-
Notifications
You must be signed in to change notification settings - Fork 419
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: account password policy attachment (#1824)
* Add password policy qualified name attribute. * Add snowflake_account_password_policy_attachment resource.
- Loading branch information
1 parent
6aa8fa1
commit f408828
Showing
7 changed files
with
214 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
--- | ||
# generated by https://github.com/hashicorp/terraform-plugin-docs | ||
page_title: "snowflake_account_password_policy_attachment Resource - terraform-provider-snowflake" | ||
subcategory: "" | ||
description: |- | ||
Specifies the password policy to use for the current account. To set the password policy of a different account, use a provider alias. | ||
--- | ||
|
||
# snowflake_account_password_policy_attachment (Resource) | ||
|
||
Specifies the password policy to use for the current account. To set the password policy of a different account, use a provider alias. | ||
|
||
## Example Usage | ||
|
||
```terraform | ||
resource "snowflake_password_policy" "default" { | ||
database = "prod" | ||
schema = "security" | ||
name = "default_policy" | ||
} | ||
resource "snowflake_account_password_policy_attachment" "attachment" { | ||
password_policy = snowflake_password_policy.default.qualified_name | ||
} | ||
``` | ||
|
||
<!-- schema generated by tfplugindocs --> | ||
## Schema | ||
|
||
### Required | ||
|
||
- `password_policy` (String) Qualified name (`"db"."schema"."policy_name"`) of the password policy to apply to the current account. | ||
|
||
### Read-Only | ||
|
||
- `id` (String) The ID of this resource. | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
9 changes: 9 additions & 0 deletions
9
examples/resources/snowflake_account_password_policy_attachment/resource.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
resource "snowflake_password_policy" "default" { | ||
database = "prod" | ||
schema = "security" | ||
name = "default_policy" | ||
} | ||
|
||
resource "snowflake_account_password_policy_attachment" "attachment" { | ||
password_policy = snowflake_password_policy.default.qualified_name | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,89 @@ | ||
package resources | ||
|
||
import ( | ||
"context" | ||
"database/sql" | ||
"fmt" | ||
|
||
"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/helpers" | ||
"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" | ||
) | ||
|
||
var accountPasswordPolicyAttachmentSchema = map[string]*schema.Schema{ | ||
"password_policy": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
ForceNew: true, | ||
Description: "Qualified name (`\"db\".\"schema\".\"policy_name\"`) of the password policy to apply to the current account.", | ||
}, | ||
} | ||
|
||
// AccountPasswordPolicyAttachment returns a pointer to the resource representing an api integration. | ||
func AccountPasswordPolicyAttachment() *schema.Resource { | ||
return &schema.Resource{ | ||
Description: "Specifies the password policy to use for the current account. To set the password policy of a different account, use a provider alias.", | ||
|
||
Create: CreateAccountPasswordPolicyAttachment, | ||
Read: ReadAccountPasswordPolicyAttachment, | ||
Delete: DeleteAccountPasswordPolicyAttachment, | ||
|
||
Schema: accountPasswordPolicyAttachmentSchema, | ||
Importer: &schema.ResourceImporter{ | ||
StateContext: schema.ImportStatePassthroughContext, | ||
}, | ||
} | ||
} | ||
|
||
// CreateAccountPasswordPolicyAttachment implements schema.CreateFunc. | ||
func CreateAccountPasswordPolicyAttachment(d *schema.ResourceData, meta interface{}) error { | ||
db := meta.(*sql.DB) | ||
client := sdk.NewClientFromDB(db) | ||
ctx := context.Background() | ||
|
||
passwordPolicy, ok := sdk.NewObjectIdentifierFromFullyQualifiedName(d.Get("password_policy").(string)).(sdk.SchemaObjectIdentifier) | ||
if !ok { | ||
return fmt.Errorf("password_policy %s is not a valid password policy qualified name, expected format: `\"db\".\"schema\".\"policy\"`", d.Get("password_policy")) | ||
} | ||
// passwordPolicy := sdk.NewAccountObjectIdentifier(d.Get("password_policy").(string)) | ||
|
||
err := client.Accounts.Alter(ctx, &sdk.AlterAccountOptions{ | ||
Set: &sdk.AccountSet{ | ||
PasswordPolicy: passwordPolicy, | ||
}, | ||
}) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
d.SetId(helpers.EncodeSnowflakeID(passwordPolicy)) | ||
|
||
return nil | ||
} | ||
|
||
func ReadAccountPasswordPolicyAttachment(d *schema.ResourceData, meta interface{}) error { | ||
passwordPolicy := helpers.DecodeSnowflakeID(d.Id()) | ||
if err := d.Set("password_policy", passwordPolicy.FullyQualifiedName()); err != nil { | ||
return err | ||
} | ||
|
||
return nil | ||
} | ||
|
||
// DeleteAccountPasswordPolicyAttachment implements schema.DeleteFunc. | ||
func DeleteAccountPasswordPolicyAttachment(d *schema.ResourceData, meta interface{}) error { | ||
db := meta.(*sql.DB) | ||
client := sdk.NewClientFromDB(db) | ||
ctx := context.Background() | ||
|
||
err := client.Accounts.Alter(ctx, &sdk.AlterAccountOptions{ | ||
Unset: &sdk.AccountUnset{ | ||
PasswordPolicy: sdk.Bool(true), | ||
}, | ||
}) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
return nil | ||
} |
66 changes: 66 additions & 0 deletions
66
pkg/resources/account_password_policy_attachment_acceptance_test.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
package resources_test | ||
|
||
import ( | ||
"fmt" | ||
"strings" | ||
"testing" | ||
|
||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" | ||
) | ||
|
||
func TestAcc_AccountPasswordPolicyAttachment(t *testing.T) { | ||
prefix := "tst-terraform" + strings.ToUpper(acctest.RandStringFromCharSet(10, acctest.CharSetAlpha)) | ||
|
||
resource.ParallelTest(t, resource.TestCase{ | ||
Providers: providers(), | ||
CheckDestroy: nil, | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: accountPasswordPolicyAttachmentConfig(prefix), | ||
Check: resource.ComposeTestCheckFunc( | ||
resource.TestCheckResourceAttrSet("snowflake_account_password_policy_attachment.att", "id"), | ||
), | ||
}, | ||
{ | ||
ResourceName: "snowflake_account_password_policy_attachment.att", | ||
ImportState: true, | ||
ImportStateVerify: true, | ||
ImportStateVerifyIgnore: []string{ | ||
"initially_suspended", | ||
"wait_for_provisioning", | ||
"query_acceleration_max_scale_factor", | ||
"max_concurrency_level", | ||
"statement_queued_timeout_in_seconds", | ||
"statement_timeout_in_seconds", | ||
}, | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
func accountPasswordPolicyAttachmentConfig(prefix string) string { | ||
s := ` | ||
resource "snowflake_database" "test" { | ||
name = "%v" | ||
comment = "Terraform acceptance test" | ||
} | ||
resource "snowflake_schema" "test" { | ||
name = "%v" | ||
database = snowflake_database.test.name | ||
comment = "Terraform acceptance test" | ||
} | ||
resource "snowflake_password_policy" "pa" { | ||
database = snowflake_database.test.name | ||
schema = snowflake_schema.test.name | ||
name = "%v" | ||
} | ||
resource "snowflake_account_password_policy_attachment" "att" { | ||
password_policy = snowflake_password_policy.pa.qualified_name | ||
} | ||
` | ||
return fmt.Sprintf(s, prefix, prefix, prefix) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters