terraform {
  required_version = ">= 0.13"

  required_providers {
    snowflake = {
      source  = "chanzuckerberg/snowflake"
      version = "0.15.0"
    }
  }
}
provider "snowflake" {
  // required
  username = var.username
  account  = var.account
  region   = var.region
  password = var.password
  role = "ACCOUNTADMIN"
}

// creating ROLE
resource snowflake_role role {
  name    = "role2"
  comment = "read only roles on table "
}

resource snowflake_user user {
  name         = "USER1"
  login_name   = "USER1"
  comment      = "Snowflake user"
  password     = "USER1"
  disabled     = false
  display_name = "USER1"
  email        = "USER1@gmail.com"
  first_name   = "USER1"
  last_name    = "TEST"
  default_warehouse = "COMPUTE_WH"
  default_role      = "PUBLIC"
  must_change_password = false
}



resource snowflake_warehouse_grant grant {
  warehouse_name = "COMPUTE_WH"
  privilege      = "USAGE"

  roles = [
        "role2"
    ]

  with_grant_option = false
}

resource snowflake_database_grant grant {
  database_name = "testing"

  privilege = "USAGE"
  roles     = ["role2"]
  with_grant_option = false
}

resource snowflake_schema_grant grant {
  database_name = "testing"
  schema_name   = "PUBLIC"

  privilege = "USAGE"
  roles     = ["role2"]

  with_grant_option = false
}
// asign new role to User
resource "snowflake_role_grants" "grants" {
  
  role_name = "role2" 
  users = ["USER107"
  ]
}

resource snowflake_table_grant grant {
  database_name = "testing"
  schema_name   = "PUBLIC"

  privilege = "SELECT"
  roles     = ["role2"]
  on_future         = true
  with_grant_option = false
}