diff --git a/README.md b/README.md index 1f2fab9..c685e83 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,8 @@ This module **does not** create a reader role that can be used to view the data. |------|-------------|------|---------|:--------:| | [database\_name](#input\_database\_name) | The name of the Snowflake database to use | `string` | n/a | yes | | [disable\_password](#input\_disable\_password) | Whether to disable the password for the Snowflake user. If true, the user will only be able to authenticate using the RSA public key. | `bool` | `false` | no | -| [fullstory\_cidr\_ipv4](#input\_fullstory\_cidr\_ipv4) | The CIDR block that Fullstory will use to connect to Snowflake. | `string` | `""` | no | +| [fullstory\_cidr\_ipv4](#input\_fullstory\_cidr\_ipv4) | DEPRECATED: Use fullstory\_cidr\_ipv4s. The CIDR block that Fullstory will use to connect to Snowflake. | `string` | `""` | no | +| [fullstory\_cidr\_ipv4s](#input\_fullstory\_cidr\_ipv4s) | The CIDR blocks that Fullstory will use to connect to Snowflake. | `list(string)` | `[]` | no | | [fullstory\_data\_center](#input\_fullstory\_data\_center) | The data center where your Fullstory account is hosted. Either 'NA1' or 'EU1'. See https://help.fullstory.com/hc/en-us/articles/8901113940375-Fullstory-Data-Residency for more information. | `string` | `"NA1"` | no | | [fullstory\_storage\_allowed\_locations](#input\_fullstory\_storage\_allowed\_locations) | The list of allowed locations for the storage provider. This is an advanced option and should only be changed if instructed by Fullstory. Ex. ://// | `list(string)` | 
[
  "gcs://fullstoryapp-warehouse-sync-bundles"
]
| no | | [fullstory\_storage\_provider](#input\_fullstory\_storage\_provider) | The storage provider to use. Either 'S3', 'GCS' or 'AZURE'. This is an advanced option and should only be changed if instructed by Fullstory. | `string` | `"GCS"` | no | diff --git a/main.tf b/main.tf index 93d4d3b..8465e62 100644 --- a/main.tf +++ b/main.tf @@ -1,6 +1,9 @@ locals { - fullstory_cidr_ipv4 = var.fullstory_cidr_ipv4 != "" ? var.fullstory_cidr_ipv4 : (var.fullstory_data_center == "EU1" ? "34.89.210.80/29" : "8.35.195.0/29") - suffix = upper(var.suffix) + fullstory_default_cidr_ip4 = var.fullstory_data_center == "EU1" ? "34.89.210.80/29" : "8.35.195.0/29" + fullstory_cidr_ipv4 = var.fullstory_cidr_ipv4 != "" ? var.fullstory_cidr_ipv4 : local.fullstory_default_cidr_ip4 + fullstory_cidr_ipv4s = length(var.fullstory_cidr_ipv4s) > 0 ? var.fullstory_cidr_ipv4s : [local.fullstory_cidr_ipv4] + + suffix = upper(var.suffix) } provider "snowflake" { @@ -41,7 +44,7 @@ resource "snowflake_grant_privileges_to_role" "warehouse" { } resource "random_password" "main" { - count = (var.disable_password || var.password != null) ? 0 : 1 + count = (var.disable_password || var.password != null) ? 0 : 1 length = 16 special = true override_special = "!#$%&*()-_=+[]{}<>:?" @@ -53,8 +56,8 @@ resource "snowflake_user" "main" { default_warehouse = var.warehouse_name default_role = snowflake_role.main.name password = var.disable_password ? "" : (var.password != null ? var.password : random_password.main[0].result) - rsa_public_key = var.rsa_public_key - rsa_public_key_2 = var.rsa_public_key_2 + rsa_public_key = var.rsa_public_key + rsa_public_key_2 = var.rsa_public_key_2 } resource "snowflake_grant_privileges_to_role" "user" { @@ -99,7 +102,7 @@ resource "snowflake_grant_privileges_to_role" "integration" { resource "snowflake_network_policy" "main" { provider = snowflake.security_admin name = "FULLSTORY_NETWORK_POLICY_${local.suffix}" - allowed_ip_list = [local.fullstory_cidr_ipv4] + allowed_ip_list = local.fullstory_cidr_ipv4s } resource "snowflake_network_policy_attachment" "main" { diff --git a/variables.tf b/variables.tf index bcd019b..49ac369 100644 --- a/variables.tf +++ b/variables.tf @@ -4,30 +4,36 @@ variable "database_name" { } variable "role_name" { - type = string + type = string description = "The name of the Snowflake role to create." - default = null + default = null } variable "stage_name" { - type = string + type = string description = "The name of the Snowflake stage to create." - default = null + default = null } variable "password" { - type = string + type = string description = "The password to use for the Snowflake user." - default = null - sensitive = true + default = null + sensitive = true } variable "fullstory_cidr_ipv4" { type = string - description = "The CIDR block that Fullstory will use to connect to Snowflake." + description = "DEPRECATED: Use fullstory_cidr_ipv4s. The CIDR block that Fullstory will use to connect to Snowflake." default = "" } +variable "fullstory_cidr_ipv4s" { + type = list(string) + description = "The CIDR blocks that Fullstory will use to connect to Snowflake." + default = [] +} + variable "fullstory_data_center" { type = string description = "The data center where your Fullstory account is hosted. Either 'NA1' or 'EU1'. See https://help.fullstory.com/hc/en-us/articles/8901113940375-Fullstory-Data-Residency for more information." @@ -69,19 +75,19 @@ variable "warehouse_name" { } variable "disable_password" { - type = bool - default = false + type = bool + default = false description = "Whether to disable the password for the Snowflake user. If true, the user will only be able to authenticate using the RSA public key." } variable "rsa_public_key" { - type = string + type = string description = "The RSA public key to use for the Snowflake user. Must be on 1 line without header and trailer." - default = null + default = null } variable "rsa_public_key_2" { - type = string + type = string description = "The second RSA public key to use for the Snowflake user. Used when rotating keys. Must be on 1 line without header and trailer." - default = null + default = null }