diff --git a/pkg/datasources/security_integrations_acceptance_test.go b/pkg/datasources/security_integrations_acceptance_test.go index 245b4abc3c1..c598574b48b 100644 --- a/pkg/datasources/security_integrations_acceptance_test.go +++ b/pkg/datasources/security_integrations_acceptance_test.go @@ -8,7 +8,6 @@ import ( acc "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance" "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance/helpers/random" - "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance/testenvs" "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/provider/resources" "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk" "github.com/hashicorp/terraform-plugin-testing/config" @@ -18,14 +17,110 @@ import ( // TODO [SNOW-1348100]: add other security integrations when they are ready // TODO [SNOW-1348100]: test specific describe properties +func TestAcc_SecurityIntegrations_Saml2(t *testing.T) { + id := acc.TestClient().Ids.RandomAccountObjectIdentifier() + issuer := acc.TestClient().Ids.Alpha() + cert := random.GenerateX509(t) + validUrl := "http://example.com" + acsURL := acc.TestClient().Context.ACSURL(t) + issuerURL := acc.TestClient().Context.IssuerURL(t) + + m := func() map[string]config.Variable { + return map[string]config.Variable{ + "allowed_email_patterns": config.ListVariable(config.StringVariable("^(.+dev)@example.com$")), + "allowed_user_domains": config.ListVariable(config.StringVariable("example.com")), + "comment": config.StringVariable("foo"), + "enabled": config.BoolVariable(true), + "name": config.StringVariable(id.Name()), + "saml2_enable_sp_initiated": config.BoolVariable(true), + "saml2_force_authn": config.BoolVariable(true), + "saml2_issuer": config.StringVariable(issuer), + "saml2_post_logout_redirect_url": config.StringVariable(validUrl), + "saml2_provider": config.StringVariable(string(sdk.Saml2SecurityIntegrationSaml2ProviderCustom)), + "saml2_requested_nameid_format": config.StringVariable(string(sdk.Saml2SecurityIntegrationSaml2RequestedNameidFormatUnspecified)), + "saml2_sign_request": config.BoolVariable(true), + "saml2_snowflake_acs_url": config.StringVariable(acsURL), + "saml2_snowflake_issuer_url": config.StringVariable(issuerURL), + "saml2_sp_initiated_login_page_label": config.StringVariable("foo"), + "saml2_sso_url": config.StringVariable(validUrl), + "saml2_x509_cert": config.StringVariable(cert), + // TODO(SNOW-1479617): set saml2_snowflake_x509_cert + } + } + + resource.Test(t, resource.TestCase{ + ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories, + TerraformVersionChecks: []tfversion.TerraformVersionCheck{ + tfversion.RequireAbove(tfversion.Version1_5_0), + }, + CheckDestroy: acc.CheckDestroy(t, resources.Saml2SecurityIntegration), + Steps: []resource.TestStep{ + { + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_SecurityIntegrations/saml2/optionals_set"), + ConfigVariables: m(), + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.#", "1"), + + resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.#", "1"), + resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.saml2_issuer.0.value", issuer), + resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.saml2_sso_url.0.value", validUrl), + resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.saml2_provider.0.value", string(sdk.Saml2SecurityIntegrationSaml2ProviderCustom)), + resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.saml2_x509_cert.0.value", cert), + resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.saml2_sp_initiated_login_page_label.0.value", "foo"), + resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.saml2_enable_sp_initiated.0.value", "true"), + resource.TestCheckResourceAttrSet("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.saml2_snowflake_x509_cert