Fill fields in datasource for saml2 and scim

pkg/datasources/security_integrations_acceptance_test.go

@@ -8,7 +8,6 @@ import (
 	acc "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance"
 
 	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance/helpers/random"
-	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance/testenvs"
 	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/provider/resources"
 	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk"
 	"github.com/hashicorp/terraform-plugin-testing/config"
@@ -18,14 +17,110 @@ import (
 
 // TODO [SNOW-1348100]: add other security integrations when they are ready
 // TODO [SNOW-1348100]: test specific describe properties
+func TestAcc_SecurityIntegrations_Saml2(t *testing.T) {
+	id := acc.TestClient().Ids.RandomAccountObjectIdentifier()
+	issuer := acc.TestClient().Ids.Alpha()
+	cert := random.GenerateX509(t)
+	validUrl := "http://example.com"
+	acsURL := acc.TestClient().Context.ACSURL(t)
+	issuerURL := acc.TestClient().Context.IssuerURL(t)
+
+	m := func() map[string]config.Variable {
+		return map[string]config.Variable{
+			"allowed_email_patterns":              config.ListVariable(config.StringVariable("^(.+dev)@example.com$")),
+			"allowed_user_domains":                config.ListVariable(config.StringVariable("example.com")),
+			"comment":                             config.StringVariable("foo"),
+			"enabled":                             config.BoolVariable(true),
+			"name":                                config.StringVariable(id.Name()),
+			"saml2_enable_sp_initiated":           config.BoolVariable(true),
+			"saml2_force_authn":                   config.BoolVariable(true),
+			"saml2_issuer":                        config.StringVariable(issuer),
+			"saml2_post_logout_redirect_url":      config.StringVariable(validUrl),
+			"saml2_provider":                      config.StringVariable(string(sdk.Saml2SecurityIntegrationSaml2ProviderCustom)),
+			"saml2_requested_nameid_format":       config.StringVariable(string(sdk.Saml2SecurityIntegrationSaml2RequestedNameidFormatUnspecified)),
+			"saml2_sign_request":                  config.BoolVariable(true),
+			"saml2_snowflake_acs_url":             config.StringVariable(acsURL),
+			"saml2_snowflake_issuer_url":          config.StringVariable(issuerURL),
+			"saml2_sp_initiated_login_page_label": config.StringVariable("foo"),
+			"saml2_sso_url":                       config.StringVariable(validUrl),
+			"saml2_x509_cert":                     config.StringVariable(cert),
+			// TODO(SNOW-1479617): set saml2_snowflake_x509_cert
+		}
+	}
+
+	resource.Test(t, resource.TestCase{
+		ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories,
+		TerraformVersionChecks: []tfversion.TerraformVersionCheck{
+			tfversion.RequireAbove(tfversion.Version1_5_0),
+		},
+		CheckDestroy: acc.CheckDestroy(t, resources.Saml2SecurityIntegration),
+		Steps: []resource.TestStep{
+			{
+				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_SecurityIntegrations/saml2/optionals_set"),
+				ConfigVariables: m(),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.#", "1"),
+
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.#", "1"),
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.saml2_issuer.0.value", issuer),
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.saml2_sso_url.0.value", validUrl),
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.saml2_provider.0.value", string(sdk.Saml2SecurityIntegrationSaml2ProviderCustom)),
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.saml2_x509_cert.0.value", cert),
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.saml2_sp_initiated_login_page_label.0.value", "foo"),
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.saml2_enable_sp_initiated.0.value", "true"),
+					resource.TestCheckResourceAttrSet("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.saml2_snowflake_x509_cert.0.value"),
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.saml2_sign_request.0.value", "true"),
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.saml2_requested_nameid_format.0.value", string(sdk.Saml2SecurityIntegrationSaml2RequestedNameidFormatUnspecified)),
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.saml2_post_logout_redirect_url.0.value", "http://example.com"),
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.saml2_force_authn.0.value", "true"),
+					resource.TestCheckResourceAttrSet("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.saml2_snowflake_issuer_url.0.value"),
+					resource.TestCheckResourceAttrSet("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.saml2_snowflake_acs_url.0.value"),
+					resource.TestCheckResourceAttrSet("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.saml2_snowflake_metadata.0.value"),
+					resource.TestCheckResourceAttrSet("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.saml2_digest_methods_used.0.value"),
+					resource.TestCheckResourceAttrSet("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.saml2_signature_methods_used.0.value"),
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.allowed_user_domains.0.value", "[example.com]"),
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.allowed_email_patterns.0.value", "[^(.+dev)@example.com$]"),
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.comment.0.value", "foo"),
+
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.show_output.#", "1"),
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.show_output.0.name", id.Name()),
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.show_output.0.integration_type", "SAML2"),
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.show_output.0.category", "SECURITY"),
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.show_output.0.enabled", "true"),
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.show_output.0.comment", "foo"),
+					resource.TestCheckResourceAttrSet("data.snowflake_security_integrations.test", "security_integrations.0.show_output.0.created_on"),
+				),
+			},
+			{
+				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_SecurityIntegrations/saml2/optionals_unset"),
+				ConfigVariables: m(),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.#", "1"),
+
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.show_output.#", "1"),
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.show_output.0.name", id.Name()),
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.show_output.0.integration_type", "SAML2"),
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.show_output.0.category", "SECURITY"),
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.show_output.0.enabled", "true"),
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.show_output.0.comment", "foo"),
+					resource.TestCheckResourceAttrSet("data.snowflake_security_integrations.test", "security_integrations.0.show_output.0.created_on"),
+
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.#", "0"),
+				),
+			},
+		},
+	})
+}
+
 func TestAcc_SecurityIntegrations_Scim(t *testing.T) {
-	_ = testenvs.GetOrSkipTest(t, testenvs.ConfigureClientOnce)
 	id := acc.TestClient().Ids.RandomAccountObjectIdentifier()
 	comment := random.Comment()
-
+	networkPolicy, networkPolicyCleanup := acc.TestClient().NetworkPolicy.CreateNetworkPolicy(t)
+	t.Cleanup(networkPolicyCleanup)
 	configVariables := config.Variables{
-		"name":    config.StringVariable(id.Name()),
-		"comment": config.StringVariable(comment),
+		"name":           config.StringVariable(id.Name()),
+		"comment":        config.StringVariable(comment),
+		"network_policy": config.StringVariable(networkPolicy.Name),
 	}
 
