data-sources/system_get_aws_sns_iam_policy.md b/docs/data-sources/system_get_aws_sns_iam_policy.md index 9d6ebeba5f..3b8c491b74 100644 --- a/docs/data-sources/system_get_aws_sns_iam_policy.md +++ b/docs/data-sources/system_get_aws_sns_iam_policy.md @@ -1,11 +1,28 @@ +--- +page_title: "snowflake_system_get_aws_sns_iam_policy Data Source - terraform-provider-snowflake" +subcategory: "" +description: |- + +--- -# snowflake_system_get_aws_sns_iam_policy +# Data Source `snowflake_system_get_aws_sns_iam_policy` - -## properties -| NAME | TYPE | DESCRIPTION | OPTIONAL | REQUIRED | COMPUTED | DEFAULT | -|---------------------------|--------|-----------------------------------------------------------------|----------|-----------|----------|---------| -| aws_sns_topic_arn | string | Amazon Resource Name (ARN) of the SNS topic for your S3 bucket | false | true | false | | -| aws_sns_topic_policy_json | string | IAM policy for Snowflake’s SQS queue to subscribe to this topic | false | false | true | | + + +## Schema + +### Required + +- **aws_sns_topic_arn** (String, Required) Amazon Resource Name (ARN) of the SNS topic for your S3 bucket + +### Optional + +- **id** (String, Optional) The ID of this resource. + +### Read-only + +- **aws_sns_topic_policy_json** (String, Read-only) IAM policy for Snowflake’s SQS queue to subscribe to this topic + + diff --git a/docs/index.md b/docs/index.md index 0876ddf0a9..b40f88bb5b 100644 --- a/docs/index.md +++ b/docs/index.md @@ -1,11 +1,17 @@ +--- +page_title: "Provider: Snowflake" +description: Manage SnowflakeDB with Terraform. +--- + # Snowflake Provider This is a terraform provider plugin for managing [Snowflake](https://www.snowflake.com/) accounts. Coverage is focused on part of Snowflake related to access control. -## Example -```hcl +## Example Provider Configuration + +```terraform provider snowflake { // required username = "..." @@ -18,10 +24,26 @@ provider snowflake { private_key_path = "..." // optional - role = "..." + role = "..." } ``` +## Configuration Schema + +## Schema + +### Optional + +- **account** (String, Optional) +- **browser_auth** (Boolean, Optional) +- **oauth_access_token** (String, Optional) +- **password** (String, Optional) +- **private_key_path** (String, Optional) +- **region** (String, Optional) +- **role** (String, Optional) +- **username** (String, Optional) + + ## Authentication The Snowflake provider support multiple ways to authenticate: diff --git a/docs/resources/account_grant.md b/docs/resources/account_grant.md index 1fdb9991d4..385382107f 100644 --- a/docs/resources/account_grant.md +++ b/docs/resources/account_grant.md @@ -1,18 +1,23 @@ +--- +page_title: "snowflake_account_grant Resource - terraform-provider-snowflake" +subcategory: "" +description: |- + +--- -# snowflake_account_grant +# Resource `snowflake_account_grant` - -**Note**: The snowflake_account_grant resource creates exclusive attachments of grants. - Across the entire Snowflake account, all of the accounts to which a single grant is attached must be declared - by a single snowflake_account_grant resource. This means that even any snowflake_account that have the attached - grant via any other mechanism (including other Terraform resources) will have that attached grant revoked by this resource. - These resources do not enforce exclusive attachment of a grant, it is the user's responsibility to enforce this. - -## properties -| NAME | TYPE | DESCRIPTION | OPTIONAL | REQUIRED | COMPUTED | DEFAULT | -|-------------------|--------|---------------------------------------------------------------------------------------------|----------|-----------|----------|---------| -| privilege | string | The privilege to grant on the schema. | true | false | false | "USAGE" | -| roles | set | Grants privilege to these roles. | true | false | false | | -| with_grant_option | bool | When this is set to true, allows the recipient role to grant the privileges to other roles. | true | false | false | false | + + +## Schema + +### Optional + +- **id** (String, Optional) The ID of this resource. +- **privilege** (String, Optional) The privilege to grant on the schema. +- **roles** (Set of String, Optional) Grants privilege to these roles. +- **with_grant_option** (Boolean, Optional) When this is set to true, allows the recipient role to grant the privileges to other roles. + + diff --git a/docs/resources/database.md b/docs/resources/database.md index 33da12cdce..0a51e64003 100644 --- a/docs/resources/database.md +++ b/docs/resources/database.md @@ -1,14 +1,28 @@ +--- +page_title: "snowflake_database Resource - terraform-provider-snowflake" +subcategory: "" +description: |- + +--- -# snowflake_database +# Resource `snowflake_database` - -## properties -| NAME | TYPE | DESCRIPTION | OPTIONAL | REQUIRED | COMPUTED | DEFAULT | -|-----------------------------|--------|-------------------------------------------------------------------------------|----------|-----------|----------|---------| -| comment | string | | true | false | false | "" | -| data_retention_time_in_days | int | | true | false | true | | -| from_database | string | Specify a database to create a clone from. | true | false | false | | -| from_share | map | Specify a provider and a share in this map to create a database from a share. | true | false | false | | -| name | string | | false | true | false | | + + +## Schema + +### Required + +- **name** (String, Required) + +### Optional + +- **comment** (String, Optional) +- **data_retention_time_in_days** (Number, Optional) +- **from_database** (String, Optional) Specify a database to create a clone from. +- **from_share** (Map of String, Optional) Specify a provider and a share in this map to create a database from a share. +- **id** (String, Optional) The ID of this resource. + + diff --git a/docs/resources/database_grant.md b/docs/resources/database_grant.md index 97da62336f..5cd3716be8 100644 --- a/docs/resources/database_grant.md +++ b/docs/resources/database_grant.md @@ -1,20 +1,28 @@ +--- +page_title: "snowflake_database_grant Resource - terraform-provider-snowflake" +subcategory: "" +description: |- + +--- + +# Resource `snowflake_database_grant` + + + + + +## Schema + +### Required + +- **database_name** (String, Required) The name of the database on which to grant privileges. + +### Optional + +- **id** (String, Optional) The ID of this resource. +- **privilege** (String, Optional) The privilege to grant on the database. +- **roles** (Set of String, Optional) Grants privilege to these roles. +- **shares** (Set of String, Optional) Grants privilege to these shares. +- **with_grant_option** (Boolean, Optional) When this is set to true, allows the recipient role to grant the privileges to other roles. + -# snowflake_database_grant - - - -**Note**: The snowflake_database_grant resource creates exclusive attachments of grants. - Across the entire Snowflake account, all of the databases to which a single grant is attached must be declared - by a single snowflake_database_grant resource. This means that even any snowflake_database that have the attached - grant via any other mechanism (including other Terraform resources) will have that attached grant revoked by this resource. - These resources do not enforce exclusive attachment of a grant, it is the user's responsibility to enforce this. - -## properties - -| NAME | TYPE | DESCRIPTION | OPTIONAL | REQUIRED | COMPUTED | DEFAULT | -|-------------------|--------|---------------------------------------------------------------------------------------------|----------|-----------|----------|---------| -| database_name | string | The name of the database on which to grant privileges. | false | true | false | | -| privilege | string | The privilege to grant on the database. | true | false | false | "USAGE" | -| roles | set | Grants privilege to these roles. | true | false | false | | -| shares | set | Grants privilege to these shares. | true | false | false | | -| with_grant_option | bool | When this is set to true, allows the recipient role to grant the privileges to other roles. | true | false | false | false | diff --git a/docs/resources/integration_grant.md b/docs/resources/integration_grant.md index 5633b53734..a8d3c4b89a 100644 --- a/docs/resources/integration_grant.md +++ b/docs/resources/integration_grant.md @@ -1,19 +1,27 @@ +--- +page_title: "snowflake_integration_grant Resource - terraform-provider-snowflake" +subcategory: "" +description: |- + +--- -# snowflake_integration_grant +# Resource `snowflake_integration_grant` - -**Note**: The snowflake_integration_grant resource creates exclusive attachments of grants. - Across the entire Snowflake account, all of the integrations to which a single grant is attached must be declared - by a single snowflake_integration_grant resource. This means that even any snowflake_integration that have the attached - grant via any other mechanism (including other Terraform resources) will have that attached grant revoked by this resource. - These resources do not enforce exclusive attachment of a grant, it is the user's responsibility to enforce this. - -## properties -| NAME | TYPE | DESCRIPTION | OPTIONAL | REQUIRED | COMPUTED | DEFAULT | -|-------------------|--------|---------------------------------------------------------------------------------------------|----------|-----------|----------|---------| -| integration_name | string | Identifier for the integration; must be unique for your account. | false | true | false | | -| privilege | string | The privilege to grant on the integration. | true | false | false | "USAGE" | -| roles | set | Grants privilege to these roles. | true | false | false | | -| with_grant_option | bool | When this is set to true, allows the recipient role to grant the privileges to other roles. | true | false | false | false | + + +## Schema + +### Required + +- **integration_name** (String, Required) Identifier for the integration; must be unique for your account. + +### Optional + +- **id** (String, Optional) The ID of this resource. +- **privilege** (String, Optional) The privilege to