Grant Id Migration (#401)

docs/resources/cluster_grant.md

@@ -40,5 +40,7 @@ Import is supported using the following syntax:
 
 ```shell
 #Grants can be imported using the concatenation of GRANT, the object type, the id of the object, the id of the role and the privilege 
-terraform import materialize_cluster_grant.example GRANT|CLUSTER|<cluster_id>|<role_id>|<privilege>
+terraform import materialize_cluster_grant.example <region>:GRANT|CLUSTER|<cluster_id>|<role_id>|<privilege>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)
 ```

docs/resources/cluster_grant_default_privilege.md

@@ -41,5 +41,7 @@ Import is supported using the following syntax:
 ```shell
 #Grants can be imported using the concatenation of GRANT DEFAULT, the grantee id of the role
 #Optionally you can include the target id. The privilege is required 
-terraform import materialize_cluster_grant_default_privilege.example GRANT DEFAULT|CLUSTER|<grantee_id>|<target_role_id>|||<privilege>
+terraform import materialize_cluster_grant_default_privilege.example <region>:GRANT DEFAULT|CLUSTER|<grantee_id>|<target_role_id>|||<privilege>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)
 ```

docs/resources/connection_grant.md

@@ -44,5 +44,7 @@ Import is supported using the following syntax:
 
 ```shell
 #Grants can be imported using the concatenation of GRANT, the object type, the id of the object, the id of the role and the privilege 
-terraform import materialize_connection_grant.example GRANT|CONNECTION|<connection_id>|<role_id>|<privilege>
+terraform import materialize_connection_grant.example <region>:GRANT|CONNECTION|<connection_id>|<role_id>|<privilege>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)
 ```

docs/resources/connection_grant_default_privilege.md

@@ -48,5 +48,7 @@ Import is supported using the following syntax:
 ```shell
 #Grants can be imported using the concatenation of GRANT DEFAULT, the grantee id of the role
 #Optionally you can include the target id, database id and schema id. The privilege is required 
-terraform import materialize_connection_grant_default_privilege.example GRANT DEFAULT|CONNECTION|<grantee_id>|<target_role_id>|<database_id>|<schema_id>|<privilege>
+terraform import materialize_connection_grant_default_privilege.example <region>:GRANT DEFAULT|CONNECTION|<grantee_id>|<target_role_id>|<database_id>|<schema_id>|<privilege>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)
 ```

docs/resources/database_grant.md

@@ -40,5 +40,7 @@ Import is supported using the following syntax:
 
 ```shell
 #Grants can be imported using the concatenation of GRANT, the object type, the id of the object, the id of the role and the privilege 
-terraform import materialize_database_grant.example GRANT|DATABASE|<database_id>|<role_id>|<privilege>
+terraform import materialize_database_grant.example <region>:GRANT|DATABASE|<database_id>|<role_id>|<privilege>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)
 ```

docs/resources/database_grant_default_privilege.md

@@ -41,5 +41,7 @@ Import is supported using the following syntax:
 ```shell
 #Grants can be imported using the concatenation of GRANT DEFAULT, the grantee id of the role
 #Optionally you can include the target id, database id. The privilege is required 
-terraform import materialize_database_grant_default_privilege.example GRANT DEFAULT|CONNECTION|<grantee_id>|<target_role_id>|<database_id>||<privilege>
+terraform import materialize_database_grant_default_privilege.example <region>:GRANT DEFAULT|CONNECTION|<grantee_id>|<target_role_id>|<database_id>||<privilege>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)
 ```

docs/resources/grant_system_privilege.md

@@ -38,5 +38,7 @@ Import is supported using the following syntax:
 
 ```shell
 #Grants can be imported using the concatenation of GRANT SYSTEM, the id of the role and the privilege 
-terraform import materialize_grant_system_privilege.example GRANT SYSTEM|<role_id>|<privilege>
+terraform import materialize_grant_system_privilege.example <region>:GRANT SYSTEM|<role_id>|<privilege>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)
 ```

