Merge pull request #20 from getindata/fix/context_provider_configuration

dgniewek · web-flow · commit dd8ac933cbcc · 2025-02-12T13:34:12.000+01:00
fix: Context provider configuration logic
diff --git a/README.md b/README.md
@@ -88,7 +88,7 @@ module "snowflake_storage_integration" {
 | <a name="input_create_default_roles"></a> [create\_default\_roles](#input\_create\_default\_roles) | Whether the default roles should be created | `bool` | `false` | no |
 | <a name="input_enabled"></a> [enabled](#input\_enabled) | Whether the storage integration is enabled | `bool` | `true` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name of the resource | `string` | n/a | yes |
-| <a name="input_name_scheme"></a> [name\_scheme](#input\_name\_scheme) | Naming scheme configuration for the resource. This configuration is used to generate names using context provider:<br/>    - `properties` - list of properties to use when creating the name - is superseded by `var.context_templates`<br/>    - `delimiter` - delimited used to create the name from `properties` - is superseded by `var.context_templates`<br/>    - `context_template_name` - name of the context template used to create the name<br/>    - `replace_chars_regex` - regex to use for replacing characters in property-values created by the provider - any characters that match the regex will be removed from the name<br/>    - `extra_values` - map of extra label-value pairs, used to create a name<br/>    - `uppercase` - convert name to uppercase | <pre>object({<br/>    properties            = optional(list(string), ["environment", "name"])<br/>    delimiter             = optional(string, "_")<br/>    context_template_name = optional(string, "snowflake-warehouse")<br/>    replace_chars_regex   = optional(string, "[^a-zA-Z0-9_]")<br/>    extra_values          = optional(map(string))<br/>    uppercase             = optional(bool, true)<br/>  })</pre> | `{}` | no |
+| <a name="input_name_scheme"></a> [name\_scheme](#input\_name\_scheme) | Naming scheme configuration for the resource. This configuration is used to generate names using context provider:<br/>    - `properties` - list of properties to use when creating the name - is superseded by `var.context_templates`<br/>    - `delimiter` - delimited used to create the name from `properties` - is superseded by `var.context_templates`<br/>    - `context_template_name` - name of the context template used to create the name<br/>    - `replace_chars_regex` - regex to use for replacing characters in property-values created by the provider - any characters that match the regex will be removed from the name<br/>    - `extra_values` - map of extra label-value pairs, used to create a name<br/>    - `uppercase` - convert name to uppercase | <pre>object({<br/>    properties            = optional(list(string), ["environment", "name"])<br/>    delimiter             = optional(string, "_")<br/>    context_template_name = optional(string, "snowflake-storage-integration")<br/>    replace_chars_regex   = optional(string, "[^a-zA-Z0-9_]")<br/>    extra_values          = optional(map(string))<br/>    uppercase             = optional(bool, true)<br/>  })</pre> | `{}` | no |
 | <a name="input_roles"></a> [roles](#input\_roles) | Roles created in the database scope | <pre>map(object({<br/>    name_scheme = optional(object({<br/>      properties            = optional(list(string))<br/>      delimiter             = optional(string)<br/>      context_template_name = optional(string)<br/>      replace_chars_regex   = optional(string)<br/>      extra_labels          = optional(map(string))<br/>      uppercase             = optional(bool)<br/>    }))<br/>    comment              = optional(string)<br/>    role_ownership_grant = optional(string)<br/>    granted_roles        = optional(list(string))<br/>    granted_to_roles     = optional(list(string))<br/>    granted_to_users     = optional(list(string))<br/>    integration_grants = optional(object({<br/>      all_privileges    = optional(bool)<br/>      with_grant_option = optional(bool, false)<br/>      privileges        = optional(list(string))<br/>    }))<br/>  }))</pre> | `{}` | no |
 | <a name="input_storage_allowed_locations"></a> [storage\_allowed\_locations](#input\_storage\_allowed\_locations) | Explicitly limits external stages that use the integration to reference one or more storage locations | `list(string)` | n/a | yes |
 | <a name="input_storage_aws_object_acl"></a> [storage\_aws\_object\_acl](#input\_storage\_aws\_object\_acl) | Value of "bucket-owner-full-control" enables support for AWS access control lists (ACLs) to grant the bucket owner full control | `string` | `null` | no |
diff --git a/examples/complete/fixtures.tfvars b/examples/complete/fixtures.tfvars
@@ -1,4 +1,4 @@
 context_templates = {
-  snowflake-storage-integration        = "{{.name}}"
-  snowflalake-storage-integration-role = "{{.prefix}}_{{.storage-integration}}_{{.name}}"
+  snowflake-storage-integration      = "{{.name}}"
+  snowflake-storage-integration-role = "{{.prefix}}_{{.integration}}_{{.name}}"
 }
diff --git a/locals.tf b/locals.tf
@@ -2,11 +2,11 @@ locals {
   context_template = lookup(var.context_templates, var.name_scheme.context_template_name, null)
 
