-
Notifications
You must be signed in to change notification settings - Fork 418
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add data source for SYSTEM$GET_PRIVATELINK_CONFIG() function (#545)
- Loading branch information
Showing
7 changed files
with
393 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,84 @@ | ||
--- | ||
# generated by https://github.com/hashicorp/terraform-plugin-docs | ||
page_title: "snowflake_system_get_privatelink_config Data Source - terraform-provider-snowflake" | ||
subcategory: "" | ||
description: |- | ||
--- | ||
|
||
# snowflake_system_get_privatelink_config (Data Source) | ||
|
||
|
||
|
||
## Example Usage | ||
|
||
```terraform | ||
data "system_get_privatelink_config" "snowflake_private_link" {} | ||
resource "aws_security_group" "snowflake_private_link" { | ||
vpc_id = var.vpc_id | ||
ingress { | ||
from_port = 80 | ||
to_port = 80 | ||
cidr_blocks = var.vpc_cidr | ||
protocol = "tcp" | ||
} | ||
ingress { | ||
from_port = 443 | ||
to_port = 443 | ||
cidr_blocks = var.vpc_cidr | ||
protocol = "tcp" | ||
} | ||
} | ||
resource "aws_vpc_endpoint" "snowflake_private_link" { | ||
vpc_id = var.vpc_id | ||
service_name = data.system_get_privatelink_config.aws_vpce_id | ||
vpc_endpoint_type = "Interface" | ||
security_group_ids = [aws_security_group.snowflake_private_link.id] | ||
private_dns_enabled = false | ||
} | ||
resource "aws_route53_zone" "snowflake_private_link" { | ||
name = "privatelink.snowflakecomputing.com" | ||
vpc { | ||
vpc_id = var.vpc_id | ||
} | ||
} | ||
resource "aws_route53_record" "snowflake_private_link_url" { | ||
zone_id = aws_route53_zone.snowflake_private_link.zone_id | ||
name = data.system_get_privatelink_config.snowflake_private_link.account_url | ||
type = "CNAME" | ||
ttl = "300" | ||
records = [aws_vpc_endpoint.snowflake_private_link.dns_entry[0]["dns_name"]] | ||
} | ||
resource "aws_route53_record" "snowflake_private_link_oscp_url" { | ||
zone_id = aws_route53_zone.snowflake_private_link_url.zone_id | ||
name = data.system_get_privatelink_config.snowflake_private_link.oscp_url | ||
type = "CNAME" | ||
ttl = "300" | ||
records = [aws_vpc_endpoint.snowflake_private_link.dns_entry[0]["dns_name"]] | ||
} | ||
``` | ||
|
||
<!-- schema generated by tfplugindocs --> | ||
## Schema | ||
|
||
### Optional | ||
|
||
- **id** (String) The ID of this resource. | ||
|
||
### Read-Only | ||
|
||
- **account_name** (String) The name of your Snowflake account. | ||
- **account_url** (String) The URL used to connect to Snowflake through AWS PrivateLink or Azure Private Link. | ||
- **aws_vpce_id** (String) The AWS VPCE ID for your account. | ||
- **azure_pls_id** (String) The Azure Private Link Service ID for your account. | ||
- **oscp_url** (String) The OCSP URL corresponding to your Snowflake account that uses AWS PrivateLink or Azure Private Link. | ||
|
||
|
51 changes: 51 additions & 0 deletions
51
examples/data-sources/snowflake_system_get_privatelink_config/data-source.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
data "system_get_privatelink_config" "snowflake_private_link" {} | ||
|
||
resource "aws_security_group" "snowflake_private_link" { | ||
vpc_id = var.vpc_id | ||
|
||
ingress { | ||
from_port = 80 | ||
to_port = 80 | ||
cidr_blocks = var.vpc_cidr | ||
protocol = "tcp" | ||
} | ||
|
||
ingress { | ||
from_port = 443 | ||
to_port = 443 | ||
cidr_blocks = var.vpc_cidr | ||