docs/resources/materialized_view_grant.md

@@ -44,5 +44,7 @@ Import is supported using the following syntax:
 
 ```shell
 #Grants can be imported using the concatenation of GRANT, the object type, the id of the object, the id of the role and the privilege 
-terraform import materialize_materialized_view_grant.example GRANT|MATERIALIZED VIEW|<materialized_view_id>|<role_id>|<privilege>
+terraform import materialize_materialized_view_grant.example <region>:GRANT|MATERIALIZED VIEW|<materialized_view_id>|<role_id>|<privilege>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)
 ```

docs/resources/role_grant.md

@@ -38,5 +38,7 @@ Import is supported using the following syntax:
 
 ```shell
 #Grants can be imported using the concatenation of ROLE MEMBER, the id of the role and id of the member 
-terraform import materialize_role_grant.example ROLE MEMBER|<role_id>|<member_id>
+terraform import materialize_role_grant.example <region>:ROLE MEMBER|<role_id>|<member_id>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)
 ```

docs/resources/schema_grant.md

@@ -42,5 +42,7 @@ Import is supported using the following syntax:
 
 ```shell
 #Grants can be imported using the concatenation of GRANT, the object type, the id of the object, the id of the role and the privilege 
-terraform import materialize_schema_grant.example GRANT|SCHEMA|<schema_id>|<role_id>|<privilege>
+terraform import materialize_schema_grant.example <region>:GRANT|SCHEMA|<schema_id>|<role_id>|<privilege>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)
 ```

docs/resources/schema_grant_default_privilege.md

@@ -46,5 +46,7 @@ Import is supported using the following syntax:
 ```shell
 #Grants can be imported using the concatenation of GRANT DEFAULT, the grantee id of the role
 #Optionally you can include the target id, database id and schema id. The privilege is required 
-terraform import materialize_schema_grant_default_privilege.example GRANT DEFAULT|SCHEMA|<grantee_id>|<target_role_id>|<database_id>|<schema_id>|<privilege>
+terraform import materialize_schema_grant_default_privilege.example <region>:GRANT DEFAULT|SCHEMA|<grantee_id>|<target_role_id>|<database_id>|<schema_id>|<privilege>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)
 ```

docs/resources/secret_grant.md

@@ -44,5 +44,7 @@ Import is supported using the following syntax:
 
 ```shell
 #Grants can be imported using the concatenation of GRANT, the object type, the id of the object, the id of the role and the privilege 
-terraform import materialize_secret_grant.example GRANT|SECRET|<secret_id>|<role_id>|<privilege>
+terraform import materialize_secret_grant.example <region>:GRANT|SECRET|<secret_id>|<role_id>|<privilege>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)
 ```

docs/resources/secret_grant_default_privilege.md

@@ -48,5 +48,7 @@ Import is supported using the following syntax:
 ```shell
 #Grants can be imported using the concatenation of GRANT DEFAULT, the grantee id of the role
 #Optionally you can include the target id, database id and schema id. The privilege is required 
-terraform import materialize_secret_grant_default_privilege.example GRANT DEFAULT|SECRET|<grantee_id>|<target_role_id>|<database_id>|<schema_id>|<privilege>
+terraform import materialize_secret_grant_default_privilege.example <region>:GRANT DEFAULT|SECRET|<grantee_id>|<target_role_id>|<database_id>|<schema_id>|<privilege>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)
 ```

docs/resources/source_grant.md

@@ -44,5 +44,7 @@ Import is supported using the following syntax:
 
 ```shell
 #Grants can be imported using the concatenation of GRANT, the object type, the id of the object, the id of the role and the privilege 
-terraform import materialize_source_grant.example GRANT|SOURCE|<source_id>|<role_id>|<privilege>
+terraform import materialize_source_grant.example <region>:GRANT|SOURCE|<source_id>|<role_id>|<privilege>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)
 ```

docs/resources/table_grant.md

@@ -45,5 +45,7 @@ Import is supported using the following syntax:
 
 ```shell
 #Grants can be imported using the concatenation of GRANT, the object type, the id of the object, the id of the role and the privilege 
-terraform import materialize_table_grant.example GRANT|TABLE|<table_id>|<role_id>|<privilege>
+terraform import materialize_table_grant.example <region>:GRANT|TABLE|<table_id>|<role_id>|<privilege>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)
 ```