 	resource.Test(t, resource.TestCase{
@@ -38,7 +133,7 @@ func TestAcc_SecurityIntegrations_Scim(t *testing.T) {
 			{
 				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_SecurityIntegrations/optionals_set"),
 				ConfigVariables: configVariables,
-				Check: resource.ComposeTestCheckFunc(
+				Check: resource.ComposeAggregateTestCheckFunc(
 					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.#", "1"),
 
 					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.show_output.0.name", id.Name()),
@@ -49,14 +144,17 @@ func TestAcc_SecurityIntegrations_Scim(t *testing.T) {
 					resource.TestCheckResourceAttrSet("data.snowflake_security_integrations.test", "security_integrations.0.show_output.0.created_on"),
 
 					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.#", "1"),
-					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.todo.#", "1"),
-					resource.TestCheckResourceAttrSet("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.todo.0.value"),
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.enabled.0.value", "false"),
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.network_policy.0.value", sdk.NewAccountObjectIdentifier(networkPolicy.Name).Name()), // TODO(SNOW-999049): Fix during identifiers rework
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.run_as_role.0.value", "GENERIC_SCIM_PROVISIONER"),
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.sync_password.0.value", "true"),
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.comment.0.value", comment),
 				),
 			},
 			{
 				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_SecurityIntegrations/optionals_unset"),
 				ConfigVariables: configVariables,
-				Check: resource.ComposeTestCheckFunc(
+				Check: resource.ComposeAggregateTestCheckFunc(
 					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.#", "1"),
 
