Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: account password policy attachment #1824

Merged
merged 2 commits into from
Jun 14, 2023

Conversation

sfc-gh-ngaberel
Copy link
Contributor

Adds support for attaching a password policy to the current account.

Due to limitations of the underlying API, this feature only supports setting the password policy of the current account (ie. the one from the provider snowflake {} block). To set the password policy of a different account, configure an aliased provider for that account.

Test Plan

  • acceptance tests

References

@github-actions
Copy link

Integration tests failure for 5ab69c5c42a0568aa4a0f9d292456dd786c7f765

@@ -39,5 +39,6 @@ A password policy specifies the requirements that must be met to create and rese
### Read-Only

- `id` (String) The ID of this resource.
- `qualified_name` (String) The qualified name for the password policy.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should this be "fully_qualified_name"?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This matches the attribute on masking policies, but we can change them.

Type: schema.TypeString,
Required: true,
ForceNew: true,
Description: "Qualified name (`\"db\".\"schema\".\"policy_name\"`) of the password policy to apply to the current account.",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if we are going to do this, we should probably make data source(s) to help make it easier for people to make fully qualified names from db / schema / object names

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added the qualified name as an attribute of the password policy resource, but the data source is a good idea too.

"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
)

var accountPasswordPolicyAttachmentSchema = map[string]*schema.Schema{
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should this be renamed to "password_policy_account_attachment"?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

password policies can be attached to either accounts or users, so I figured we'd have a separate resource later user_password_policy_attachment

@sfc-gh-ngaberel sfc-gh-ngaberel force-pushed the snow-810430-account-password-policy-attachment branch from 5ab69c5 to fa86994 Compare May 23, 2023 22:51
@github-actions
Copy link

Integration tests failure for fa86994f3e8f05e28303f1551296bf505943fca9

@sfc-gh-ngaberel sfc-gh-ngaberel force-pushed the snow-810430-account-password-policy-attachment branch from fa86994 to 8d05d73 Compare June 14, 2023 22:52
}
// passwordPolicy := sdk.NewAccountObjectIdentifier(d.Get("password_policy").(string))

err := client.Accounts.Alter(ctx, &sdk.AccountAlterOptions{

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚫 [golangci] reported by reviewdog 🐶
undefined: sdk.AccountAlterOptions (typecheck)

client := sdk.NewClientFromDB(db)
ctx := context.Background()

err := client.Accounts.Alter(ctx, &sdk.AccountAlterOptions{

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚫 [golangci] reported by reviewdog 🐶
undefined: sdk.AccountAlterOptions (typecheck)

@github-actions
Copy link

Integration tests failure for 8d05d73b33b9c877269f11f5fb3ee2eac439d038

@sfc-gh-ngaberel sfc-gh-ngaberel force-pushed the snow-810430-account-password-policy-attachment branch from 8d05d73 to 38b3cfd Compare June 14, 2023 23:03
@github-actions
Copy link

Integration tests success for 38b3cfdcb80a64b31359a869ce40cbb047893d1e

@sfc-gh-ngaberel sfc-gh-ngaberel merged commit f408828 into main Jun 14, 2023
@sfc-gh-ngaberel sfc-gh-ngaberel deleted the snow-810430-account-password-policy-attachment branch June 14, 2023 23:23
adoankim pushed a commit to adoankim/terraform-provider-snowflake that referenced this pull request Jun 15, 2023
* Add password policy qualified name attribute.

* Add snowflake_account_password_policy_attachment resource.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants