Merge pull request #32 from getindata/feature/add_warehouse_generation_support

dgniewek · web-flow · commit 03513bd06762 · 2025-10-27T12:33:05.000+01:00
feat: Add support for warehouse generation
diff --git a/AGENTS.md b/AGENTS.md
@@ -0,0 +1,172 @@
+# AGENTS.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Module Overview
+
+This is a Terraform module for Snowflake Warehouse management that:
+- Creates Snowflake warehouses with comprehensive configuration options
+- Manages role-based access control through default and custom roles
+- Uses CloudPosse context provider for flexible naming conventions
+- Integrates with getindata/role/snowflake module (v4.0.0) for role management
+
+## Architecture
+
+### Naming Convention System
+
+The module uses CloudPosse context provider instead of deprecated `context.tf` (nulllabel):
+
+1. **Context Provider Setup**: The `data.context_label.this` data source generates resource names based on templates
+2. **Template Resolution**: `context_templates` variable defines naming patterns (e.g., `{{.environment}}_{{.name}}`)
+3. **Name Scheme Configuration**: Each resource has configurable `name_scheme` with properties, delimiter, and template selection
+4. **Template Lookup**: `local.context_template` resolves which template to use from `var.context_templates`
+
+Key files:
+- [locals.tf:1-3](locals.tf#L1-L3) - Template resolution logic
+- [main.tf:1-12](main.tf#L1-L12) - Context label data source usage
+
+### Role Management Architecture
+
+The module creates two types of roles through a merge-and-split pattern:
+
+1. **Default Roles** ([locals.tf:14-42](locals.tf#L14-L42)): Pre-defined functional roles (admin, usage, monitor)
+2. **Custom Roles** ([locals.tf:44-47](locals.tf#L44-L47)): User-provided roles via `var.roles`
+3. **Deep Merge** ([locals.tf:68-73](locals.tf#L68-L73)): Uses `Invicton-Labs/deepmerge/null` to merge default + provided roles
+4. **Split Logic** ([locals.tf:50-57](locals.tf#L50-L57)): Separates merged roles into default vs custom for different module calls
+
+Role modules are instantiated separately:
+- [main.tf:44-71](main.tf#L44-L71) - Default roles module
+- [main.tf:73-100](main.tf#L73-L100) - Custom roles module
+
+### Resource Structure
+
+- **Primary Resource**: `snowflake_warehouse.this` ([main.tf:14-39](main.tf#L14-L39))
+- **Role Grants**: Handled by nested `getindata/role/snowflake` modules with `account_objects_grants`
+- **State Migration**: `moved` block at [main.tf:40-43](main.tf#L40-L43) handles v2 to v3 upgrade
+
+## Common Commands
+
+### Development Workflow
+
+```bash
+# Initialize module
+terraform init
+
+# Validate configuration
+terraform validate
+
+# Format code
+terraform fmt -recursive
+
+# Run pre-commit hooks (validates, formats, lints, generates docs, security scan)
+pre-commit install
+pre-commit run --all-files
+```
+
+### Testing with Examples
+
+```bash
+# Simple example
+cd examples/simple
+make init
+make plan
+make apply
+
+# Complete example (full configuration)
+cd examples/complete
+make init
+make plan
+make apply
+```
+
+### Documentation Generation
+
+```bash
+# Auto-generate README inputs/outputs tables
+terraform-docs .
+```
+
+## Pre-commit Configuration
+
+The module uses pre-commit hooks in this order:
+1. `terraform-validate` - Must run first (performs `terraform init` required by tflint)
+2. `terraform-fmt` - Code formatting
+3. `tflint` - Terraform linting
+4. `terraform-docs` - Auto-generates documentation
+5. `checkov` - Security scanning (skips CKV_TF_1 for module sources)
+
+## Provider Version Requirements
+
+- **Snowflake Provider**: `>= 2.7` (snowflakedb/snowflake)
+- **Context Provider**: `>= 0.4.0` (cloudposse/context)
+- **Terraform**: `>= 1.3`
+
+**IMPORTANT**: ALWAYS use `snowflakedb/snowflake` provider. NEVER use `Snowflake-Labs/snowflake` provider. The Snowflake-Labs provider is deprecated and should not be used in any configuration or documentation queries.
+
+## Breaking Changes
+
+### v3.x Migration
+- Removed `context.tf` (nulllabel) - switched to context provider
+- Removed variables: `context`, `enabled`, `environment`, `namespace`, `tenant`, `stage`, `attributes`, `delimiter`, `tags`, `labels_as_tags`, etc.
+- Added: `context_templates` and `name_scheme` variables
+- State migration handled via `moved` blocks
+
+### v4.x Migration
+- Provider source changed from `Snowflake-Labs/snowflake` to `snowflakedb/snowflake`
+
+## Key Variables
+
+### Required
