Docs
PackagesSnowflake v0.55.0 published on Friday, Jun 7, 2024 by Pulumi
snowflake.RoleOwnershipGrant
Explore with Pulumi AI
Deprecation This resource is deprecated and will be removed in a future major version release. Please use snowflake.GrantOwnership instead.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as snowflake from "@pulumi/snowflake";
const role = new snowflake.Role("role", {
name: "rking_test_role",
comment: "for testing",
});
const otherRole = new snowflake.Role("other_role", {name: "rking_test_role2"});
// ensure the Terraform user inherits ownership privileges for the rking_test_role role
// otherwise Terraform will fail to destroy the rking_test_role2 role due to insufficient privileges
const grants = new snowflake.RoleGrants("grants", {
roleName: role.name,
roles: ["ACCOUNTADMIN"],
});
const grant = new snowflake.RoleOwnershipGrant("grant", {
onRoleName: role.name,
toRoleName: otherRole.name,
currentGrants: "COPY",
});
import pulumi
import pulumi_snowflake as snowflake
role = snowflake.Role("role",
name="rking_test_role",
comment="for testing")
other_role = snowflake.Role("other_role", name="rking_test_role2")
# ensure the Terraform user inherits ownership privileges for the rking_test_role role
# otherwise Terraform will fail to destroy the rking_test_role2 role due to insufficient privileges
grants = snowflake.RoleGrants("grants",
role_name=role.name,
roles=["ACCOUNTADMIN"])
grant = snowflake.RoleOwnershipGrant("grant",
on_role_name=role.name,
to_role_name=other_role.name,
current_grants="COPY")
package main
import (
"github.com/pulumi/pulumi-snowflake/sdk/go/snowflake"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
role, err := snowflake.NewRole(ctx, "role", &snowflake.RoleArgs{
Name: pulumi.String("rking_test_role"),
Comment: pulumi.String("for testing"),
})
if err != nil {
return err
}
otherRole, err := snowflake.NewRole(ctx, "other_role", &snowflake.RoleArgs{
Name: pulumi.String("rking_test_role2"),
})
if err != nil {
return err
}
// ensure the Terraform user inherits ownership privileges for the rking_test_role role
// otherwise Terraform will fail to destroy the rking_test_role2 role due to insufficient privileges
_, err = snowflake.NewRoleGrants(ctx, "grants", &snowflake.RoleGrantsArgs{
RoleName: role.Name,
Roles: pulumi.StringArray{
pulumi.String("ACCOUNTADMIN"),
},
})
if err != nil {
return err
}
_, err = snowflake.NewRoleOwnershipGrant(ctx, "grant", &snowflake.RoleOwnershipGrantArgs{
OnRoleName: role.Name,
ToRoleName: otherRole.Name,
CurrentGrants: pulumi.String("COPY"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Snowflake = Pulumi.Snowflake;
return await Deployment.RunAsync(() =>
{
var role = new Snowflake.Role("role", new()
{
Name = "rking_test_role",
Comment = "for testing",
});
var otherRole = new Snowflake.Role("other_role", new()
{
Name = "rking_test_role2",
});
// ensure the Terraform user inherits ownership privileges for the rking_test_role role
// otherwise Terraform will fail to destroy the rking_test_role2 role due to insufficient privileges
var grants = new Snowflake.RoleGrants("grants", new()
{
RoleName = role.Name,
Roles = new[]
{
"ACCOUNTADMIN",
},
});
var grant = new Snowflake.RoleOwnershipGrant("grant", new()
{
OnRoleName = role.Name,
ToRoleName = otherRole.Name,
CurrentGrants = "COPY",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.snowflake.Role;
import com.pulumi.snowflake.RoleArgs;
import com.pulumi.snowflake.RoleGrants;
import com.pulumi.snowflake.RoleGrantsArgs;
import com.pulumi.snowflake.RoleOwnershipGrant;
import com.pulumi.snowflake.RoleOwnershipGrantArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var role = new Role("role", RoleArgs.builder()
.name("rking_test_role")
.comment("for testing")
.build());
var otherRole = new Role("otherRole", RoleArgs.builder()
.name("rking_test_role2")
.build());
// ensure the Terraform user inherits ownership privileges for the rking_test_role role
// otherwise Terraform will fail to destroy the rking_test_role2 role due to insufficient privileges
var grants = new RoleGrants("grants", RoleGrantsArgs.builder()