 					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.show_output.0.name", id.Name()),

pkg/datasources/testdata/TestAcc_SecurityIntegrations/optionals_set/test.tf

@@ -1,9 +1,10 @@
 resource "snowflake_scim_integration" "test" {
-  name        = var.name
-  enabled     = false
-  scim_client = "GENERIC"
-  run_as_role = "GENERIC_SCIM_PROVISIONER"
-  comment     = var.comment
+  name           = var.name
+  enabled        = false
+  scim_client    = "GENERIC"
+  run_as_role    = "GENERIC_SCIM_PROVISIONER"
+  network_policy = var.network_policy
+  comment        = var.comment
 }
 
 data "snowflake_security_integrations" "test" {

pkg/datasources/testdata/TestAcc_SecurityIntegrations/optionals_set/variables.tf

@@ -5,3 +5,6 @@ variable "name" {
 variable "comment" {
   type = string
 }
+variable "network_policy" {
+  type = string
+}

pkg/datasources/testdata/TestAcc_SecurityIntegrations/optionals_unset/test.tf

@@ -1,14 +1,15 @@
 resource "snowflake_scim_integration" "test" {
-  name        = var.name
-  enabled     = false
-  scim_client = "GENERIC"
-  run_as_role = "GENERIC_SCIM_PROVISIONER"
-  comment     = var.comment
+  name           = var.name
+  enabled        = false
+  scim_client    = "GENERIC"
+  run_as_role    = "GENERIC_SCIM_PROVISIONER"
+  network_policy = var.network_policy
+  comment        = var.comment
 }
 
 data "snowflake_security_integrations" "test" {
   depends_on = [snowflake_scim_integration.test]
 
   with_describe = false
   like          = var.name
-}
+}

pkg/datasources/testdata/TestAcc_SecurityIntegrations/optionals_unset/variables.tf

@@ -5,3 +5,6 @@ variable "name" {
 variable "comment" {
   type = string
 }
+variable "network_policy" {
+  type = string
+}

pkg/datasources/testdata/TestAcc_SecurityIntegrations/saml2/optionals_set/test.tf

@@ -0,0 +1,25 @@
+resource "snowflake_saml2_integration" "test" {
+  allowed_email_patterns              = var.allowed_email_patterns
+  allowed_user_domains                = var.allowed_user_domains
+  comment                             = var.comment
+  enabled                             = var.enabled
+  name                                = var.name
+  saml2_enable_sp_initiated           = var.saml2_enable_sp_initiated
+  saml2_force_authn                   = var.saml2_force_authn
+  saml2_issuer                        = var.saml2_issuer
+  saml2_post_logout_redirect_url      = var.saml2_post_logout_redirect_url
+  saml2_provider                      = var.saml2_provider
+  saml2_requested_nameid_format       = var.saml2_requested_nameid_format
+  saml2_sign_request                  = var.saml2_sign_request
+  saml2_snowflake_acs_url             = var.saml2_snowflake_acs_url
+  saml2_snowflake_issuer_url          = var.saml2_snowflake_issuer_url
+  saml2_sp_initiated_login_page_label = var.saml2_sp_initiated_login_page_label
+  saml2_sso_url                       = var.saml2_sso_url
+  saml2_x509_cert                     = var.saml2_x509_cert
+}
+
+data "snowflake_security_integrations" "test" {
+  depends_on = [snowflake_saml2_integration.test]
+
+  like = var.name
+}

pkg/datasources/testdata/TestAcc_SecurityIntegrations/saml2/optionals_set/variables.tf

@@ -0,0 +1,52 @@
+
+variable "allowed_email_patterns" {
+  type = list(string)
+}
+variable "allowed_user_domains" {
+  type = list(string)
+}
+variable "comment" {
+  type = string
+}
+variable "enabled" {
+  type = bool
+}
+variable "name" {
+  type = string
+}
+variable "saml2_enable_sp_initiated" {
+  type = bool
+}
+variable "saml2_force_authn" {
+  type = bool
+}
+variable "saml2_issuer" {
+  type = string
+}
+variable "saml2_post_logout_redirect_url" {
+  type = string
+}
+variable "saml2_provider" {
+  type = string
+}
+variable "saml2_requested_nameid_format" {
+  type = string
+}
+variable "saml2_sign_request" {
+  type = bool
+}
+variable "saml2_snowflake_acs_url" {
+  type = string
+}
+variable "saml2_snowflake_issuer_url" {
+  type = string
+}
+variable "saml2_sp_initiated_login_page_label" {
+  type = string
+}
+variable "saml2_sso_url" {
+  type = string
+}
+variable "saml2_x509_cert" {
+  type = string
+}

pkg/datasources/testdata/TestAcc_SecurityIntegrations/saml2/optionals_unset/test.tf

