From ddb81eb6dff3436dcf05b36b01da11244e5bcfef Mon Sep 17 00:00:00 2001 From: Jakub Michalak Date: Mon, 13 May 2024 08:44:34 +0200 Subject: [PATCH 01/14] Add SCIM integration to sdk --- pkg/sdk/client.go | 2 + pkg/sdk/poc/main.go | 1 + pkg/sdk/security_integrations_def.go | 129 +++++++++++++ .../security_integrations_dto_builders_gen.go | 150 +++++++++++++++ pkg/sdk/security_integrations_dto_gen.go | 58 ++++++ pkg/sdk/security_integrations_gen.go | 109 +++++++++++ pkg/sdk/security_integrations_gen_test.go | 179 ++++++++++++++++++ pkg/sdk/security_integrations_impl_gen.go | 145 ++++++++++++++ .../security_integrations_validations_gen.go | 74 ++++++++ ...urity_integrations_gen_integration_test.go | 142 ++++++++++++++ 10 files changed, 989 insertions(+) create mode 100644 pkg/sdk/security_integrations_def.go create mode 100644 pkg/sdk/security_integrations_dto_builders_gen.go create mode 100644 pkg/sdk/security_integrations_dto_gen.go create mode 100644 pkg/sdk/security_integrations_gen.go create mode 100644 pkg/sdk/security_integrations_gen_test.go create mode 100644 pkg/sdk/security_integrations_impl_gen.go create mode 100644 pkg/sdk/security_integrations_validations_gen.go create mode 100644 pkg/sdk/testint/security_integrations_gen_integration_test.go diff --git a/pkg/sdk/client.go b/pkg/sdk/client.go index d854b3110b..f0dcba5db8 100644 --- a/pkg/sdk/client.go +++ b/pkg/sdk/client.go @@ -71,6 +71,7 @@ type Client struct { Roles Roles RowAccessPolicies RowAccessPolicies Schemas Schemas + SecurityIntegrations SecurityIntegrations Sequences Sequences SessionPolicies SessionPolicies Sessions Sessions @@ -226,6 +227,7 @@ func (c *Client) initialize() { c.Roles = &roles{client: c} c.RowAccessPolicies = &rowAccessPolicies{client: c} c.Schemas = &schemas{client: c} + c.SecurityIntegrations = &securityIntegrations{client: c} c.Sequences = &sequences{client: c} c.SessionPolicies = &sessionPolicies{client: c} c.Sessions = &sessions{client: c} diff --git a/pkg/sdk/poc/main.go b/pkg/sdk/poc/main.go index d626fe16af..b4d13e106a 100644 --- a/pkg/sdk/poc/main.go +++ b/pkg/sdk/poc/main.go @@ -39,6 +39,7 @@ var definitionMapping = map[string]*generator.Interface{ "external_functions_def.go": sdk.ExternalFunctionsDef, "streamlits_def.go": sdk.StreamlitsDef, "network_rule_def.go": sdk.NetworkRuleDef, + "security_integrations_def.go": sdk.SecurityIntegrationsDef, } func main() { diff --git a/pkg/sdk/security_integrations_def.go b/pkg/sdk/security_integrations_def.go new file mode 100644 index 0000000000..cd20c332c0 --- /dev/null +++ b/pkg/sdk/security_integrations_def.go @@ -0,0 +1,129 @@ +package sdk + +import g "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk/poc/generator" + +//go:generate go run ./poc/main.go + +func createSecurityIntegrationOperation(structName string, apply func(qs *g.QueryStruct) *g.QueryStruct) *g.QueryStruct { + qs := g.NewQueryStruct(structName). + Create(). + OrReplace(). + SQL("SECURITY INTEGRATION"). + IfNotExists(). + Name() + qs = apply(qs) + return qs. + OptionalComment(). + WithValidation(g.ValidIdentifier, "name"). + WithValidation(g.ConflictingFields, "OrReplace", "IfNotExists") +} + +func alterSecurityIntegrationOperation(structName string, apply func(qs *g.QueryStruct) *g.QueryStruct) *g.QueryStruct { + qs := g.NewQueryStruct(structName). + Alter(). + SQL("SECURITY INTEGRATION"). + IfExists(). + Name() + qs = apply(qs) + return qs. + NamedList("SET TAG", g.KindOfT[TagAssociation]()). + NamedList("UNSET TAG", g.KindOfT[ObjectIdentifier]()). + WithValidation(g.ValidIdentifier, "name") +} + +var scimIntegrationSetDef = g.NewQueryStruct("SCIMIntegrationSet"). + OptionalBooleanAssignment("ENABLED", g.ParameterOptions()). + OptionalIdentifier("NetworkPolicy", g.KindOfT[AccountObjectIdentifier](), g.IdentifierOptions().Equals().SQL("NETWORK_POLICY")). + OptionalBooleanAssignment("SYNC_PASSWORD", g.ParameterOptions()). + OptionalComment(). + WithValidation(g.AtLeastOneValueSet, "Enabled", "NetworkPolicy", "SyncPassword", "Comment") + +var scimIntegrationUnsetDef = g.NewQueryStruct("SCIMIntegrationUnset"). + OptionalSQL("NETWORK_POLICY"). + OptionalSQL("SYNC_PASSWORD"). + OptionalSQL("COMMENT"). + WithValidation(g.AtLeastOneValueSet, "NetworkPolicy", "SyncPassword", "Comment") + +var SecurityIntegrationsDef = g.NewInterface( + "SecurityIntegrations", + "SecurityIntegration", + g.KindOfT[AccountObjectIdentifier](), +). + CustomOperation( + "CreateSCIM", + "https://docs.snowflake.com/en/sql-reference/sql/create-security-integration-scim", + createSecurityIntegrationOperation("CreateSCIMIntegration", func(qs *g.QueryStruct) *g.QueryStruct { + return qs. + PredefinedQueryStructField("integrationType", "string", g.StaticOptions().SQL("TYPE = SCIM")). + BooleanAssignment("ENABLED", g.ParameterOptions().Required()). + TextAssignment("SCIM_CLIENT", g.ParameterOptions().Required().SingleQuotes()). + TextAssignment("RUN_AS_ROLE", g.ParameterOptions().Required().SingleQuotes()). + OptionalIdentifier("NetworkPolicy", g.KindOfT[AccountObjectIdentifier](), g.IdentifierOptions().Equals().SQL("NETWORK_POLICY")). + OptionalBooleanAssignment("SYNC_PASSWORD", g.ParameterOptions()) + }), + ). + CustomOperation( + "AlterSCIMIntegration", + "https://docs.snowflake.com/en/sql-reference/sql/alter-security-integration-scim", + alterSecurityIntegrationOperation("AlterSCIMIntegration", func(qs *g.QueryStruct) *g.QueryStruct { + return qs.OptionalQueryStructField( + "Set", + scimIntegrationSetDef, + g.KeywordOptions().SQL("SET"), + ).OptionalQueryStructField( + "Unset", + scimIntegrationUnsetDef, + g.KeywordOptions().SQL("UNSET"), + ) + }), + ). + DropOperation( + "https://docs.snowflake.com/en/sql-reference/sql/drop-integration", + g.NewQueryStruct("DropSecurityIntegration"). + Drop(). + SQL("SECURITY INTEGRATION"). + IfExists(). + Name(). + WithValidation(g.ValidIdentifier, "name"), + ). + DescribeOperation( + g.DescriptionMappingKindSlice, + "https://docs.snowflake.com/en/sql-reference/sql/desc-integration", + g.DbStruct("securityIntegrationDescRow"). + Field("property", "string"). + Field("property_type", "string"). + Field("property_value", "string"). + Field("property_default", "string"), + g.PlainStruct("SecurityIntegrationProperty"). + Field("Name", "string"). + Field("Type", "string"). + Field("Value", "string"). + Field("Default", "string"), + g.NewQueryStruct("DescSecurityIntegration"). + Describe(). + SQL("SECURITY INTEGRATION"). + Name(). + WithValidation(g.ValidIdentifier, "name"), + ). + ShowOperation( + "https://docs.snowflake.com/en/sql-reference/sql/show-integrations", + g.DbStruct("securityIntegrationShowRow"). + Text("name"). + Text("type"). + Text("category"). + Bool("enabled"). + OptionalText("comment"). + Time("created_on"), + g.PlainStruct("SecurityIntegration"). + Text("Name"). + Text("IntegrationType"). + Text("Category"). + Bool("Enabled"). + Text("Comment"). + Time("CreatedOn"), + g.NewQueryStruct("ShowSecurityIntegrations"). + Show(). + SQL("SECURITY INTEGRATIONS"). + OptionalLike(), + ). + ShowByIdOperation() diff --git a/pkg/sdk/security_integrations_dto_builders_gen.go b/pkg/sdk/security_integrations_dto_builders_gen.go new file mode 100644 index 0000000000..fdb406ea2d --- /dev/null +++ b/pkg/sdk/security_integrations_dto_builders_gen.go @@ -0,0 +1,150 @@ +// Code generated by dto builder generator; DO NOT EDIT. + +package sdk + +import () + +func NewCreateSCIMSecurityIntegrationRequest( + name AccountObjectIdentifier, + Enabled bool, + ScimClient string, + RunAsRole string, +) *CreateSCIMSecurityIntegrationRequest { + s := CreateSCIMSecurityIntegrationRequest{} + s.name = name + s.Enabled = Enabled + s.ScimClient = ScimClient + s.RunAsRole = RunAsRole + return &s +} + +func (s *CreateSCIMSecurityIntegrationRequest) WithOrReplace(OrReplace *bool) *CreateSCIMSecurityIntegrationRequest { + s.OrReplace = OrReplace + return s +} + +func (s *CreateSCIMSecurityIntegrationRequest) WithIfNotExists(IfNotExists *bool) *CreateSCIMSecurityIntegrationRequest { + s.IfNotExists = IfNotExists + return s +} + +func (s *CreateSCIMSecurityIntegrationRequest) WithNetworkPolicy(NetworkPolicy *AccountObjectIdentifier) *CreateSCIMSecurityIntegrationRequest { + s.NetworkPolicy = NetworkPolicy + return s +} + +func (s *CreateSCIMSecurityIntegrationRequest) WithSyncPassword(SyncPassword *bool) *CreateSCIMSecurityIntegrationRequest { + s.SyncPassword = SyncPassword + return s +} + +func (s *CreateSCIMSecurityIntegrationRequest) WithComment(Comment *string) *CreateSCIMSecurityIntegrationRequest { + s.Comment = Comment + return s +} + +func NewAlterSCIMIntegrationSecurityIntegrationRequest( + name AccountObjectIdentifier, +) *AlterSCIMIntegrationSecurityIntegrationRequest { + s := AlterSCIMIntegrationSecurityIntegrationRequest{} + s.name = name + return &s +} + +func (s *AlterSCIMIntegrationSecurityIntegrationRequest) WithIfExists(IfExists *bool) *AlterSCIMIntegrationSecurityIntegrationRequest { + s.IfExists = IfExists + return s +} + +func (s *AlterSCIMIntegrationSecurityIntegrationRequest) WithSet(Set *SCIMIntegrationSetRequest) *AlterSCIMIntegrationSecurityIntegrationRequest { + s.Set = Set + return s +} + +func (s *AlterSCIMIntegrationSecurityIntegrationRequest) WithUnset(Unset *SCIMIntegrationUnsetRequest) *AlterSCIMIntegrationSecurityIntegrationRequest { + s.Unset = Unset + return s +} + +func (s *AlterSCIMIntegrationSecurityIntegrationRequest) WithSetTag(SetTag []TagAssociation) *AlterSCIMIntegrationSecurityIntegrationRequest { + s.SetTag = SetTag + return s +} + +func (s *AlterSCIMIntegrationSecurityIntegrationRequest) WithUnsetTag(UnsetTag []ObjectIdentifier) *AlterSCIMIntegrationSecurityIntegrationRequest { + s.UnsetTag = UnsetTag + return s +} + +func NewSCIMIntegrationSetRequest() *SCIMIntegrationSetRequest { + return &SCIMIntegrationSetRequest{} +} + +func (s *SCIMIntegrationSetRequest) WithEnabled(Enabled *bool) *SCIMIntegrationSetRequest { + s.Enabled = Enabled + return s +} + +func (s *SCIMIntegrationSetRequest) WithNetworkPolicy(NetworkPolicy *AccountObjectIdentifier) *SCIMIntegrationSetRequest { + s.NetworkPolicy = NetworkPolicy + return s +} + +func (s *SCIMIntegrationSetRequest) WithSyncPassword(SyncPassword *bool) *SCIMIntegrationSetRequest { + s.SyncPassword = SyncPassword + return s +} + +func (s *SCIMIntegrationSetRequest) WithComment(Comment *string) *SCIMIntegrationSetRequest { + s.Comment = Comment + return s +} + +func NewSCIMIntegrationUnsetRequest() *SCIMIntegrationUnsetRequest { + return &SCIMIntegrationUnsetRequest{} +} + +func (s *SCIMIntegrationUnsetRequest) WithNetworkPolicy(NetworkPolicy *bool) *SCIMIntegrationUnsetRequest { + s.NetworkPolicy = NetworkPolicy + return s +} + +func (s *SCIMIntegrationUnsetRequest) WithSyncPassword(SyncPassword *bool) *SCIMIntegrationUnsetRequest { + s.SyncPassword = SyncPassword + return s +} + +func (s *SCIMIntegrationUnsetRequest) WithComment(Comment *bool) *SCIMIntegrationUnsetRequest { + s.Comment = Comment + return s +} + +func NewDropSecurityIntegrationRequest( + name AccountObjectIdentifier, +) *DropSecurityIntegrationRequest { + s := DropSecurityIntegrationRequest{} + s.name = name + return &s +} + +func (s *DropSecurityIntegrationRequest) WithIfExists(IfExists *bool) *DropSecurityIntegrationRequest { + s.IfExists = IfExists + return s +} + +func NewDescribeSecurityIntegrationRequest( + name AccountObjectIdentifier, +) *DescribeSecurityIntegrationRequest { + s := DescribeSecurityIntegrationRequest{} + s.name = name + return &s +} + +func NewShowSecurityIntegrationRequest() *ShowSecurityIntegrationRequest { + return &ShowSecurityIntegrationRequest{} +} + +func (s *ShowSecurityIntegrationRequest) WithLike(Like *Like) *ShowSecurityIntegrationRequest { + s.Like = Like + return s +} diff --git a/pkg/sdk/security_integrations_dto_gen.go b/pkg/sdk/security_integrations_dto_gen.go new file mode 100644 index 0000000000..b6f8655d13 --- /dev/null +++ b/pkg/sdk/security_integrations_dto_gen.go @@ -0,0 +1,58 @@ +package sdk + +//go:generate go run ./dto-builder-generator/main.go + +var ( + _ optionsProvider[CreateSCIMSecurityIntegrationOptions] = new(CreateSCIMSecurityIntegrationRequest) + _ optionsProvider[AlterSCIMIntegrationSecurityIntegrationOptions] = new(AlterSCIMIntegrationSecurityIntegrationRequest) + _ optionsProvider[DropSecurityIntegrationOptions] = new(DropSecurityIntegrationRequest) + _ optionsProvider[DescribeSecurityIntegrationOptions] = new(DescribeSecurityIntegrationRequest) + _ optionsProvider[ShowSecurityIntegrationOptions] = new(ShowSecurityIntegrationRequest) +) + +type CreateSCIMSecurityIntegrationRequest struct { + OrReplace *bool + IfNotExists *bool + name AccountObjectIdentifier // required + Enabled bool // required + ScimClient string // required + RunAsRole string // required + NetworkPolicy *AccountObjectIdentifier + SyncPassword *bool + Comment *string +} + +type AlterSCIMIntegrationSecurityIntegrationRequest struct { + IfExists *bool + name AccountObjectIdentifier // required + Set *SCIMIntegrationSetRequest + Unset *SCIMIntegrationUnsetRequest + SetTag []TagAssociation + UnsetTag []ObjectIdentifier +} + +type SCIMIntegrationSetRequest struct { + Enabled *bool + NetworkPolicy *AccountObjectIdentifier + SyncPassword *bool + Comment *string +} + +type SCIMIntegrationUnsetRequest struct { + NetworkPolicy *bool + SyncPassword *bool + Comment *bool +} + +type DropSecurityIntegrationRequest struct { + IfExists *bool + name AccountObjectIdentifier // required +} + +type DescribeSecurityIntegrationRequest struct { + name AccountObjectIdentifier // required +} + +type ShowSecurityIntegrationRequest struct { + Like *Like +} diff --git a/pkg/sdk/security_integrations_gen.go b/pkg/sdk/security_integrations_gen.go new file mode 100644 index 0000000000..96f91fec1f --- /dev/null +++ b/pkg/sdk/security_integrations_gen.go @@ -0,0 +1,109 @@ +package sdk + +import ( + "context" + "database/sql" + "time" +) + +type SecurityIntegrations interface { + CreateSCIM(ctx context.Context, request *CreateSCIMSecurityIntegrationRequest) error + AlterSCIMIntegration(ctx context.Context, request *AlterSCIMIntegrationSecurityIntegrationRequest) error + Drop(ctx context.Context, request *DropSecurityIntegrationRequest) error + Describe(ctx context.Context, id AccountObjectIdentifier) ([]SecurityIntegrationProperty, error) + Show(ctx context.Context, request *ShowSecurityIntegrationRequest) ([]SecurityIntegration, error) + ShowByID(ctx context.Context, id AccountObjectIdentifier) (*SecurityIntegration, error) +} + +// CreateSCIMSecurityIntegrationOptions is based on https://docs.snowflake.com/en/sql-reference/sql/create-security-integration-scim. +type CreateSCIMSecurityIntegrationOptions struct { + create bool `ddl:"static" sql:"CREATE"` + OrReplace *bool `ddl:"keyword" sql:"OR REPLACE"` + securityIntegration bool `ddl:"static" sql:"SECURITY INTEGRATION"` + IfNotExists *bool `ddl:"keyword" sql:"IF NOT EXISTS"` + name AccountObjectIdentifier `ddl:"identifier"` + integrationType string `ddl:"static" sql:"TYPE = SCIM"` + Enabled bool `ddl:"parameter" sql:"ENABLED"` + ScimClient string `ddl:"parameter,single_quotes" sql:"SCIM_CLIENT"` + RunAsRole string `ddl:"parameter,single_quotes" sql:"RUN_AS_ROLE"` + NetworkPolicy *AccountObjectIdentifier `ddl:"identifier,equals" sql:"NETWORK_POLICY"` + SyncPassword *bool `ddl:"parameter" sql:"SYNC_PASSWORD"` + Comment *string `ddl:"parameter,single_quotes" sql:"COMMENT"` +} + +// AlterSCIMIntegrationSecurityIntegrationOptions is based on https://docs.snowflake.com/en/sql-reference/sql/alter-security-integration-scim. +type AlterSCIMIntegrationSecurityIntegrationOptions struct { + alter bool `ddl:"static" sql:"ALTER"` + securityIntegration bool `ddl:"static" sql:"SECURITY INTEGRATION"` + IfExists *bool `ddl:"keyword" sql:"IF EXISTS"` + name AccountObjectIdentifier `ddl:"identifier"` + Set *SCIMIntegrationSet `ddl:"keyword" sql:"SET"` + Unset *SCIMIntegrationUnset `ddl:"keyword" sql:"UNSET"` + SetTag []TagAssociation `ddl:"keyword" sql:"SET TAG"` + UnsetTag []ObjectIdentifier `ddl:"keyword" sql:"UNSET TAG"` +} + +type SCIMIntegrationSet struct { + Enabled *bool `ddl:"parameter" sql:"ENABLED"` + NetworkPolicy *AccountObjectIdentifier `ddl:"identifier,equals" sql:"NETWORK_POLICY"` + SyncPassword *bool `ddl:"parameter" sql:"SYNC_PASSWORD"` + Comment *string `ddl:"parameter,single_quotes" sql:"COMMENT"` +} + +type SCIMIntegrationUnset struct { + NetworkPolicy *bool `ddl:"keyword" sql:"NETWORK_POLICY"` + SyncPassword *bool `ddl:"keyword" sql:"SYNC_PASSWORD"` + Comment *bool `ddl:"keyword" sql:"COMMENT"` +} + +// DropSecurityIntegrationOptions is based on https://docs.snowflake.com/en/sql-reference/sql/drop-integration. +type DropSecurityIntegrationOptions struct { + drop bool `ddl:"static" sql:"DROP"` + securityIntegration bool `ddl:"static" sql:"SECURITY INTEGRATION"` + IfExists *bool `ddl:"keyword" sql:"IF EXISTS"` + name AccountObjectIdentifier `ddl:"identifier"` +} + +// DescribeSecurityIntegrationOptions is based on https://docs.snowflake.com/en/sql-reference/sql/desc-integration. +type DescribeSecurityIntegrationOptions struct { + describe bool `ddl:"static" sql:"DESCRIBE"` + securityIntegration bool `ddl:"static" sql:"SECURITY INTEGRATION"` + name AccountObjectIdentifier `ddl:"identifier"` +} + +type securityIntegrationDescRow struct { + Property string `db:"property"` + PropertyType string `db:"property_type"` + PropertyValue string `db:"property_value"` + PropertyDefault string `db:"property_default"` +} + +type SecurityIntegrationProperty struct { + Name string + Type string + Value string + Default string +} + +// ShowSecurityIntegrationOptions is based on https://docs.snowflake.com/en/sql-reference/sql/show-integrations. +type ShowSecurityIntegrationOptions struct { + show bool `ddl:"static" sql:"SHOW"` + securityIntegrations bool `ddl:"static" sql:"SECURITY INTEGRATIONS"` + Like *Like `ddl:"keyword" sql:"LIKE"` +} + +type securityIntegrationShowRow struct { + Name string `db:"name"` + Type string `db:"type"` + Enabled bool `db:"enabled"` + Comment sql.NullString `db:"comment"` + CreatedOn time.Time `db:"created_on"` +} + +type SecurityIntegration struct { + Name string + IntegrationType string + Enabled bool + Comment string + CreatedOn time.Time +} diff --git a/pkg/sdk/security_integrations_gen_test.go b/pkg/sdk/security_integrations_gen_test.go new file mode 100644 index 0000000000..5d2eaa7b90 --- /dev/null +++ b/pkg/sdk/security_integrations_gen_test.go @@ -0,0 +1,179 @@ +package sdk + +import ( + "testing" +) + +func TestSecurityIntegrations_CreateSCIM(t *testing.T) { + id := randomAccountObjectIdentifier() + + // Minimal valid CreateSCIMSecurityIntegrationOptions + defaultOpts := func() *CreateSCIMSecurityIntegrationOptions { + return &CreateSCIMSecurityIntegrationOptions{ + name: id, + Enabled: true, + ScimClient: "GENERIC", + RunAsRole: "GENERIC_SCIM_PROVISIONER", + } + } + + t.Run("validation: nil options", func(t *testing.T) { + var opts *CreateSCIMSecurityIntegrationOptions = nil + assertOptsInvalidJoinedErrors(t, opts, ErrNilOptions) + }) + + t.Run("validation: conflicting fields for [opts.OrReplace opts.IfNotExists]", func(t *testing.T) { + opts := defaultOpts() + opts.OrReplace = Bool(true) + opts.IfNotExists = Bool(true) + assertOptsInvalidJoinedErrors(t, opts, errOneOf("CreateSCIMSecurityIntegrationOptions", "OrReplace", "IfNotExists")) + }) + + t.Run("basic", func(t *testing.T) { + opts := defaultOpts() + assertOptsValidAndSQLEquals(t, opts, "CREATE SECURITY INTEGRATION %s TYPE = SCIM ENABLED = true SCIM_CLIENT = 'GENERIC' RUN_AS_ROLE = 'GENERIC_SCIM_PROVISIONER'", id.FullyQualifiedName()) + }) + + t.Run("all options", func(t *testing.T) { + opts := defaultOpts() + networkPolicyID := randomAccountObjectIdentifier() + opts.NetworkPolicy = Pointer(networkPolicyID) + opts.SyncPassword = Pointer(true) + assertOptsValidAndSQLEquals(t, opts, "CREATE SECURITY INTEGRATION %s TYPE = SCIM ENABLED = true SCIM_CLIENT = 'GENERIC' RUN_AS_ROLE = 'GENERIC_SCIM_PROVISIONER'"+ + " NETWORK_POLICY = %s SYNC_PASSWORD = true", id.FullyQualifiedName(), networkPolicyID.FullyQualifiedName()) + }) +} + +func TestSecurityIntegrations_AlterSCIMIntegration(t *testing.T) { + id := randomAccountObjectIdentifier() + + // Minimal valid AlterSCIMIntegrationSecurityIntegrationOptions + defaultOpts := func() *AlterSCIMIntegrationSecurityIntegrationOptions { + return &AlterSCIMIntegrationSecurityIntegrationOptions{ + name: id, + } + } + + t.Run("validation: nil options", func(t *testing.T) { + var opts *AlterSCIMIntegrationSecurityIntegrationOptions = nil + assertOptsInvalidJoinedErrors(t, opts, ErrNilOptions) + }) + + t.Run("validation: valid identifier for [opts.name]", func(t *testing.T) { + opts := defaultOpts() + assertOptsInvalidJoinedErrors(t, opts, ErrInvalidObjectIdentifier) + }) + + t.Run("validation: at least one of the fields [opts.Set.Enabled opts.Set.NetworkPolicy opts.Set.SyncPassword opts.Set.Comment] should be set", func(t *testing.T) { + opts := defaultOpts() + assertOptsInvalidJoinedErrors(t, opts, errAtLeastOneOf("AlterSCIMIntegrationSecurityIntegrationOptions.Set", "Enabled", "NetworkPolicy", "SyncPassword", "Comment")) + }) + + t.Run("validation: at least one of the fields [opts.Unset.NetworkPolicy opts.Unset.SyncPassword opts.Unset.Comment] should be set", func(t *testing.T) { + opts := defaultOpts() + assertOptsInvalidJoinedErrors(t, opts, errAtLeastOneOf("AlterSCIMIntegrationSecurityIntegrationOptions.Unset", "NetworkPolicy", "SyncPassword", "Comment")) + }) + + t.Run("all options - set", func(t *testing.T) { + opts := defaultOpts() + networkPolicyID := randomAccountObjectIdentifier() + opts.Set = &SCIMIntegrationSet{ + Enabled: Pointer(true), + NetworkPolicy: Pointer(networkPolicyID), + SyncPassword: Pointer(true), + Comment: Pointer("test"), + } + assertOptsValidAndSQLEquals(t, opts, "ALTER SECURITY INTEGRATION %s SET ENABLED = true NETWORK_POLICY = %s SYNC_PASSWORD = true COMMENT = 'test'", + id.FullyQualifiedName(), networkPolicyID.FullyQualifiedName()) + }) + + t.Run("all options - unset", func(t *testing.T) { + opts := defaultOpts() + opts.Unset = &SCIMIntegrationUnset{ + NetworkPolicy: Pointer(true), + SyncPassword: Pointer(true), + Comment: Pointer(true), + } + assertOptsValidAndSQLEquals(t, opts, "ALTER SECURITY INTEGRATION %s UNSET NETWORK_POLICY SYNC_PASSWORD COMMENT", id.FullyQualifiedName()) + }) +} + +func TestSecurityIntegrations_Drop(t *testing.T) { + id := randomAccountObjectIdentifier() + + // Minimal valid DropSecurityIntegrationOptions + defaultOpts := func() *DropSecurityIntegrationOptions { + return &DropSecurityIntegrationOptions{ + name: id, + } + } + + t.Run("validation: nil options", func(t *testing.T) { + var opts *DropSecurityIntegrationOptions = nil + assertOptsInvalidJoinedErrors(t, opts, ErrNilOptions) + }) + + t.Run("validation: valid identifier for [opts.name]", func(t *testing.T) { + opts := defaultOpts() + opts.name = NewAccountObjectIdentifier("") + assertOptsInvalidJoinedErrors(t, opts, ErrInvalidObjectIdentifier) + }) + + t.Run("all options", func(t *testing.T) { + opts := defaultOpts() + opts.IfExists = Bool(true) + assertOptsValidAndSQLEquals(t, opts, "DROP SECURITY INTEGRATION IF EXISTS %s", id.FullyQualifiedName()) + }) +} + +func TestSecurityIntegrations_Describe(t *testing.T) { + id := randomAccountObjectIdentifier() + + // Minimal valid DescribeSecurityIntegrationOptions + defaultOpts := func() *DescribeSecurityIntegrationOptions { + return &DescribeSecurityIntegrationOptions{ + name: id, + } + } + + t.Run("validation: nil options", func(t *testing.T) { + var opts *DescribeSecurityIntegrationOptions = nil + assertOptsInvalidJoinedErrors(t, opts, ErrNilOptions) + }) + + t.Run("validation: valid identifier for [opts.name]", func(t *testing.T) { + opts := defaultOpts() + opts.name = NewAccountObjectIdentifier("") + assertOptsInvalidJoinedErrors(t, opts, ErrInvalidObjectIdentifier) + }) + + t.Run("all options", func(t *testing.T) { + opts := defaultOpts() + assertOptsValidAndSQLEquals(t, opts, "DESCRIBE SECURITY INTEGRATION %s", id.FullyQualifiedName()) + }) +} + +func TestSecurityIntegrations_Show(t *testing.T) { + // Minimal valid ShowSecurityIntegrationOptions + defaultOpts := func() *ShowSecurityIntegrationOptions { + return &ShowSecurityIntegrationOptions{} + } + + t.Run("validation: nil options", func(t *testing.T) { + var opts *ShowSecurityIntegrationOptions = nil + assertOptsInvalidJoinedErrors(t, opts, ErrNilOptions) + }) + + t.Run("basic", func(t *testing.T) { + opts := defaultOpts() + assertOptsValidAndSQLEquals(t, opts, "SHOW SECURITY INTEGRATIONS") + }) + + t.Run("all options", func(t *testing.T) { + opts := defaultOpts() + opts.Like = &Like{ + Pattern: String("some pattern"), + } + assertOptsValidAndSQLEquals(t, opts, "SHOW SECURITY INTEGRATIONS LIKE 'some pattern'") + }) +} diff --git a/pkg/sdk/security_integrations_impl_gen.go b/pkg/sdk/security_integrations_impl_gen.go new file mode 100644 index 0000000000..9dacda1452 --- /dev/null +++ b/pkg/sdk/security_integrations_impl_gen.go @@ -0,0 +1,145 @@ +package sdk + +import ( + "context" + "fmt" + + "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk/internal/collections" +) + +var _ SecurityIntegrations = (*securityIntegrations)(nil) + +type securityIntegrations struct { + client *Client +} + +func (v *securityIntegrations) CreateSCIM(ctx context.Context, request *CreateSCIMSecurityIntegrationRequest) error { + opts := request.toOpts() + return validateAndExec(v.client, ctx, opts) +} + +func (v *securityIntegrations) AlterSCIMIntegration(ctx context.Context, request *AlterSCIMIntegrationSecurityIntegrationRequest) error { + opts := request.toOpts() + return validateAndExec(v.client, ctx, opts) +} + +func (v *securityIntegrations) Drop(ctx context.Context, request *DropSecurityIntegrationRequest) error { + opts := request.toOpts() + return validateAndExec(v.client, ctx, opts) +} + +func (v *securityIntegrations) Describe(ctx context.Context, id AccountObjectIdentifier) ([]SecurityIntegrationProperty, error) { + opts := &DescribeSecurityIntegrationOptions{ + name: id, + } + rows, err := validateAndQuery[securityIntegrationDescRow](v.client, ctx, opts) + if err != nil { + return nil, err + } + fmt.Println(rows) + return convertRows[securityIntegrationDescRow, SecurityIntegrationProperty](rows), nil +} + +func (v *securityIntegrations) Show(ctx context.Context, request *ShowSecurityIntegrationRequest) ([]SecurityIntegration, error) { + opts := request.toOpts() + dbRows, err := validateAndQuery[securityIntegrationShowRow](v.client, ctx, opts) + if err != nil { + return nil, err + } + resultList := convertRows[securityIntegrationShowRow, SecurityIntegration](dbRows) + return resultList, nil +} + +func (v *securityIntegrations) ShowByID(ctx context.Context, id AccountObjectIdentifier) (*SecurityIntegration, error) { + // TODO: adjust request if e.g. LIKE is supported for the resource + securityIntegrations, err := v.Show(ctx, NewShowSecurityIntegrationRequest()) + if err != nil { + return nil, err + } + return collections.FindOne(securityIntegrations, func(r SecurityIntegration) bool { return r.Name == id.Name() }) +} + +func (r *CreateSCIMSecurityIntegrationRequest) toOpts() *CreateSCIMSecurityIntegrationOptions { + opts := &CreateSCIMSecurityIntegrationOptions{ + OrReplace: r.OrReplace, + IfNotExists: r.IfNotExists, + name: r.name, + Enabled: r.Enabled, + ScimClient: r.ScimClient, + RunAsRole: r.RunAsRole, + NetworkPolicy: r.NetworkPolicy, + SyncPassword: r.SyncPassword, + Comment: r.Comment, + } + return opts +} + +func (r *AlterSCIMIntegrationSecurityIntegrationRequest) toOpts() *AlterSCIMIntegrationSecurityIntegrationOptions { + opts := &AlterSCIMIntegrationSecurityIntegrationOptions{ + IfExists: r.IfExists, + name: r.name, + + SetTag: r.SetTag, + UnsetTag: r.UnsetTag, + } + if r.Set != nil { + opts.Set = &SCIMIntegrationSet{ + Enabled: r.Set.Enabled, + NetworkPolicy: r.Set.NetworkPolicy, + SyncPassword: r.Set.SyncPassword, + Comment: r.Set.Comment, + } + } + if r.Unset != nil { + opts.Unset = &SCIMIntegrationUnset{ + NetworkPolicy: r.Unset.NetworkPolicy, + SyncPassword: r.Unset.SyncPassword, + Comment: r.Unset.Comment, + } + } + return opts +} + +func (r *DropSecurityIntegrationRequest) toOpts() *DropSecurityIntegrationOptions { + opts := &DropSecurityIntegrationOptions{ + IfExists: r.IfExists, + name: r.name, + } + return opts +} + +func (r *DescribeSecurityIntegrationRequest) toOpts() *DescribeSecurityIntegrationOptions { + opts := &DescribeSecurityIntegrationOptions{ + name: r.name, + } + return opts +} + +func (r securityIntegrationDescRow) convert() *SecurityIntegrationProperty { + return &SecurityIntegrationProperty{ + Name: r.Property, + Type: r.PropertyType, + Value: r.PropertyValue, + Default: r.PropertyDefault, + } +} + +func (r *ShowSecurityIntegrationRequest) toOpts() *ShowSecurityIntegrationOptions { + opts := &ShowSecurityIntegrationOptions{ + Like: r.Like, + } + return opts +} + +func (r securityIntegrationShowRow) convert() *SecurityIntegration { + s := &SecurityIntegration{ + Name: r.Name, + IntegrationType: r.Type, + Enabled: r.Enabled, + CreatedOn: r.CreatedOn, + } + if r.Comment.Valid { + s.Comment = r.Comment.String + } + return s +} diff --git a/pkg/sdk/security_integrations_validations_gen.go b/pkg/sdk/security_integrations_validations_gen.go new file mode 100644 index 0000000000..e23f66f3fe --- /dev/null +++ b/pkg/sdk/security_integrations_validations_gen.go @@ -0,0 +1,74 @@ +package sdk + +var ( + _ validatable = new(CreateSCIMSecurityIntegrationOptions) + _ validatable = new(AlterSCIMIntegrationSecurityIntegrationOptions) + _ validatable = new(DropSecurityIntegrationOptions) + _ validatable = new(DescribeSecurityIntegrationOptions) + _ validatable = new(ShowSecurityIntegrationOptions) +) + +func (opts *CreateSCIMSecurityIntegrationOptions) validate() error { + if opts == nil { + return ErrNilOptions + } + var errs []error + if !ValidObjectIdentifier(opts.name) { + errs = append(errs, ErrInvalidObjectIdentifier) + } + if everyValueSet(opts.OrReplace, opts.IfNotExists) { + errs = append(errs, errOneOf("CreateSCIMSecurityIntegrationOptions", "OrReplace", "IfNotExists")) + } + return JoinErrors(errs...) +} + +func (opts *AlterSCIMIntegrationSecurityIntegrationOptions) validate() error { + if opts == nil { + return ErrNilOptions + } + var errs []error + if !ValidObjectIdentifier(opts.name) { + errs = append(errs, ErrInvalidObjectIdentifier) + } + if valueSet(opts.Set) { + if !anyValueSet(opts.Set.Enabled, opts.Set.NetworkPolicy, opts.Set.SyncPassword, opts.Set.Comment) { + errs = append(errs, errAtLeastOneOf("AlterSCIMIntegrationSecurityIntegrationOptions.Set", "Enabled", "NetworkPolicy", "SyncPassword", "Comment")) + } + } + if valueSet(opts.Unset) { + if !anyValueSet(opts.Unset.NetworkPolicy, opts.Unset.SyncPassword, opts.Unset.Comment) { + errs = append(errs, errAtLeastOneOf("AlterSCIMIntegrationSecurityIntegrationOptions.Unset", "NetworkPolicy", "SyncPassword", "Comment")) + } + } + return JoinErrors(errs...) +} + +func (opts *DropSecurityIntegrationOptions) validate() error { + if opts == nil { + return ErrNilOptions + } + var errs []error + if !ValidObjectIdentifier(opts.name) { + errs = append(errs, ErrInvalidObjectIdentifier) + } + return JoinErrors(errs...) +} + +func (opts *DescribeSecurityIntegrationOptions) validate() error { + if opts == nil { + return ErrNilOptions + } + var errs []error + if !ValidObjectIdentifier(opts.name) { + errs = append(errs, ErrInvalidObjectIdentifier) + } + return JoinErrors(errs...) +} + +func (opts *ShowSecurityIntegrationOptions) validate() error { + if opts == nil { + return ErrNilOptions + } + var errs []error + return JoinErrors(errs...) +} diff --git a/pkg/sdk/testint/security_integrations_gen_integration_test.go b/pkg/sdk/testint/security_integrations_gen_integration_test.go new file mode 100644 index 0000000000..109abf2d67 --- /dev/null +++ b/pkg/sdk/testint/security_integrations_gen_integration_test.go @@ -0,0 +1,142 @@ +package testint + +import ( + "testing" + + "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestInt_SecurityIntegrations(t *testing.T) { + client := testClient(t) + ctx := testContext(t) + + cleanupSecurityIntegration := func(t *testing.T, id sdk.AccountObjectIdentifier) { + t.Helper() + t.Cleanup(func() { + err := client.SecurityIntegrations.Drop(ctx, sdk.NewDropSecurityIntegrationRequest(id).WithIfExists(sdk.Pointer(true))) + assert.NoError(t, err) + }) + } + + createSCIMIntegration := func(t *testing.T, siID sdk.AccountObjectIdentifier, with func(*sdk.CreateSCIMSecurityIntegrationRequest)) { + t.Helper() + roleID := sdk.NewAccountObjectIdentifier("GENERIC_SCIM_PROVISIONER") + err := client.Roles.Create(ctx, sdk.NewCreateRoleRequest(roleID).WithIfNotExists(true)) + require.NoError(t, err) + t.Cleanup(func() { + err = client.Roles.Drop(ctx, sdk.NewDropRoleRequest(roleID)) + assert.NoError(t, err) + }) + currentRole := testClientHelper().Context.CurrentRole(t) + err = client.Roles.Grant(ctx, sdk.NewGrantRoleRequest(roleID, sdk.GrantRole{Role: sdk.Pointer(sdk.NewAccountObjectIdentifier(currentRole))})) + require.NoError(t, err) + + scimReq := sdk.NewCreateSCIMSecurityIntegrationRequest(siID, false, "GENERIC", roleID.Name()) + if with != nil { + with(scimReq) + } + err = client.SecurityIntegrations.CreateSCIM(ctx, scimReq) + require.NoError(t, err) + cleanupSecurityIntegration(t, siID) + } + + assertSecurityIntegration := func(t *testing.T, si *sdk.SecurityIntegration, id sdk.AccountObjectIdentifier, siType string, enabled bool, comment string) { + t.Helper() + assert.Equal(t, id.Name(), si.Name) + assert.Equal(t, siType, si.IntegrationType) + assert.Equal(t, enabled, si.Enabled) + assert.Equal(t, comment, si.Comment) + } + + assertSCIMDescribe := func(details []sdk.SecurityIntegrationProperty, enabled, networkPolicy, runAsRole, syncPassword, comment string) { + assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "ENABLED", Type: "Boolean", Value: enabled, Default: "false"}) + assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "NETWORK_POLICY", Type: "String", Value: networkPolicy, Default: ""}) + assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "RUN_AS_ROLE", Type: "String", Value: runAsRole, Default: ""}) + assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "SYNC_PASSWORD", Type: "Boolean", Value: syncPassword, Default: "true"}) + assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "COMMENT", Type: "String", Value: comment, Default: ""}) + } + + t.Run("CreateSCIM", func(t *testing.T) { + networkPolicy, networkPolicyCleanup := testClientHelper().NetworkPolicy.CreateNetworkPolicy(t) + t.Cleanup(networkPolicyCleanup) + + id := testClientHelper().Ids.RandomAccountObjectIdentifier() + createSCIMIntegration(t, id, func(r *sdk.CreateSCIMSecurityIntegrationRequest) { + r.WithComment(sdk.Pointer("a")). + WithNetworkPolicy(sdk.Pointer(sdk.NewAccountObjectIdentifier(networkPolicy.Name))). + WithSyncPassword(sdk.Pointer(false)) + }) + details, err := client.SecurityIntegrations.Describe(ctx, id) + require.NoError(t, err) + + assertSCIMDescribe(details, "false", networkPolicy.Name, "GENERIC_SCIM_PROVISIONER", "false", "a") + + si, err := client.SecurityIntegrations.ShowByID(ctx, id) + require.NoError(t, err) + assertSecurityIntegration(t, si, id, "SCIM - GENERIC", false, "a") + }) + + t.Run("AlterSCIMIntegration", func(t *testing.T) { + id := testClientHelper().Ids.RandomAccountObjectIdentifier() + createSCIMIntegration(t, id, nil) + + setRequest := sdk.NewAlterSCIMIntegrationSecurityIntegrationRequest(id). + WithSet( + sdk.NewSCIMIntegrationSetRequest(). + WithEnabled(sdk.Bool(true)). + WithSyncPassword(sdk.Bool(true)). + WithComment(sdk.String("altered")), + ) + err := client.SecurityIntegrations.AlterSCIMIntegration(ctx, setRequest) + require.NoError(t, err) + + details, err := client.SecurityIntegrations.Describe(ctx, id) + require.NoError(t, err) + + assertSCIMDescribe(details, "true", "", "GENERIC_SCIM_PROVISIONER", "true", "altered") + }) + + t.Run("Drop", func(t *testing.T) { + id := testClientHelper().Ids.RandomAccountObjectIdentifier() + createSCIMIntegration(t, id, nil) + + si, err := client.SecurityIntegrations.ShowByID(ctx, id) + require.NotNil(t, si) + require.NoError(t, err) + + err = client.SecurityIntegrations.Drop(ctx, sdk.NewDropSecurityIntegrationRequest(id)) + require.NoError(t, err) + + si, err = client.SecurityIntegrations.ShowByID(ctx, id) + require.Nil(t, si) + require.Error(t, err) + }) + + t.Run("Drop non-existing", func(t *testing.T) { + id := sdk.NewAccountObjectIdentifier("does_not_exist") + + err := client.SecurityIntegrations.Drop(ctx, sdk.NewDropSecurityIntegrationRequest(id)) + assert.ErrorIs(t, err, sdk.ErrObjectNotExistOrAuthorized) + }) + + t.Run("Describe", func(t *testing.T) { + id := testClientHelper().Ids.RandomAccountObjectIdentifier() + createSCIMIntegration(t, id, nil) + + details, err := client.SecurityIntegrations.Describe(ctx, id) + require.NoError(t, err) + + assertSCIMDescribe(details, "false", "", "GENERIC_SCIM_PROVISIONER", "true", "") + }) + + t.Run("ShowByID", func(t *testing.T) { + id := testClientHelper().Ids.RandomAccountObjectIdentifier() + createSCIMIntegration(t, id, nil) + + si, err := client.SecurityIntegrations.ShowByID(ctx, id) + require.NoError(t, err) + assertSecurityIntegration(t, si, id, "SCIM - GENERIC", false, "") + }) +} From 0da7ceefdfb1ecd1d50dfd736f0522c3cd622b2f Mon Sep 17 00:00:00 2001 From: Jakub Michalak Date: Tue, 14 May 2024 08:37:02 +0200 Subject: [PATCH 02/14] Add SAML2 integration to sdk --- pkg/sdk/poc/generator/operation.go | 4 +- pkg/sdk/security_integrations_def.go | 75 +++++- .../security_integrations_dto_builders_gen.go | 229 ++++++++++++++++++ pkg/sdk/security_integrations_dto_gen.go | 70 +++++- pkg/sdk/security_integrations_gen.go | 79 +++++- pkg/sdk/security_integrations_gen_test.go | 136 ++++++++++- pkg/sdk/security_integrations_impl_gen.go | 77 +++++- .../security_integrations_validations_gen.go | 37 +++ ...urity_integrations_gen_integration_test.go | 185 ++++++++++++++ 9 files changed, 880 insertions(+), 12 deletions(-) diff --git a/pkg/sdk/poc/generator/operation.go b/pkg/sdk/poc/generator/operation.go index c62f99712a..8c8bd84342 100644 --- a/pkg/sdk/poc/generator/operation.go +++ b/pkg/sdk/poc/generator/operation.go @@ -170,6 +170,6 @@ func (i *Interface) DescribeOperation(describeKind DescriptionMappingKind, doc s return i } -func (i *Interface) CustomOperation(kind string, doc string, queryStruct *QueryStruct) *Interface { - return i.newSimpleOperation(kind, doc, queryStruct) +func (i *Interface) CustomOperation(kind string, doc string, queryStruct *QueryStruct, helperStructs ...IntoField) *Interface { + return i.newSimpleOperation(kind, doc, queryStruct, helperStructs...) } diff --git a/pkg/sdk/security_integrations_def.go b/pkg/sdk/security_integrations_def.go index cd20c332c0..c0c5e4314a 100644 --- a/pkg/sdk/security_integrations_def.go +++ b/pkg/sdk/security_integrations_def.go @@ -4,6 +4,11 @@ import g "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk/poc/gen //go:generate go run ./poc/main.go +var ( + userDomainDef = g.NewQueryStruct("UserDomain").Text("Domain", g.KeywordOptions().SingleQuotes().Required()) + emailPatternDef = g.NewQueryStruct("EmailPattern").Text("Pattern", g.KeywordOptions().SingleQuotes().Required()) +) + func createSecurityIntegrationOperation(structName string, apply func(qs *g.QueryStruct) *g.QueryStruct) *g.QueryStruct { qs := g.NewQueryStruct(structName). Create(). @@ -31,6 +36,33 @@ func alterSecurityIntegrationOperation(structName string, apply func(qs *g.Query WithValidation(g.ValidIdentifier, "name") } +var saml2IntegrationSetDef = g.NewQueryStruct("SAML2IntegrationSet"). + OptionalBooleanAssignment("ENABLED", g.ParameterOptions()). + OptionalTextAssignment("SAML2_ISSUER", g.ParameterOptions().SingleQuotes()). + OptionalTextAssignment("SAML2_SSO_URL", g.ParameterOptions().SingleQuotes()). + OptionalTextAssignment("SAML2_PROVIDER", g.ParameterOptions().SingleQuotes()). + OptionalTextAssignment("SAML2_X509_CERT", g.ParameterOptions().SingleQuotes()). + ListAssignment("ALLOWED_USER_DOMAINS", "UserDomain", g.ParameterOptions().Parentheses()). + ListAssignment("ALLOWED_EMAIL_PATTERNS", "EmailPattern", g.ParameterOptions().Parentheses()). + OptionalTextAssignment("SAML2_SP_INITIATED_LOGIN_PAGE_LABEL", g.ParameterOptions().SingleQuotes()). + OptionalBooleanAssignment("SAML2_ENABLE_SP_INITIATED", g.ParameterOptions()). + OptionalTextAssignment("SAML2_SNOWFLAKE_X509_CERT", g.ParameterOptions().SingleQuotes()). + OptionalBooleanAssignment("SAML2_SIGN_REQUEST", g.ParameterOptions()). + OptionalTextAssignment("SAML2_REQUESTED_NAMEID_FORMAT", g.ParameterOptions().SingleQuotes()). + OptionalTextAssignment("SAML2_POST_LOGOUT_REDIRECT_URL", g.ParameterOptions().SingleQuotes()). + OptionalBooleanAssignment("SAML2_FORCE_AUTHN", g.ParameterOptions()). + OptionalTextAssignment("SAML2_SNOWFLAKE_ISSUER_URL", g.ParameterOptions().SingleQuotes()). + OptionalTextAssignment("SAML2_SNOWFLAKE_ACS_URL", g.ParameterOptions().SingleQuotes()). + OptionalComment(). + WithValidation(g.AtLeastOneValueSet, "Enabled", "Saml2Issuer", "Saml2SsoUrl", "Saml2Provider", "Saml2X509Cert", "AllowedUserDomains", "AllowedEmailPatterns", + "Saml2SpInitiatedLoginPageLabel", "Saml2EnableSpInitiated", "Saml2SnowflakeX509Cert", "Saml2SignRequest", "Saml2RequestedNameidFormat", "Saml2PostLogoutRedirectUrl", + "Saml2ForceAuthn", "Saml2SnowflakeIssuerUrl", "Saml2SnowflakeAcsUrl", "Comment") + +var saml2IntegrationUnsetDef = g.NewQueryStruct("SAML2IntegrationUnset"). + OptionalSQL("ENABLED"). + OptionalSQL("SAML2_FORCE_AUTHN"). + WithValidation(g.AtLeastOneValueSet, "Enabled", "Saml2ForceAuthn") + var scimIntegrationSetDef = g.NewQueryStruct("SCIMIntegrationSet"). OptionalBooleanAssignment("ENABLED", g.ParameterOptions()). OptionalIdentifier("NetworkPolicy", g.KindOfT[AccountObjectIdentifier](), g.IdentifierOptions().Equals().SQL("NETWORK_POLICY")). @@ -49,6 +81,32 @@ var SecurityIntegrationsDef = g.NewInterface( "SecurityIntegration", g.KindOfT[AccountObjectIdentifier](), ). + CustomOperation( + "CreateSAML2", + "https://docs.snowflake.com/en/sql-reference/sql/create-security-integration-saml2", + createSecurityIntegrationOperation("CreateSAML2Integration", func(qs *g.QueryStruct) *g.QueryStruct { + return qs. + PredefinedQueryStructField("integrationType", "string", g.StaticOptions().SQL("TYPE = SAML2")). + BooleanAssignment("ENABLED", g.ParameterOptions().Required()). + TextAssignment("SAML2_ISSUER", g.ParameterOptions().Required().SingleQuotes()). + TextAssignment("SAML2_SSO_URL", g.ParameterOptions().Required().SingleQuotes()). + TextAssignment("SAML2_PROVIDER", g.ParameterOptions().Required().SingleQuotes()). + TextAssignment("SAML2_X509_CERT", g.ParameterOptions().Required().SingleQuotes()). + ListAssignment("ALLOWED_USER_DOMAINS", "UserDomain", g.ParameterOptions().Parentheses()). + ListAssignment("ALLOWED_EMAIL_PATTERNS", "EmailPattern", g.ParameterOptions().Parentheses()). + OptionalTextAssignment("SAML2_SP_INITIATED_LOGIN_PAGE_LABEL", g.ParameterOptions().SingleQuotes()). + OptionalBooleanAssignment("SAML2_ENABLE_SP_INITIATED", g.ParameterOptions()). + OptionalTextAssignment("SAML2_SNOWFLAKE_X509_CERT", g.ParameterOptions().SingleQuotes()). + OptionalBooleanAssignment("SAML2_SIGN_REQUEST", g.ParameterOptions()). + OptionalTextAssignment("SAML2_REQUESTED_NAMEID_FORMAT", g.ParameterOptions().SingleQuotes()). + OptionalTextAssignment("SAML2_POST_LOGOUT_REDIRECT_URL", g.ParameterOptions().SingleQuotes()). + OptionalBooleanAssignment("SAML2_FORCE_AUTHN", g.ParameterOptions()). + OptionalTextAssignment("SAML2_SNOWFLAKE_ISSUER_URL", g.ParameterOptions().SingleQuotes()). + OptionalTextAssignment("SAML2_SNOWFLAKE_ACS_URL", g.ParameterOptions().SingleQuotes()) + }), + userDomainDef, + emailPatternDef, + ). CustomOperation( "CreateSCIM", "https://docs.snowflake.com/en/sql-reference/sql/create-security-integration-scim", @@ -62,6 +120,21 @@ var SecurityIntegrationsDef = g.NewInterface( OptionalBooleanAssignment("SYNC_PASSWORD", g.ParameterOptions()) }), ). + CustomOperation( + "AlterSAML2Integration", + "https://docs.snowflake.com/en/sql-reference/sql/alter-security-integration-saml2", + alterSecurityIntegrationOperation("AlterSAML2Integration", func(qs *g.QueryStruct) *g.QueryStruct { + return qs.OptionalQueryStructField( + "Set", + saml2IntegrationSetDef, + g.KeywordOptions().SQL("SET"), + ).OptionalQueryStructField( + "Unset", + saml2IntegrationUnsetDef, + g.ListOptions().NoParentheses().SQL("UNSET"), + ).OptionalSQL("REFRESH SAML2_SNOWFLAKE_PRIVATE_KEY") + }), + ). CustomOperation( "AlterSCIMIntegration", "https://docs.snowflake.com/en/sql-reference/sql/alter-security-integration-scim", @@ -73,7 +146,7 @@ var SecurityIntegrationsDef = g.NewInterface( ).OptionalQueryStructField( "Unset", scimIntegrationUnsetDef, - g.KeywordOptions().SQL("UNSET"), + g.ListOptions().NoParentheses().SQL("UNSET"), ) }), ). diff --git a/pkg/sdk/security_integrations_dto_builders_gen.go b/pkg/sdk/security_integrations_dto_builders_gen.go index fdb406ea2d..f9d8bf1788 100644 --- a/pkg/sdk/security_integrations_dto_builders_gen.go +++ b/pkg/sdk/security_integrations_dto_builders_gen.go @@ -4,6 +4,94 @@ package sdk import () +func NewCreateSAML2SecurityIntegrationRequest( + name AccountObjectIdentifier, + Enabled bool, + Saml2Issuer string, + Saml2SsoUrl string, + Saml2Provider string, + Saml2X509Cert string, +) *CreateSAML2SecurityIntegrationRequest { + s := CreateSAML2SecurityIntegrationRequest{} + s.name = name + s.Enabled = Enabled + s.Saml2Issuer = Saml2Issuer + s.Saml2SsoUrl = Saml2SsoUrl + s.Saml2Provider = Saml2Provider + s.Saml2X509Cert = Saml2X509Cert + return &s +} + +func (s *CreateSAML2SecurityIntegrationRequest) WithOrReplace(OrReplace *bool) *CreateSAML2SecurityIntegrationRequest { + s.OrReplace = OrReplace + return s +} + +func (s *CreateSAML2SecurityIntegrationRequest) WithIfNotExists(IfNotExists *bool) *CreateSAML2SecurityIntegrationRequest { + s.IfNotExists = IfNotExists + return s +} + +func (s *CreateSAML2SecurityIntegrationRequest) WithAllowedUserDomains(AllowedUserDomains []UserDomain) *CreateSAML2SecurityIntegrationRequest { + s.AllowedUserDomains = AllowedUserDomains + return s +} + +func (s *CreateSAML2SecurityIntegrationRequest) WithAllowedEmailPatterns(AllowedEmailPatterns []EmailPattern) *CreateSAML2SecurityIntegrationRequest { + s.AllowedEmailPatterns = AllowedEmailPatterns + return s +} + +func (s *CreateSAML2SecurityIntegrationRequest) WithSaml2SpInitiatedLoginPageLabel(Saml2SpInitiatedLoginPageLabel *string) *CreateSAML2SecurityIntegrationRequest { + s.Saml2SpInitiatedLoginPageLabel = Saml2SpInitiatedLoginPageLabel + return s +} + +func (s *CreateSAML2SecurityIntegrationRequest) WithSaml2EnableSpInitiated(Saml2EnableSpInitiated *bool) *CreateSAML2SecurityIntegrationRequest { + s.Saml2EnableSpInitiated = Saml2EnableSpInitiated + return s +} + +func (s *CreateSAML2SecurityIntegrationRequest) WithSaml2SnowflakeX509Cert(Saml2SnowflakeX509Cert *string) *CreateSAML2SecurityIntegrationRequest { + s.Saml2SnowflakeX509Cert = Saml2SnowflakeX509Cert + return s +} + +func (s *CreateSAML2SecurityIntegrationRequest) WithSaml2SignRequest(Saml2SignRequest *bool) *CreateSAML2SecurityIntegrationRequest { + s.Saml2SignRequest = Saml2SignRequest + return s +} + +func (s *CreateSAML2SecurityIntegrationRequest) WithSaml2RequestedNameidFormat(Saml2RequestedNameidFormat *string) *CreateSAML2SecurityIntegrationRequest { + s.Saml2RequestedNameidFormat = Saml2RequestedNameidFormat + return s +} + +func (s *CreateSAML2SecurityIntegrationRequest) WithSaml2PostLogoutRedirectUrl(Saml2PostLogoutRedirectUrl *string) *CreateSAML2SecurityIntegrationRequest { + s.Saml2PostLogoutRedirectUrl = Saml2PostLogoutRedirectUrl + return s +} + +func (s *CreateSAML2SecurityIntegrationRequest) WithSaml2ForceAuthn(Saml2ForceAuthn *bool) *CreateSAML2SecurityIntegrationRequest { + s.Saml2ForceAuthn = Saml2ForceAuthn + return s +} + +func (s *CreateSAML2SecurityIntegrationRequest) WithSaml2SnowflakeIssuerUrl(Saml2SnowflakeIssuerUrl *string) *CreateSAML2SecurityIntegrationRequest { + s.Saml2SnowflakeIssuerUrl = Saml2SnowflakeIssuerUrl + return s +} + +func (s *CreateSAML2SecurityIntegrationRequest) WithSaml2SnowflakeAcsUrl(Saml2SnowflakeAcsUrl *string) *CreateSAML2SecurityIntegrationRequest { + s.Saml2SnowflakeAcsUrl = Saml2SnowflakeAcsUrl + return s +} + +func (s *CreateSAML2SecurityIntegrationRequest) WithComment(Comment *string) *CreateSAML2SecurityIntegrationRequest { + s.Comment = Comment + return s +} + func NewCreateSCIMSecurityIntegrationRequest( name AccountObjectIdentifier, Enabled bool, @@ -43,6 +131,147 @@ func (s *CreateSCIMSecurityIntegrationRequest) WithComment(Comment *string) *Cre return s } +func NewAlterSAML2IntegrationSecurityIntegrationRequest( + name AccountObjectIdentifier, +) *AlterSAML2IntegrationSecurityIntegrationRequest { + s := AlterSAML2IntegrationSecurityIntegrationRequest{} + s.name = name + return &s +} + +func (s *AlterSAML2IntegrationSecurityIntegrationRequest) WithIfExists(IfExists *bool) *AlterSAML2IntegrationSecurityIntegrationRequest { + s.IfExists = IfExists + return s +} + +func (s *AlterSAML2IntegrationSecurityIntegrationRequest) WithSet(Set *SAML2IntegrationSetRequest) *AlterSAML2IntegrationSecurityIntegrationRequest { + s.Set = Set + return s +} + +func (s *AlterSAML2IntegrationSecurityIntegrationRequest) WithUnset(Unset *SAML2IntegrationUnsetRequest) *AlterSAML2IntegrationSecurityIntegrationRequest { + s.Unset = Unset + return s +} + +func (s *AlterSAML2IntegrationSecurityIntegrationRequest) WithRefreshSaml2SnowflakePrivateKey(RefreshSaml2SnowflakePrivateKey *bool) *AlterSAML2IntegrationSecurityIntegrationRequest { + s.RefreshSaml2SnowflakePrivateKey = RefreshSaml2SnowflakePrivateKey + return s +} + +func (s *AlterSAML2IntegrationSecurityIntegrationRequest) WithSetTag(SetTag []TagAssociation) *AlterSAML2IntegrationSecurityIntegrationRequest { + s.SetTag = SetTag + return s +} + +func (s *AlterSAML2IntegrationSecurityIntegrationRequest) WithUnsetTag(UnsetTag []ObjectIdentifier) *AlterSAML2IntegrationSecurityIntegrationRequest { + s.UnsetTag = UnsetTag + return s +} + +func NewSAML2IntegrationSetRequest() *SAML2IntegrationSetRequest { + return &SAML2IntegrationSetRequest{} +} + +func (s *SAML2IntegrationSetRequest) WithEnabled(Enabled *bool) *SAML2IntegrationSetRequest { + s.Enabled = Enabled + return s +} + +func (s *SAML2IntegrationSetRequest) WithSaml2Issuer(Saml2Issuer *string) *SAML2IntegrationSetRequest { + s.Saml2Issuer = Saml2Issuer + return s +} + +func (s *SAML2IntegrationSetRequest) WithSaml2SsoUrl(Saml2SsoUrl *string) *SAML2IntegrationSetRequest { + s.Saml2SsoUrl = Saml2SsoUrl + return s +} + +func (s *SAML2IntegrationSetRequest) WithSaml2Provider(Saml2Provider *string) *SAML2IntegrationSetRequest { + s.Saml2Provider = Saml2Provider + return s +} + +func (s *SAML2IntegrationSetRequest) WithSaml2X509Cert(Saml2X509Cert *string) *SAML2IntegrationSetRequest { + s.Saml2X509Cert = Saml2X509Cert + return s +} + +func (s *SAML2IntegrationSetRequest) WithAllowedUserDomains(AllowedUserDomains []UserDomain) *SAML2IntegrationSetRequest { + s.AllowedUserDomains = AllowedUserDomains + return s +} + +func (s *SAML2IntegrationSetRequest) WithAllowedEmailPatterns(AllowedEmailPatterns []EmailPattern) *SAML2IntegrationSetRequest { + s.AllowedEmailPatterns = AllowedEmailPatterns + return s +} + +func (s *SAML2IntegrationSetRequest) WithSaml2SpInitiatedLoginPageLabel(Saml2SpInitiatedLoginPageLabel *string) *SAML2IntegrationSetRequest { + s.Saml2SpInitiatedLoginPageLabel = Saml2SpInitiatedLoginPageLabel + return s +} + +func (s *SAML2IntegrationSetRequest) WithSaml2EnableSpInitiated(Saml2EnableSpInitiated *bool) *SAML2IntegrationSetRequest { + s.Saml2EnableSpInitiated = Saml2EnableSpInitiated + return s +} + +func (s *SAML2IntegrationSetRequest) WithSaml2SnowflakeX509Cert(Saml2SnowflakeX509Cert *string) *SAML2IntegrationSetRequest { + s.Saml2SnowflakeX509Cert = Saml2SnowflakeX509Cert + return s +} + +func (s *SAML2IntegrationSetRequest) WithSaml2SignRequest(Saml2SignRequest *bool) *SAML2IntegrationSetRequest { + s.Saml2SignRequest = Saml2SignRequest + return s +} + +func (s *SAML2IntegrationSetRequest) WithSaml2RequestedNameidFormat(Saml2RequestedNameidFormat *string) *SAML2IntegrationSetRequest { + s.Saml2RequestedNameidFormat = Saml2RequestedNameidFormat + return s +} + +func (s *SAML2IntegrationSetRequest) WithSaml2PostLogoutRedirectUrl(Saml2PostLogoutRedirectUrl *string) *SAML2IntegrationSetRequest { + s.Saml2PostLogoutRedirectUrl = Saml2PostLogoutRedirectUrl + return s +} + +func (s *SAML2IntegrationSetRequest) WithSaml2ForceAuthn(Saml2ForceAuthn *bool) *SAML2IntegrationSetRequest { + s.Saml2ForceAuthn = Saml2ForceAuthn + return s +} + +func (s *SAML2IntegrationSetRequest) WithSaml2SnowflakeIssuerUrl(Saml2SnowflakeIssuerUrl *string) *SAML2IntegrationSetRequest { + s.Saml2SnowflakeIssuerUrl = Saml2SnowflakeIssuerUrl + return s +} + +func (s *SAML2IntegrationSetRequest) WithSaml2SnowflakeAcsUrl(Saml2SnowflakeAcsUrl *string) *SAML2IntegrationSetRequest { + s.Saml2SnowflakeAcsUrl = Saml2SnowflakeAcsUrl + return s +} + +func (s *SAML2IntegrationSetRequest) WithComment(Comment *string) *SAML2IntegrationSetRequest { + s.Comment = Comment + return s +} + +func NewSAML2IntegrationUnsetRequest() *SAML2IntegrationUnsetRequest { + return &SAML2IntegrationUnsetRequest{} +} + +func (s *SAML2IntegrationUnsetRequest) WithEnabled(Enabled *bool) *SAML2IntegrationUnsetRequest { + s.Enabled = Enabled + return s +} + +func (s *SAML2IntegrationUnsetRequest) WithSaml2ForceAuthn(Saml2ForceAuthn *bool) *SAML2IntegrationUnsetRequest { + s.Saml2ForceAuthn = Saml2ForceAuthn + return s +} + func NewAlterSCIMIntegrationSecurityIntegrationRequest( name AccountObjectIdentifier, ) *AlterSCIMIntegrationSecurityIntegrationRequest { diff --git a/pkg/sdk/security_integrations_dto_gen.go b/pkg/sdk/security_integrations_dto_gen.go index b6f8655d13..ebbc083c69 100644 --- a/pkg/sdk/security_integrations_dto_gen.go +++ b/pkg/sdk/security_integrations_dto_gen.go @@ -3,13 +3,38 @@ package sdk //go:generate go run ./dto-builder-generator/main.go var ( - _ optionsProvider[CreateSCIMSecurityIntegrationOptions] = new(CreateSCIMSecurityIntegrationRequest) - _ optionsProvider[AlterSCIMIntegrationSecurityIntegrationOptions] = new(AlterSCIMIntegrationSecurityIntegrationRequest) - _ optionsProvider[DropSecurityIntegrationOptions] = new(DropSecurityIntegrationRequest) - _ optionsProvider[DescribeSecurityIntegrationOptions] = new(DescribeSecurityIntegrationRequest) - _ optionsProvider[ShowSecurityIntegrationOptions] = new(ShowSecurityIntegrationRequest) + _ optionsProvider[CreateSAML2SecurityIntegrationOptions] = new(CreateSAML2SecurityIntegrationRequest) + _ optionsProvider[CreateSCIMSecurityIntegrationOptions] = new(CreateSCIMSecurityIntegrationRequest) + _ optionsProvider[AlterSAML2IntegrationSecurityIntegrationOptions] = new(AlterSAML2IntegrationSecurityIntegrationRequest) + _ optionsProvider[AlterSCIMIntegrationSecurityIntegrationOptions] = new(AlterSCIMIntegrationSecurityIntegrationRequest) + _ optionsProvider[DropSecurityIntegrationOptions] = new(DropSecurityIntegrationRequest) + _ optionsProvider[DescribeSecurityIntegrationOptions] = new(DescribeSecurityIntegrationRequest) + _ optionsProvider[ShowSecurityIntegrationOptions] = new(ShowSecurityIntegrationRequest) ) +type CreateSAML2SecurityIntegrationRequest struct { + OrReplace *bool + IfNotExists *bool + name AccountObjectIdentifier // required + Enabled bool // required + Saml2Issuer string // required + Saml2SsoUrl string // required + Saml2Provider string // required + Saml2X509Cert string // required + AllowedUserDomains []UserDomain + AllowedEmailPatterns []EmailPattern + Saml2SpInitiatedLoginPageLabel *string + Saml2EnableSpInitiated *bool + Saml2SnowflakeX509Cert *string + Saml2SignRequest *bool + Saml2RequestedNameidFormat *string + Saml2PostLogoutRedirectUrl *string + Saml2ForceAuthn *bool + Saml2SnowflakeIssuerUrl *string + Saml2SnowflakeAcsUrl *string + Comment *string +} + type CreateSCIMSecurityIntegrationRequest struct { OrReplace *bool IfNotExists *bool @@ -22,6 +47,41 @@ type CreateSCIMSecurityIntegrationRequest struct { Comment *string } +type AlterSAML2IntegrationSecurityIntegrationRequest struct { + IfExists *bool + name AccountObjectIdentifier // required + Set *SAML2IntegrationSetRequest + Unset *SAML2IntegrationUnsetRequest + RefreshSaml2SnowflakePrivateKey *bool + SetTag []TagAssociation + UnsetTag []ObjectIdentifier +} + +type SAML2IntegrationSetRequest struct { + Enabled *bool + Saml2Issuer *string + Saml2SsoUrl *string + Saml2Provider *string + Saml2X509Cert *string + AllowedUserDomains []UserDomain + AllowedEmailPatterns []EmailPattern + Saml2SpInitiatedLoginPageLabel *string + Saml2EnableSpInitiated *bool + Saml2SnowflakeX509Cert *string + Saml2SignRequest *bool + Saml2RequestedNameidFormat *string + Saml2PostLogoutRedirectUrl *string + Saml2ForceAuthn *bool + Saml2SnowflakeIssuerUrl *string + Saml2SnowflakeAcsUrl *string + Comment *string +} + +type SAML2IntegrationUnsetRequest struct { + Enabled *bool + Saml2ForceAuthn *bool +} + type AlterSCIMIntegrationSecurityIntegrationRequest struct { IfExists *bool name AccountObjectIdentifier // required diff --git a/pkg/sdk/security_integrations_gen.go b/pkg/sdk/security_integrations_gen.go index 96f91fec1f..224c7823a2 100644 --- a/pkg/sdk/security_integrations_gen.go +++ b/pkg/sdk/security_integrations_gen.go @@ -7,7 +7,9 @@ import ( ) type SecurityIntegrations interface { + CreateSAML2(ctx context.Context, request *CreateSAML2SecurityIntegrationRequest) error CreateSCIM(ctx context.Context, request *CreateSCIMSecurityIntegrationRequest) error + AlterSAML2Integration(ctx context.Context, request *AlterSAML2IntegrationSecurityIntegrationRequest) error AlterSCIMIntegration(ctx context.Context, request *AlterSCIMIntegrationSecurityIntegrationRequest) error Drop(ctx context.Context, request *DropSecurityIntegrationRequest) error Describe(ctx context.Context, id AccountObjectIdentifier) ([]SecurityIntegrationProperty, error) @@ -15,6 +17,41 @@ type SecurityIntegrations interface { ShowByID(ctx context.Context, id AccountObjectIdentifier) (*SecurityIntegration, error) } +// CreateSAML2SecurityIntegrationOptions is based on https://docs.snowflake.com/en/sql-reference/sql/create-security-integration-saml2. +type CreateSAML2SecurityIntegrationOptions struct { + create bool `ddl:"static" sql:"CREATE"` + OrReplace *bool `ddl:"keyword" sql:"OR REPLACE"` + securityIntegration bool `ddl:"static" sql:"SECURITY INTEGRATION"` + IfNotExists *bool `ddl:"keyword" sql:"IF NOT EXISTS"` + name AccountObjectIdentifier `ddl:"identifier"` + integrationType string `ddl:"static" sql:"TYPE = SAML2"` + Enabled bool `ddl:"parameter" sql:"ENABLED"` + Saml2Issuer string `ddl:"parameter,single_quotes" sql:"SAML2_ISSUER"` + Saml2SsoUrl string `ddl:"parameter,single_quotes" sql:"SAML2_SSO_URL"` + Saml2Provider string `ddl:"parameter,single_quotes" sql:"SAML2_PROVIDER"` + Saml2X509Cert string `ddl:"parameter,single_quotes" sql:"SAML2_X509_CERT"` + AllowedUserDomains []UserDomain `ddl:"parameter,parentheses" sql:"ALLOWED_USER_DOMAINS"` + AllowedEmailPatterns []EmailPattern `ddl:"parameter,parentheses" sql:"ALLOWED_EMAIL_PATTERNS"` + Saml2SpInitiatedLoginPageLabel *string `ddl:"parameter,single_quotes" sql:"SAML2_SP_INITIATED_LOGIN_PAGE_LABEL"` + Saml2EnableSpInitiated *bool `ddl:"parameter" sql:"SAML2_ENABLE_SP_INITIATED"` + Saml2SnowflakeX509Cert *string `ddl:"parameter,single_quotes" sql:"SAML2_SNOWFLAKE_X509_CERT"` + Saml2SignRequest *bool `ddl:"parameter" sql:"SAML2_SIGN_REQUEST"` + Saml2RequestedNameidFormat *string `ddl:"parameter,single_quotes" sql:"SAML2_REQUESTED_NAMEID_FORMAT"` + Saml2PostLogoutRedirectUrl *string `ddl:"parameter,single_quotes" sql:"SAML2_POST_LOGOUT_REDIRECT_URL"` + Saml2ForceAuthn *bool `ddl:"parameter" sql:"SAML2_FORCE_AUTHN"` + Saml2SnowflakeIssuerUrl *string `ddl:"parameter,single_quotes" sql:"SAML2_SNOWFLAKE_ISSUER_URL"` + Saml2SnowflakeAcsUrl *string `ddl:"parameter,single_quotes" sql:"SAML2_SNOWFLAKE_ACS_URL"` + Comment *string `ddl:"parameter,single_quotes" sql:"COMMENT"` +} + +type UserDomain struct { + Domain string `ddl:"keyword,single_quotes"` +} + +type EmailPattern struct { + Pattern string `ddl:"keyword,single_quotes"` +} + // CreateSCIMSecurityIntegrationOptions is based on https://docs.snowflake.com/en/sql-reference/sql/create-security-integration-scim. type CreateSCIMSecurityIntegrationOptions struct { create bool `ddl:"static" sql:"CREATE"` @@ -31,6 +68,44 @@ type CreateSCIMSecurityIntegrationOptions struct { Comment *string `ddl:"parameter,single_quotes" sql:"COMMENT"` } +// AlterSAML2IntegrationSecurityIntegrationOptions is based on https://docs.snowflake.com/en/sql-reference/sql/alter-security-integration-saml2. +type AlterSAML2IntegrationSecurityIntegrationOptions struct { + alter bool `ddl:"static" sql:"ALTER"` + securityIntegration bool `ddl:"static" sql:"SECURITY INTEGRATION"` + IfExists *bool `ddl:"keyword" sql:"IF EXISTS"` + name AccountObjectIdentifier `ddl:"identifier"` + Set *SAML2IntegrationSet `ddl:"keyword" sql:"SET"` + Unset *SAML2IntegrationUnset `ddl:"list,no_parentheses" sql:"UNSET"` + RefreshSaml2SnowflakePrivateKey *bool `ddl:"keyword" sql:"REFRESH SAML2_SNOWFLAKE_PRIVATE_KEY"` + SetTag []TagAssociation `ddl:"keyword" sql:"SET TAG"` + UnsetTag []ObjectIdentifier `ddl:"keyword" sql:"UNSET TAG"` +} + +type SAML2IntegrationSet struct { + Enabled *bool `ddl:"parameter" sql:"ENABLED"` + Saml2Issuer *string `ddl:"parameter,single_quotes" sql:"SAML2_ISSUER"` + Saml2SsoUrl *string `ddl:"parameter,single_quotes" sql:"SAML2_SSO_URL"` + Saml2Provider *string `ddl:"parameter,single_quotes" sql:"SAML2_PROVIDER"` + Saml2X509Cert *string `ddl:"parameter,single_quotes" sql:"SAML2_X509_CERT"` + AllowedUserDomains []UserDomain `ddl:"parameter,parentheses" sql:"ALLOWED_USER_DOMAINS"` + AllowedEmailPatterns []EmailPattern `ddl:"parameter,parentheses" sql:"ALLOWED_EMAIL_PATTERNS"` + Saml2SpInitiatedLoginPageLabel *string `ddl:"parameter,single_quotes" sql:"SAML2_SP_INITIATED_LOGIN_PAGE_LABEL"` + Saml2EnableSpInitiated *bool `ddl:"parameter" sql:"SAML2_ENABLE_SP_INITIATED"` + Saml2SnowflakeX509Cert *string `ddl:"parameter,single_quotes" sql:"SAML2_SNOWFLAKE_X509_CERT"` + Saml2SignRequest *bool `ddl:"parameter" sql:"SAML2_SIGN_REQUEST"` + Saml2RequestedNameidFormat *string `ddl:"parameter,single_quotes" sql:"SAML2_REQUESTED_NAMEID_FORMAT"` + Saml2PostLogoutRedirectUrl *string `ddl:"parameter,single_quotes" sql:"SAML2_POST_LOGOUT_REDIRECT_URL"` + Saml2ForceAuthn *bool `ddl:"parameter" sql:"SAML2_FORCE_AUTHN"` + Saml2SnowflakeIssuerUrl *string `ddl:"parameter,single_quotes" sql:"SAML2_SNOWFLAKE_ISSUER_URL"` + Saml2SnowflakeAcsUrl *string `ddl:"parameter,single_quotes" sql:"SAML2_SNOWFLAKE_ACS_URL"` + Comment *string `ddl:"parameter,single_quotes" sql:"COMMENT"` +} + +type SAML2IntegrationUnset struct { + Enabled *bool `ddl:"keyword" sql:"ENABLED"` + Saml2ForceAuthn *bool `ddl:"keyword" sql:"SAML2_FORCE_AUTHN"` +} + // AlterSCIMIntegrationSecurityIntegrationOptions is based on https://docs.snowflake.com/en/sql-reference/sql/alter-security-integration-scim. type AlterSCIMIntegrationSecurityIntegrationOptions struct { alter bool `ddl:"static" sql:"ALTER"` @@ -38,7 +113,7 @@ type AlterSCIMIntegrationSecurityIntegrationOptions struct { IfExists *bool `ddl:"keyword" sql:"IF EXISTS"` name AccountObjectIdentifier `ddl:"identifier"` Set *SCIMIntegrationSet `ddl:"keyword" sql:"SET"` - Unset *SCIMIntegrationUnset `ddl:"keyword" sql:"UNSET"` + Unset *SCIMIntegrationUnset `ddl:"list,no_parentheses" sql:"UNSET"` SetTag []TagAssociation `ddl:"keyword" sql:"SET TAG"` UnsetTag []ObjectIdentifier `ddl:"keyword" sql:"UNSET TAG"` } @@ -95,6 +170,7 @@ type ShowSecurityIntegrationOptions struct { type securityIntegrationShowRow struct { Name string `db:"name"` Type string `db:"type"` + Category string `db:"category"` Enabled bool `db:"enabled"` Comment sql.NullString `db:"comment"` CreatedOn time.Time `db:"created_on"` @@ -103,6 +179,7 @@ type securityIntegrationShowRow struct { type SecurityIntegration struct { Name string IntegrationType string + Category string Enabled bool Comment string CreatedOn time.Time diff --git a/pkg/sdk/security_integrations_gen_test.go b/pkg/sdk/security_integrations_gen_test.go index 5d2eaa7b90..b270229e01 100644 --- a/pkg/sdk/security_integrations_gen_test.go +++ b/pkg/sdk/security_integrations_gen_test.go @@ -4,6 +4,59 @@ import ( "testing" ) +func TestSecurityIntegrations_CreateSAML2(t *testing.T) { + id := randomAccountObjectIdentifier() + + // Minimal valid CreateSAML2SecurityIntegrationOptions + defaultOpts := func() *CreateSAML2SecurityIntegrationOptions { + return &CreateSAML2SecurityIntegrationOptions{ + name: id, + Enabled: true, + Saml2Issuer: "issuer", + Saml2SsoUrl: "url", + Saml2Provider: "provider", + Saml2X509Cert: "cert", + } + } + + t.Run("validation: nil options", func(t *testing.T) { + var opts *CreateSAML2SecurityIntegrationOptions = nil + assertOptsInvalidJoinedErrors(t, opts, ErrNilOptions) + }) + + t.Run("validation: conflicting fields for [opts.OrReplace opts.IfNotExists]", func(t *testing.T) { + opts := defaultOpts() + opts.OrReplace = Bool(true) + opts.IfNotExists = Bool(true) + assertOptsInvalidJoinedErrors(t, opts, errOneOf("CreateSAML2SecurityIntegrationOptions", "OrReplace", "IfNotExists")) + }) + + t.Run("basic", func(t *testing.T) { + opts := defaultOpts() + assertOptsValidAndSQLEquals(t, opts, "CREATE SECURITY INTEGRATION %s TYPE = SAML2 ENABLED = true SAML2_ISSUER = 'issuer' SAML2_SSO_URL = 'url' SAML2_PROVIDER = 'provider' SAML2_X509_CERT = 'cert'", id.FullyQualifiedName()) + }) + + t.Run("all options", func(t *testing.T) { + opts := defaultOpts() + opts.AllowedEmailPatterns = []EmailPattern{{Pattern: "pattern"}} + opts.AllowedUserDomains = []UserDomain{{Domain: "domain"}} + opts.Comment = Pointer("a") + opts.Saml2EnableSpInitiated = Pointer(true) + opts.Saml2ForceAuthn = Pointer(true) + opts.Saml2PostLogoutRedirectUrl = Pointer("redirect") + opts.Saml2RequestedNameidFormat = Pointer("format") + opts.Saml2SignRequest = Pointer(true) + opts.Saml2SnowflakeAcsUrl = Pointer("acs") + opts.Saml2SnowflakeIssuerUrl = Pointer("issuer") + opts.Saml2SpInitiatedLoginPageLabel = Pointer("label") + + assertOptsValidAndSQLEquals(t, opts, "CREATE SECURITY INTEGRATION %s TYPE = SAML2 ENABLED = true SAML2_ISSUER = 'issuer' SAML2_SSO_URL = 'url' SAML2_PROVIDER = 'provider' SAML2_X509_CERT = 'cert'"+ + " ALLOWED_USER_DOMAINS = ('domain') ALLOWED_EMAIL_PATTERNS = ('pattern') SAML2_SP_INITIATED_LOGIN_PAGE_LABEL = 'label' SAML2_ENABLE_SP_INITIATED = true SAML2_SIGN_REQUEST = true"+ + " SAML2_REQUESTED_NAMEID_FORMAT = 'format' SAML2_POST_LOGOUT_REDIRECT_URL = 'redirect' SAML2_FORCE_AUTHN = true SAML2_SNOWFLAKE_ISSUER_URL = 'issuer' SAML2_SNOWFLAKE_ACS_URL = 'acs'"+ + " COMMENT = 'a'", id.FullyQualifiedName()) + }) +} + func TestSecurityIntegrations_CreateSCIM(t *testing.T) { id := randomAccountObjectIdentifier() @@ -44,6 +97,84 @@ func TestSecurityIntegrations_CreateSCIM(t *testing.T) { }) } +func TestSecurityIntegrations_AlterSAML2Integration(t *testing.T) { + id := randomAccountObjectIdentifier() + + // Minimal valid AlterSAML2IntegrationSecurityIntegrationOptions + defaultOpts := func() *AlterSAML2IntegrationSecurityIntegrationOptions { + return &AlterSAML2IntegrationSecurityIntegrationOptions{ + name: id, + } + } + + t.Run("validation: nil options", func(t *testing.T) { + var opts *AlterSAML2IntegrationSecurityIntegrationOptions = nil + assertOptsInvalidJoinedErrors(t, opts, ErrNilOptions) + }) + + t.Run("validation: valid identifier for [opts.name]", func(t *testing.T) { + opts := defaultOpts() + opts.name = NewAccountObjectIdentifier("") + assertOptsInvalidJoinedErrors(t, opts, ErrInvalidObjectIdentifier) + }) + + t.Run("validation: at least one of the fields [opts.Set.*] should be set", func(t *testing.T) { + opts := defaultOpts() + opts.Set = &SAML2IntegrationSet{} + assertOptsInvalidJoinedErrors(t, opts, errAtLeastOneOf("AlterSAML2IntegrationSecurityIntegrationOptions.Set", "Enabled", "Saml2Issuer", "Saml2SsoUrl", "Saml2Provider", + "Saml2X509Cert", "AllowedUserDomains", "AllowedEmailPatterns", "Saml2SpInitiatedLoginPageLabel", "Saml2EnableSpInitiated", "Saml2SnowflakeX509Cert", "Saml2SignRequest", + "Saml2RequestedNameidFormat", "Saml2PostLogoutRedirectUrl", "Saml2ForceAuthn", "Saml2SnowflakeIssuerUrl", "Saml2SnowflakeAcsUrl", "Comment")) + }) + + t.Run("validation: at least one of the fields [opts.Unset.