.0.value"), + resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.saml2_sign_request.0.value", "true"), + resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.saml2_requested_nameid_format.0.value", string(sdk.Saml2SecurityIntegrationSaml2RequestedNameidFormatUnspecified)), + resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.saml2_post_logout_redirect_url.0.value", "http://example.com"), + resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.saml2_force_authn.0.value", "true"), + resource.TestCheckResourceAttrSet("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.saml2_snowflake_issuer_url.0.value"), + resource.TestCheckResourceAttrSet("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.saml2_snowflake_acs_url.0.value"), + resource.TestCheckResourceAttrSet("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.saml2_snowflake_metadata.0.value"), + resource.TestCheckResourceAttrSet("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.saml2_digest_methods_used.0.value"), + resource.TestCheckResourceAttrSet("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.saml2_signature_methods_used.0.value"), + resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.allowed_user_domains.0.value", "[example.com]"), + resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.allowed_email_patterns.0.value", "[^(.+dev)@example.com$]"), + resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.comment.0.value", "foo"), + + resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.show_output.#", "1"), + resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.show_output.0.name", id.Name()), + resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.show_output.0.integration_type", "SAML2"), + resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.show_output.0.category", "SECURITY"), + resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.show_output.0.enabled", "true"), + resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.show_output.0.comment", "foo"), + resource.TestCheckResourceAttrSet("data.snowflake_security_integrations.test", "security_integrations.0.show_output.0.created_on"), + ), + }, + { + ConfigDirectory: acc.ConfigurationDirectory("TestAcc_SecurityIntegrations/saml2/optionals_unset"), + ConfigVariables: m(), + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.#", "1"), + + resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.show_output.#", "1"), + resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.show_output.0.name", id.Name()), + resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.show_output.0.integration_type", "SAML2"), + resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.show_output.0.category", "SECURITY"), + resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.show_output.0.enabled", "true"), + resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.show_output.0.comment", "foo"), + resource.TestCheckResourceAttrSet("data.snowflake_security_integrations.test", "security_integrations.0.show_output.0.created_on"), + + resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.#", "0"), + ), + }, + }, + }) +} + func TestAcc_SecurityIntegrations_Scim(t *testing.T) { - _ = testenvs.GetOrSkipTest(t, testenvs.ConfigureClientOnce) id := acc.TestClient().Ids.RandomAccountObjectIdentifier() comment := random.Comment() - + networkPolicy, networkPolicyCleanup := acc.TestClient().NetworkPolicy.CreateNetworkPolicy(t) + t.Cleanup(networkPolicyCleanup) configVariables := config.Variables{ - "name": config.StringVariable(id.Name()), - "comment": config.StringVariable(comment), + "name": config.StringVariable(id.Name()), + "comment": config.StringVariable(comment), + "network_policy": config.StringVariable(networkPolicy.Name), } resource.Test(t, resource.TestCase{ @@ -38,7 +133,7 @@ func TestAcc_SecurityIntegrations_Scim(t *testing.T) { { ConfigDirectory: acc.ConfigurationDirectory("TestAcc_SecurityIntegrations/optionals_set"), ConfigVariables: configVariables, - Check: resource.ComposeTestCheckFunc( + Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.