@@ -0,0 +1,26 @@
+resource "snowflake_saml2_integration" "test" {
+  allowed_email_patterns              = var.allowed_email_patterns
+  allowed_user_domains                = var.allowed_user_domains
+  comment                             = var.comment
+  enabled                             = var.enabled
+  name                                = var.name
+  saml2_enable_sp_initiated           = var.saml2_enable_sp_initiated
+  saml2_force_authn                   = var.saml2_force_authn
+  saml2_issuer                        = var.saml2_issuer
+  saml2_post_logout_redirect_url      = var.saml2_post_logout_redirect_url
+  saml2_provider                      = var.saml2_provider
+  saml2_requested_nameid_format       = var.saml2_requested_nameid_format
+  saml2_sign_request                  = var.saml2_sign_request
+  saml2_snowflake_acs_url             = var.saml2_snowflake_acs_url
+  saml2_snowflake_issuer_url          = var.saml2_snowflake_issuer_url
+  saml2_sp_initiated_login_page_label = var.saml2_sp_initiated_login_page_label
+  saml2_sso_url                       = var.saml2_sso_url
+  saml2_x509_cert                     = var.saml2_x509_cert
+}
+
+data "snowflake_security_integrations" "test" {
+  depends_on = [snowflake_saml2_integration.test]
+
+  with_describe = false
+  like          = var.name
+}

pkg/datasources/testdata/TestAcc_SecurityIntegrations/saml2/optionals_unset/variables.tf

@@ -0,0 +1,52 @@
+
+variable "allowed_email_patterns" {
+  type = list(string)
+}
+variable "allowed_user_domains" {
+  type = list(string)
+}
+variable "comment" {
+  type = string
+}
+variable "enabled" {
+  type = bool
+}
+variable "name" {
+  type = string
+}
+variable "saml2_enable_sp_initiated" {
+  type = bool
+}
+variable "saml2_force_authn" {
+  type = bool
+}
+variable "saml2_issuer" {
+  type = string
+}
+variable "saml2_post_logout_redirect_url" {
+  type = string
+}
+variable "saml2_provider" {
+  type = string
+}
+variable "saml2_requested_nameid_format" {
+  type = string
+}
+variable "saml2_sign_request" {
+  type = bool
+}
+variable "saml2_snowflake_acs_url" {
+  type = string
+}
+variable "saml2_snowflake_issuer_url" {
+  type = string
+}
+variable "saml2_sp_initiated_login_page_label" {
+  type = string
+}
+variable "saml2_sso_url" {
+  type = string
+}
+variable "saml2_x509_cert" {
+  type = string
+}

pkg/helpers/helpers.go

@@ -137,3 +137,17 @@ func DecodeSnowflakeAccountIdentifier(identifier string) (sdk.AccountIdentifier,
 		return sdk.AccountIdentifier{}, fmt.Errorf("unable to classify account identifier: %s, expected format: <organization_name>.<account_name>", identifier)
 	}
 }
+
+// TODO(SNOW-1479870): Test
+// MergeMaps takes any number of maps (of the same type) and concatenates them.
+// In case of key collision, the value will be selected from the map that is provided
+// later in the src function parameter.
+func MergeMaps[M ~map[K]V, K comparable, V any](src ...M) M {
+	merged := make(M)
+	for _, m := range src {
+		for k, v := range m {
+			merged[k] = v
+		}
+	}
+	return merged
+}

pkg/resources/database.go

@@ -84,7 +84,7 @@ func Database() *schema.Resource {
 		DeleteContext: DeleteDatabase,
 		Description:   "Represents a standard database. If replication configuration is specified, the database is promoted to serve as a primary database for replication.",
 
-		Schema: MergeMaps(databaseSchema, DatabaseParametersSchema),
+		Schema: helpers.MergeMaps(databaseSchema, DatabaseParametersSchema),
 		Importer: &schema.ResourceImporter{
 			StateContext: schema.ImportStatePassthroughContext,
 		},