feat: Updates (#1)

* fix

* update

* update versions

* badgen

* badgen

* updates

* updates

* updates

* update

* update

* update README

* update descriptor formats

* updates

* updates

* updates

* fix

* updates

* updates

* fix

* docs: enable contrib badges and refresh .envrc

Co-authored-by: Piotr Mossakowski <[email protected]>

Author: maciejmacq-dev

.gitignore

@@ -33,3 +33,4 @@ override.tf.json
 # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
 # example: *tfplan*
 *tfplan*
+.idea

README.md

@@ -0,0 +1,4 @@
+SNOWFLAKE_USER=
+SNOWFLAKE_PASSWORD=
+SNOWFLAKE_ROLE=
+SNOWFLAKE_ACCOUNT=

examples/complete/.env.dist

@@ -1,2 +1 @@
-#Override defaults
-command -v dotenv && test -f .env && dotenv
+dotenv_if_exists

examples/complete/.envrc

@@ -0,0 +1 @@
+.env

examples/complete/.gitignore

@@ -1,11 +1,10 @@
 # Complete Example
 
 ```terraform
-module "terraform_module_template" {
+module "terraform_snowflake_user" {
   source  = "../../"
   context = module.this.context
-
-  example_var = "This is a example value."
+  name    = "snowflake-user"
 }
 ```
 

examples/complete/README.md

@@ -1,5 +1,8 @@
 descriptor_formats = {
-
+  snowflake-user = {
+    labels = ["name"]
+    format = "%v"
+  }
 }
 
 tags = {

examples/complete/fixtures.tfvars

@@ -1,6 +1,7 @@
-module "terraform_module_template" {
-  source  = "../../"
-  context = module.this.context
-
-  example_var = "This is a example value."
+module "terraform_snowflake_user" {
+  source            = "../../"
+  context           = module.this.context
+  name              = "snowflake-user"
+  generate_rsa_key  = true
+  generate_password = true
 }

examples/complete/main.tf

@@ -1,4 +1,12 @@
-output "example_output" {
-  description = "Example output of the module"
-  value       = module.terraform_module_template
+output "display_name" {
+  description = "Specifies the namespace (database only or database and schema) that is active by default for the user's session upon login"
+  value       = module.terraform_snowflake_user.display_name
+}
+output "login_name" {
+  description = "The name users use to log in"
+  value       = module.terraform_snowflake_user.login_name
+}
+output "default_role" {
+  description = "Specifies the role that is active by default for the user's session upon login"
+  value       = module.terraform_snowflake_user.default_role
 }

examples/complete/outputs.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 0.15.0"
+  required_version = ">= 1.3.0"
 
   required_providers {
     null = {

examples/complete/versions.tf

@@ -0,0 +1,4 @@
+SNOWFLAKE_USER=
+SNOWFLAKE_PASSWORD=
+SNOWFLAKE_ROLE=
+SNOWFLAKE_ACCOUNT=

examples/simple/.env.dist

@@ -1,2 +1 @@
-#Override defaults
-command -v dotenv && test -f .env && dotenv
+dotenv_if_exists

examples/simple/.envrc

@@ -0,0 +1 @@
+.env

examples/simple/.gitignore

@@ -1,10 +1,9 @@
 # Simple Example
 
 ```terraform
-module "terraform_module_template" {
+module "terraform_snowflake_user" {
   source  = "../../"
-
-  example_var = "This is a example value."
+  name    = "snowflake-user"
 }
 ```
 

examples/simple/README.md

@@ -1,5 +1,4 @@
-module "terraform_module_template" {
+module "terraform_snowflake_user" {
   source = "../../"
-
-  example_var = "This is a example value."
+  name   = "snowflake-user"
 }

examples/simple/main.tf

@@ -1,4 +1,12 @@
-output "example_output" {
-  description = "Example output of the module"
-  value       = module.terraform_module_template
+output "display_name" {
+  description = "Specifies the namespace (database only or database and schema) that is active by default for the user's session upon login"
+  value       = module.terraform_snowflake_user.display_name
+}
+output "login_name" {
+  description = "The name users use to log in"
+  value       = module.terraform_snowflake_user.login_name
+}
+output "default_role" {
+  description = "Specifies the role that is active by default for the user's session upon login"
+  value       = module.terraform_snowflake_user.default_role
 }

