chore: Apply new resource conventions to scim integration (#2891)

Done in the PR: - Described changes in Migration Guide and description for changed fields (only one field; `sync_password`) - Added SHOW and DESCRIBE outputs to the scim integration schema - Applied the new resource conventions to the scim integration - Added DESCRIBE helpers for the new convention and DESCRIBE schema for the scim integration
Snowflake-Labs · Jun 28, 2024 · e11e608 · e11e608
1 parent fd70f6e
commit e11e608
Show file tree

Hide file tree

Showing 12 changed files with 583 additions and 181 deletions.
diff --git a/MIGRATION_GUIDE.md b/MIGRATION_GUIDE.md
@@ -9,6 +9,10 @@ across different versions.
 Following the [announcement](https://github.com/Snowflake-Labs/terraform-provider-snowflake/discussions/2736) we have removed the old grant resources. The two resources [snowflake_role_ownership_grant](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/role_ownership_grant) and [snowflake_user_ownership_grant](https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs/resources/user_ownership_grant) were not listed in the announcement, but they were also marked as deprecated ones. We are removing them too to conclude the grants redesign saga.
 
 ### snowflake_scim_integration resource changes
+#### *(behavior change)* Changed behavior of `sync_password`
+
+Now, the `sync_password` field will set the state value to `unknown` whenever the value is not set in the config. This indicates that the value on the Snowflake side is set to the Snowflake default.
+
 #### *(behavior change)* Renamed fields
 
 Renamed field `provisioner_role` to `run_as_role` to align with Snowflake docs. Please rename this field in your configuration files. State will be migrated automatically.

diff --git a/docs/resources/scim_integration.md b/docs/resources/scim_integration.md
@@ -45,12 +45,92 @@ resource "snowflake_scim_integration" "test" {
 
 - `comment` (String) Specifies a comment for the integration.
 - `network_policy` (String) Specifies an existing network policy that controls SCIM network traffic.
-- `sync_password` (Boolean) Specifies whether to enable or disable the synchronization of a user password from an Okta SCIM client as part of the API request to Snowflake.
+- `sync_password` (String) Specifies whether to enable or disable the synchronization of a user password from an Okta SCIM client as part of the API request to Snowflake. Available options are: `true` or `false`. When the value is not set in the configuration the provider will put `unknown` there which means to use the Snowflake default for this value.
 
 ### Read-Only
 
-- `created_on` (String) Date and time when the SCIM integration was created.
+- `describe_output` (List of Object) Outputs the result of `DESCRIBE SECURITY INTEGRATIONS` for the given security integration. (see [below for nested schema](#nestedatt--describe_output))
 - `id` (String) The ID of this resource.
+- `show_output` (List of Object) Outputs the result of `SHOW SECURITY INTEGRATIONS` for the given security integration. (see [below for nested schema](#nestedatt--show_output))
+
+<a id="nestedatt--describe_output"></a>
+### Nested Schema for `describe_output`
+
+Read-Only:
+
+- `comment` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--comment))
+- `enabled` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--enabled))
+- `network_policy` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--network_policy))
+- `run_as_role` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--run_as_role))
+- `sync_password` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--sync_password))
+
+<a id="nestedobjatt--describe_output--comment"></a>
+### Nested Schema for `describe_output.comment`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--enabled"></a>
+### Nested Schema for `describe_output.enabled`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--network_policy"></a>
+### Nested Schema for `describe_output.network_policy`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--run_as_role"></a>
+### Nested Schema for `describe_output.run_as_role`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--sync_password"></a>
+### Nested Schema for `describe_output.sync_password`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+
+<a id="nestedatt--show_output"></a>
+### Nested Schema for `show_output`
+
+Read-Only:
+
+- `category` (String)
+- `comment` (String)
+- `created_on` (String)
+- `enabled` (Boolean)
+- `integration_type` (String)
+- `name` (String)
 
 ## Import
 

diff --git a/pkg/resources/custom_diffs.go b/pkg/resources/custom_diffs.go
@@ -9,8 +9,6 @@ import (
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff"
 
-	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/helpers"
-	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/internal/provider"
 	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
@@ -61,24 +59,6 @@ func ParameterValueComputedIf(key string, parameters []*sdk.Parameter, objectPar
 	}
 }
 