grant on the integration. +- **roles** (Set of String, Optional) Grants privilege to these roles. +- **with_grant_option** (Boolean, Optional) When this is set to true, allows the recipient role to grant the privileges to other roles. + + diff --git a/docs/resources/managed_account.md b/docs/resources/managed_account.md index 619828a895..6cf5141dca 100644 --- a/docs/resources/managed_account.md +++ b/docs/resources/managed_account.md @@ -1,19 +1,36 @@ +--- +page_title: "snowflake_managed_account Resource - terraform-provider-snowflake" +subcategory: "" +description: |- + +--- -# snowflake_managed_account +# Resource `snowflake_managed_account` - -## properties -| NAME | TYPE | DESCRIPTION | OPTIONAL | REQUIRED | COMPUTED | DEFAULT | -|----------------|--------|------------------------------------------------------------------------------------------------------------------------------------------------|----------|-----------|----------|----------| -| admin_name | string | Identifier, as well as login name, for the initial user in the managed account. This user serves as the account administrator for the account. | false | true | false | | -| admin_password | string | Password for the initial user in the managed account. | false | true | false | | -| cloud | string | Cloud in which the managed account is located. | false | false | true | | -| comment | string | Specifies a comment for the managed account. | true | false | false | | -| created_on | string | Date and time when the managed account was created. | false | false | true | | -| locator | string | Display name of the managed account. | false | false | true | | -| name | string | Identifier for the managed account; must be unique for your account. | false | true | false | | -| region | string | Snowflake Region in which the managed account is located. | false | false | true | | -| type | string | Specifies the type of managed account. | true | false | false | "READER" | -| url | string | URL for accessing the managed account, particularly through the web interface. | false | false | true | | + + +## Schema + +### Required + +- **admin_name** (String, Required) Identifier, as well as login name, for the initial user in the managed account. This user serves as the account administrator for the account. +- **admin_password** (String, Required) Password for the initial user in the managed account. +- **name** (String, Required) Identifier for the managed account; must be unique for your account. + +### Optional + +- **comment** (String, Optional) Specifies a comment for the managed account. +- **id** (String, Optional) The ID of this resource. +- **type** (String, Optional) Specifies the type of managed account. + +### Read-only + +- **cloud** (String, Read-only) Cloud in which the managed account is located. +- **created_on** (String, Read-only) Date and time when the managed account was created. +- **locator** (String, Read-only) Display name of the managed account. +- **region** (String, Read-only) Snowflake Region in which the managed account is located. +- **url** (String, Read-only) URL for accessing the managed account, particularly through the web interface. + + diff --git a/docs/resources/network_policy.md b/docs/resources/network_policy.md index 14e7996ed7..294a9f32a0 100644 --- a/docs/resources/network_policy.md +++ b/docs/resources/network_policy.md @@ -1,13 +1,27 @@ +--- +page_title: "snowflake_network_policy Resource - terraform-provider-snowflake" +subcategory: "" +description: |- + +--- -# snowflake_network_policy +# Resource `snowflake_network_policy` - -## properties -| NAME | TYPE | DESCRIPTION | OPTIONAL | REQUIRED | COMPUTED | DEFAULT | -|-----------------|--------|--------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-----------|----------|---------| -| allowed_ip_list | set | Specifies one or more IPv4 addresses (CIDR notation) that are allowed access to your Snowflake account | false | true | false | | -| blocked_ip_list | set | Specifies one or more IPv4 addresses (CIDR notation) that are denied access to your Snowflake account

**Do not** add `0.0.0.0/0` to `blocked_ip_list` | true | false | false | | -| comment | string | Specifies a comment for the network policy. | true | false | false | | -| name | string | Specifies the identifier for the network policy; must be unique for the account in which the network policy is created. | false | true | false | | + + +## Schema + +### Required + +- **allowed_ip_list** (Set of String, Required) Specifies one or more IPv4 addresses (CIDR notation) that are allowed access to your Snowflake account +- **name** (String, Required) Specifies the identifier for the network policy; must be unique for the account in which the network policy is created. + +### Optional + +- **blocked_ip_list** (Set of String, Optional) Specifies one or more IPv4 addresses (CIDR notation) that are denied access to your Snowflake account

**Do not** add `0.0.0.0/0` to `blocked_ip_list` +- **comment** (String, Optional) Specifies a comment for the network policy. +- **id** (String, Optional) The ID of this resource. + + diff --git a/docs/resources/network_policy_attachment.md b/docs/resources/network_policy_attachment.md index 439273e74e..aba47e0e5f 100644 --- a/docs/resources/network_policy_attachment.md +++ b/docs/resources/network_policy_attachment.md @@ -1,12 +1,26 @@ +--- +page_title: "snowflake_network_policy_attachment Resource - terraform-provider-snowflake" +subcategory: "" +description: |- + +--- -# snowflake_network_policy_attachment +# Resource `snowflake_network_policy_attachment` - -## properties -| NAME | TYPE | DESCRIPTION | OPTIONAL | REQUIRED | COMPUTED | DEFAULT | -|---------------------|--------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-----------|----------|---------| -| network_policy_name | string | Specifies the identifier for the network policy; must be unique for the account in which the network policy is created. | false | true | false | | -| set_for_account | bool | Specifies whether the network policy should be applied globally to your Snowflake account

**Note:** The Snowflake user running `terraform apply` must be on an IP address allowed by the network policy to set that policy globally on the Snowflake account.

Additionally, a Snowflake account can only have one network policy set globally at any given time. This resource does not enforce one-policy-per-account, it is the user's responsibility to enforce this. If multiple network policy resources have `set_for_account: true`, the final policy set on the account will be non-deterministic. | true | false | false | false | -| users | set | Specifies which users the network policy should be attached to | true | false | false | | + + +## Schema + +### Required + +- **network_policy_name** (String, Required) Specifies the identifier for the network policy; must be unique for the account in which the network policy is created. + +### Optional + +- **id** (String, Optional) The ID of this resource. +- **set_for_account** (Boolean, Optional) Specifies whether the network policy should be applied globally to your Snowflake account

**Note:** The Snowflake user running `terraform apply` must be on an IP address allowed by the network policy to set that policy globally on the Snowflake account.

Additionally, a Snowflake account can only have one network policy set globally at any given time. This resource does not enforce one-policy-per-account, it is the user's responsibility to enforce this. If multiple network policy resources have `set_for_account: true`, the final policy set on the account will be non-deterministic. +- **users** (Set of String, Optional) Specifies which users the network policy should be attached to + + diff --git a/docs/resources/pipe.md b/docs/resources/pipe.md index aef62cc4aa..0c1f6e2707 100644 --- a/docs/resources/pipe.md +++ b/docs/resources/pipe.md @@ -1,18 +1,35 @@ +--- +page_title: "snowflake_pipe Resource - terraform-provider-snowflake" +subcategory: "" +description: |- + +--- -# snowflake_pipe +# Resource `snowflake_pipe` - -## properties -| NAME | TYPE | DESCRIPTION | OPTIONAL | REQUIRED | COMPUTED | DEFAULT | -|----------------------|--------|-----------------------------------------------------------------------------------------------------------------|----------|-----------|----------|---------| -| auto_ingest | bool | Specifies a auto_ingest param for the pipe. | true | false | false | false | -| aws_sns_topic_arn | string | Specifies the Amazon Resource Name (ARN) for the SNS topic for your S3 bucket. | true | false | false | | -| comment | string | Specifies a comment for the pipe. | true | false | false | | -| copy_statement | string | Specifies the copy statement for the pipe. | false | true | false | | -| database | string | The database in which to create the pipe. | false | true | false | | -| name | string | Specifies the identifier for the pipe; must be unique for the database and schema in which the pipe is created. | false | true | false | | -| notification_channel | string | Amazon Resource Name of the Amazon SQS queue for the stage named in the DEFINITION column. | false | false | true | | -| owner | string | Name of the role that owns the pipe. | false | false | true | | -| schema | string | The schema in which to create the pipe. | false | true | false | | + + +## Schema + +### Required + +- **copy_statement** (String, Required) Specifies the copy statement for the pipe. +- **database** (String, Required) The database in which to create the pipe. +- **name** (String, Required) Specifies the identifier for the pipe; must be unique for the database and schema in which the pipe is created. +- **schema** (String, Required) The schema in which to create the pipe. + +### Optional + +- **auto_ingest** (Boolean, Optional) Specifies a auto_ingest param for the pipe. +- **aws_sns_topic_arn** (String, Optional) Specifies the Amazon Resource Name (ARN) for the SNS topic for your S3 bucket. +- **comment** (String, Optional) Specifies a comment for the pipe. +- **id** (String, Optional) The ID of this