protocol = "tcp" | ||
} | ||
} | ||
|
||
resource "aws_vpc_endpoint" "snowflake_private_link" { | ||
vpc_id = var.vpc_id | ||
service_name = data.system_get_privatelink_config.aws_vpce_id | ||
vpc_endpoint_type = "Interface" | ||
security_group_ids = [aws_security_group.snowflake_private_link.id] | ||
private_dns_enabled = false | ||
} | ||
|
||
resource "aws_route53_zone" "snowflake_private_link" { | ||
name = "privatelink.snowflakecomputing.com" | ||
|
||
vpc { | ||
vpc_id = var.vpc_id | ||
} | ||
} | ||
|
||
resource "aws_route53_record" "snowflake_private_link_url" { | ||
zone_id = aws_route53_zone.snowflake_private_link.zone_id | ||
name = data.system_get_privatelink_config.snowflake_private_link.account_url | ||
type = "CNAME" | ||
ttl = "300" | ||
records = [aws_vpc_endpoint.snowflake_private_link.dns_entry[0]["dns_name"]] | ||
} | ||
|
||
resource "aws_route53_record" "snowflake_private_link_oscp_url" { | ||
zone_id = aws_route53_zone.snowflake_private_link_url.zone_id | ||
name = data.system_get_privatelink_config.snowflake_private_link.oscp_url | ||
type = "CNAME" | ||
ttl = "300" | ||
records = [aws_vpc_endpoint.snowflake_private_link.dns_entry[0]["dns_name"]] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,86 @@ | ||
package datasources | ||
|
||
import ( | ||
"database/sql" | ||
"log" | ||
|
||
"github.com/chanzuckerberg/terraform-provider-snowflake/pkg/snowflake" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" | ||
) | ||
|
||
var systemGetPrivateLinkConfigSchema = map[string]*schema.Schema{ | ||
"account_name": { | ||
Type: schema.TypeString, | ||
Computed: true, | ||
Description: "The name of your Snowflake account.", | ||
}, | ||
|
||
"account_url": { | ||
Type: schema.TypeString, | ||
Computed: true, | ||
Description: "The URL used to connect to Snowflake through AWS PrivateLink or Azure Private Link.", | ||
}, | ||
|
||
"oscp_url": { | ||
Type: schema.TypeString, | ||
Computed: true, | ||
Description: "The OCSP URL corresponding to your Snowflake account that uses AWS PrivateLink or Azure Private Link.", | ||
}, | ||
|
||
"aws_vpce_id": { | ||
Type: schema.TypeString, | ||
Computed: true, | ||
Description: "The AWS VPCE ID for your account.", | ||
}, | ||
|
||
"azure_pls_id": { | ||
Type: schema.TypeString, | ||
Computed: true, | ||
Description: "The Azure Private Link Service ID for your account.", | ||
}, | ||
} | ||
|
||
func SystemGetPrivateLinkConfig() *schema.Resource { | ||
return &schema.Resource{ | ||
Read: ReadSystemGetPrivateLinkConfig, | ||
Schema: systemGetPrivateLinkConfigSchema, | ||
} | ||
} | ||
|
||
// ReadSystemGetPrivateLinkConfig implements schema.ReadFunc | ||
func ReadSystemGetPrivateLinkConfig(d *schema.ResourceData, meta interface{}) error { | ||
db := meta.(*sql.DB) | ||
|
||
sel := snowflake.SystemGetPrivateLinkConfigQuery() | ||
row := snowflake.QueryRow(db, sel) | ||
rawConfig, err := snowflake.ScanPrivateLinkConfig(row) | ||
|
||
if err == sql.ErrNoRows { | ||
// If not found, mark resource to be removed from statefile during apply or refresh | ||
log.Print("[DEBUG] system_get_privatelink_config not found") | ||
d.SetId("") | ||
return nil | ||
} | ||
|
||
config, err := rawConfig.GetStructuredConfig() | ||
if err != nil { | ||
log.Printf("[DEBUG] system_get_privatelink_config failed to decode") | ||
d.SetId("") | ||
return nil | ||
} | ||
|
||
d.SetId(config.AccountName) | ||
d.Set("account_name", config.AccountName) | ||
d.Set("account_url", config.AccountURL) | ||
d.Set("oscp_url", config.OSCPURL) | ||
|
||
if config.AwsVpceID != "" { | ||
d.Set("aws_vpce_id", config.AwsVpceID) | ||
} | ||
|
||
if config.AzurePrivateLinkServiceID != "" { | ||
d.Set("azure_pls_id", config.AzurePrivateLinkServiceID) | ||
} | ||
|
||
return nil | ||
} |
31 changes: 31 additions & 0 deletions
31
pkg/datasources/system_get_privatelink_config_acceptance_test.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
package datasources_test | ||
|
||
import ( | ||
"testing" | ||
|
||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" | ||
) | ||
|
||
func TestAccSystemGetPrivateLinkConfig_aws(t *testing.T) { | ||
resource.ParallelTest(t, resource.TestCase{ | ||
Providers: providers(), | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: privateLinkConfig(), | ||
Check: resource.ComposeTestCheckFunc( | ||
resource.TestCheckResourceAttrSet("data.snowflake_system_get_privatelink_config.p", "account_name"), | ||
resource.TestCheckResourceAttrSet("data.snowflake_system_get_privatelink_config.p", "account_url"), | ||
resource.TestCheckResourceAttrSet("data.snowflake_system_get_privatelink_config.p", "oscp_url"), | ||
resource.TestCheckResourceAttrSet("data.snowflake_system_get_privatelink_config.p", "aws_vpce_id"), | ||
), | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
func privateLinkConfig() string { | ||
s := ` | ||
data snowflake_system_get_privatelink_config p {} | ||
` | ||
return s | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
package snowflake | ||
|
||
import ( | ||
"encoding/json" | ||
|
||
"github.com/jmoiron/sqlx" | ||
) | ||
|
||
func SystemGetPrivateLinkConfigQuery() string { | ||
return `SELECT SYSTEM$GET_PRIVATELINK_CONFIG() AS "config"` | ||
} | ||
|
||
type RawPrivateLinkConfig struct { | ||
Config string `db:"config"` | ||
} | ||
|
||
type privateLinkConfigInternal struct { | ||
AccountName string `json:"privatelink-account-name"` | ||
AwsVpceID string `json:"privatelink-vpce-id,omitempty"` | ||
AzurePrivateLinkServiceID string `json:"privatelink-pls-id,omitempty"` | ||
AccountURL string `json:"privatelink-account-url"` | ||
OSCPURL string `json:"privatelink-ocsp-url,omitempty"` | ||
TypodOSCPURL string `json:"privatelink_ocsp-url,omitempty"` // because snowflake returns this for AWS, but don't have an Azure account to verify against | ||
} | ||
|
||
type PrivateLinkConfig struct { | ||
AccountName string | ||
AwsVpceID string | ||
AzurePrivateLinkServiceID string | ||
AccountURL string | ||
OSCPURL string | ||
} | ||
|
||
func ScanPrivateLinkConfig(row *sqlx.Row) (*RawPrivateLinkConfig, error) { | ||
config := &RawPrivateLinkConfig{} | ||
err := row.StructScan(config) | ||
return config, err | ||
} | ||
|
||
func (r *RawPrivateLinkConfig) GetStructuredConfig() (*PrivateLinkConfig, error) { | ||
config := &privateLinkConfigInternal{} | ||
err := json.Unmarshal([]byte(r.Config), config) | ||
if err != nil { | ||
return nil, err | ||
} | ||
|
||
return config.getPrivateLinkConfig() | ||
} | ||
|
||
func (i *privateLinkConfigInternal) getPrivateLinkConfig() (*PrivateLinkConfig, error) { | ||
config := &PrivateLinkConfig{ | ||
i.AccountName, | ||
i.AwsVpceID, | ||
i.AzurePrivateLinkServiceID, | ||
i.AccountURL, | ||
i.OSCPURL, | ||
} | ||
|
||
if i.TypodOSCPURL != "" { | ||
config.OSCPURL = i.TypodOSCPURL | ||
} | ||
|
||
return config, nil | ||
} |
Oops, something went wrong.