examples/simple/outputs.tf

@@ -1,3 +1,2 @@
 provider "null" {
-  # Configuration options
 }

examples/simple/providers.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 0.15.0"
+  required_version = ">= 1.3.0"
 
   required_providers {
     null = {

examples/simple/versions.tf

@@ -1,9 +1,9 @@
 locals {
-  # Get a name from the descriptor. If not available, use default naming convention.
-  # Trim and replace function are used to avoid bare delimiters on both ends of the name and situation of adjacent delimiters.
-  name_from_descriptor = trim(replace(
-    lookup(module.this.descriptors, "module-resource-name", module.this.id), "/${module.this.delimiter}${module.this.delimiter}+/", module.this.delimiter
-  ), module.this.delimiter)
+  name_from_descriptor = module.user_label.enabled ? trim(replace(
+    lookup(module.user_label.descriptors, var.descriptor_name, module.user_label.id), "/${module.user_label.delimiter}${module.user_label.delimiter}+/", module.user_label.delimiter
+  ), module.user_label.delimiter) : null
 
-  enabled = module.this.enabled
+  rsa_public_key    = var.generate_rsa_key ? join("", split("\n", trim(one(resource.tls_private_key.this[*].public_key_pem), "- \n BEGIN END PUBLIC KEY"))) : var.rsa_public_key
+  generate_password = module.this.enabled && var.generate_password
+  generate_rsa_key  = module.this.enabled && var.generate_rsa_key
 }

locals.tf

@@ -1,15 +1,55 @@
-# Example resource that outputs the input value and 
-# echoes it's base64 encoded version locally 
+/*
+* # Snowflake User
+* 
+* Terraform module can:
+* * Create and manage Snowflake Users
+* * Automatically generate RSA private and public keys for the user
+*/
+module "user_label" {
+  source  = "cloudposse/label/null"
+  version = "0.25.0"
+  context = module.this.context
 
-resource "null_resource" "output_input" {
-  count = local.enabled ? 1 : 0
+  delimiter           = coalesce(module.this.context.delimiter, "_")
+  regex_replace_chars = coalesce(module.this.context.regex_replace_chars, "/[^_a-zA-Z0-9]/")
+  label_value_case    = coalesce(module.this.context.label_value_case, "upper")
+  name                = "snowflake-user"
 
-  triggers = {
-    name  = local.name_from_descriptor
-    input = var.example_var
-  }
+}
+
+resource "tls_private_key" "this" {
+  count = local.generate_rsa_key ? 1 : 0
+
+  algorithm = "RSA"
+  rsa_bits  = 4096
+}
+resource "random_password" "this" {
+  count            = local.generate_password ? 1 : 0
+  length           = 16
+  special          = true
+  override_special = "!#$%&*()-_=+[]{}<>:?"
+}
+
+resource "snowflake_user" "this" {
+  count = module.this.enabled ? 1 : 0
+
+  name         = local.name_from_descriptor
+  login_name   = var.login_name
+  display_name = var.display_name
+  comment      = var.comment
+
+  password             = one(random_password.this[*].result)
+  must_change_password = true # When password set here - always change password on login
+
+  email      = var.email
+  first_name = var.first_name
+  last_name  = var.last_name
+
+  default_namespace       = var.default_namespace
+  default_warehouse       = var.default_warehouse
+  default_role            = var.default_role
+  default_secondary_roles = var.default_secondary_roles
 
-  provisioner "local-exec" {
-    command = "echo ${var.example_var} | base64"
-  }
+  rsa_public_key   = local.rsa_public_key
+  rsa_public_key_2 = var.rsa_public_key_2
 }