resource. + +### Read-only + +- **notification_channel** (String, Read-only) Amazon Resource Name of the Amazon SQS queue for the stage named in the DEFINITION column. +- **owner** (String, Read-only) Name of the role that owns the pipe. + + diff --git a/docs/resources/resource_monitor.md b/docs/resources/resource_monitor.md index 9470035c74..7f9efd7ac3 100644 --- a/docs/resources/resource_monitor.md +++ b/docs/resources/resource_monitor.md @@ -1,17 +1,31 @@ +--- +page_title: "snowflake_resource_monitor Resource - terraform-provider-snowflake" +subcategory: "" +description: |- + +--- -# snowflake_resource_monitor +# Resource `snowflake_resource_monitor` - -## properties -| NAME | TYPE | DESCRIPTION | OPTIONAL | REQUIRED | COMPUTED | DEFAULT | -|----------------------------|--------|-------------------------------------------------------------------------------------------------------------------------------------------------|----------|-----------|----------|---------| -| credit_quota | int | The number of credits allocated monthly to the resource monitor. | true | false | true | | -| end_timestamp | string | The date and time when the resource monitor suspends the assigned warehouses. | true | false | false | | -| frequency | string | The frequency interval at which the credit usage resets to 0. If you set a frequency for a resource monitor, you must also set START_TIMESTAMP. | true | false | true | | -| name | string | Identifier for the resource monitor; must be unique for your account. | false | true | false | | -| notify_triggers | set | A list of percentage thresholds at which to send an alert to subscribed users. | true | false | false | | -| start_timestamp | string | The date and time when the resource monitor starts monitoring credit usage for the assigned warehouses. | true | false | true | | -| suspend_immediate_triggers | set | A list of percentage thresholds at which to immediately suspend all warehouses. | true | false | false | | -| suspend_triggers | set | A list of percentage thresholds at which to suspend all warehouses. | true | false | false | | + + +## Schema + +### Required + +- **name** (String, Required) Identifier for the resource monitor; must be unique for your account. + +### Optional + +- **credit_quota** (Number, Optional) The number of credits allocated monthly to the resource monitor. +- **end_timestamp** (String, Optional) The date and time when the resource monitor suspends the assigned warehouses. +- **frequency** (String, Optional) The frequency interval at which the credit usage resets to 0. If you set a frequency for a resource monitor, you must also set START_TIMESTAMP. +- **id** (String, Optional) The ID of this resource. +- **notify_triggers** (Set of Number, Optional) A list of percentage thresholds at which to send an alert to subscribed users. +- **start_timestamp** (String, Optional) The date and time when the resource monitor starts monitoring credit usage for the assigned warehouses. +- **suspend_immediate_triggers** (Set of Number, Optional) A list of percentage thresholds at which to immediately suspend all warehouses. +- **suspend_triggers** (Set of Number, Optional) A list of percentage thresholds at which to suspend all warehouses. + + diff --git a/docs/resources/resource_monitor_grant.md b/docs/resources/resource_monitor_grant.md index 37812676b4..58898dba77 100644 --- a/docs/resources/resource_monitor_grant.md +++ b/docs/resources/resource_monitor_grant.md @@ -1,19 +1,27 @@ +--- +page_title: "snowflake_resource_monitor_grant Resource - terraform-provider-snowflake" +subcategory: "" +description: |- + +--- -# snowflake_resource_monitor_grant +# Resource `snowflake_resource_monitor_grant` - -**Note**: The snowflake_resource_monitor_grant resource creates exclusive attachments of grants. - Across the entire Snowflake account, all of the resource_monitors to which a single grant is attached must be declared - by a single snowflake_resource_monitor_grant resource. This means that even any snowflake_resource_monitor that have the attached - grant via any other mechanism (including other Terraform resources) will have that attached grant revoked by this resource. - These resources do not enforce exclusive attachment of a grant, it is the user's responsibility to enforce this. - -## properties -| NAME | TYPE | DESCRIPTION | OPTIONAL | REQUIRED | COMPUTED | DEFAULT | -|-------------------|--------|---------------------------------------------------------------------------------------------|----------|-----------|----------|-----------| -| monitor_name | string | Identifier for the resource monitor; must be unique for your account. | false | true | false | | -| privilege | string | The privilege to grant on the resource monitor. | true | false | false | "MONITOR" | -| roles | set | Grants privilege to these roles. | true | false | false | | -| with_grant_option | bool | When this is set to true, allows the recipient role to grant the privileges to other roles. | true | false | false | false | + + +## Schema + +### Required + +- **monitor_name** (String, Required) Identifier for the resource monitor; must be unique for your account. + +### Optional + +- **id** (String, Optional) The ID of this resource. +- **privilege** (String, Optional) The privilege to grant on the resource monitor. +- **roles** (Set of String, Optional) Grants privilege to these roles. +- **with_grant_option** (Boolean, Optional) When this is set to true, allows the recipient role to grant the privileges to other roles. + + diff --git a/docs/resources/role.md b/docs/resources/role.md index f998296689..cc676794b1 100644 --- a/docs/resources/role.md +++ b/docs/resources/role.md @@ -1,11 +1,25 @@ +--- +page_title: "snowflake_role Resource - terraform-provider-snowflake" +subcategory: "" +description: |- + +--- -# snowflake_role +# Resource `snowflake_role` - -## properties -| NAME | TYPE | DESCRIPTION | OPTIONAL | REQUIRED | COMPUTED | DEFAULT | -|---------|--------|-------------|----------|-----------|----------|---------| -| comment | string | | true | false | false | | -| name | string | | false | true | false | | + + +## Schema + +### Required + +- **name** (String, Required) + +### Optional + +- **comment** (String, Optional) +- **id** (String, Optional) The ID of this resource. + + diff --git a/docs/resources/role_grants.md b/docs/resources/role_grants.md index 3399559534..8765e5ea67 100644 --- a/docs/resources/role_grants.md +++ b/docs/resources/role_grants.md @@ -1,12 +1,26 @@ +--- +page_title: "snowflake_role_grants Resource - terraform-provider-snowflake" +subcategory: "" +description: |- + +--- -# snowflake_role_grants +# Resource `snowflake_role_grants` - -## properties -| NAME | TYPE | DESCRIPTION | OPTIONAL | REQUIRED | COMPUTED | DEFAULT | -|-----------|--------|---------------------------------------|----------|-----------|----------|---------| -| role_name | string | The name of the role we are granting. | false | true | false | | -| roles | set | Grants role to this specified role. | true | false | false | | -| users | set | Grants role to this specified user. | true | false | false | | + + +## Schema + +### Required + +- **role_name** (String, Required) The name of the role we are granting. + +### Optional + +- **id** (String, Optional) The ID of this resource. +- **roles** (Set of String, Optional) Grants role to this specified role. +- **users** (Set of String, Optional) Grants role to this specified user. + + diff --git a/docs/resources/schema.md b/docs/resources/schema.md index 71b7415d26..97958f8e43 100644 --- a/docs/resources/schema.md +++ b/docs/resources/schema.md @@ -1,15 +1,29 @@ +--- +page_title: "snowflake_schema Resource - terraform-provider-snowflake" +subcategory: "" +description: |- + +--- -# snowflake_schema +# Resource `snowflake_schema` - -## properties -| NAME | TYPE | DESCRIPTION | OPTIONAL | REQUIRED | COMPUTED | DEFAULT | -|---------------------|--------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-----------|----------|---------| -| comment | string | Specifies a comment for the schema. | true | false | false | | -| data_retention_days | int | Specifies the number of days for which Time Travel actions (CLONE and UNDROP) can be performed on the schema, as well as specifying the default Time Travel retention time for all tables created in the schema. | true | false | false | 1 | -| database | string | The database in which to create the schema. | false | true | false | | -| is_managed | bool | Specifies a managed schema. Managed access schemas centralize privilege management with the schema owner. | true | false | false | false | -| is_transient | bool | Specifies a schema as transient. Transient schemas do not have a Fail-safe period so they do not incur additional storage costs once they leave Time Travel; however, this means they are also not protected by Fail-safe in the event of a data loss. | true | false | false | false | -| name | string | Specifies the identifier for the schema; must be unique for the database in which the schema is created. | false | true | false | | + + +## Schema + +### Required + +- **database** (String, Required) The database in which to create the schema. +- **name** (String, Required) Specifies the identifier for the schema; must be unique for the database in which the schema is created. + +### Optional + +- **comment** (String, Optional) Specifies a comment for the schema. +- **data_retention_days** (Number, Optional) Specifies the number of days for which Time Travel actions (CLONE and UNDROP) can be performed on the schema, as well as specifying the default Time Travel retention time for all tables created in the schema. +- **id** (String, Optional) The ID of this resource. +- **is_managed** (Boolean, Optional) Specifies a managed schema. Managed access schemas centralize privilege management with the schema owner. +- **is_transient** (Boolean, Optional) Specifies a schema as transient. Transient schemas do not have a Fail-safe period so they do not incur additional storage costs once they leave Time Travel; however, this means they are also not