docs/resources/table_grant_default_privilege.md

@@ -49,5 +49,7 @@ Import is supported using the following syntax:
 ```shell
 #Grants can be imported using the concatenation of GRANT DEFAULT, the grantee id of the role
 #Optionally you can include the target id, database id and schema id. The privilege is required 
-terraform import materialize_table_grant_default_privilege.example GRANT DEFAULT|TABLE|<grantee_id>|<target_role_id>|<database_id>|<schema_id>|<privilege>
+terraform import materialize_table_grant_default_privilege.example <region>:GRANT DEFAULT|TABLE|<grantee_id>|<target_role_id>|<database_id>|<schema_id>|<privilege>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)
 ```

docs/resources/type_grant.md

@@ -44,5 +44,7 @@ Import is supported using the following syntax:
 
 ```shell
 #Grants can be imported using the concatenation of GRANT, the object type, the id of the object, the id of the role and the privilege 
-terraform import materialize_type_grant.example GRANT|TYPE|<type_id>|<role_id>|<privilege>
+terraform import materialize_type_grant.example <region>:GRANT|TYPE|<type_id>|<role_id>|<privilege>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)
 ```

docs/resources/type_grant_default_privilege.md

@@ -48,5 +48,7 @@ Import is supported using the following syntax:
 ```shell
 #Grants can be imported using the concatenation of GRANT DEFAULT, the grantee id of the role
 #Optionally you can include the target id, database id and schema id. The privilege is required 
-terraform import materialize_type_grant_default_privilege.example GRANT DEFAULT|TYPE|<grantee_id>|<target_role_id>|<database_id>|<schema_id>|<privilege>
+terraform import materialize_type_grant_default_privilege.example <region>:GRANT DEFAULT|TYPE|<grantee_id>|<target_role_id>|<database_id>|<schema_id>|<privilege>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)
 ```

examples/resources/materialize_cluster_grant/import.sh

@@ -1,2 +1,4 @@
 #Grants can be imported using the concatenation of GRANT, the object type, the id of the object, the id of the role and the privilege 
-terraform import materialize_cluster_grant.example GRANT|CLUSTER|<cluster_id>|<role_id>|<privilege>
+terraform import materialize_cluster_grant.example <region>:GRANT|CLUSTER|<cluster_id>|<role_id>|<privilege>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)

examples/resources/materialize_cluster_grant_default_privilege/import.sh

@@ -1,3 +1,5 @@
 #Grants can be imported using the concatenation of GRANT DEFAULT, the grantee id of the role
 #Optionally you can include the target id. The privilege is required 
-terraform import materialize_cluster_grant_default_privilege.example GRANT DEFAULT|CLUSTER|<grantee_id>|<target_role_id>|||<privilege>
+terraform import materialize_cluster_grant_default_privilege.example <region>:GRANT DEFAULT|CLUSTER|<grantee_id>|<target_role_id>|||<privilege>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)

examples/resources/materialize_connection_grant/import.sh

@@ -1,2 +1,4 @@
 #Grants can be imported using the concatenation of GRANT, the object type, the id of the object, the id of the role and the privilege 
-terraform import materialize_connection_grant.example GRANT|CONNECTION|<connection_id>|<role_id>|<privilege>
+terraform import materialize_connection_grant.example <region>:GRANT|CONNECTION|<connection_id>|<role_id>|<privilege>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)

examples/resources/materialize_connection_grant_default_privilege/import.sh

@@ -1,3 +1,5 @@
 #Grants can be imported using the concatenation of GRANT DEFAULT, the grantee id of the role
 #Optionally you can include the target id, database id and schema id. The privilege is required 
-terraform import materialize_connection_grant_default_privilege.example GRANT DEFAULT|CONNECTION|<grantee_id>|<target_role_id>|<database_id>|<schema_id>|<privilege>
+terraform import materialize_connection_grant_default_privilege.example <region>:GRANT DEFAULT|CONNECTION|<grantee_id>|<target_role_id>|<database_id>|<schema_id>|<privilege>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)

