Updates to resolve issues encountered during the apply phase

ram-kishore-odi · ram-kishore-odi · commit fcd18aa64cfb · 2025-05-05T15:38:48.000-07:00
diff --git a/terraform/snowflake/modules/elt/roles.tf b/terraform/snowflake/modules/elt/roles.tf
@@ -47,7 +47,7 @@ resource "snowflake_account_role" "logger" {
 # Adding streamlit role - only for analytics database
 resource "snowflake_account_role" "streamlit_analytics" {
   provider = snowflake.useradmin
-  name     = "${module.analytics.name}_${var.environment}_STREAMLIT"
+  name     = "${module.analytics.name}_STREAMLIT"
   comment  = "Permissions to create Streamlit applications and stages in the ${module.analytics.name} database for the ${var.environment} environment."
 }
 
@@ -224,22 +224,17 @@ resource "snowflake_grant_account_role" "streamlit_analytics_to_reporter" {
   parent_role_name = snowflake_account_role.reporter.name
 }
 
-locals {
-  streamlit_roles = {
-    analytics = snowflake_account_role.streamlit_analytics.name
-  }
-  databases = {
-    analytics = module.analytics.name
-  }
-}
-
-resource "snowflake_grant_privileges_to_account_role" "streamlit_privileges" {
-  provider          = snowflake.accountadmin
-  for_each          = local.streamlit_roles
-  account_role_name = each.value
-  privileges        = ["CREATE STREAMLIT", "CREATE STAGE"]
+resource "snowflake_grant_privileges_to_account_role" "streamlit_database_privileges" {
+  account_role_name = "${module.analytics.name}_STREAMLIT"
+  privileges        = ["CREATE STAGE"]
   on_account_object {
+    object_name = "${module.analytics.name}"
     object_type = "DATABASE"
-    object_name = local.databases[each.key]
   }
 }
+
+resource "snowflake_grant_privileges_to_account_role" "streamlit_account_privileges" {
+  account_role_name = "${module.analytics.name}_STREAMLIT"
+  privileges        = ["CREATE STREAMLIT"]
+  on_account        = true
+}