protected by Fail-safe in the event of a data loss. + + diff --git a/docs/resources/schema_grant.md b/docs/resources/schema_grant.md index e170267b4f..09706f8f18 100644 --- a/docs/resources/schema_grant.md +++ b/docs/resources/schema_grant.md @@ -1,22 +1,30 @@ +--- +page_title: "snowflake_schema_grant Resource - terraform-provider-snowflake" +subcategory: "" +description: |- + +--- + +# Resource `snowflake_schema_grant` + + + + + +## Schema + +### Required + +- **database_name** (String, Required) The name of the database containing the schema on which to grant privileges. + +### Optional + +- **id** (String, Optional) The ID of this resource. +- **on_future** (Boolean, Optional) When this is set to true, apply this grant on all future schemas in the given database. The schema_name and shares fields must be unset in order to use on_future. +- **privilege** (String, Optional) The privilege to grant on the current or future schema. Note that if "OWNERSHIP" is specified, ensure that the role that terraform is using is granted access. +- **roles** (Set of String, Optional) Grants privilege to these roles. +- **schema_name** (String, Optional) The name of the schema on which to grant privileges. +- **shares** (Set of String, Optional) Grants privilege to these shares (only valid if on_future is unset). +- **with_grant_option** (Boolean, Optional) When this is set to true, allows the recipient role to grant the privileges to other roles. + -# snowflake_schema_grant - - - -**Note**: The snowflake_schema_grant resource creates exclusive attachments of grants. - Across the entire Snowflake account, all of the schemas to which a single grant is attached must be declared - by a single snowflake_schema_grant resource. This means that even any snowflake_schema that have the attached - grant via any other mechanism (including other Terraform resources) will have that attached grant revoked by this resource. - These resources do not enforce exclusive attachment of a grant, it is the user's responsibility to enforce this. - -## properties - -| NAME | TYPE | DESCRIPTION | OPTIONAL | REQUIRED | COMPUTED | DEFAULT | -|-------------------|--------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-----------|----------|---------| -| database_name | string | The name of the database containing the schema on which to grant privileges. | false | true | false | | -| on_future | bool | When this is set to true, apply this grant on all future schemas in the given database. The schema_name and shares fields must be unset in order to use on_future. | true | false | false | false | -| privilege | string | The privilege to grant on the current or future schema. Note that if "OWNERSHIP" is specified, ensure that the role that terraform is using is granted access. | true | false | false | "USAGE" | -| roles | set | Grants privilege to these roles. | true | false | false | | -| schema_name | string | The name of the schema on which to grant privileges. | true | false | false | | -| shares | set | Grants privilege to these shares (only valid if on_future is unset). | true | false | false | | -| with_grant_option | bool | When this is set to true, allows the recipient role to grant the privileges to other roles. | true | false | false | false | diff --git a/docs/resources/share.md b/docs/resources/share.md index cab58c21c5..0cc6a35b04 100644 --- a/docs/resources/share.md +++ b/docs/resources/share.md @@ -1,12 +1,26 @@ +--- +page_title: "snowflake_share Resource - terraform-provider-snowflake" +subcategory: "" +description: |- + +--- -# snowflake_share +# Resource `snowflake_share` - -## properties -| NAME | TYPE | DESCRIPTION | OPTIONAL | REQUIRED | COMPUTED | DEFAULT | -|----------|--------|-------------------------------------------------------------------------------------------------------|----------|-----------|----------|---------| -| accounts | list | A list of accounts to be added to the share. | true | false | false | | -| comment | string | Specifies a comment for the managed account. | true | false | false | | -| name | string | Specifies the identifier for the share; must be unique for the account in which the share is created. | false | true | false | | + + +## Schema + +### Required + +- **name** (String, Required) Specifies the identifier for the share; must be unique for the account in which the share is created. + +### Optional + +- **accounts** (List of String, Optional) A list of accounts to be added to the share. +- **comment** (String, Optional) Specifies a comment for the managed account. +- **id** (String, Optional) The ID of this resource. + + diff --git a/docs/resources/stage.md b/docs/resources/stage.md index df40b17826..7b18e4204c 100644 --- a/docs/resources/stage.md +++ b/docs/resources/stage.md @@ -1,21 +1,35 @@ +--- +page_title: "snowflake_stage Resource - terraform-provider-snowflake" +subcategory: "" +description: |- + +--- + +# Resource `snowflake_stage` + + + + + +## Schema + +### Required + +- **database** (String, Required) The database in which to create the stage. +- **name** (String, Required) Specifies the identifier for the stage; must be unique for the database and schema in which the stage is created. +- **schema** (String, Required) The schema in which to create the stage. + +### Optional + +- **aws_external_id** (String, Optional) +- **comment** (String, Optional) Specifies a comment for the stage. +- **copy_options** (String, Optional) Specifies the copy options for the stage. +- **credentials** (String, Optional) Specifies the credentials for the stage. +- **encryption** (String, Optional) Specifies the encryption settings for the stage. +- **file_format** (String, Optional) Specifies the file format for the stage. +- **id** (String, Optional) The ID of this resource. +- **snowflake_iam_user** (String, Optional) +- **storage_integration** (String, Optional) Specifies the name of the storage integration used to delegate authentication responsibility for external cloud storage to a Snowflake identity and access management (IAM) entity. +- **url** (String, Optional) Specifies the URL for the stage. + -# snowflake_stage - - - -## properties - -| NAME | TYPE | DESCRIPTION | OPTIONAL | REQUIRED | COMPUTED | DEFAULT | -|---------------------|--------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-----------|----------|---------| -| aws_external_id | string | | true | false | true | | -| comment | string | Specifies a comment for the stage. | true | false | false | | -| copy_options | string | Specifies the copy options for the stage. | true | false | false | | -| credentials | string | Specifies the credentials for the stage. | true | false | false | | -| database | string | The database in which to create the stage. | false | true | false | | -| encryption | string | Specifies the encryption settings for the stage. | true | false | false | | -| file_format | string | Specifies the file format for the stage. | true | false | false | | -| name | string | Specifies the identifier for the stage; must be unique for the database and schema in which the stage is created. | false | true | false | | -| schema | string | The schema in which to create the stage. | false | true | false | | -| snowflake_iam_user | string | | true | false | true | | -| storage_integration | string | Specifies the name of the storage integration used to delegate authentication responsibility for external cloud storage to a Snowflake identity and access management (IAM) entity. | true | false | false | | -| url | string | Specifies the URL for the stage. | true | false | false | | diff --git a/docs/resources/stage_grant.md b/docs/resources/stage_grant.md index df9c1cea45..e2101e96ea 100644 --- a/docs/resources/stage_grant.md +++ b/docs/resources/stage_grant.md @@ -1,22 +1,30 @@ +--- +page_title: "snowflake_stage_grant Resource - terraform-provider-snowflake" +subcategory: "" +description: |- + +--- + +# Resource `snowflake_stage_grant` + + + + + +## Schema + +### Required + +- **database_name** (String, Required) The name of the database containing the current stage on which to grant privileges. +- **schema_name** (String, Required) The name of the schema containing the current stage on which to grant privileges. +- **stage_name** (String, Required) The name of the stage on which to grant privileges. + +### Optional + +- **id** (String, Optional) The ID of this resource. +- **privilege** (String, Optional) The privilege to grant on the stage. +- **roles** (Set of String, Optional) Grants privilege to these roles. +- **shares** (Set of String, Optional) Grants privilege to these shares. +- **with_grant_option** (Boolean, Optional) When this is set to true, allows the recipient role to grant the privileges to other roles. + -# snowflake_stage_grant - - - -**Note**: The snowflake_stage_grant resource creates exclusive attachments of grants. - Across the entire Snowflake account, all of the stages to which a single grant is attached must be declared - by a single snowflake_stage_grant resource. This means that even any snowflake_stage that have the attached - grant via any other mechanism (including other Terraform resources) will have that attached grant revoked by this resource. - These resources do not enforce exclusive attachment of a grant, it is the user's responsibility to enforce this. - -## properties - -| NAME | TYPE | DESCRIPTION | OPTIONAL | REQUIRED | COMPUTED | DEFAULT | -|-------------------|--------|---------------------------------------------------------------------------------------------|----------|-----------|----------|---------| -| database_name | string | The name of the database containing the current stage on which to grant privileges. | false | true | false | | -| privilege | string | The privilege to grant on the stage. | true | false | false | "USAGE" | -| roles | set | Grants privilege to these roles. | true | false | false | | -| schema_name | string | The name of the schema containing the current stage on which to grant privileges. | false | true | false | | -| shares | set | Grants privilege to these shares. | true | false | false | | -| stage_name | string | The name of the stage on which to grant privileges. | false | true | false | | -| with_grant_option | bool | When this is set to true, allows the recipient role to grant the privileges to other roles. | true | false | false | false | diff --git a/docs/resources/storage_integration.md b/docs/resources/storage_integration.md index 1e5db50c0c..1ea6cf7a5b 100644 --- a/docs/resources/storage_integration.md +++ b/docs/resources/storage_integration.md @@ -1,21 +1,38 @@ +--- +page_title: "snowflake_storage_integration Resource - terraform-provider-snowflake" +subcategory: "" +description: |- + +--- + +# Resource `snowflake_storage_integration` + + + + + +## Schema + +### Required + +- **name** (String, Required) +- **storage_allowed_locations** (List of String, Required) Explicitly limits external stages that use the integration to reference one or more storage locations. +- **storage_provider** (String, Required) + +### Optional + +- **azure_tenant_id** (String, Optional) +- **comment** (String, Optional) +- **enabled** (Boolean, Optional) +- **id** (String, Optional) The ID of this resource. +- **storage_aws_role_arn** (String, Optional) +- **storage_blocked_locations** (List of String, Optional) Explicitly prohibits external stages that use the integration from referencing one or more storage locations. +- **type** (String, Optional) + +### Read-only + +- **created_on** (String, Read-only) Date and time when the storage integration was created. +- **storage_aws_external_id** (String, Read-only) The external ID that Snowflake will use when assuming the AWS role. +- **storage_aws_iam_user_arn** (String, Read-only) The Snowflake user that will attempt to assume the AWS role. + -# snowflake_storage_integration - - - -## properties - -| NAME | TYPE | DESCRIPTION | OPTIONAL | REQUIRED | COMPUTED | DEFAULT | -|---------------------------|--------|---------------------------------------------------------------------------------------------------------------|----------|-----------|----------|------------------| -| azure_tenant_id | string | | true | false | false | "" | -| comment | string | | true | false | false | "" | -| created_on | string | Date and time when the storage integration was created. | false | false | true | | -| enabled | bool | | true | false | false | true | -| name | string | | false | true | false | | -| storage_allowed_locations | list | Explicitly limits external stages that use the integration to reference one or more storage locations. | false | true | false | | -| storage_aws_external_id | string | The external ID that Snowflake will use when assuming the AWS role. | false | false | true | | -| storage_aws_iam_user_arn | string | The Snowflake user that will attempt to assume the AWS role. | false | false | true | | -| storage_aws_role_arn | string | | true | false | false | "" | -| storage_blocked_locations | list | Explicitly prohibits external stages that use the integration from referencing one or more storage locations. | true | false | false | | -| storage_provider | string | | false | true | false | | -| type | string | | true | false | false | "EXTERNAL_STAGE" | diff --git a/docs/resources/stream.md b/docs/resources/stream.md index 6f595d9dab..a2c14f1db7 100644 --- a/docs/resources/stream.md +++ b/docs/resources/stream.md @@ -1,16 +1,33 @@ +--- +page_title: "snowflake_stream Resource - terraform-provider-snowflake" +subcategory: "" +description: |- + +--- -# snowflake_stream +# Resource `snowflake_stream` - -## properties -| NAME | TYPE | DESCRIPTION | OPTIONAL | REQUIRED | COMPUTED | DEFAULT | -|-------------|--------|---------------------------------------------------------------------------------------------------------------------|----------|-----------|----------|---------| -| append_only | bool | Type of the stream that will be created. | true | false | false | false | -| comment | string | Specifies a comment for the stream. | true | false | false | | -| database | string | The database in which to create the stream. | false | true | false | | -| name | string | Specifies the identifier for the stream; must be unique for the database and schema in which the stream is created. | false | true | false | | -| on_table | string | Name of the table the stream will monitor. | true | false | false | | -| owner | string | Name of the role that owns the stream. | false | false | true | | -| schema | string | The schema in which to create the stream. | false | true | false | | + + +## Schema + +### Required + +- **database** (String, Required) The database in which to create the stream. +- **name** (String, Required) Specifies the identifier for the stream; must be unique for the database and schema in which the stream is created. +- **schema** (String, Required) The schema in which to create the stream. + +### Optional + +- **append_only** (Boolean, Optional) Type of the stream that will be created. +- **comment** (String, Optional) Specifies a comment for the stream. +- **id** (String, Optional) The ID of this resource. +- **on_table** (String, Optional) Name of the table the stream will monitor. + +### Read-only + +- **owner** (String, Read-only) Name of the role that owns the stream. + + diff --git a/docs/resources/table.md b/docs/resources/table.md index d23939d044..3008f12dc4 100644 --- a/docs/resources/table.md +++ b/docs/resources/table.md @@ -1,15 +1,40 @@ +--- +page_title: "snowflake_table Resource - terraform-provider-snowflake" +subcategory: "" +description: |- + +--- -# snowflake_table +# Resource `snowflake_table` - -## properties -| NAME | TYPE | DESCRIPTION | OPTIONAL | REQUIRED | COMPUTED | DEFAULT | -|----------|--------|-------------------------------------------------------------------------------------------------------------------|----------|-----------|----------|---------| -| column | list | Definitions of a column to create in the table. Minimum one required. | false | true | false | | -| comment | string | Specifies a comment for the table. | true | false | false | | -| database | string | The database in which to create the table. | false | true | false | | -| name | string | Specifies the identifier for the table; must be unique for the database and schema in which the table is created. | false | true | false | | -| owner | string | Name of the role that owns the table. | false | false | true | | -| schema | string | The schema in which to create the table. | false | true | false | | + + +## Schema + +### Required + +- **column** (Block List, Min: 1) Definitions of a column to create in the table. Minimum one required. (see [below for nested schema](#nestedblock--column)) +- **database** (String, Required) The database in which to create the table. +- **name** (String, Required) Specifies the identifier for the table; must be unique for the database and schema in which the table is created. +- **schema** (String, Required) The schema in which to create the table. + +### Optional + +- **comment** (String, Optional) Specifies a comment for the table. +- **id** (String, Optional) The ID of this resource. + +### Read-only + +- **owner** (String, Read-only) Name of the role that owns the table. + + +### Nested Schema for `column` + +Required: + +- **name** (String, Required) Column name +- **type** (String, Required) Column type, e.g. VARIANT + + diff --git a/docs/resources/table_grant.md b/docs/resources/table_grant.md index c88a651b1c..57e6ce5c09 100644 --- a/docs/resources/table_grant.md +++ b/docs/resources/table_grant.md @@ -1,23 +1,31 @@ +--- +page_title: "snowflake_table_grant Resource - terraform-provider-snowflake" +subcategory: "" +description: |- + +--- + +# Resource `snowflake_table_grant` + + + + + +## Schema + +### Required + +- **database_name** (String, Required) The name of the database containing the current or future tables on which to grant privileges. + +### Optional + +- **id** (String, Optional) The ID of this resource. +- **on_future** (Boolean, Optional) When this is set to true and a schema_name is provided, apply this grant on all future tables in the given schema. When this is true and no schema_name is provided apply this grant on all future tables in the given database. The table_name and shares fields must be unset in order to use on_future. +- **privilege** (String, Optional) The privilege to grant on the current or future table. +- **roles** (Set of String, Optional) Grants privilege to these roles. +- **schema_name** (String, Optional) The name of the schema containing the current or future tables on which to grant privileges. +- **shares** (Set of String, Optional) Grants privilege to these shares (only valid if on_future is unset). +- **table_name** (String, Optional) The name of the table on which to grant privileges immediately (only valid if on_future is unset). +- **with_grant_option** (Boolean, Optional) When this is set to true, allows the recipient role to grant the privileges to other roles. + -# snowflake_table_grant - - - -**Note**: The snowflake_table_grant resource creates exclusive attachments of grants. - Across the entire Snowflake account, all of the tables to which a single grant is attached must be declared - by a single snowflake_table_grant resource. This means that even any snowflake_table that have the attached - grant via any other mechanism (including other Terraform resources) will have that attached grant revoked by this resource. - These resources do not enforce exclusive attachment of a grant, it is the user's responsibility to enforce this. - -## properties - -| NAME | TYPE | DESCRIPTION | OPTIONAL | REQUIRED | COMPUTED | DEFAULT | -|-------------------|--------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-----------|----------|----------| -| database_name | string | The name of the database containing the current or future tables on which to grant privileges. | false | true | false | | -| on_future | bool | When this is set to true and a schema_name is provided, apply this grant on all future tables in the given schema. When this is true and no schema_name is provided apply this