astonishing-monitor-79630
10/26/2022, 6:17 AMimport pulumi_snowflake as snowflake
class Snowflake(ComponentResource):
# Select privilege
snowflake.TableGrant(
f"{schema_name}_SCHEMA_TABLE_SELECT_GRANT",
schema_name=schema_name,
roles=all_roles,
privilege="SELECT",
on_future=True,
database_name=database
)
# Update privilege
snowflake.TableGrant(
f"{schema_name}_SCHEMA_TABLE_UPDATE_GRANT",
schema_name=schema_name,
roles=read_write_role_names,
privilege="UPDATE",
on_future=True,
database_name=database
)
However, this poses a problem the future grants will only apply to objects (i.e. tables, views etc.) created after the deployment of the new infra, while existing schema-level objects are not affected. I am thinking the best approach would be to run SQL code like:
import snowflake.connector as sfc
sf_conn = sfc.connect()
with sf_conn.cursor() as cursor:
for role in all_roles:
cursor.execute(f"grant select on all tables in {schema} to role {role})
Would it be possible to configure such “manual” “post-hooks” to be run on each pulumi up
call?