+- `name` - Base name for the warehouse resource
+
+### Naming Configuration
+- `name_scheme` - Object controlling naming behavior (properties, delimiter, template, regex, uppercase)
+- `context_templates` - Map of go-template strings for naming patterns (supersedes name_scheme properties/delimiter)
+
+### Warehouse Configuration
+
+- `warehouse_size`, `warehouse_type` - Warehouse compute settings
+- `generation` - Warehouse generation (only for STANDARD warehouses). Valid values: "1" or "2" (string type, not number - this is dictated by the Snowflake provider schema)
+- `auto_resume`, `auto_suspend`, `initially_suspended` - Power management
+- `min_cluster_count`, `max_cluster_count`, `scaling_policy` - Multi-cluster settings
+- `enable_query_acceleration`, `query_acceleration_max_scale_factor` - Query acceleration
+- `resource_monitor` - Credit quota monitoring
+
+### Role Management
+- `create_default_roles` - Boolean to create admin/usage/monitor roles
+- `roles` - Map of role definitions with grants and assignments
+
+## Examples Structure
+
+- **simple/** - Minimal configuration showing basic warehouse creation
+- **complete/** - Full-featured example with:
+  - Resource monitor integration
+  - Default roles enabled
+  - Custom role with specific privileges
+  - Multiple naming scheme patterns
+  - Context template usage
+  - Generation 2 warehouse configuration (warehouse_3)
+
+## Important Implementation Notes
+
+### Generation Field
+
+- Type: `string` (not `number`) - this is required by the Snowflake provider schema, not a design choice
+- Valid values: `"1"`, `"2"`
+- Only applicable to STANDARD warehouse type
+- Validation uses ternary operator to handle null: `var.generation == null ? true : contains(["1", "2"], var.generation)`
+- Added in provider version 2.7+
+- The string type requirement comes from how Snowflake's SQL interface and provider handle this parameter
+
+### Variable Validation Pattern
+
+When validating optional (nullable) variables with `contains()`, use ternary operator to avoid null evaluation errors:
+
+```hcl
+validation {
+  condition     = var.field == null ? true : contains(["val1", "val2"], var.field)
+  error_message = "Invalid value"
+}
+```
+
+Do NOT use: `var.field == null || contains([...], var.field)` as it will fail when the value is null.
diff --git a/CLAUDE.md b/CLAUDE.md
@@ -0,0 +1 @@
+@AGENTS.md
diff --git a/README.md b/README.md
@@ -115,6 +115,7 @@ List od code and variable (API) changes:
 | <a name="input_context_templates"></a> [context\_templates](#input\_context\_templates) | Map of context templates used for naming conventions - this variable supersedes `naming_scheme.properties` and `naming_scheme.delimiter` configuration | `map(string)` | `{}` | no |
 | <a name="input_create_default_roles"></a> [create\_default\_roles](#input\_create\_default\_roles) | Whether the default roles should be created | `bool` | `false` | no |
 | <a name="input_enable_query_acceleration"></a> [enable\_query\_acceleration](#input\_enable\_query\_acceleration) | Specifies whether to enable the query acceleration service for queries that rely on this warehouse for compute resources. | `bool` | `true` | no |
+| <a name="input_generation"></a> [generation](#input\_generation) | Specifies the generation for the warehouse. Only available for standard warehouses. Valid values are: 1, 2, docs: <https://docs.snowflake.com/en/user-guide/warehouses-gen2>. | `string` | `null` | no |
 | <a name="input_initially_suspended"></a> [initially\_suspended](#input\_initially\_suspended) | Specifies whether the warehouse is created initially in the ‘Suspended’ state. | `bool` | `true` | no |
 | <a name="input_max_cluster_count"></a> [max\_cluster\_count](#input\_max\_cluster\_count) | Specifies the maximum number of server clusters for the warehouse. | `number` | `1` | no |
 | <a name="input_max_concurrency_level"></a> [max\_concurrency\_level](#input\_max\_concurrency\_level) | Object parameter that specifies the concurrency level for SQL statements (i.e. queries and DML) executed by a warehouse. | `number` | `null` | no |
@@ -150,15 +151,15 @@ List od code and variable (API) changes:
 | Name | Version |
 |------|---------|
 | <a name="provider_context"></a> [context](#provider\_context) | >=0.4.0 |
-| <a name="provider_snowflake"></a> [snowflake](#provider\_snowflake) | >= 0.95 |
+| <a name="provider_snowflake"></a> [snowflake](#provider\_snowflake) | >= 2.7 |
 
