From 35a4c393abed219fa1f8ad3772cc2646cf456e7d Mon Sep 17 00:00:00 2001 From: Mike Alfare Date: Fri, 24 May 2024 02:07:28 -0400 Subject: [PATCH] remove unused objects --- infra/main.tf | 9 +++++++ infra/snowflake.tf | 66 +++++++++++++--------------------------------- test.env.example | 6 ----- 3 files changed, 27 insertions(+), 54 deletions(-) diff --git a/infra/main.tf b/infra/main.tf index aa66ec890..3a2f8f5cf 100644 --- a/infra/main.tf +++ b/infra/main.tf @@ -8,3 +8,12 @@ terraform { } } } + +provider "snowflake" { + alias = "security_admin" + role = "SECURITYADMIN" + # SNOWFLAKE_ACCOUNT + # SNOWFLAKE_USER + # SNOWFLAKE_AUTHENTICATOR + # SNOWFLAKE_PRIVATE_KEY +} diff --git a/infra/snowflake.tf b/infra/snowflake.tf index cb1ecc58c..669298e0a 100644 --- a/infra/snowflake.tf +++ b/infra/snowflake.tf @@ -1,101 +1,71 @@ -provider "snowflake" { - alias = "security_admin" - role = "SECURITYADMIN" - # SNOWFLAKE_ACCOUNT - # SNOWFLAKE_USER - # SNOWFLAKE_AUTHENTICATOR - # SNOWFLAKE_PRIVATE_KEY -} - # Resources needed to run dbt-snowflake -resource "snowflake_database" "database" { +resource "snowflake_database" "dbt_snowflake_db" { name = "DBT_SNOWFLAKE_DB" data_retention_time_in_days = 0 comment = "Used by `dbt-snowflake` for CI" } -resource "snowflake_warehouse" "warehouse" { +resource "snowflake_warehouse" "dbt_snowflake_wh" { name = "DBT_SNOWFLAKE_WH" warehouse_size = "XSMALL" auto_suspend = 60 comment = "Used by `dbt-snowflake` for CI" } -resource "snowflake_role" "role" { +resource "snowflake_role" "dbt_snowflake_role" { provider = snowflake.security_admin name = "DBT_SNOWFLAKE_ROLE" comment = "Application role for `dbt_snowflake`" } -resource "snowflake_grant_privileges_to_account_role" "database_grant" { +resource "snowflake_grant_privileges_to_account_role" "dbt_snowflake_db" { provider = snowflake.security_admin privileges = ["USAGE", "MODIFY", "CREATE SCHEMA"] - account_role_name = snowflake_role.role.name + account_role_name = snowflake_role.dbt_snowflake_role.name on_account_object { object_type = "DATABASE" - object_name = snowflake_database.database.name + object_name = snowflake_database.dbt_snowflake_db.name } } -resource "snowflake_grant_privileges_to_account_role" "warehouse_grant" { +resource "snowflake_grant_privileges_to_account_role" "dbt_snowflake_wh" { provider = snowflake.security_admin privileges = ["USAGE"] - account_role_name = snowflake_role.role.name + account_role_name = snowflake_role.dbt_snowflake_role.name on_account_object { object_type = "WAREHOUSE" - object_name = snowflake_warehouse.warehouse.name + object_name = snowflake_warehouse.dbt_snowflake_wh.name } } -resource "tls_private_key" "user" { - algorithm = "RSA" - rsa_bits = 2048 -} - -resource "snowflake_user" "user" { +resource "snowflake_user" "dbt_snowflake" { provider = snowflake.security_admin name = "DBT_SNOWFLAKE" display_name = "dbt-snowflake" - rsa_public_key = substr(tls_private_key.user.public_key_pem, 27, 398) - default_warehouse = snowflake_warehouse.warehouse.name - default_role = snowflake_role.role.name - default_namespace = snowflake_database.database.name + default_warehouse = snowflake_warehouse.dbt_snowflake_wh.name + default_role = snowflake_role.dbt_snowflake_role.name + default_namespace = snowflake_database.dbt_snowflake_db.name comment = "Application user for `dbt_snowflake`" } -resource "snowflake_grant_account_role" "role_grant" { +resource "snowflake_grant_account_role" "dbt_snowflake" { provider = snowflake.security_admin - role_name = snowflake_role.role.name - user_name = snowflake_user.user.name -} - -output "dbt_snowflake_user_public_key" { - value = tls_private_key.user.public_key_pem -} - -output "dbt_snowflake_user_private_key" { - value = tls_private_key.user.private_key_pem - sensitive = true + role_name = snowflake_role.dbt_snowflake_role.name + user_name = snowflake_user.dbt_snowflake.name } # Additional resources required for integration tests -resource "snowflake_database" "database_quoted" { - name = "DBT_SNOWFLAKE_DB_QUOTED" - data_retention_time_in_days = 0 - comment = "Used by `dbt-snowflake` for CI" -} - -resource "snowflake_database" "database_alt" { +resource "snowflake_database" "dbt_snowflake_db_alt" { name = "DBT_SNOWFLAKE_DB_ALT" data_retention_time_in_days = 0 comment = "Used by `dbt-snowflake` for CI" } -resource "snowflake_warehouse" "warehouse_alt" { +resource "snowflake_warehouse" "dbt_snowflake_wh_alt" { name = "DBT_SNOWFLAKE_WH_ALT" warehouse_size = "XSMALL" auto_suspend = 60 diff --git a/test.env.example b/test.env.example index 66175c99d..092a159f2 100644 --- a/test.env.example +++ b/test.env.example @@ -15,7 +15,6 @@ # SNOWFLAKE_TEST_OAUTH_CLIENT_SECRET: Client secret of your OAuth client id. (only for oauth authentication) # SNOWFLAKE_TEST_OAUTH_REFRESH_TOKEN: Boolean value defaulted to True keep connection alive. (only for oauth authentication) -# SNOWFLAKE_TEST_QUOTED_DATABASE: Name of database to be used from warehouse. # SNOWFLAKE_TEST_ALT_DATABASE: Name of a secondary or alternate database to use for testing. You will need to create this database. # SNOWFLAKE_TEST_ALT_WAREHOUSE: Name of the secondary warehouse to use for testing. @@ -30,10 +29,5 @@ SNOWFLAKE_TEST_OAUTH_CLIENT_ID=my_oauth_id SNOWFLAKE_TEST_OAUTH_CLIENT_SECRET=my_oauth_secret SNOWFLAKE_TEST_OAUTH_REFRESH_TOKEN=TRUE -SNOWFLAKE_TEST_QUOTED_DATABASE=DBT_SNOWFLAKE_DB_QUOTED SNOWFLAKE_TEST_ALT_DATABASE=DBT_SNOWFLAKE_DB_ALT SNOWFLAKE_TEST_ALT_WAREHOUSE=DBT_SNOWFLAKE_WH_ALT - -DBT_TEST_USER_1=dbt_test_role_1 -DBT_TEST_USER_2=dbt_test_role_2 -DBT_TEST_USER_3=dbt_test_role_3