Merge pull request #19 from entechlog/develop

Snowflake Example Release - 0.1.5
entechlog · Jun 10, 2022 · 7aaccd3 · 7aaccd3
2 parents 9270a79 + e74501e
commit 7aaccd3
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 10 deletions.
diff --git a/terraform/modules/main.tf b/terraform/modules/main.tf
@@ -8,20 +8,20 @@ terraform {
 }
 
 locals {
-  create_user_map = {
+  create_in_dev_map = {
     snowflake-dev = 1
     snowflake-stg = 0
     snowflake-prd = 0
   }
 
-  create_schema_objects_map = {
+  create_in_prod_map = {
     snowflake-dev = 0
     snowflake-stg = 0
     snowflake-prd = 1
   }
 
-  enable_user_flag           = local.create_user_map[terraform.workspace]
-  enable_schema_objects_flag = local.create_schema_objects_map[terraform.workspace]
+  enable_in_dev_flag  = local.create_in_dev_map[terraform.workspace]
+  enable_in_prod_flag = local.create_in_prod_map[terraform.workspace]
 }
 
 terraform {
@@ -65,7 +65,7 @@ output "all_service_accounts" {
 
 module "all_user_accounts" {
   source = "./user"
-  count  = local.enable_user_flag
+  count  = local.enable_in_dev_flag
   user_map = {
     "[email protected]" : { "first_name" = "Siva", "last_name" = "Nadesan", "email" = "[email protected]" }
   }
@@ -119,7 +119,7 @@ module "entechlog_kafka_role" {
 
 module "entechlog_analyst_role" {
   source       = "./roles"
-  count        = local.enable_user_flag
+  count        = local.enable_in_dev_flag
   role_name    = "ENTECHLOG_ANALYST_ROLE"
   role_comment = "Snowflake role used by Analyst"
 
@@ -143,6 +143,17 @@ module "entechlog_dbt_wh_xs" {
   }
 }
 
+module "entechlog_query_wh_xs" {
+  source         = "./warehouse"
+  count          = local.enable_in_dev_flag
+  warehouse_name = "ALL_ENTECHLOG_QUERY_WH_XS"
+  warehouse_size = "XSMALL"
+  warehouse_grant_roles = {
+    "OWNERSHIP" = ["SYSADMIN"]
+    "USAGE"     = [module.entechlog_analyst_role[0].role.name]
+  }
+}
+
 //***************************************************************************//
 // Create Snowflake database and schema using modules
 //***************************************************************************//
@@ -184,7 +195,7 @@ module "entechlog_raw_db" {
 
 module "mp_encrypt_email" {
   source                   = "./masking-policy"
-  count                    = local.enable_schema_objects_flag
+  count                    = local.enable_in_prod_flag
   masking_policy_name      = "MP_ENCRYPT_EMAIL"
   masking_policy_database  = module.entechlog_raw_db.database.name
   masking_policy_schema    = module.entechlog_raw_db.schema["COMPLIANCE"].name
@@ -205,7 +216,7 @@ module "mp_encrypt_email" {
 
 module "entechlog_str_s3_intg" {
   source                    = "./storage-integration"
-  count                     = local.enable_schema_objects_flag
+  count                     = local.enable_in_prod_flag
   name                      = "ENTECHLOG_STR_S3_INTG"
   comment                   = ""
   storage_provider          = "S3"

diff --git a/terraform/modules/user/main.tf b/terraform/modules/user/main.tf
@@ -23,8 +23,8 @@ resource "snowflake_user" "user" {
   first_name   = title(each.value.first_name)
   last_name    = title(each.value.last_name)
 
-  default_warehouse = lookup(each.value, "default_warehouse", "NONE") == "NONE" ? "DEFAULT_WH" : each.value.default_warehouse
-  default_role      = "NONE"
+  default_warehouse = lookup(each.value, "default_warehouse", "NONE") == "NONE" ? "ALL_ENTECHLOG_QUERY_WH_XS" : each.value.default_warehouse
+  default_role      = "PUBLIC"
 
   must_change_password = false
 }