   default_role_naming_scheme = {
-    properties            = ["prefix", "environment", "storage-integration", "name"]
+    properties            = ["prefix", "environment", "integration", "name"]
     context_template_name = "snowflake-storage-integration-role"
     extra_values = {
-      prefix              = "sti"
-      storage-integration = var.name
+      prefix      = "sti"
+      integration = var.name
     }
     uppercase = var.name_scheme.uppercase
   }
diff --git a/main.tf b/main.tf
@@ -42,7 +42,7 @@ module "snowflake_default_role" {
   name = each.key
   name_scheme = merge(
     local.default_role_naming_scheme,
-    lookup(each.value, "name_scheme", {})
+    { for k, v in lookup(each.value, "name_scheme", {}) : k => v if v != null }
   )
 
   role_ownership_grant = lookup(each.value, "role_ownership_grant", "SYSADMIN")
@@ -71,7 +71,7 @@ module "snowflake_custom_role" {
   name = each.key
   name_scheme = merge(
     local.default_role_naming_scheme,
-    lookup(each.value, "name_scheme", {})
+    { for k, v in lookup(each.value, "name_scheme", {}) : k => v if v != null }
   )
   granted_to_users = lookup(each.value, "granted_to_users", [])
   granted_to_roles = lookup(each.value, "granted_to_roles", [])
diff --git a/variables.tf b/variables.tf
@@ -104,7 +104,7 @@ variable "name_scheme" {
   type = object({
     properties            = optional(list(string), ["environment", "name"])
     delimiter             = optional(string, "_")
-    context_template_name = optional(string, "snowflake-warehouse")
+    context_template_name = optional(string, "snowflake-storage-integration")
     replace_chars_regex   = optional(string, "[^a-zA-Z0-9_]")
     extra_values          = optional(map(string))
     uppercase             = optional(bool, true)

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`	`1`	`context_templates = {`
`2`		`- snowflake-storage-integration = "{{.name}}"`
`3`		`- snowflalake-storage-integration-role = "{{.prefix}}_{{.storage-integration}}_{{.name}}"`
	`2`	`+ snowflake-storage-integration = "{{.name}}"`
	`3`	`+ snowflake-storage-integration-role = "{{.prefix}}_{{.integration}}_{{.name}}"`
`4`	`4`	`}`
Original file line number	Diff line number	Diff line change
`@@ -2,11 +2,11 @@ locals {`
`2`	`2`	`context_template = lookup(var.context_templates, var.name_scheme.context_template_name, null)`
`3`	`3`
`4`	`4`	`default_role_naming_scheme = {`
`5`		`- properties = ["prefix", "environment", "storage-integration", "name"]`
	`5`	`+ properties = ["prefix", "environment", "integration", "name"]`
`6`	`6`	`context_template_name = "snowflake-storage-integration-role"`
`7`	`7`	`extra_values = {`
`8`		`- prefix = "sti"`
`9`		`- storage-integration = var.name`
	`8`	`+ prefix = "sti"`
	`9`	`+ integration = var.name`
`10`	`10`	`}`
`11`	`11`	`uppercase = var.name_scheme.uppercase`
`12`	`12`	`}`