 ## Requirements
 
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
 | <a name="requirement_context"></a> [context](#requirement\_context) | >=0.4.0 |
-| <a name="requirement_snowflake"></a> [snowflake](#requirement\_snowflake) | >= 0.95 |
+| <a name="requirement_snowflake"></a> [snowflake](#requirement\_snowflake) | >= 2.7 |
 
 ## Resources
 
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -89,5 +89,7 @@ module "terraform_snowflake_warehouse_3" {
     }
   }
 
+  generation = "2"
+
   create_default_roles = false
 }
diff --git a/main.tf b/main.tf
@@ -17,6 +17,7 @@ resource "snowflake_warehouse" "this" {
 
   warehouse_size = var.warehouse_size
   warehouse_type = var.warehouse_type
+  generation     = var.generation
 
   auto_resume         = var.auto_resume
   auto_suspend        = var.auto_suspend
diff --git a/outputs.tf b/outputs.tf
@@ -6,6 +6,7 @@ output "warehouse" {
     comment                             = snowflake_warehouse.this.comment
     warehouse_type                      = snowflake_warehouse.this.warehouse_type
     warehouse_size                      = snowflake_warehouse.this.warehouse_size
+    generation                          = snowflake_warehouse.this.generation
     auto_resume                         = snowflake_warehouse.this.auto_resume
     auto_suspend                        = snowflake_warehouse.this.auto_suspend
     initially_suspended                 = snowflake_warehouse.this.initially_suspended
diff --git a/variables.tf b/variables.tf
@@ -25,6 +25,16 @@ variable "warehouse_type" {
   }
 }
 
+variable "generation" {
+  description = "Specifies the generation for the warehouse. Only available for standard warehouses. Valid values are: 1, 2, docs: <https://docs.snowflake.com/en/user-guide/warehouses-gen2>."
+  type        = string
+  default     = null
+  validation {
+    condition     = var.generation == null ? true : contains(["1", "2"], var.generation)
+    error_message = "Invalid generation. Possible values are: \"1\", \"2\""
+  }
+}
+
 variable "auto_resume" {
   description = "Specifies whether to automatically resume a warehouse when a SQL statement (e.g. query) is submitted to it."
   type        = bool
diff --git a/versions.tf b/versions.tf
@@ -3,7 +3,7 @@ terraform {
   required_providers {
     snowflake = {
       source  = "snowflakedb/snowflake"
-      version = ">= 0.95"
+      version = ">= 2.7"
     }
     context = {
       source  = "cloudposse/context"

Original file line number	Diff line number	Diff line change
`@@ -89,5 +89,7 @@ module "terraform_snowflake_warehouse_3" {`
`89`	`89`	`}`
`90`	`90`	`}`
`91`	`91`
	`92`	`+ generation = "2"`
	`93`	`+`
`92`	`94`	`create_default_roles = false`
`93`	`95`	`}`
Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@ terraform {`
`3`	`3`	`required_providers {`
`4`	`4`	`snowflake = {`
`5`	`5`	`source = "snowflakedb/snowflake"`
`6`		`- version = ">= 0.95"`
	`6`	`+ version = ">= 2.7"`
`7`	`7`	`}`
`8`	`8`	`context = {`
`9`	`9`	`source = "cloudposse/context"`