main.tf

@@ -1,6 +1,49 @@
-# Example output from the module
+output "default_namespace" {
+  description = "Specifies the namespace (database only or database and schema) that is active by default for the user's session upon login"
+  value       = one(snowflake_user.this[*].default_namespace)
+}
+
+output "default_role" {
+  description = "Specifies the role that is active by default for the user's session upon login"
+  value       = one(snowflake_user.this[*].default_role)
+}
+
+output "default_warehouse" {
+  description = "Specifies the virtual warehouse that is active by default for the user's session upon login"
+  value       = one(snowflake_user.this[*].default_warehouse)
+}
+
+output "disabled" {
+  description = "Whether user account is disabled"
+  value       = one(snowflake_user.this[*].disabled)
+}
+
+output "login_name" {
+  description = "The name users use to log in"
+  value       = one(snowflake_user.this[*].login_name)
+}
+
+output "name" {
+  description = "Name of the user"
+  value       = one(snowflake_user.this[*].name)
+}
+
+output "display_name" {
+  description = "Name displayed for the user in the Snowflake web interface"
+  value       = one(snowflake_user.this[*].display_name)
+}
+
+output "first_name" {
+  description = "First name of the user"
+  value       = one(snowflake_user.this[*].first_name)
+}
+
+output "last_name" {
+  description = "Last name of the user"
+  value       = one(snowflake_user.this[*].last_name)
+}
 
-output "example_output" {
-  description = "Example output of the module"
-  value       = one(null_resource.output_input[*].id)
+output "email" {
+  description = "Email address for the user"
+  value       = one(snowflake_user.this[*].email)
 }

outputs.tf

@@ -1,6 +1,97 @@
-# Example, compulsory input variable
+variable "login_name" {
+  description = "The name users use to log in. If not supplied, snowflake will use name instead."
+  type        = string
+  default     = null
+}
+
+variable "display_name" {
+  description = "Name displayed for the user in the Snowflake web interface."
+  type        = string
+  default     = null
+}
 
-variable "example_var" {
-  description = "Example varible passed into the module"
+variable "comment" {
+  description = "Comment / description of Snowflake user"
   type        = string
+  default     = null
+}
+
+variable "email" {
+  description = "Email address for the user"
+  type        = string
+  default     = null
+}
+
+variable "first_name" {
+  description = "First name of the user"
+  type        = string
+  default     = null
+}
+
+variable "last_name" {
+  description = "Last name of the user"
+  type        = string
+  default     = null
+}
+
+variable "default_namespace" {
+  description = "Specifies the namespace (database only or database and schema) that is active by default for the user's session upon login."
+  type        = string
+  default     = null
+}
+
+variable "default_warehouse" {
+  description = "Specifies the virtual warehouse that is active by default for the user's session upon login."
+  type        = string
+  default     = null
+}
+
+variable "default_role" {
+  description = "Specifies the role that is active by default for the user's session upon login."
+  type        = string
+  default     = null
+}
+
+variable "default_secondary_roles" {
+  description = "Specifies the set of secondary roles that are active for the user's session upon login."
+  type        = list(string)
+  default     = []
+}
+
+variable "rsa_public_key" {
+  description = "Specifies the user's RSA public key; used for key-pair authentication. Must be on 1 line without header and trailer."
+  type        = string
+  default     = null
+}
+
+variable "rsa_public_key_2" {
+  description = <<EOT
+    Specifies the user's second RSA public key; used to rotate the public and private keys 
+    for key-pair authentication based on an expiration schedule set by your organization. 
+    Must be on 1 line without header and trailer."
+  EOT
+  type        = string
+  default     = null
+}
+
+variable "generate_rsa_key" {
+  description = <<EOT
+    Whether automatically generate an RSA key - IMPORTANT 
+    The private key generated by this resource will be stored 
+    unencrypted in your Terraform state file. 
+    Use of this resource for production deployments is not recommended.
+  EOT
+  type        = bool
+  default     = false
+}
+
+variable "descriptor_name" {
+  description = "Name of the descriptor used to form a Snowflake User name"
+  type        = string
+  default     = "snowflake-user"
+}
+variable "generate_password" {
+  description = "Generate a random password using Terraform"
+  type        = bool
+  default     = false
 }

variables.tf

@@ -1,12 +1,17 @@
-# Example configuration of terraform providers
-
 terraform {
-  required_version = ">= 0.15.0"
-
+  required_version = ">= 1.3.0"
   required_providers {
-    null = {
-      source  = "hashicorp/null"
-      version = "3.1.1"
+    snowflake = {
+      source  = "Snowflake-Labs/snowflake"
+      version = "~> 0.54"
+    }
+    tls = {
+      source  = "hashicorp/tls"
+      version = "~> 4.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = ">= 3.0.0"
     }
   }
 }