chore: update description for schema_objects_grants

getindata · Mar 28, 2024 · 29bc57d · 29bc57d
1 parent f740c56
commit 29bc57d
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -84,7 +84,7 @@ module "snowflake_database_role" {
 | <a name="input_database_name"></a> [database\_name](#input\_database\_name) | The name of the database to create the role in | `string` | n/a | yes |
 | <a name="input_delimiter"></a> [delimiter](#input\_delimiter) | Delimiter to be used between ID elements.<br>Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no |
 | <a name="input_descriptor_formats"></a> [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.<br>Map of maps. Keys are names of descriptors. Values are maps of the form<br>`{<br>   format = string<br>   labels = list(string)<br>}`<br>(Type is `any` so the map values can later be enhanced to provide additional options.)<br>`format` is a Terraform format string to be passed to the `format()` function.<br>`labels` is a list of labels, in order, to pass to `format()` function.<br>Label values will be normalized before being passed to `format()` so they will be<br>identical to how they appear in `id`.<br>Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no |
-| <a name="input_descriptor_name"></a> [descriptor\_name](#input\_descriptor\_name) | Name of the descriptor used to form a resource name | `string` | `"snowflake-role"` | no |
+| <a name="input_descriptor_name"></a> [descriptor\_name](#input\_descriptor\_name) | Name of the descriptor used to form a resource name | `string` | `"snowflake-database-role"` | no |
 | <a name="input_enabled"></a> [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
 | <a name="input_environment"></a> [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
 | <a name="input_granted_database_roles"></a> [granted\_database\_roles](#input\_granted\_database\_roles) | Database Roles granted to this role | `list(string)` | `[]` | no |
@@ -98,7 +98,7 @@ module "snowflake_database_role" {
 | <a name="input_parent_database_role"></a> [parent\_database\_role](#input\_parent\_database\_role) | Fully qualified Parent Database Role name (`DB_NAME.ROLE_NAME`), to create parent-child relationship | `string` | `null` | no |
 | <a name="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.<br>Characters matching the regex will be removed from the ID elements.<br>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
 | <a name="input_schema_grants"></a> [schema\_grants](#input\_schema\_grants) | Grants on a schema level | <pre>list(object({<br>    all_privileges             = optional(bool)<br>    with_grant_option          = optional(bool, false)<br>    privileges                 = optional(list(string), null)<br>    all_schemas_in_database    = optional(bool)<br>    future_schemas_in_database = optional(bool)<br>    schema_name                = optional(string, null)<br>  }))</pre> | `[]` | no |
-| <a name="input_schema_objects_grants"></a> [schema\_objects\_grants](#input\_schema\_objects\_grants) | Grants on a schema object level | <pre>map(list(object({<br>    all_privileges    = optional(bool)<br>    with_grant_option = optional(bool)<br>    privileges        = optional(list(string))<br>    object_name       = optional(string)<br>    on_all            = optional(bool, false)<br>    schema_name       = optional(string)<br>    on_future         = optional(bool, false)<br>  })))</pre> | `{}` | no |
+| <a name="input_schema_objects_grants"></a> [schema\_objects\_grants](#input\_schema\_objects\_grants) | Grants on a schema object level<br><br>  Example usage:<br><br>  schema\_objects\_grants = {<br>    "TABLE" = [<br>      {<br>        privileges  = ["SELECT"]<br>        object\_name = "TEST\_TABLE"<br>        schema\_name = "BRONZE"<br>      },<br>      {<br>        all\_privileges = true<br>        object\_name    = "TEST\_TABLE\_2"<br>        schema\_name    = "BRONZE"<br>      }<br>    ]<br>    "SECRET" = [<br>      {<br>        all\_privileges = true<br>        object\_name    = "SERVICE\_NOW\_CREDS\_PW"<br>        schema\_name    = "BRONZE"<br>      }<br>    ]<br>    "ALERT" = [<br>      {<br>        all\_privileges = true<br>        on\_future      = true<br>        on\_all         = true<br>      }<br>    ]<br>  }<br><br>  Note: If you don't provide a schema\_name, the grants will be created in plural form.<br>        List of the all objects can be found [here](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/grant_privileges_to_role#object_type) | <pre>map(list(object({<br>    all_privileges    = optional(bool)<br>    with_grant_option = optional(bool)<br>    privileges        = optional(list(string))<br>    object_name       = optional(string)<br>    on_all            = optional(bool, false)<br>    schema_name       = optional(string)<br>    on_future         = optional(bool, false)<br>  })))</pre> | `{}` | no |
 | <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).<br>Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |
 | <a name="input_tenant"></a> [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no |

diff --git a/variables.tf b/variables.tf
@@ -71,7 +71,43 @@ variable "schema_grants" {
 }
 
 variable "schema_objects_grants" {
-  description = "Grants on a schema object level"
+  description = <<EOF
+  Grants on a schema object level
+
+  Example usage:
+
+  schema_objects_grants = {
+    "TABLE" = [
+      {
+        privileges  = ["SELECT"]
+        object_name = "TEST_TABLE"
+        schema_name = "BRONZE"
+      },
+      {
+        all_privileges = true
+        object_name    = "TEST_TABLE_2"
+        schema_name    = "BRONZE"
+      }
+    ]
+    "SECRET" = [
+      {
+        all_privileges = true
+        object_name    = "SERVICE_NOW_CREDS_PW"
+        schema_name    = "BRONZE"
+      }
+    ]
+    "ALERT" = [
+      {
+        all_privileges = true
+        on_future      = true
+        on_all         = true
+      }
+    ]
+  }
+
+  Note: If you don't provide a schema_name, the grants will be created in plural form.
+        List of the all objects can be found [here](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/grant_privileges_to_role#object_type)
+  EOF
   type = map(list(object({
     all_privileges    = optional(bool)
     with_grant_option = optional(bool)