#", "1"), resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.show_output.0.name", id.Name()), @@ -49,14 +144,17 @@ func TestAcc_SecurityIntegrations_Scim(t *testing.T) { resource.TestCheckResourceAttrSet("data.snowflake_security_integrations.test", "security_integrations.0.show_output.0.created_on"), resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.#", "1"), - resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.todo.#", "1"), - resource.TestCheckResourceAttrSet("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.todo.0.value"), + resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.enabled.0.value", "false"), + resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.network_policy.0.value", sdk.NewAccountObjectIdentifier(networkPolicy.Name).Name()), // TODO(SNOW-999049): Fix during identifiers rework + resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.run_as_role.0.value", "GENERIC_SCIM_PROVISIONER"), + resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.sync_password.0.value", "true"), + resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.comment.0.value", comment), ), }, { ConfigDirectory: acc.ConfigurationDirectory("TestAcc_SecurityIntegrations/optionals_unset"), ConfigVariables: configVariables, - Check: resource.ComposeTestCheckFunc( + Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.#", "1"), resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.show_output.0.name", id.Name()), diff --git a/pkg/datasources/testdata/TestAcc_SecurityIntegrations/optionals_set/test.tf b/pkg/datasources/testdata/TestAcc_SecurityIntegrations/optionals_set/test.tf index dbd9db09300..d5e5f705aac 100644 --- a/pkg/datasources/testdata/TestAcc_SecurityIntegrations/optionals_set/test.tf +++ b/pkg/datasources/testdata/TestAcc_SecurityIntegrations/optionals_set/test.tf @@ -1,9 +1,10 @@ resource "snowflake_scim_integration" "test" { - name = var.name - enabled = false - scim_client = "GENERIC" - run_as_role = "GENERIC_SCIM_PROVISIONER" - comment = var.comment + name = var.name + enabled = false + scim_client = "GENERIC" + run_as_role = "GENERIC_SCIM_PROVISIONER" + network_policy = var.network_policy + comment = var.comment } data "snowflake_security_integrations" "test" { diff --git a/pkg/datasources/testdata/TestAcc_SecurityIntegrations/optionals_set/variables.tf b/pkg/datasources/testdata/TestAcc_SecurityIntegrations/optionals_set/variables.tf index 821eeebe895..d77b1d5405f 100644 --- a/pkg/datasources/testdata/TestAcc_SecurityIntegrations/optionals_set/variables.tf +++ b/pkg/datasources/testdata/TestAcc_SecurityIntegrations/optionals_set/variables.tf @@ -5,3 +5,6 @@ variable "name" { variable "comment" { type = string } +variable "network_policy" { + type = string +} diff --git a/pkg/datasources/testdata/TestAcc_SecurityIntegrations/optionals_unset/test.tf b/pkg/datasources/testdata/TestAcc_SecurityIntegrations/optionals_unset/test.tf index e5cc5bddb8f..c30f18b62f7 100644 --- a/pkg/datasources/testdata/TestAcc_SecurityIntegrations/optionals_unset/test.tf +++ b/pkg/datasources/testdata/TestAcc_SecurityIntegrations/optionals_unset/test.tf @@ -1,9 +1,10 @@ resource "snowflake_scim_integration" "test" { - name = var.name - enabled = false - scim_client = "GENERIC" - run_as_role = "GENERIC_SCIM_PROVISIONER" - comment = var.comment + name = var.name + enabled = false + scim_client = "GENERIC" + run_as_role = "GENERIC_SCIM_PROVISIONER" + network_policy = var.network_policy + comment = var.comment } data "snowflake_security_integrations" "test" { @@ -11,4 +12,4 @@ data "snowflake_security_integrations" "test" { with_describe = false like = var.name -} \ No newline at end of file +} diff --git a/pkg/datasources/testdata/TestAcc_SecurityIntegrations/optionals_unset/variables.tf b/pkg/datasources/testdata/TestAcc_SecurityIntegrations/optionals_unset/variables.tf index 821eeebe895..d77b1d5405f 100644 --- a/pkg/datasources/testdata/TestAcc_SecurityIntegrations/optionals_unset/variables.tf +++ b/pkg/datasources/testdata/TestAcc_SecurityIntegrations/optionals_unset/variables.tf @@ -5,3 +5,6 @@ variable "name" { variable "comment" { type = string } +variable "network_policy" { + type = string +} diff --git a/pkg/datasources/testdata/TestAcc_SecurityIntegrations/saml2/optionals_set/test.tf b/pkg/datasources/testdata/TestAcc_SecurityIntegrations/saml2/optionals_set/test.tf new file mode 100644 index 00000000000..eb657211109 --- /dev/null +++ b/pkg/datasources/testdata/TestAcc_SecurityIntegrations/saml2/optionals_set/test.tf @@ -0,0 +1,25 @@ +resource "snowflake_saml2_integration" "test" { + allowed_email_patterns = var.allowed_email_patterns + allowed_user_domains = var.allowed_user_domains + comment = var.comment + enabled = var.enabled + name = var.name + saml2_enable_sp_initiated = var.saml2_enable_sp_initiated + saml2_force_authn = var.saml2_force_authn + saml2_issuer = var.saml2_issuer + saml2_post_logout_redirect_url = var.saml2_post_logout_redirect_url + saml2_provider = var.saml2_provider + saml2_requested_nameid_format = var.saml2_requested_nameid_format + saml2_sign_request = var.saml2_sign_request + saml2_snowflake_acs_url = var.saml2_snowflake_acs_url + saml2_snowflake_issuer_url = var.saml2_snowflake_issuer_url + saml2_sp_initiated_login_page_label = var.saml2_sp_initiated_login_page_label + saml2_sso_url = var.saml2_sso_url + saml2_x509_cert = var.saml2_x509_cert +} + +data "snowflake_security_integrations" "test" { + depends_on = [snowflake_saml2_integration.test] + + like = var.name +} diff --git a/pkg/datasources/testdata/TestAcc_SecurityIntegrations/saml2/optionals_set/variables.tf b/pkg/datasources/testdata/TestAcc_SecurityIntegrations/saml2/optionals_set/variables.tf new file mode 100644 index 00000000000..a2fe9260eef --- /dev/null +++ b/pkg/datasources/testdata/TestAcc_SecurityIntegrations/saml2/optionals_set/variables.tf @@ -0,0 +1,52 @@ + +variable "allowed_email_patterns" { + type = list(string) +} +variable "allowed_user_domains" { + type = list(string) +} +variable "comment" { + type = string +} +variable "enabled" { + type = bool +} +variable "name" { + type = string +} +variable "saml2_enable_sp_initiated" { + type = bool +} +variable "saml2_force_authn" { + type = bool +} +variable "saml2_issuer" { + type = string +} +variable "saml2_post_logout_redirect_url" { + type = string +} +variable "saml2_provider" { + type = string +} +variable "saml2_requested_nameid_format" { + type = string +} +variable "saml2_sign_request" { + type = bool +} +variable "saml2_snowflake_acs_url" { + type = string +} +variable "saml2_snowflake_issuer_url" { + type = string +} +variable "saml2_sp_initiated_login_page_label" { + type = string +} +variable "saml2_sso_url" { + type = string +} +variable "saml2_x509_cert" { + type = string +} diff --git a/pkg/datasources/testdata/TestAcc_SecurityIntegrations/saml2/optionals_unset/test.tf b/pkg/datasources/testdata/TestAcc_SecurityIntegrations/saml2/optionals_unset/test.tf new file mode 100644 index 00000000000..a691106eee0 --- /dev/null +++ b/pkg/datasources/testdata/TestAcc_SecurityIntegrations/saml2/optionals_unset/test.tf @@ -0,0 +1,26 @@ +resource "snowflake_saml2_integration" "test" { + allowed_email_patterns = var.allowed_email_patterns + allowed_user_domains = var.allowed_user_domains + comment = var.comment + enabled = var.enabled + name = var.name + saml2_enable_sp_initiated = var.saml2_enable_sp_initiated + saml2_force_authn = var.saml2_force_authn + saml2_issuer = var.saml2_issuer + saml2_post_logout_redirect_url = var.saml2_post_logout_redirect_url + saml2_provider = var.saml2_provider + saml2_requested_nameid_format = var.saml2_requested_nameid_format + saml2_sign_request = var.saml2_sign_request + saml2_snowflake_acs_url = var.saml2_snowflake_acs_url + saml2_snowflake_issuer_url = var.saml2_snowflake_issuer_url + saml2_sp_initiated_login_page_label = var.saml2_sp_initiated_login_page_label + saml2_sso_url = var.saml2_sso_url + saml2_x509_cert = var.saml2_x509_cert +} + +data "snowflake_security_integrations" "test" { + depends_on = [snowflake_saml2_integration.test] + + with_describe = false + like = var.name +} diff --git a/pkg/datasources/testdata/TestAcc_SecurityIntegrations/saml2/optionals_unset/variables.tf b/pkg/datasources/testdata/TestAcc_SecurityIntegrations/saml2/optionals_unset/variables.tf new file mode 100644 index 00000000000..a2fe9260eef --- /dev/null +++ b/pkg/datasources/testdata/TestAcc_SecurityIntegrations/saml2/optionals_unset/variables.tf @@ -0,0 +1,52 @@ + +variable "allowed_email_patterns" { + type = list(string) +} +variable "allowed_user_domains" { + type = list(string) +} +variable "comment" { + type = string +} +variable "enabled" { + type = bool +} +variable "name" { + type = string +} +variable "saml2_enable_sp_initiated" { + type = bool +} +variable "saml2_force_authn" { + type = bool +} +variable "saml2_issuer" { + type = string +} +variable "saml2_post_logout_redirect_url" { + type = string +} +variable "saml2_provider" { + type = string +} +variable "saml2_requested_nameid_format" { + type = string +} +variable "saml2_sign_request" { + type = bool +} +variable "saml2_snowflake_acs_url" { + type = string +} +variable "saml2_snowflake_issuer_url" { + type = string +} +variable "saml2_sp_initiated_login_page_label" { + type = string +} +variable "saml2_sso_url" { + type = string +} +variable "saml2_x509_cert" { + type = string +} diff --git a/pkg/helpers/helpers.go b/pkg/helpers/helpers.go index 47263e19ac6..5586a631fbe 100644 --- a/pkg/helpers/helpers.go +++ b/pkg/helpers/helpers.go @@ -137,3 +137,17 @@ func DecodeSnowflakeAccountIdentifier(identifier string) (sdk.AccountIdentifier, return sdk.AccountIdentifier{}, fmt.Errorf("unable to classify account identifier: %s, expected format: .", identifier) } } + +// TODO(SNOW-1479870): Test +// MergeMaps takes any number of maps (of the same type) and concatenates them. +// In case of key collision, the value will be selected from the map that is provided +// later in the src function parameter. +func MergeMaps[M ~map[K]V, K comparable, V any](src ...M) M { + merged := make(M) + for _, m := range src { + for k, v := range m { + merged[k] = v + } + } + return merged +} diff --git a/pkg/resources/database.go b/pkg/resources/database.go index bc73e4ec5b5..d6c1085cf1b 100644 --- a/pkg/resources/database.go +++ b/pkg/resources/database.go @@ -84,7 +84,7 @@ func Database() *schema.Resource { DeleteContext: DeleteDatabase, Description: "Represents a standard database. If replication configuration is specified, the database is promoted to serve as a primary database for replication.", - Schema: MergeMaps(databaseSchema, DatabaseParametersSchema), + Schema: helpers.MergeMaps(databaseSchema, DatabaseParametersSchema), Importer: &schema.ResourceImporter{ StateContext: schema.ImportStatePassthroughContext, }, diff --git a/pkg/resources/helpers.go b/pkg/resources/helpers.go index e661f7b761d..7b91689d484 100644 --- a/pkg/resources/helpers.go +++ b/pkg/resources/helpers.go @@ -295,20 +295,6 @@ func getTags(from interface{}) (to tags) { return to } -// TODO(SNOW-1479870): Test -// MergeMaps takes any number of maps (of the same type) and concatenates them. -// In case of key collision, the value will be selected from the map that is provided -// later in the src function parameter. -func MergeMaps[M ~map[K]V, K comparable, V any](src ...M) M { - merged := make(M) - for _, m := range src { - for k, v := range m { - merged[k] = v - } - } - return merged -} - // TODO(SNOW-1479870): Test // JoinDiags iterates through passed diag.Diagnostics and joins them into one diag.Diagnostics. // If none of the passed diagnostics contained any element a nil reference will be returned. diff --git a/pkg/resources/secondary_database.go b/pkg/resources/secondary_database.go index a1110251cbd..a1356637326 100644 --- a/pkg/resources/secondary_database.go +++ b/pkg/resources/secondary_database.go @@ -46,7 +46,7 @@ func SecondaryDatabase() *schema.Resource { Description: "A secondary database creates a replica of an existing primary database (i.e. a secondary database). For more information about database replication, see [Introduction to database replication across multiple accounts](https://docs.snowflake.com/en/user-guide/db-replication-intro).", CustomizeDiff: DatabaseParametersCustomDiff, - Schema: MergeMaps(secondaryDatabaseSchema, DatabaseParametersSchema), + Schema: helpers.MergeMaps(secondaryDatabaseSchema, DatabaseParametersSchema), Importer: &schema.ResourceImporter{ StateContext: schema.ImportStatePassthroughContext, }, diff --git a/pkg/resources/shared_database.go b/pkg/resources/shared_database.go index 6bbf799d2f1..a9c26400b67 100644 --- a/pkg/resources/shared_database.go +++ b/pkg/resources/shared_database.go @@ -46,7 +46,7 @@ func SharedDatabase() *schema.Resource { DeleteContext: DeleteSharedDatabase, Description: "A shared database creates a database from a share provided by another Snowflake account. For more information about shares, see [Introduction to Secure Data Sharing](https://docs.snowflake.com/en/user-guide/data-sharing-intro).", - Schema: MergeMaps(sharedDatabaseSchema, SharedDatabaseParametersSchema), + Schema: helpers.MergeMaps(sharedDatabaseSchema, SharedDatabaseParametersSchema), Importer: &schema.ResourceImporter{ StateContext: schema.ImportStatePassthroughContext, }, diff --git a/pkg/schemas/saml2_security_integration.go b/pkg/schemas/saml2_security_integration.go index 6c1ed3ef8d2..25f200efba0 100644 --- a/pkg/schemas/saml2_security_integration.go +++ b/pkg/schemas/saml2_security_integration.go @@ -2,6 +2,7 @@ package schemas import ( "log" + "slices" "strings" "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk" @@ -30,33 +31,35 @@ var DescribeSaml2IntegrationSchema = map[string]*schema.Schema{ "comment": DescribePropertyListSchema, } +var Saml2PropertiesNames = []string{ + "COMMENT", + "SAML2_ISSUER", + "SAML2_SSO_URL", + "SAML2_PROVIDER", + "SAML2_X509_CERT", + "SAML2_SP_INITIATED_LOGIN_PAGE_LABEL", + "SAML2_SNOWFLAKE_X509_CERT", + "SAML2_REQUESTED_NAMEID_FORMAT", + "SAML2_POST_LOGOUT_REDIRECT_URL", + "SAML2_SNOWFLAKE_ISSUER_URL", + "SAML2_SNOWFLAKE_ACS_URL", + "SAML2_SNOWFLAKE_METADATA", + "SAML2_DIGEST_METHODS_USED", + "SAML2_SIGNATURE_METHODS_USED", + "SAML2_ENABLE_SP_INITIATED", + "SAML2_SIGN_REQUEST", + "SAML2_FORCE_AUTHN", + "ALLOWED_USER_DOMAINS", + "ALLOWED_EMAIL_PATTERNS", +} + func DescribeSaml2IntegrationToSchema(props []sdk.SecurityIntegrationProperty) map[string]any { propsSchema := make(map[string]any) for _, property := range props { property := property - switch property.Name { - case "ENABLED", - "COMMENT", - "SAML2_ISSUER", - "SAML2_SSO_URL", - "SAML2_PROVIDER", - "SAML2_X509_CERT", - "SAML2_SP_INITIATED_LOGIN_PAGE_LABEL", - "SAML2_SNOWFLAKE_X509_CERT", - "SAML2_REQUESTED_NAMEID_FORMAT", - "SAML2_POST_LOGOUT_REDIRECT_URL", - "SAML2_SNOWFLAKE_ISSUER_URL", - "SAML2_SNOWFLAKE_ACS_URL", - "SAML2_SNOWFLAKE_METADATA", - "SAML2_DIGEST_METHODS_USED", - "SAML2_SIGNATURE_METHODS_USED", - "SAML2_ENABLE_SP_INITIATED", - "SAML2_SIGN_REQUEST", - "SAML2_FORCE_AUTHN", - "ALLOWED_USER_DOMAINS", - "ALLOWED_EMAIL_PATTERNS": + if