Merge pull request #19 from getindata/fix/remove_unneeded_dangerous_variables

fix: Remove unneeded and potentially dangerous variables

Author: dgniewek

README.md

@@ -106,7 +106,7 @@ For more information, refer to [variables.tf](variables.tf), list of inputs belo
 | <a name="input_name"></a> [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.<br>This is the only ID element not also included as a `tag`.<br>The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
 | <a name="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.<br>Characters matching the regex will be removed from the ID elements.<br>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
-| <a name="input_roles"></a> [roles](#input\_roles) | Database roles created in the stage scope | <pre>map(object({<br>    enabled                   = optional(bool, true)<br>    with_grant_option         = optional(bool)<br>    granted_to_roles          = optional(list(string))<br>    granted_to_database_roles = optional(list(string))<br>    granted_database_roles    = optional(list(string))<br>    stage_grants              = optional(list(string))<br>    all_privileges            = optional(bool)<br>    on_all                    = optional(bool, false)<br>    schema_name               = optional(string)<br>    on_future                 = optional(bool, false)<br>  }))</pre> | `{}` | no |
+| <a name="input_roles"></a> [roles](#input\_roles) | Database roles created in the stage scope | <pre>map(object({<br>    enabled                   = optional(bool, true)<br>    with_grant_option         = optional(bool)<br>    granted_to_roles          = optional(list(string))<br>    granted_to_database_roles = optional(list(string))<br>    granted_database_roles    = optional(list(string))<br>    stage_grants              = optional(list(string))<br>    all_privileges            = optional(bool)<br>  }))</pre> | `{}` | no |
 | <a name="input_schema"></a> [schema](#input\_schema) | The schema in which to create the stage | `string` | n/a | yes |
 | <a name="input_snowflake_iam_user"></a> [snowflake\_iam\_user](#input\_snowflake\_iam\_user) | Specifies the Snowflake IAM user | `string` | `null` | no |
 | <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |

main.tf

@@ -103,8 +103,6 @@ module "snowflake_custom_role" {
         privileges        = lookup(each.value, "stage_grants", null)
         all_privileges    = lookup(each.value, "all_privileges", null)
         with_grant_option = lookup(each.value, "with_grant_option", false)
-        on_future         = lookup(each.value, "on_future", false)
-        on_all            = lookup(each.value, "on_all", false)
         object_name       = (lookup(each.value, "on_future", false) || lookup(each.value, "on_all", false)) ? null : one(snowflake_stage.this[*].name)
         schema_name       = one(snowflake_stage.this[*].schema)
       }

variables.tf

@@ -90,9 +90,6 @@ variable "roles" {
     granted_database_roles    = optional(list(string))
     stage_grants              = optional(list(string))
     all_privileges            = optional(bool)
-    on_all                    = optional(bool, false)
-    schema_name               = optional(string)
-    on_future                 = optional(bool, false)
   }))
   default = {}
 }