.roleName(role.name())
.roles("ACCOUNTADMIN")
.build());
var grant = new RoleOwnershipGrant("grant", RoleOwnershipGrantArgs.builder()
.onRoleName(role.name())
.toRoleName(otherRole.name())
.currentGrants("COPY")
.build());
}
}
resources:
role:
type: snowflake:Role
properties:
name: rking_test_role
comment: for testing
otherRole:
type: snowflake:Role
name: other_role
properties:
name: rking_test_role2
# ensure the Terraform user inherits ownership privileges for the rking_test_role role
# otherwise Terraform will fail to destroy the rking_test_role2 role due to insufficient privileges
grants:
type: snowflake:RoleGrants
properties:
roleName: ${role.name}
roles:
- ACCOUNTADMIN
grant:
type: snowflake:RoleOwnershipGrant
properties:
onRoleName: ${role.name}
toRoleName: ${otherRole.name}
currentGrants: COPY
Create RoleOwnershipGrant Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new RoleOwnershipGrant(name: string, args: RoleOwnershipGrantArgs, opts?: CustomResourceOptions);@overload
def RoleOwnershipGrant(resource_name: str,
args: RoleOwnershipGrantArgs,
opts: Optional[ResourceOptions] = None)
@overload
def RoleOwnershipGrant(resource_name: str,
opts: Optional[ResourceOptions] = None,
on_role_name: Optional[str] = None,
to_role_name: Optional[str] = None,
current_grants: Optional[str] = None,
revert_ownership_to_role_name: Optional[str] = None)func NewRoleOwnershipGrant(ctx *Context, name string, args RoleOwnershipGrantArgs, opts ...ResourceOption) (*RoleOwnershipGrant, error)public RoleOwnershipGrant(string name, RoleOwnershipGrantArgs args, CustomResourceOptions? opts = null)
public RoleOwnershipGrant(String name, RoleOwnershipGrantArgs args)
public RoleOwnershipGrant(String name, RoleOwnershipGrantArgs args, CustomResourceOptions options)
type: snowflake:RoleOwnershipGrant
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args RoleOwnershipGrantArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RoleOwnershipGrantArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RoleOwnershipGrantArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RoleOwnershipGrantArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RoleOwnershipGrantArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var roleOwnershipGrantResource = new Snowflake.RoleOwnershipGrant("roleOwnershipGrantResource", new()
{
OnRoleName = "string",
ToRoleName = "string",
CurrentGrants = "string",
RevertOwnershipToRoleName = "string",
});
example, err := snowflake.NewRoleOwnershipGrant(ctx, "roleOwnershipGrantResource", &snowflake.RoleOwnershipGrantArgs{
OnRoleName: pulumi.String("string"),
ToRoleName: pulumi.String("string"),
CurrentGrants: pulumi.String("string"),
RevertOwnershipToRoleName: pulumi.String("string"),
})
var roleOwnershipGrantResource = new RoleOwnershipGrant("roleOwnershipGrantResource", RoleOwnershipGrantArgs.builder()
.onRoleName("string")
.toRoleName("string")
.currentGrants("string")
.revertOwnershipToRoleName("string")
.build());
role_ownership_grant_resource = snowflake.RoleOwnershipGrant("roleOwnershipGrantResource",
on_role_name="string",
to_role_name="string",
current_grants="string",
revert_ownership_to_role_name="string")
const roleOwnershipGrantResource = new snowflake.RoleOwnershipGrant("roleOwnershipGrantResource", {
onRoleName: "string",
toRoleName: "string",
currentGrants: "string",
revertOwnershipToRoleName: "string",
});
type: snowflake:RoleOwnershipGrant
properties:
currentGrants: string
onRoleName: string
revertOwnershipToRoleName: string
toRoleName: string
RoleOwnershipGrant Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The RoleOwnershipGrant resource accepts the following input properties:
- On
Role stringName - The name of the role ownership is granted on.
- To
Role stringName - Current
Grants string - Specifies whether to remove or transfer all existing outbound privileges on the object when ownership is transferred to a new role.
- Revert
Ownership stringTo Role Name - The name of the role to revert ownership to on destroy.
- On
Role stringName - The name of the role ownership is granted on.