slices.Contains(Saml2PropertiesNames, property.Name) { propsSchema[strings.ToLower(property.Name)] = []map[string]any{SecurityIntegrationPropertyToSchema(&property)} - default: + } else { log.Printf("[WARN] unexpected property %v returned from Snowflake", property.Name) } } diff --git a/pkg/schemas/scim_security_integration.go b/pkg/schemas/scim_security_integration.go index f21083bd4e2..f17a8a848cc 100644 --- a/pkg/schemas/scim_security_integration.go +++ b/pkg/schemas/scim_security_integration.go @@ -1,6 +1,8 @@ package schemas import ( + "log" + "slices" "strings" "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk" @@ -16,19 +18,25 @@ var DescribeScimSecurityIntegrationSchema = map[string]*schema.Schema{ "comment": DescribePropertyListSchema, } -var _ = DescribeScimSecurityIntegrationSchema +var ( + _ = DescribeScimSecurityIntegrationSchema + ScimPropertiesNames = []string{ + "ENABLED", + "NETWORK_POLICY", + "RUN_AS_ROLE", + "SYNC_PASSWORD", + "COMMENT", + } +) func ScimSecurityIntegrationPropertiesToSchema(securityIntegrationProperties []sdk.SecurityIntegrationProperty) map[string]any { securityIntegrationSchema := make(map[string]any) - for _, securityIntegrationProperty := range securityIntegrationProperties { - securityIntegrationProperty := securityIntegrationProperty - switch securityIntegrationProperty.Name { - case "ENABLED", - "NETWORK_POLICY", - "RUN_AS_ROLE", - "SYNC_PASSWORD", - "COMMENT": - securityIntegrationSchema[strings.ToLower(securityIntegrationProperty.Name)] = []map[string]any{SecurityIntegrationPropertyToSchema(&securityIntegrationProperty)} + for _, property := range securityIntegrationProperties { + property := property + if slices.Contains(ScimPropertiesNames, property.Name) { + securityIntegrationSchema[strings.ToLower(property.Name)] = []map[string]any{SecurityIntegrationPropertyToSchema(&property)} + } else { + log.Printf("[WARN] unexpected property %v returned from Snowflake", property.Name) } } return securityIntegrationSchema diff --git a/pkg/schemas/security_integration.go b/pkg/schemas/security_integration.go index e278a293a58..2ce180d3c78 100644 --- a/pkg/schemas/security_integration.go +++ b/pkg/schemas/security_integration.go @@ -1,21 +1,28 @@ package schemas import ( + "slices" + "strings" + + "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/helpers" "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) // TODO [SNOW-1348100]: multiple PRs touching the security integrations are in progress, this should be filled by all the possible properties (the mapping method below should be too) -var SecurityIntegrationDescribeSchema = map[string]*schema.Schema{ - "todo": DescribePropertyListSchema, -} +var SecurityIntegrationDescribeSchema = helpers.MergeMaps(DescribeSaml2IntegrationSchema, DescribeScimSecurityIntegrationSchema) + +var ( + ScimIntegrationPropertiesNames = []string{} + allSecurityIntegrationPropertiesNames = append(Saml2PropertiesNames, ScimPropertiesNames...) +) func SecurityIntegrationsDescriptionsToSchema(descriptions []sdk.SecurityIntegrationProperty) map[string]any { securityIntegrationProperties := make(map[string]any) for _, desc := range descriptions { desc := desc - propertySchema := SecurityIntegrationPropertyToSchema(&desc) - securityIntegrationProperties["todo"] = []map[string]any{propertySchema} + if slices.Contains(allSecurityIntegrationPropertiesNames, desc.Name) { + securityIntegrationProperties[strings.ToLower(desc.Name)] = []map[string]any{SecurityIntegrationPropertyToSchema(&desc)} + } } return securityIntegrationProperties }