grant on all future tables in the given database. The table_name and shares fields must be unset in order to use on_future. | true | false | false | false | -| privilege | string | The privilege to grant on the current or future table. | true | false | false | "SELECT" | -| roles | set | Grants privilege to these roles. | true | false | false | | -| schema_name | string | The name of the schema containing the current or future tables on which to grant privileges. | true | false | false | | -| shares | set | Grants privilege to these shares (only valid if on_future is unset). | true | false | false | | -| table_name | string | The name of the table on which to grant privileges immediately (only valid if on_future is unset). | true | false | false | | -| with_grant_option | bool | When this is set to true, allows the recipient role to grant the privileges to other roles. | true | false | false | false | diff --git a/docs/resources/task.md b/docs/resources/task.md index 5c391b58d2..725195dcfd 100644 --- a/docs/resources/task.md +++ b/docs/resources/task.md @@ -1,21 +1,35 @@ +--- +page_title: "snowflake_task Resource - terraform-provider-snowflake" +subcategory: "" +description: |- + +--- + +# Resource `snowflake_task` + + + + + +## Schema + +### Required + +- **database** (String, Required) The database in which to create the task. +- **name** (String, Required) Specifies the identifier for the task; must be unique for the database and schema in which the task is created. +- **schema** (String, Required) The schema in which to create the task. +- **sql_statement** (String, Required) Any single SQL statement, or a call to a stored procedure, executed when the task runs. +- **warehouse** (String, Required) The warehouse the task will use. + +### Optional + +- **after** (String, Optional) Specifies the predecessor task in the same database and schema of the current task. When a run of the predecessor task finishes successfully, it triggers this task (after a brief lag). +- **comment** (String, Optional) Specifies a comment for the task. +- **enabled** (Boolean, Optional) Specifies if the task should be started (enabled) after creation or should remain suspended (default). +- **id** (String, Optional) The ID of this resource. +- **schedule** (String, Optional) The schedule for periodically running the task. This can be a cron or interval in minutes. +- **session_parameters** (Map of String, Optional) Specifies session parameters to set for the session when the task runs. A task supports all session parameters. +- **user_task_timeout_ms** (Number, Optional) Specifies the time limit on a single run of the task before it times out (in milliseconds). +- **when** (String, Optional) Specifies a Boolean SQL expression; multiple conditions joined with AND/OR are supported. + -# snowflake_task - - - -## properties - -| NAME | TYPE | DESCRIPTION | OPTIONAL | REQUIRED | COMPUTED | DEFAULT | -|----------------------|--------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-----------|----------|---------| -| after | string | Specifies the predecessor task in the same database and schema of the current task. When a run of the predecessor task finishes successfully, it triggers this task (after a brief lag). | true | false | false | | -| comment | string | Specifies a comment for the task. | true | false | false | | -| database | string | The database in which to create the task. | false | true | false | | -| enabled | bool | Specifies if the task should be started (enabled) after creation or should remain suspended (default). | true | false | false | false | -| name | string | Specifies the identifier for the task; must be unique for the database and schema in which the task is created. | false | true | false | | -| schedule | string | The schedule for periodically running the task. This can be a cron or interval in minutes. | true | false | false | | -| schema | string | The schema in which to create the task. | false | true | false | | -| session_parameters | map | Specifies session parameters to set for the session when the task runs. A task supports all session parameters. | true | false | false | | -| sql_statement | string | Any single SQL statement, or a call to a stored procedure, executed when the task runs. | false | true | false | | -| user_task_timeout_ms | int | Specifies the time limit on a single run of the task before it times out (in milliseconds). | true | false | false | | -| warehouse | string | The warehouse the task will use. | false | true | false | | -| when | string | Specifies a Boolean SQL expression; multiple conditions joined with AND/OR are supported. | true | false | false | | diff --git a/docs/resources/user.md b/docs/resources/user.md index 805c710310..5c7a3d5722 100644 --- a/docs/resources/user.md +++ b/docs/resources/user.md @@ -1,25 +1,42 @@ +--- +page_title: "snowflake_user Resource - terraform-provider-snowflake" +subcategory: "" +description: |- + +--- + +# Resource `snowflake_user` + + + + + +## Schema + +### Required + +- **name** (String, Required) Name of the user. Note that if you do not supply login_name this will be used as login_name. [doc](https://docs.snowflake.net/manuals/sql-reference/sql/create-user.html#required-parameters) + +### Optional + +- **comment** (String, Optional) +- **default_namespace** (String, Optional) Specifies the namespace (database only or database and schema) that is active by default for the user’s session upon login. +- **default_role** (String, Optional) Specifies the role that is active by default for the user’s session upon login. +- **default_warehouse** (String, Optional) Specifies the virtual warehouse that is active by default for the user’s session upon login. +- **disabled** (Boolean, Optional) +- **display_name** (String, Optional) Name displayed for the user in the Snowflake web interface. +- **email** (String, Optional) Email address for the user. +- **first_name** (String, Optional) First name of the user. +- **id** (String, Optional) The ID of this resource. +- **last_name** (String, Optional) Last name of the user. +- **login_name** (String, Optional) The name users use to log in. If not supplied, snowflake will use name instead. +- **must_change_password** (Boolean, Optional) Specifies whether the user is forced to change their password on next login (including their first/initial login) into the system. +- **password** (String, Optional) **WARNING:** this will put the password in the terraform state file. Use carefully. +- **rsa_public_key** (String, Optional) Specifies the user’s RSA public key; used for key-pair authentication. Must be on 1 line without header and trailer. +- **rsa_public_key_2** (String, Optional) Specifies the user’s second RSA public key; used to rotate the public and private keys for key-pair authentication based on an expiration schedule set by your organization. Must be on 1 line without header and trailer. + +### Read-only + +- **has_rsa_public_key** (Boolean, Read-only) Will be true if user as an RSA key set. + -# snowflake_user - - - -## properties - -| NAME | TYPE | DESCRIPTION | OPTIONAL | REQUIRED | COMPUTED | DEFAULT | -|----------------------|--------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-----------|----------|---------| -| comment | string | | true | false | false | | -| default_namespace | string | Specifies the namespace (database only or database and schema) that is active by default for the user’s session upon login. | true | false | false | | -| default_role | string | Specifies the role that is active by default for the user’s session upon login. | true | false | true | | -| default_warehouse | string | Specifies the virtual warehouse that is active by default for the user’s session upon login. | true | false | false | | -| disabled | bool | | true | false | true | | -| display_name | string | Name displayed for the user in the Snowflake web interface. | true | false | true | | -| email | string | Email address for the user. | true | false | false | | -| first_name | string | First name of the user. | true | false | false | | -| has_rsa_public_key | bool | Will be true if user as an RSA key set. | false | false | true | | -| last_name | string | Last name of the user. | true | false | false | | -| login_name | string | The name users use to log in. If not supplied, snowflake will use name instead. | true | false | true | | -| must_change_password | bool | Specifies whether the user is forced to change their password on next login (including their first/initial login) into the system. | true | false | false | | -| name | string | Name of the user. Note that if you do not supply login_name this will be used as login_name. [doc](https://docs.snowflake.net/manuals/sql-reference/sql/create-user.html#required-parameters) | false | true | false | | -| password | string | **WARNING:** this will put the password in the terraform state file. Use carefully. | true | false | false | | -| rsa_public_key | string | Specifies the user’s RSA public key; used for key-pair authentication. Must be on 1 line without header and trailer. | true | false | false | | -| rsa_public_key_2 | string | Specifies the user’s second RSA public key; used to rotate the public and private keys for key-pair authentication based on an expiration schedule set by your organization. Must be on 1 line without header and trailer. | true | false | false | | diff --git a/docs/resources/view.md b/docs/resources/view.md index 605aae19d5..e8830a3ad4 100644 --- a/docs/resources/view.md +++ b/docs/resources/view.md @@ -1,16 +1,30 @@ +--- +page_title: "snowflake_view Resource - terraform-provider-snowflake" +subcategory: "" +description: |- + +--- -# snowflake_view +# Resource `snowflake_view` - -## properties -| NAME | TYPE | DESCRIPTION | OPTIONAL | REQUIRED | COMPUTED | DEFAULT | -|------------|--------|-------------------------------------------------------------------------------------------------------------------------------|----------|-----------|----------|----------| -| comment | string | Specifies a comment for the view. | true | false | false | | -| database | string | The database in which to create the view. Don't use the | character. | false | true | false | | -| is_secure | bool | Specifies that the view is secure. | true | false | false | false | -| name | string | Specifies the identifier for the view; must be unique for the schema in which the view is created. Don't use the | character. | false | true | false | | -| or_replace | bool | Overwrites the View if it exists. | true | false | false | false | -| schema | string | The schema in which to create the view. Don't use the | character. | true | false | false | "PUBLIC" | -| statement | string | Specifies the query used to create the view. | false | true | false | | + + +## Schema + +### Required + +- **database** (String, Required) The database in which to create the view. Don't use the | character. +- **name** (String, Required) Specifies the identifier for the view; must be unique for the schema in which the view is created. Don't use the | character. +- **statement** (String, Required) Specifies the query used to create the view. + +### Optional + +- **comment** (String, Optional) Specifies a comment for the view. +- **id** (String, Optional) The ID of this resource. +- **is_secure** (Boolean, Optional) Specifies that the view is secure. +- **or_replace** (Boolean, Optional) Overwrites the View if it exists. +- **schema** (String, Optional) The schema in which to create the view. Don't use the | character. + + diff --git a/docs/resources/view_grant.md b/docs/resources/view_grant.md index cc32edaaa6..c1927124cf 100644 --- a/docs/resources/view_grant.md +++ b/docs/resources/view_grant.md @@ -1,23 +1,31 @@ +--- +page_title: "snowflake_view_grant Resource - terraform-provider-snowflake" +subcategory: "" +description: |- + +--- + +# Resource `snowflake_view_grant` + + + + + +## Schema + +### Required + +- **database_name** (String, Required) The name of the database containing the current or future views on which to grant privileges. + +### Optional + +- **id** (String, Optional) The ID of this resource. +- **on_future** (Boolean, Optional) When this is set to true and a schema_name is provided, apply this grant on all future views in the given schema. When this is true and no schema_name is provided apply this grant on all future views in the given database. The view_name and shares fields must be unset in order to use on_future. +- **privilege** (String, Optional) The privilege to grant on the current or future view. +- **roles** (Set of String, Optional) Grants privilege to these roles. +- **schema_name** (String, Optional) The name of the schema containing the current or future views on which to grant privileges. +- **shares** (Set of String, Optional) Grants privilege to these shares (only valid if on_future is unset). +- **view_name** (String, Optional) The name of the view on which to grant privileges immediately (only valid if on_future is unset). +- **with_grant_option** (Boolean, Optional) When this is set to true, allows the recipient role to grant the privileges to other roles. + -# snowflake_view_grant - - - -**Note**: The snowflake_view_grant resource creates exclusive attachments of grants. - Across the entire Snowflake account, all of the views to which a single grant is attached must be declared - by a single snowflake_view_grant resource. This means that even any snowflake_view that have the attached - grant via any other mechanism (including other Terraform resources) will have that attached grant revoked by this resource. - These resources do not enforce exclusive attachment of a grant, it is the user's responsibility to enforce this. - -## properties - -| NAME | TYPE | DESCRIPTION | OPTIONAL | REQUIRED | COMPUTED | DEFAULT | -|-------------------|--------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-----------|----------|----------| -| database_name | string | The name of the database containing the current or future views on which to grant privileges. | false | true | false | | -| on_future | bool | When this is set to true and a schema_name is provided, apply this grant on all future views in the given schema. When this is true and no schema_name is provided apply this grant on all future views in the given database. The view_name and shares fields must be unset in order to use on_future. | true | false | false | false | -| privilege | string | The privilege to grant on the current or future view. | true | false | false | "SELECT" | -| roles | set | Grants privilege to these roles. | true | false | false | | -| schema_name | string | The name of the schema containing the current or future views on which to grant privileges. | true | false | false | | -| shares | set | Grants privilege to these shares (only valid if on_future is unset). | true | false | false | | -| view_name | string | The name of the view on which to grant privileges immediately (only valid if on_future is unset). | true | false | false | | -| with_grant_option | bool | When this is set to true, allows the recipient role to grant the privileges to other roles. | true | false | false | false | diff --git a/docs/resources/warehouse.md b/docs/resources/warehouse.md index 1d0c87085c..a50dc87959 100644 --- a/docs/resources/warehouse.md +++ b/docs/resources/warehouse.md @@ -1,21 +1,35 @@ +--- +page_title: "snowflake_warehouse Resource - terraform-provider-snowflake" +subcategory: "" +description: |- + +--- + +# Resource `snowflake_warehouse` + + + + + +## Schema + +### Required + +- **name** (String, Required) + +### Optional + +- **auto_resume** (Boolean, Optional) Specifies whether to automatically resume a warehouse when a SQL statement (e.g. query) is submitted to it. +- **auto_suspend** (Number, Optional) Specifies the number of seconds of inactivity after which a warehouse is automatically suspended. +- **comment** (String, Optional) +- **id** (String, Optional) The ID of this resource. +- **initially_suspended** (Boolean, Optional) Specifies whether the warehouse is created initially in the ‘Suspended’ state. +- **max_cluster_count** (Number, Optional) Specifies the maximum number of server clusters for the warehouse. +- **min_cluster_count** (Number, Optional) Specifies the minimum number of server clusters for the warehouse (only applies to multi-cluster warehouses). +- **resource_monitor** (String, Optional) Specifies the name of a resource monitor that is explicitly assigned to the warehouse. +- **scaling_policy** (String, Optional) Specifies the policy for automatically starting and shutting down clusters in a multi-cluster warehouse running in Auto-scale mode. +- **statement_timeout_in_seconds** (Number, Optional) Specifies the time, in seconds, after which a running SQL statement (query, DDL, DML, etc.) is canceled by the system +- **wait_for_provisioning** (Boolean, Optional) Specifies whether the warehouse, after being resized, waits for all the servers to provision before executing any queued or new queries. +- **warehouse_size** (String, Optional) + -# snowflake_warehouse - - - -## properties - -| NAME | TYPE | DESCRIPTION | OPTIONAL | REQUIRED | COMPUTED | DEFAULT | -|------------------------------|--------|------------------------------------------------------------------------------------------------------------------------------------------|----------|-----------|----------|---------| -| auto_resume | bool | Specifies whether to automatically resume a warehouse when a SQL statement (e.g. query) is submitted to it. | true | false | true | | -| auto_suspend | int | Specifies the number of seconds of inactivity after which a warehouse is automatically suspended. | true | false | true | | -| comment | string | | true | false | false | "" | -| initially_suspended | bool | Specifies whether the warehouse is created initially in the ‘Suspended’ state. | true | false | false | | -| max_cluster_count | int | Specifies the maximum number of server clusters for the warehouse. | true | false | true | | -| min_cluster_count | int | Specifies the minimum number of server clusters for the warehouse (only applies to multi-cluster warehouses). | true | false | true | | -| name | string | | false | true | false | | -| resource_monitor | string | Specifies the name of a resource monitor that is explicitly assigned to the warehouse. | true | false | true | | -| scaling_policy | string | Specifies the policy for automatically starting and shutting down clusters in a multi-cluster warehouse running in Auto-scale mode. | true | false | true | | -| statement_timeout_in_seconds | int | Specifies the time, in seconds, after which a running SQL statement (query, DDL, DML, etc.) is canceled by the system | true | false | false | 0 | -| wait_for_provisioning | bool | Specifies whether the warehouse, after being resized, waits for all the servers to provision before executing any queued or new queries. | true | false | false | | -| warehouse_size | string | | true | false | true | | diff --git a/docs/resources/warehouse_grant.md b/docs/resources/warehouse_grant.md index e91f2298cc..24568916f7 100644 --- a/docs/resources/warehouse_grant.md +++ b/docs/resources/warehouse_grant.md @@ -1,19 +1,27 @@ +--- +page_title: "snowflake_warehouse_grant Resource - terraform-provider-snowflake" +subcategory: "" +description: |- + +--- -# snowflake_warehouse_grant +# Resource `snowflake_warehouse_grant` - -**Note**: The snowflake_warehouse_grant resource creates exclusive attachments of grants. - Across the entire Snowflake account, all of the warehouses to which a single grant is attached must be declared - by a single snowflake_warehouse_grant resource. This means that even any snowflake_warehouse that have the attached - grant via any other mechanism (including other Terraform resources) will have that attached grant revoked by this resource. - These resources do not enforce exclusive attachment of a grant, it is the user's responsibility to enforce this. - -## properties -| NAME | TYPE | DESCRIPTION | OPTIONAL | REQUIRED | COMPUTED | DEFAULT | -|-------------------|--------|---------------------------------------------------------------------------------------------|----------|-----------|----------|---------| -| privilege | string | The privilege to grant on the warehouse. | true | false | false | "USAGE" | -| roles | set | Grants privilege to these roles. | true | false | false | | -| warehouse_name | string | The name of the warehouse on which to grant privileges. | false | true | false | | -| with_grant_option | bool | When this is set to true, allows the recipient role to grant the privileges to other roles. | true | false | false | false | + + +## Schema + +### Required + +- **warehouse_name** (String, Required) The name of the warehouse on which to grant privileges. + +### Optional + +- **id** (String, Optional) The ID of this resource. +- **privilege** (String, Optional) The privilege to grant on the warehouse. +- **roles** (Set of String, Optional) Grants privilege to these roles. +- **with_grant_option** (Boolean, Optional) When this is set to true, allows the recipient role to grant the privileges to other roles. + + diff --git a/examples/provider/provider.tf b/examples/provider/provider.tf new file mode 100644 index 0000000000..4c5ceca185 --- /dev/null +++ b/examples/provider/provider.tf @@ -0,0 +1,14 @@ +provider snowflake { + // required + username = "..." + account = "..." + region = "..." + + // optional, at exactly one must be set + password = "..." + oauth_access_token = "..." + private_key_path = "..." + + // optional + role = "..." +} diff --git a/go.mod b/go.mod index 025cc11842..f0e2fe91e5 100644 --- a/go.mod +++ b/go.mod @@ -8,11 +8,11 @@ require ( github.com/apparentlymart/go-cidr v1.1.0 // indirect github.com/chanzuckerberg/go-misc v0.0.0-20200713202614-1c7b6844ebd6 github.com/hashicorp/hcl/v2 v2.6.0 // indirect + github.com/hashicorp/terraform-plugin-docs v0.2.0 github.com/hashicorp/terraform-plugin-sdk/v2 v2.0.3 github.com/jmoiron/sqlx v1.2.0 github.com/luna-duclos/instrumentedsql v1.1.3 github.com/mitchellh/go-homedir v1.1.0 - github.com/olekukonko/tablewriter v0.0.4 github.com/pkg/errors v0.9.1 github.com/snowflakedb/gosnowflake v1.3.4 github.com/stretchr/testify v1.5.1 diff --git a/go.sum b/go.sum index 1d550c9335..e043bb9180 100644 --- a/go.sum +++ b/go.sum @@ -66,6 +66,7 @@ github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/ github.com/apparentlymart/go-textseg/v12 v12.0.0 h1:bNEQyAGak9tojivJNkoqWErVCQbjdL7GzRt3F8NvfJ0= github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310 h1:BUAU3CGlLvorLI26FmByPp2eC2qla6E1Tw+scpcg/to= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= @@ -270,10 +271,13 @@ github.com/hashicorp/hcl/v2 v2.6.0 h1:3krZOfGY6SziUXa6H9PJU6TyohHn7I+ARYnhbeNBz+ github.com/hashicorp/hcl/v2 v2.6.0/go.mod h1:bQTN5mpo+jewjJgh8jr0JUguIi7qPHUF6yIfAEN3jqY= github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= +github.com/hashicorp/terraform-exec v0.9.0/go.mod h1:tOT8j1J8rP05bZBGWXfMyU3HkLi1LWyqL3Bzsc3CJjo= github.com/hashicorp/terraform-exec v0.10.0 h1:3nh/1e3u9gYRUQGOKWp/8wPR7ABlL2F14sZMZBrp+dM= github.com/hashicorp/terraform-exec v0.10.0/go.mod h1:tOT8j1J8rP05bZBGWXfMyU3HkLi1LWyqL3Bzsc3CJjo= github.com/hashicorp/terraform-json v0.5.0 h1:7TV3/F3y7QVSuN4r9BEXqnWqrAyeOtON8f0wvREtyzs= github.com/hashicorp/terraform-json v0.5.0/go.mod h1:eAbqb4w0pSlRmdvl8fOyHAi/+8jnkVYN28gJkSJrLhU= +github.com/hashicorp/terraform-plugin-docs v0.2.0 h1:A1Uk+WIvU0B4VP4pBbTBP9bZJ9w9F8yoVGj7MC1vYc0= +github.com/hashicorp/terraform-plugin-docs v0.2.0/go.mod h1:4jopztPjeyZAr51wPzX4b8Ld8bFQKQ9dbF40JbCQIts= github.com/hashicorp/terraform-plugin-sdk/v2 v2.0.3 h1:X7VmKpcIxq+rIbuqe5TPN27KLzbO9aXQcjG4c5iC3tk= github.com/hashicorp/terraform-plugin-sdk/v2 v2.0.3/go.mod h1:oz4kkpfTJ/hA2VMD0WpITTd3yPDGpT4uN7CiKdre/YI= github.com/hashicorp/terraform-plugin-test/v2 v2.1.2 h1:p96IIn+XpvVjw7AtN8y9MKxn0x69S7wtbGf7JgDJoIk= @@ -331,12 +335,14 @@ github.com/luna-duclos/instrumentedsql v1.1.3 h1:t7mvC0z1jUt5A0UQ6I/0H31ryymuQRn github.com/luna-duclos/instrumentedsql v1.1.3/go.mod h1:9J1njvFds+zN7y85EDhN9XNQLANWwZt2ULeIC8yMNYs= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= +github.com/mattn/go-colorable v0.1.7 h1:bQGKb3vps/j0E9GfJQ03JyhRuxsvdAanXlT9BTw3mdw= +github.com/mattn/go-colorable v0.1.7/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= +github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY= +github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-runewidth v0.0.4 h1:2BvfKmzob6Bmd4YsL0zygOqfdFnK7GR4QL06Do4/p7Y= github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= -github.com/mattn/go-runewidth v0.0.7 h1:Ei8KR0497xHyKJPAv59M1dkC+rOZCMBJ+t3fZ+twI54= -github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-sqlite3 v1.9.0 h1:pDRiWfl+++eC2FEFRy6jXmQlvp4Yh3z1MJKg4UeYM/4= github.com/mattn/go-sqlite3 v1.9.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= @@ -368,8 +374,6 @@ github.com/nlopes/slack v0.6.0/go.mod h1:JzQ9m3PMAqcpeCam7UaHSuBuupz7CmpjehYMayT github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw= github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= -github.com/olekukonko/tablewriter v0.0.4 h1:vHD/YYe1Wolo78koG299f7V/VAS08c6IpCLn+Ejf/w8= -github.com/olekukonko/tablewriter v0.0.4/go.mod h1:zq6QwlOf5SlnkVbMSr5EoBv3636FWnp+qbPhuoO21uA= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pkg/browser v0.0.0-20180916011732-0a3d74bf9ce4 h1:49lOXmGaUpV9Fz3gd7TFZY106KVlPVa5jcYD1gaQf98= @@ -380,6 +384,7 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/posener/complete v1.1.1 h1:ccV59UEOTzVDnDUEFdT95ZzHVZ+5+158q8+SJb2QV5w= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= @@ -394,6 +399,8 @@ github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7z github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/russross/blackfriday v1.5.2 h1:HyvC0ARfnZBqnXwABFeSZHpKvJHJJfPz81GNueLj0oo= +github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= @@ -450,6 +457,7 @@ github.com/zalando/go-keyring v0.0.0-20200121091418-667557018717/go.mod h1:RaxNw github.com/zclconf/go-cty v1.2.0/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8= github.com/zclconf/go-cty v1.2.1 h1:vGMsygfmeCl4Xb6OA5U5XVAaQZ69FvoG7X2jUtQujb8= github.com/zclconf/go-cty v1.2.1/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8= +github.com/zclconf/go-cty v1.4.1/go.mod h1:nHzOclRkoj++EU9ZjSrZvRG0BXIWt8c7loYc0qXAFGQ= github.com/zclconf/go-cty v1.5.1 h1:oALUZX+aJeEBUe2a1+uD2+UTaYfEjnKFDEMRydkGvWE= github.com/zclconf/go-cty v1.5.1/go.mod h1:nHzOclRkoj++EU9ZjSrZvRG0BXIWt8c7loYc0qXAFGQ= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= @@ -575,6 +583,7 @@ golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= diff --git a/templates/index.md.tmpl b/templates/index.md.tmpl new file mode 100644 index 0000000000..ab161aa500 --- /dev/null +++ b/templates/index.md.tmpl @@ -0,0 +1,90 @@ +--- +page_title: "Provider: Snowflake" +description: Manage SnowflakeDB with Terraform. +--- + +# Snowflake Provider + +This is a terraform provider plugin for managing [Snowflake](https://www.snowflake.com/) accounts. +Coverage is focused on part of Snowflake related to access control. + + +## Example Provider Configuration + +{{tffile "examples/provider/provider.tf"}} + +## Configuration Schema + +{{ .SchemaMarkdown | trimspace }} + + +## Authentication + +The Snowflake provider support multiple ways to authenticate: + +* Password +* OAuth Access Token +* Browser Auth +* Private Key + +In all cases account, username, and region are required. + +### Keypair Authentication Environment Variables + +You should generate the public and private keys and set up environment variables. + +```shell + +cd ~/.ssh +openssl genrsa -out snowflake_key 4096 +openssl rsa -in snowflake_key -pubout -out snowflake_key.pub +``` + +To export the variables into your provider: + +```shell +export SNOWFLAKE_USER="..." +export SNOWFLAKE_PRIVATE_KEY_PATH="~/.ssh/snowflake_key" +``` + +### OAuth Access Token + +If you have an OAuth access token, export these credentials as environment variables: + +```shell +export SNOWFLAKE_USER='...' +export SNOWFLAKE_OAUTH_ACCESS_TOKEN='...' +``` + +Note that once this access token expires, you'll need to request a new one through an external application. + +### Username and Password Environment Variables + +If you choose to use Username and Password Authentication, export these credentials: + +```shell +export SNOWFLAKE_USER='...' +export SNOWFLAKE_PASSWORD='...' +``` + +## Argument Reference + +In addition to [generic `provider` arguments](https://www.terraform.io/docs/configuration/providers.html) +(e.g. `alias` and `version`), the following arguments are supported in the Snowflake + `provider` block: + +* `account` - (required) The name of the Snowflake account. Can also come from the + `SNOWFLAKE_ACCOUNT` environment variable. +* `username` - (required) Username for username+password authentication. Can come from the + `SNOWFLAKE_USER` environment variable. +* `region` - (required) [Snowflake region](https://docs.snowflake.com/en/user-guide/intro-regions.html) to use. Can be source from the `SNOWFLAKE_REGION` environment variable. +* `password` - (optional) Password for username+password auth. Cannot be used with `browser_auth` or + `private_key_path`. Can be source from `SNOWFLAKE_PASSWORD` environment variable. +* `oauth_access_token` - (optional) Token for use with OAuth. Generating the token is left to other + tools. Cannot be used with `browser_auth`, `private_key_path` or `password`. Can be source from + `SNOWFLAKE_OAUTH_ACCESS_TOKEN` environment variable. +* `private_key_path` - (optional) Path to a private key for using keypair authentication.. Cannot be + used with `browser_auth`, `oauth_access_token` or `password`. Can be source from + `SNOWFLAKE_PRIVATE_KEY_PATH` environment variable. +* `role` - (optional) Snowflake role to use for operations. If left unset, default role for user + will be used. Can come from the `SNOWFLAKE_ROLE` environment variable. diff --git a/tools/tools.go b/tools/tools.go new file mode 100644 index 0000000000..2735de6fe0 --- /dev/null +++ b/tools/tools.go @@ -0,0 +1,7 @@ +// +build tools + +package tools + +import ( + _ "github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs" +)