- To
Role stringName - Current
Grants string - Specifies whether to remove or transfer all existing outbound privileges on the object when ownership is transferred to a new role.
- Revert
Ownership stringTo Role Name - The name of the role to revert ownership to on destroy.
- on
Role StringName - The name of the role ownership is granted on.
- to
Role StringName - current
Grants String - Specifies whether to remove or transfer all existing outbound privileges on the object when ownership is transferred to a new role.
- revert
Ownership StringTo Role Name - The name of the role to revert ownership to on destroy.
- on
Role stringName - The name of the role ownership is granted on.
- to
Role stringName - current
Grants string - Specifies whether to remove or transfer all existing outbound privileges on the object when ownership is transferred to a new role.
- revert
Ownership stringTo Role Name - The name of the role to revert ownership to on destroy.
- on_
role_ strname - The name of the role ownership is granted on.
- to_
role_ strname - current_
grants str - Specifies whether to remove or transfer all existing outbound privileges on the object when ownership is transferred to a new role.
- revert_
ownership_ strto_ role_ name - The name of the role to revert ownership to on destroy.
- on
Role StringName - The name of the role ownership is granted on.
- to
Role StringName - current
Grants String - Specifies whether to remove or transfer all existing outbound privileges on the object when ownership is transferred to a new role.
- revert
Ownership StringTo Role Name - The name of the role to revert ownership to on destroy.
Outputs
All input properties are implicitly available as output properties. Additionally, the RoleOwnershipGrant resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing RoleOwnershipGrant Resource
Get an existing RoleOwnershipGrant resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RoleOwnershipGrantState, opts?: CustomResourceOptions): RoleOwnershipGrant@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
current_grants: Optional[str] = None,
on_role_name: Optional[str] = None,
revert_ownership_to_role_name: Optional[str] = None,
to_role_name: Optional[str] = None) -> RoleOwnershipGrantfunc GetRoleOwnershipGrant(ctx *Context, name string, id IDInput, state *RoleOwnershipGrantState, opts ...ResourceOption) (*RoleOwnershipGrant, error)public static RoleOwnershipGrant Get(string name, Input<string> id, RoleOwnershipGrantState? state, CustomResourceOptions? opts = null)public static RoleOwnershipGrant get(String name, Output<String> id, RoleOwnershipGrantState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Current
Grants string - Specifies whether to remove or transfer all existing outbound privileges on the object when ownership is transferred to a new role.
- On
Role stringName - The name of the role ownership is granted on.
- Revert
Ownership stringTo Role Name - The name of the role to revert ownership to on destroy.
- To
Role stringName
- Current
Grants string - Specifies whether to remove or transfer all existing outbound privileges on the object when ownership is transferred to a new role.
- On
Role stringName - The name of the role ownership is granted on.
- Revert
Ownership stringTo Role Name - The name of the role to revert ownership to on destroy.
- To
Role stringName
- current
Grants String - Specifies whether to remove or transfer all existing outbound privileges on the object when ownership is transferred to a new role.
- on
Role StringName - The name of the role ownership is granted on.
- revert
Ownership StringTo Role Name - The name of the role to revert ownership to on destroy.
- to
Role StringName
- current
Grants string - Specifies whether to remove or transfer all existing outbound privileges on the object when ownership is transferred to a new role.
- on
Role stringName - The name of the role ownership is granted on.
- revert
Ownership stringTo Role Name - The name of the role to revert ownership to on destroy.
- to
Role stringName
- current_
grants str - Specifies whether to remove or transfer all existing outbound privileges on the object when ownership is transferred to a new role.
- on_
role_ strname - The name of the role ownership is granted on.
- revert_
ownership_ strto_ role_ name - The name of the role to revert ownership to on destroy.
- to_
role_ strname
- current
Grants String - Specifies whether to remove or transfer all existing outbound privileges on the object when ownership is transferred to a new role.
- on
Role StringName - The name of the role ownership is granted on.
- revert
Ownership StringTo Role Name - The name of the role to revert ownership to on destroy.
- to
Role StringName
Import
$ pulumi import snowflake:index/roleOwnershipGrant:RoleOwnershipGrant example "<on_role_name>|<to_role_name>|<current_grants>"
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Snowflake pulumi/pulumi-snowflake
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
snowflakeTerraform Provider.