examples/resources/materialize_database_grant/import.sh

@@ -1,2 +1,4 @@
 #Grants can be imported using the concatenation of GRANT, the object type, the id of the object, the id of the role and the privilege 
-terraform import materialize_database_grant.example GRANT|DATABASE|<database_id>|<role_id>|<privilege>
+terraform import materialize_database_grant.example <region>:GRANT|DATABASE|<database_id>|<role_id>|<privilege>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)

examples/resources/materialize_database_grant_default_privilege/import.sh

@@ -1,3 +1,5 @@
 #Grants can be imported using the concatenation of GRANT DEFAULT, the grantee id of the role
 #Optionally you can include the target id, database id. The privilege is required 
-terraform import materialize_database_grant_default_privilege.example GRANT DEFAULT|CONNECTION|<grantee_id>|<target_role_id>|<database_id>||<privilege>
+terraform import materialize_database_grant_default_privilege.example <region>:GRANT DEFAULT|CONNECTION|<grantee_id>|<target_role_id>|<database_id>||<privilege>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)

examples/resources/materialize_grant_system_privilege/import.sh

@@ -1,2 +1,4 @@
 #Grants can be imported using the concatenation of GRANT SYSTEM, the id of the role and the privilege 
-terraform import materialize_grant_system_privilege.example GRANT SYSTEM|<role_id>|<privilege>
+terraform import materialize_grant_system_privilege.example <region>:GRANT SYSTEM|<role_id>|<privilege>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)

examples/resources/materialize_materialized_view_grant/import.sh

@@ -1,2 +1,4 @@
 #Grants can be imported using the concatenation of GRANT, the object type, the id of the object, the id of the role and the privilege 
-terraform import materialize_materialized_view_grant.example GRANT|MATERIALIZED VIEW|<materialized_view_id>|<role_id>|<privilege>
+terraform import materialize_materialized_view_grant.example <region>:GRANT|MATERIALIZED VIEW|<materialized_view_id>|<role_id>|<privilege>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)

examples/resources/materialize_role_grant/import.sh

@@ -1,2 +1,4 @@
 #Grants can be imported using the concatenation of ROLE MEMBER, the id of the role and id of the member 
-terraform import materialize_role_grant.example ROLE MEMBER|<role_id>|<member_id>
+terraform import materialize_role_grant.example <region>:ROLE MEMBER|<role_id>|<member_id>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)

examples/resources/materialize_schema_grant/import.sh

@@ -1,2 +1,4 @@
 #Grants can be imported using the concatenation of GRANT, the object type, the id of the object, the id of the role and the privilege 
-terraform import materialize_schema_grant.example GRANT|SCHEMA|<schema_id>|<role_id>|<privilege>
+terraform import materialize_schema_grant.example <region>:GRANT|SCHEMA|<schema_id>|<role_id>|<privilege>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)

examples/resources/materialize_schema_grant_default_privilege/import.sh

@@ -1,3 +1,5 @@
 #Grants can be imported using the concatenation of GRANT DEFAULT, the grantee id of the role
 #Optionally you can include the target id, database id and schema id. The privilege is required 
-terraform import materialize_schema_grant_default_privilege.example GRANT DEFAULT|SCHEMA|<grantee_id>|<target_role_id>|<database_id>|<schema_id>|<privilege>
+terraform import materialize_schema_grant_default_privilege.example <region>:GRANT DEFAULT|SCHEMA|<grantee_id>|<target_role_id>|<database_id>|<schema_id>|<privilege>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)

examples/resources/materialize_secret_grant/import.sh

@@ -1,2 +1,4 @@
 #Grants can be imported using the concatenation of GRANT, the object type, the id of the object, the id of the role and the privilege 
-terraform import materialize_secret_grant.example GRANT|SECRET|<secret_id>|<role_id>|<privilege>
+terraform import materialize_secret_grant.example <region>:GRANT|SECRET|<secret_id>|<role_id>|<privilege>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)

examples/resources/materialize_secret_grant_default_privilege/import.sh

@@ -1,3 +1,5 @@
 #Grants can be imported using the concatenation of GRANT DEFAULT, the grantee id of the role
 #Optionally you can include the target id, database id and schema id. The privilege is required 
-terraform import materialize_secret_grant_default_privilege.example GRANT DEFAULT|SECRET|<grantee_id>|<target_role_id>|<database_id>|<schema_id>|<privilege>
+terraform import materialize_secret_grant_default_privilege.example <region>:GRANT DEFAULT|SECRET|<grantee_id>|<target_role_id>|<database_id>|<schema_id>|<privilege>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)

examples/resources/materialize_source_grant/import.sh

@@ -1,2 +1,4 @@
 #Grants can be imported using the concatenation of GRANT, the object type, the id of the object, the id of the role and the privilege 
-terraform import materialize_source_grant.example GRANT|SOURCE|<source_id>|<role_id>|<privilege>
+terraform import materialize_source_grant.example <region>:GRANT|SOURCE|<source_id>|<role_id>|<privilege>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)

examples/resources/materialize_table_grant/import.sh

@@ -1,2 +1,4 @@
 #Grants can be imported using the concatenation of GRANT, the object type, the id of the object, the id of the role and the privilege 
-terraform import materialize_table_grant.example GRANT|TABLE|<table_id>|<role_id>|<privilege>
+terraform import materialize_table_grant.example <region>:GRANT|TABLE|<table_id>|<role_id>|<privilege>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)

examples/resources/materialize_table_grant_default_privilege/import.sh

@@ -1,3 +1,5 @@
 #Grants can be imported using the concatenation of GRANT DEFAULT, the grantee id of the role
 #Optionally you can include the target id, database id and schema id. The privilege is required 
-terraform import materialize_table_grant_default_privilege.example GRANT DEFAULT|TABLE|<grantee_id>|<target_role_id>|<database_id>|<schema_id>|<privilege>
+terraform import materialize_table_grant_default_privilege.example <region>:GRANT DEFAULT|TABLE|<grantee_id>|<target_role_id>|<database_id>|<schema_id>|<privilege>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)

examples/resources/materialize_type_grant/import.sh

@@ -1,2 +1,4 @@
 #Grants can be imported using the concatenation of GRANT, the object type, the id of the object, the id of the role and the privilege 
-terraform import materialize_type_grant.example GRANT|TYPE|<type_id>|<role_id>|<privilege>
+terraform import materialize_type_grant.example <region>:GRANT|TYPE|<type_id>|<role_id>|<privilege>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)

examples/resources/materialize_type_grant_default_privilege/import.sh

@@ -1,3 +1,5 @@
 #Grants can be imported using the concatenation of GRANT DEFAULT, the grantee id of the role
 #Optionally you can include the target id, database id and schema id. The privilege is required 
-terraform import materialize_type_grant_default_privilege.example GRANT DEFAULT|TYPE|<grantee_id>|<target_role_id>|<database_id>|<schema_id>|<privilege>
+terraform import materialize_type_grant_default_privilege.example <region>:GRANT DEFAULT|TYPE|<grantee_id>|<target_role_id>|<database_id>|<schema_id>|<privilege>
+
+# The region is the region where the database is located (e.g. aws/us-east-1)

pkg/materialize/privilege.go

@@ -174,8 +174,8 @@ func (b *PrivilegeBuilder) Revoke() error {
 	return b.ddl.exec(q)
 }
 
-func (b *PrivilegeBuilder) GrantKey(objectId, roleId, privilege string) string {
-	return fmt.Sprintf(`GRANT|%[1]s|%[2]s|%[3]s|%[4]s`, b.object.ObjectType, objectId, roleId, privilege)
+func (b *PrivilegeBuilder) GrantKey(region, objectId, roleId, privilege string) string {
+	return fmt.Sprintf(`%[1]s:GRANT|%[2]s|%[3]s|%[4]s|%[5]s`, region, b.object.ObjectType, objectId, roleId, privilege)
 }
 
 func ScanPrivileges(conn *sqlx.DB, objectType, objectId string) ([]string, error) {