-
Notifications
You must be signed in to change notification settings - Fork 4
/
main2.tf
61 lines (61 loc) · 2.35 KB
/
main2.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# Add the provider and specify which role to use
# provider "snowflake" {
# alias = "security_admin"
# role = "SECURITYADMIN"
# }
#Create a role
# resource "snowflake_role" "role" {
# provider = snowflake.security_admin
# name = "TF_DEMO_SVC_ROLE"
# }
#Create a database grant
# resource "snowflake_database_grant" "grant" {
# provider = snowflake.security_admin
# database_name = snowflake_database.db.name
# privilege = "USAGE"
# roles = [snowflake_role.role.name]
# with_grant_option = false
# }
#Create a database schema
# resource "snowflake_schema" "schema" {
# database = snowflake_database.db.name
# name = "TF_DEMO"
# is_managed = false
# }
#Create a schema grant
# resource "snowflake_schema_grant" "grant" {
# provider = snowflake.security_admin
# database_name = snowflake_database.db.name
# schema_name = snowflake_schema.schema.name
# privilege = "USAGE"
# roles = [snowflake_role.role.name]
# with_grant_option = false
# }
#Create a warehouse grant
# resource "snowflake_warehouse_grant" "grant" {
# provider = snowflake.security_admin
# warehouse_name = "warehouse_1"
# privilege = "USAGE"
# roles = [snowflake_role.role.name]
# with_grant_option = false
# }
#Private key generation for user
# resource "tls_private_key" "svc_key" {
# algorithm = "RSA"
# rsa_bits = 2048
# }
#Create snowflake user and specify generated private key
# resource "snowflake_user" "user" {
# provider = snowflake.security_admin
# name = "tf_demo_user"
# default_warehouse = "warehouse_1"
# default_role = snowflake_role.role.name
# default_namespace = "${snowflake_database.db.name}.${snowflake_schema.schema.name}"
# rsa_public_key = substr(tls_private_key.svc_key.public_key_pem, 27, 398)
# }
#Create role grant
# resource "snowflake_role_grants" "grants" {
# provider = snowflake.security_admin
# role_name = snowflake_role.role.name
# users = [snowflake_user.user.name]
# }