-func BoolComputedIf(key string, getDefault func(client *sdk.Client, id sdk.AccountObjectIdentifier) (string, error)) schema.CustomizeDiffFunc {
-	return customdiff.ComputedIf(key, func(ctx context.Context, d *schema.ResourceDiff, meta interface{}) bool {
-		configValue := d.GetRawConfig().AsValueMap()[key]
-		if !configValue.IsNull() {
-			return false
-		}
-
-		client := meta.(*provider.Context).Client
-
-		def, err := getDefault(client, helpers.DecodeSnowflakeID(d.Id()).(sdk.AccountObjectIdentifier))
-		if err != nil {
-			return false
-		}
-		stateValue := d.Get(key).(bool)
-		return def != strconv.FormatBool(stateValue)
-	})
-}
-
 // TODO [follow-up PR]: test
 func ComputedIfAnyAttributeChanged(key string, changedAttributeKeys ...string) schema.CustomizeDiffFunc {
 	return customdiff.ComputedIf(key, func(ctx context.Context, diff *schema.ResourceDiff, meta interface{}) bool {

diff --git a/pkg/resources/diff_suppressions.go b/pkg/resources/diff_suppressions.go
@@ -27,17 +27,17 @@ func IgnoreAfterCreation(_, _, _ string, d *schema.ResourceData) bool {
 	return d.Id() != ""
 }
 
-func IgnoreChangeToCurrentSnowflakeValue(keyInShowOutput string) schema.SchemaDiffSuppressFunc {
+func IgnoreChangeToCurrentSnowflakeValueInShow(keyInShowOutput string) schema.SchemaDiffSuppressFunc {
 	return func(_, _, new string, d *schema.ResourceData) bool {
 		if d.Id() == "" {
 			return false
 		}
 
-		if showOutput, ok := d.GetOk(showOutputAttributeName); ok {
-			showOutputList := showOutput.([]any)
-			if len(showOutputList) == 1 {
-				result := showOutputList[0].(map[string]any)
-				log.Printf("[DEBUG] IgnoreChangeToCurrentSnowflakeValue: value for key %s is %v, new value is %s, comparison result is: %t", keyInShowOutput, result[keyInShowOutput], new, new == fmt.Sprintf("%v", result[keyInShowOutput]))
+		if queryOutput, ok := d.GetOk(showOutputAttributeName); ok {
+			queryOutputList := queryOutput.([]any)
+			if len(queryOutputList) == 1 {
+				result := queryOutputList[0].(map[string]any)
+				log.Printf("[DEBUG] IgnoreChangeToCurrentSnowflakeValueInShow: value for key %s is %v, new value is %s, comparison result is: %t", keyInShowOutput, result[keyInShowOutput], new, new == fmt.Sprintf("%v", result[keyInShowOutput]))
 				if new == fmt.Sprintf("%v", result[keyInShowOutput]) {
 					return true
 				}
@@ -47,6 +47,30 @@ func IgnoreChangeToCurrentSnowflakeValue(keyInShowOutput string) schema.SchemaDi
 	}
 }
 
+func IgnoreChangeToCurrentSnowflakeValueInDescribe(keyInDescribeOutput string) schema.SchemaDiffSuppressFunc {
+	return func(_, _, new string, d *schema.ResourceData) bool {
+		if d.Id() == "" {
+			return false
+		}
+
+		if queryOutput, ok := d.GetOk(describeOutputAttributeName); ok {
+			queryOutputList := queryOutput.([]any)
+			if len(queryOutputList) == 1 {
+				result := queryOutputList[0].(map[string]any)
+				newValueInDescribeList := result[keyInDescribeOutput].([]any)
+				if len(newValueInDescribeList) == 1 {
+					newValueInDescribe := newValueInDescribeList[0].(map[string]any)["value"]
+					log.Printf("[DEBUG] IgnoreChangeToCurrentSnowflakeValueInDescribe: value for key %s is %v, new value is %s, comparison result is: %t", keyInDescribeOutput, newValueInDescribe, new, new == fmt.Sprintf("%v", newValueInDescribe))
+					if new == fmt.Sprintf("%v", newValueInDescribe) {
+						return true
+					}
+				}
+			}
+		}
+		return false
+	}
+}
+
 func SuppressIfAny(diffSuppressFunctions ...schema.SchemaDiffSuppressFunc) schema.SchemaDiffSuppressFunc {
 	return func(k, old, new string, d *schema.ResourceData) bool {
 		var suppress bool