*] should be set", func(t *testing.T) { + opts := defaultOpts() + opts.Unset = &SAML2IntegrationUnset{} + assertOptsInvalidJoinedErrors(t, opts, errAtLeastOneOf("AlterSAML2IntegrationSecurityIntegrationOptions.Unset", "Enabled", "Saml2ForceAuthn")) + }) + + t.Run("all options - set", func(t *testing.T) { + opts := defaultOpts() + opts.Set = &SAML2IntegrationSet{ + Enabled: Pointer(true), + Saml2Issuer: Pointer("issuer"), + Saml2SsoUrl: Pointer("url"), + Saml2Provider: Pointer("provider"), + Saml2X509Cert: Pointer("cert"), + AllowedUserDomains: []UserDomain{{Domain: "domain"}}, + AllowedEmailPatterns: []EmailPattern{{Pattern: "pattern"}}, + Saml2SpInitiatedLoginPageLabel: Pointer("label"), + Saml2EnableSpInitiated: Pointer(true), + Saml2SnowflakeX509Cert: Pointer("cert"), + Saml2SignRequest: Pointer(true), + Saml2RequestedNameidFormat: Pointer("format"), + Saml2PostLogoutRedirectUrl: Pointer("redirect"), + Saml2ForceAuthn: Pointer(true), + Saml2SnowflakeIssuerUrl: Pointer("issuer"), + Saml2SnowflakeAcsUrl: Pointer("acs"), + Comment: Pointer("a"), + } + assertOptsValidAndSQLEquals(t, opts, "ALTER SECURITY INTEGRATION %s SET ENABLED = true SAML2_ISSUER = 'issuer' SAML2_SSO_URL = 'url' SAML2_PROVIDER = 'provider' SAML2_X509_CERT = 'cert'"+ + " ALLOWED_USER_DOMAINS = ('domain') ALLOWED_EMAIL_PATTERNS = ('pattern') SAML2_SP_INITIATED_LOGIN_PAGE_LABEL = 'label' SAML2_ENABLE_SP_INITIATED = true SAML2_SNOWFLAKE_X509_CERT = 'cert' SAML2_SIGN_REQUEST = true"+ + " SAML2_REQUESTED_NAMEID_FORMAT = 'format' SAML2_POST_LOGOUT_REDIRECT_URL = 'redirect' SAML2_FORCE_AUTHN = true SAML2_SNOWFLAKE_ISSUER_URL = 'issuer' SAML2_SNOWFLAKE_ACS_URL = 'acs'"+ + " COMMENT = 'a'", id.FullyQualifiedName()) + }) + + t.Run("all options - unset", func(t *testing.T) { + opts := defaultOpts() + opts.Unset = &SAML2IntegrationUnset{ + Enabled: Pointer(true), + Saml2ForceAuthn: Pointer(true), + } + assertOptsValidAndSQLEquals(t, opts, "ALTER SECURITY INTEGRATION %s UNSET ENABLED, SAML2_FORCE_AUTHN", id.FullyQualifiedName()) + }) + + t.Run("refresh SAML2_SNOWFLAKE_PRIVATE_KEY", func(t *testing.T) { + opts := defaultOpts() + opts.RefreshSaml2SnowflakePrivateKey = Pointer(true) + assertOptsValidAndSQLEquals(t, opts, "ALTER SECURITY INTEGRATION %s REFRESH SAML2_SNOWFLAKE_PRIVATE_KEY", id.FullyQualifiedName()) + }) +} + func TestSecurityIntegrations_AlterSCIMIntegration(t *testing.T) { id := randomAccountObjectIdentifier() @@ -61,16 +192,19 @@ func TestSecurityIntegrations_AlterSCIMIntegration(t *testing.T) { t.Run("validation: valid identifier for [opts.name]", func(t *testing.T) { opts := defaultOpts() + opts.name = NewAccountObjectIdentifier("") assertOptsInvalidJoinedErrors(t, opts, ErrInvalidObjectIdentifier) }) t.Run("validation: at least one of the fields [opts.Set.Enabled opts.Set.NetworkPolicy opts.Set.SyncPassword opts.Set.Comment] should be set", func(t *testing.T) { opts := defaultOpts() + opts.Set = &SCIMIntegrationSet{} assertOptsInvalidJoinedErrors(t, opts, errAtLeastOneOf("AlterSCIMIntegrationSecurityIntegrationOptions.Set", "Enabled", "NetworkPolicy", "SyncPassword", "Comment")) }) t.Run("validation: at least one of the fields [opts.Unset.NetworkPolicy opts.Unset.SyncPassword opts.Unset.Comment] should be set", func(t *testing.T) { opts := defaultOpts() + opts.Unset = &SCIMIntegrationUnset{} assertOptsInvalidJoinedErrors(t, opts, errAtLeastOneOf("AlterSCIMIntegrationSecurityIntegrationOptions.Unset", "NetworkPolicy", "SyncPassword", "Comment")) }) @@ -94,7 +228,7 @@ func TestSecurityIntegrations_AlterSCIMIntegration(t *testing.T) { SyncPassword: Pointer(true), Comment: Pointer(true), } - assertOptsValidAndSQLEquals(t, opts, "ALTER SECURITY INTEGRATION %s UNSET NETWORK_POLICY SYNC_PASSWORD COMMENT", id.FullyQualifiedName()) + assertOptsValidAndSQLEquals(t, opts, "ALTER SECURITY INTEGRATION %s UNSET NETWORK_POLICY, SYNC_PASSWORD, COMMENT", id.FullyQualifiedName()) }) } diff --git a/pkg/sdk/security_integrations_impl_gen.go b/pkg/sdk/security_integrations_impl_gen.go index 9dacda1452..80c4ef859c 100644 --- a/pkg/sdk/security_integrations_impl_gen.go +++ b/pkg/sdk/security_integrations_impl_gen.go @@ -2,7 +2,6 @@ package sdk import ( "context" - "fmt" "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk/internal/collections" ) @@ -13,11 +12,21 @@ type securityIntegrations struct { client *Client } +func (v *securityIntegrations) CreateSAML2(ctx context.Context, request *CreateSAML2SecurityIntegrationRequest) error { + opts := request.toOpts() + return validateAndExec(v.client, ctx, opts) +} + func (v *securityIntegrations) CreateSCIM(ctx context.Context, request *CreateSCIMSecurityIntegrationRequest) error { opts := request.toOpts() return validateAndExec(v.client, ctx, opts) } +func (v *securityIntegrations) AlterSAML2Integration(ctx context.Context, request *AlterSAML2IntegrationSecurityIntegrationRequest) error { + opts := request.toOpts() + return validateAndExec(v.client, ctx, opts) +} + func (v *securityIntegrations) AlterSCIMIntegration(ctx context.Context, request *AlterSCIMIntegrationSecurityIntegrationRequest) error { opts := request.toOpts() return validateAndExec(v.client, ctx, opts) @@ -36,7 +45,6 @@ func (v *securityIntegrations) Describe(ctx context.Context, id AccountObjectIde if err != nil { return nil, err } - fmt.Println(rows) return convertRows[securityIntegrationDescRow, SecurityIntegrationProperty](rows), nil } @@ -59,6 +67,32 @@ func (v *securityIntegrations) ShowByID(ctx context.Context, id AccountObjectIde return collections.FindOne(securityIntegrations, func(r SecurityIntegration) bool { return r.Name == id.Name() }) } +func (r *CreateSAML2SecurityIntegrationRequest) toOpts() *CreateSAML2SecurityIntegrationOptions { + opts := &CreateSAML2SecurityIntegrationOptions{ + OrReplace: r.OrReplace, + IfNotExists: r.IfNotExists, + name: r.name, + Enabled: r.Enabled, + Saml2Issuer: r.Saml2Issuer, + Saml2SsoUrl: r.Saml2SsoUrl, + Saml2Provider: r.Saml2Provider, + Saml2X509Cert: r.Saml2X509Cert, + AllowedUserDomains: r.AllowedUserDomains, + AllowedEmailPatterns: r.AllowedEmailPatterns, + Saml2SpInitiatedLoginPageLabel: r.Saml2SpInitiatedLoginPageLabel, + Saml2EnableSpInitiated: r.Saml2EnableSpInitiated, + Saml2SnowflakeX509Cert: r.Saml2SnowflakeX509Cert, + Saml2SignRequest: r.Saml2SignRequest, + Saml2RequestedNameidFormat: r.Saml2RequestedNameidFormat, + Saml2PostLogoutRedirectUrl: r.Saml2PostLogoutRedirectUrl, + Saml2ForceAuthn: r.Saml2ForceAuthn, + Saml2SnowflakeIssuerUrl: r.Saml2SnowflakeIssuerUrl, + Saml2SnowflakeAcsUrl: r.Saml2SnowflakeAcsUrl, + Comment: r.Comment, + } + return opts +} + func (r *CreateSCIMSecurityIntegrationRequest) toOpts() *CreateSCIMSecurityIntegrationOptions { opts := &CreateSCIMSecurityIntegrationOptions{ OrReplace: r.OrReplace, @@ -74,6 +108,45 @@ func (r *CreateSCIMSecurityIntegrationRequest) toOpts() *CreateSCIMSecurityInteg return opts } +func (r *AlterSAML2IntegrationSecurityIntegrationRequest) toOpts() *AlterSAML2IntegrationSecurityIntegrationOptions { + opts := &AlterSAML2IntegrationSecurityIntegrationOptions{ + IfExists: r.IfExists, + name: r.name, + + RefreshSaml2SnowflakePrivateKey: r.RefreshSaml2SnowflakePrivateKey, + SetTag: r.SetTag, + UnsetTag: r.UnsetTag, + } + if r.Set != nil { + opts.Set = &SAML2IntegrationSet{ + Enabled: r.Set.Enabled, + Saml2Issuer: r.Set.Saml2Issuer, + Saml2SsoUrl: r.Set.Saml2SsoUrl, + Saml2Provider: r.Set.Saml2Provider, + Saml2X509Cert: r.Set.Saml2X509Cert, + AllowedUserDomains: r.Set.AllowedUserDomains, + AllowedEmailPatterns: r.Set.AllowedEmailPatterns, + Saml2SpInitiatedLoginPageLabel: r.Set.Saml2SpInitiatedLoginPageLabel, + Saml2EnableSpInitiated: r.Set.Saml2EnableSpInitiated, + Saml2SnowflakeX509Cert: r.Set.Saml2SnowflakeX509Cert, + Saml2SignRequest: r.Set.Saml2SignRequest, + Saml2RequestedNameidFormat: r.Set.Saml2RequestedNameidFormat, + Saml2PostLogoutRedirectUrl: r.Set.Saml2PostLogoutRedirectUrl, + Saml2ForceAuthn: r.Set.Saml2ForceAuthn, + Saml2SnowflakeIssuerUrl: r.Set.Saml2SnowflakeIssuerUrl, + Saml2SnowflakeAcsUrl: r.Set.Saml2SnowflakeAcsUrl, + Comment: r.Set.Comment, + } + } + if r.Unset != nil { + opts.Unset = &SAML2IntegrationUnset{ + Enabled: r.Unset.Enabled, + Saml2ForceAuthn: r.Unset.Saml2ForceAuthn, + } + } + return opts +} + func (r *AlterSCIMIntegrationSecurityIntegrationRequest) toOpts() *AlterSCIMIntegrationSecurityIntegrationOptions { opts := &AlterSCIMIntegrationSecurityIntegrationOptions{ IfExists: r.IfExists, diff --git a/pkg/sdk/security_integrations_validations_gen.go b/pkg/sdk/security_integrations_validations_gen.go index e23f66f3fe..02864fa7fa 100644 --- a/pkg/sdk/security_integrations_validations_gen.go +++ b/pkg/sdk/security_integrations_validations_gen.go @@ -1,13 +1,29 @@ package sdk var ( + _ validatable = new(CreateSAML2SecurityIntegrationOptions) _ validatable = new(CreateSCIMSecurityIntegrationOptions) + _ validatable = new(AlterSAML2IntegrationSecurityIntegrationOptions) _ validatable = new(AlterSCIMIntegrationSecurityIntegrationOptions) _ validatable = new(DropSecurityIntegrationOptions) _ validatable = new(DescribeSecurityIntegrationOptions) _ validatable = new(ShowSecurityIntegrationOptions) ) +func (opts *CreateSAML2SecurityIntegrationOptions) validate() error { + if opts == nil { + return ErrNilOptions + } + var errs []error + if !ValidObjectIdentifier(opts.name) { + errs = append(errs, ErrInvalidObjectIdentifier) + } + if everyValueSet(opts.OrReplace, opts.IfNotExists) { + errs = append(errs, errOneOf("CreateSAML2SecurityIntegrationOptions", "OrReplace", "IfNotExists")) + } + return JoinErrors(errs...) +} + func (opts *CreateSCIMSecurityIntegrationOptions) validate() error { if opts == nil { return ErrNilOptions @@ -22,6 +38,27 @@ func (opts *CreateSCIMSecurityIntegrationOptions) validate() error { return JoinErrors(errs...) } +func (opts *AlterSAML2IntegrationSecurityIntegrationOptions) validate() error { + if opts == nil { + return ErrNilOptions + } + var errs []error + if !ValidObjectIdentifier(opts.name) { + errs = append(errs, ErrInvalidObjectIdentifier) + } + if valueSet(opts.Set) { + if !anyValueSet(opts.Set.Enabled, opts.Set.Saml2Issuer, opts.Set.Saml2SsoUrl, opts.Set.Saml2Provider, opts.Set.Saml2X509Cert, opts.Set.AllowedUserDomains, opts.Set.AllowedEmailPatterns, opts.Set.Saml2SpInitiatedLoginPageLabel, opts.Set.Saml2EnableSpInitiated, opts.Set.Saml2SnowflakeX509Cert, opts.Set.Saml2SignRequest, opts.Set.Saml2RequestedNameidFormat, opts.Set.Saml2PostLogoutRedirectUrl, opts.Set.Saml2ForceAuthn, opts.Set.Saml2SnowflakeIssuerUrl, opts.Set.Saml2SnowflakeAcsUrl, opts.Set.Comment) { + errs = append(errs, errAtLeastOneOf("AlterSAML2IntegrationSecurityIntegrationOptions.Set", "Enabled", "Saml2Issuer", "Saml2SsoUrl", "Saml2Provider", "Saml2X509Cert", "AllowedUserDomains", "AllowedEmailPatterns", "Saml2SpInitiatedLoginPageLabel", "Saml2EnableSpInitiated", "Saml2SnowflakeX509Cert", "Saml2SignRequest", "Saml2RequestedNameidFormat", "Saml2PostLogoutRedirectUrl", "Saml2ForceAuthn", "Saml2SnowflakeIssuerUrl", "Saml2SnowflakeAcsUrl", "Comment")) + } + } + if valueSet(opts.Unset) { + if !anyValueSet(opts.Unset.Enabled, opts.Unset.Saml2ForceAuthn) { + errs = append(errs, errAtLeastOneOf("AlterSAML2IntegrationSecurityIntegrationOptions.Unset", "Enabled", "Saml2ForceAuthn")) + } + } + return JoinErrors(errs...) +} + func (opts *AlterSCIMIntegrationSecurityIntegrationOptions) validate() error { if opts == nil { return ErrNilOptions diff --git a/pkg/sdk/testint/security_integrations_gen_integration_test.go b/pkg/sdk/testint/security_integrations_gen_integration_test.go index 109abf2d67..7d56db1700 100644 --- a/pkg/sdk/testint/security_integrations_gen_integration_test.go +++ b/pkg/sdk/testint/security_integrations_gen_integration_test.go @@ -1,6 +1,7 @@ package testint import ( + "fmt" "testing" "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk" @@ -12,6 +13,9 @@ func TestInt_SecurityIntegrations(t *testing.T) { client := testClient(t) ctx := testContext(t) + acsURL := fmt.Sprintf("https://%s.snowflakecomputing.com/fed/login", testClientHelper().Context.CurrentAccount(t)) + issuerURL := fmt.Sprintf("https://%s.snowflakecomputing.com", testClientHelper().Context.CurrentAccount(t)) + cleanupSecurityIntegration := func(t *testing.T, id sdk.AccountObjectIdentifier) { t.Helper() t.Cleanup(func() { @@ -20,6 +24,40 @@ func TestInt_SecurityIntegrations(t *testing.T) { }) } + // generated by `openssl req -x509 -new -newkey rsa:2048 -nodes -subj '/C=US/ST=California/L=San Francisco/O=Snowflake/CN=Snowflake' -out x509_key.pem -days 36500` + x509 := `MIIDpzCCAo+gAwIBAgIUfg15OPhCN6lOivWEUoprAY27/5EwDQYJKoZIhvcNAQEL + BQAwYjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM + DVNhbiBGcmFuY2lzY28xEjAQBgNVBAoMCVNub3dmbGFrZTESMBAGA1UEAwwJU25v + d2ZsYWtlMCAXDTI0MDUxMzA5MDM0NFoYDzIxMjQwNDE5MDkwMzQ0WjBiMQswCQYD + VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5j + aXNjbzESMBAGA1UECgwJU25vd2ZsYWtlMRIwEAYDVQQDDAlTbm93Zmxha2UwggEi + MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrlsZAAOrljWC1eeAZb9rSGmRi + HEozww9sb1/d2aQhi1j+RV+e1tuSiZ1fMTmtE/r67R2ryx8cStiqM88SM/M0UtWf + jPzQNnQ/zuOu1wvRcVAQmyIIaDQU1V+OVv5vz9G0MNdHUeerRfVuse0i1IlyDtX/ + sV9lcgU4fIsdwyg0+tyvG8QA8R8mCajy2UDcQS/qh0NB/WGa08tmbedMO5FQ7Obz + cBnksmyuq+l4AdbC5nDfK7BSo6CVPQBYLrmsTPKhU+ET50X4IN+nd3NmGlQH8kXo + OjU39Udf31fXBDuVC7dfL2uBHAkn9bUV5LwF2bKMeNMRQOrCydgy7jvsO+HrAgMB + AAGjUzBRMB0GA1UdDgQWBBT9mt6mehFcEHTTEQcTru4ync3T6DAfBgNVHSMEGDAW + gBT9mt6mehFcEHTTEQcTru4ync3T6DAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3 + DQEBCwUAA4IBAQB177MgJXJAHXbaJ0/KVhWnDDNuZYG+OwzrGaVXiOhXShfxzENc + cqsQB4DR7GEIrEicL2xQ23Kg3j7zASmo7T56CZiJ97jIiHDNrhGoAaW+aMhbp6wx + WYxLNx9pbaPIORAJ1KEC3hvE4strHJPlQddCYSsXDhIOUTUd71JvR26DHiYQ82TO + 3wpXHhYdWYZbMjrDDAz0PwdTXyFBuTZxdlTFTxX2lXAE33OsdAFt+oi7JTQh248k + 0+lmQdhQrSrzhM3WwwuYTEKQVoa2xvWajgqbo7iu2iadWkrxUx/5bjFc5kXej6j7 + PhfG6C4ddUpAISJhmEViuXq4nVxe0Vk3Efo2 + ` + + createSAML2Integration := func(t *testing.T, siID sdk.AccountObjectIdentifier, with func(*sdk.CreateSAML2SecurityIntegrationRequest)) { + t.Helper() + saml2Req := sdk.NewCreateSAML2SecurityIntegrationRequest(siID, false, "test", "https://example.com", "Custom", x509) + if with != nil { + with(saml2Req) + } + err := client.SecurityIntegrations.CreateSAML2(ctx, saml2Req) + require.NoError(t, err) + cleanupSecurityIntegration(t, siID) + } + createSCIMIntegration := func(t *testing.T, siID sdk.AccountObjectIdentifier, with func(*sdk.CreateSCIMSecurityIntegrationRequest)) { t.Helper() roleID := sdk.NewAccountObjectIdentifier("GENERIC_SCIM_PROVISIONER") @@ -58,6 +96,78 @@ func TestInt_SecurityIntegrations(t *testing.T) { assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "COMMENT", Type: "String", Value: comment, Default: ""}) } + type saml2details struct { + provider string + enableSPInitiated string + spInitiatedLoginPageLabel string + ssoURL string + issuer string + requestedNameIDFormat string + forceAuthn string + postLogoutRedirectUrl string + signrequest string + comment string + snowflakeIssuerURL string + snowflakeAcsURL string + } + + assertSAML2Describe := func(details []sdk.SecurityIntegrationProperty, d saml2details) { + assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "SAML2_X509_CERT", Type: "String", Value: "MIIDpzCCAo+gAwIBAgIUfg15OPhCN6lOivWEUoprAY27/5EwDQYJKoZIhvcNAQEL\n\tBQAwYjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM\n\tDVNhbiBGcmFuY2lzY28xEjAQBgNVBAoMCVNub3dmbGFrZTESMBAGA1UEAwwJU25v\n\td2ZsYWtlMCAXDTI0MDUxMzA5MDM0NFoYDzIxMjQwNDE5MDkwMzQ0WjBiMQswCQYD\n\tVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5j\n\taXNjbzESMBAGA1UECgwJU25vd2ZsYWtlMRIwEAYDVQQDDAlTbm93Zmxha2UwggEi\n\tMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrlsZAAOrljWC1eeAZb9rSGmRi\n\tHEozww9sb1/d2aQhi1j+RV+e1tuSiZ1fMTmtE/r67R2ryx8cStiqM88SM/M0UtWf\n\tjPzQNnQ/zuOu1wvRcVAQmyIIaDQU1V+OVv5vz9G0MNdHUeerRfVuse0i1IlyDtX/\n\tsV9lcgU4fIsdwyg0+tyvG8QA8R8mCajy2UDcQS/qh0NB/WGa08tmbedMO5FQ7Obz\n\tcBnksmyuq+l4AdbC5nDfK7BSo6CVPQBYLrmsTPKhU+ET50X4IN+nd3NmGlQH8kXo\n\tOjU39Udf31fXBDuVC7dfL2uBHAkn9bUV5LwF2bKMeNMRQOrCydgy7jvsO+HrAgMB\n\tAAGjUzBRMB0GA1UdDgQWBBT9mt6mehFcEHTTEQcTru4ync3T6DAfBgNVHSMEGDAW\n\tgBT9mt" + + "6mehFcEHTTEQcTru4ync3T6DAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3\n\tDQEBCwUAA4IBAQB177MgJXJAHXbaJ0/KVhWnDDNuZYG+OwzrGaVXiOhXShfxzENc\n\tcqsQB4DR7GEIrEicL2xQ23Kg3j7zASmo7T56CZiJ97jIiHDNrhGoAaW+aMhbp6wx\n\tWYxLNx9pbaPIORAJ1KEC3hvE4strHJPlQddCYSsXDhIOUTUd71JvR26DHiYQ82TO\n\t3wpXHhYdWYZbMjrDDAz0PwdTXyFBuTZxdlTFTxX2lXAE33OsdAFt+oi7JTQh248k\n\t0+lmQdhQrSrzhM3WwwuYTEKQVoa2xvWajgqbo7iu2iadWkrxUx/5bjFc5kXej6j7\n\tPhfG6C4ddUpAISJhmEViuXq4nVxe0Vk3Efo2\n\t", Default: ""}) + assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "SAML2_PROVIDER", Type: "String", Value: d.provider, Default: ""}) + assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "SAML2_ENABLE_SP_INITIATED", Type: "Boolean", Value: d.enableSPInitiated, Default: "false"}) + assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "SAML2_SP_INITIATED_LOGIN_PAGE_LABEL", Type: "String", Value: d.spInitiatedLoginPageLabel, Default: ""}) + assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "SAML2_SSO_URL", Type: "String", Value: d.ssoURL, Default: ""}) + assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "SAML2_ISSUER", Type: "String", Value: d.issuer, Default: ""}) + assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "SAML2_REQUESTED_NAMEID_FORMAT", Type: "String", Value: d.requestedNameIDFormat, Default: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"}) + assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "SAML2_FORCE_AUTHN", Type: "Boolean", Value: d.forceAuthn, Default: "false"}) + assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "SAML2_POST_LOGOUT_REDIRECT_URL", Type: "String", Value: d.postLogoutRedirectUrl, Default: ""}) + assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "SAML2_SIGN_REQUEST", Type: "Boolean", Value: d.signrequest, Default: "false"}) + assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "SAML2_DIGEST_METHODS_USED", Type: "String", Value: "http://www.w3.org/2001/04/xmlenc#sha256", Default: ""}) + assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "SAML2_SIGNATURE_METHODS_USED", Type: "String", Value: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", Default: ""}) + assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "COMMENT", Type: "String", Value: d.comment, Default: ""}) + assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "SAML2_SNOWFLAKE_ISSUER_URL", Type: "String", Value: d.snowflakeIssuerURL, Default: ""}) + assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "SAML2_SNOWFLAKE_ACS_URL", Type: "String", Value: d.snowflakeAcsURL, Default: ""}) + } + + t.Run("CreateSAML2", func(t *testing.T) { + id := testClientHelper().Ids.RandomAccountObjectIdentifier() + createSAML2Integration(t, id, func(r *sdk.CreateSAML2SecurityIntegrationRequest) { + r. // WithAllowedEmailPatterns([]sdk.EmailPattern{{Pattern: "^(.+dev)@example.com$"}}). TODO: fix + // WithAllowedUserDomains([]sdk.UserDomain{{Domain: "example.com"}}). TODO: fix + WithComment(sdk.Pointer("a")). + WithSaml2EnableSpInitiated(sdk.Pointer(true)). + WithSaml2ForceAuthn(sdk.Pointer(true)). + WithSaml2PostLogoutRedirectUrl(sdk.Pointer("http://example.com/logout")). + WithSaml2RequestedNameidFormat(sdk.Pointer("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified")). + WithSaml2SignRequest(sdk.Pointer(true)). + WithSaml2SnowflakeAcsUrl(&acsURL). + WithSaml2SnowflakeIssuerUrl(&issuerURL). + WithSaml2SpInitiatedLoginPageLabel(sdk.Pointer("label")) + }) + details, err := client.SecurityIntegrations.Describe(ctx, id) + require.NoError(t, err) + + assertSAML2Describe(details, saml2details{ + provider: "Custom", + enableSPInitiated: "true", + spInitiatedLoginPageLabel: "label", + ssoURL: "https://example.com", + issuer: "test", + requestedNameIDFormat: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + forceAuthn: "true", + postLogoutRedirectUrl: "http://example.com/logout", + signrequest: "true", + comment: "a", + snowflakeIssuerURL: issuerURL, + snowflakeAcsURL: acsURL, + }) + + si, err := client.SecurityIntegrations.ShowByID(ctx, id) + require.NoError(t, err) + assertSecurityIntegration(t, si, id, "SAML2", false, "a") + }) + t.Run("CreateSCIM", func(t *testing.T) { networkPolicy, networkPolicyCleanup := testClientHelper().NetworkPolicy.CreateNetworkPolicy(t) t.Cleanup(networkPolicyCleanup) @@ -78,6 +188,66 @@ func TestInt_SecurityIntegrations(t *testing.T) { assertSecurityIntegration(t, si, id, "SCIM - GENERIC", false, "a") }) + t.Run("AlterSAML2Integration", func(t *testing.T) { + id := testClientHelper().Ids.RandomAccountObjectIdentifier() + createSAML2Integration(t, id, nil) + + setRequest := sdk.NewAlterSAML2IntegrationSecurityIntegrationRequest(id). + WithSet( + sdk.NewSAML2IntegrationSetRequest(). + WithComment(sdk.Pointer("a")). + WithSaml2EnableSpInitiated(sdk.Pointer(true)). + WithSaml2ForceAuthn(sdk.Pointer(true)). + WithSaml2PostLogoutRedirectUrl(sdk.Pointer("http://example.com/logout")). + WithSaml2RequestedNameidFormat(sdk.Pointer("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified")). + WithSaml2SignRequest(sdk.Pointer(true)). + WithSaml2SnowflakeAcsUrl(&acsURL). + WithSaml2SnowflakeIssuerUrl(&issuerURL). + WithSaml2SpInitiatedLoginPageLabel(sdk.Pointer("label")), + ) + err := client.SecurityIntegrations.AlterSAML2Integration(ctx, setRequest) + require.NoError(t, err) + + details, err := client.SecurityIntegrations.Describe(ctx, id) + require.NoError(t, err) + + assertSAML2Describe(details, saml2details{ + provider: "Custom", + enableSPInitiated: "true", + spInitiatedLoginPageLabel: "label", + ssoURL: "https://example.com", + issuer: "test", + requestedNameIDFormat: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + forceAuthn: "true", + postLogoutRedirectUrl: "http://example.com/logout", + signrequest: "true", + comment: "a", + snowflakeIssuerURL: issuerURL, + snowflakeAcsURL: acsURL, + }) + + unsetRequest := sdk.NewAlterSAML2IntegrationSecurityIntegrationRequest(id). + WithUnset( + sdk.NewSAML2IntegrationUnsetRequest(). + WithSaml2ForceAuthn(sdk.Pointer(true)), + ) + err = client.SecurityIntegrations.AlterSAML2Integration(ctx, unsetRequest) + require.NoError(t, err) + + details, err = client.SecurityIntegrations.Describe(ctx, id) + require.NoError(t, err) + assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "SAML2_FORCE_AUTHN", Type: "Boolean", Value: "false", Default: "false"}) + }) + + t.Run("AlterSAML2Integration - REFRESH SAML2_SNOWFLAKE_PRIVATE_KEY", func(t *testing.T) { + id := testClientHelper().Ids.RandomAccountObjectIdentifier() + createSAML2Integration(t, id, nil) + + setRequest := sdk.NewAlterSAML2IntegrationSecurityIntegrationRequest(id).WithRefreshSaml2SnowflakePrivateKey(sdk.Pointer(true)) + err := client.SecurityIntegrations.AlterSAML2Integration(ctx, setRequest) + require.NoError(t, err) + }) + t.Run("AlterSCIMIntegration", func(t *testing.T) { id := testClientHelper().Ids.RandomAccountObjectIdentifier() createSCIMIntegration(t, id, nil) @@ -96,6 +266,21 @@ func TestInt_SecurityIntegrations(t *testing.T) { require.NoError(t, err) assertSCIMDescribe(details, "true", "", "GENERIC_SCIM_PROVISIONER", "true", "altered") + + unsetRequest := sdk.NewAlterSCIMIntegrationSecurityIntegrationRequest(id). + WithUnset( + sdk.NewSCIMIntegrationUnsetRequest(). + WithNetworkPolicy(sdk.Bool(true)). + WithSyncPassword(sdk.Bool(true)). + WithComment(sdk.Bool(true)), + ) + err = client.SecurityIntegrations.AlterSCIMIntegration(ctx, unsetRequest) + require.NoError(t, err) + + details, err = client.SecurityIntegrations.Describe(ctx, id) + require.NoError(t, err) + + assertSCIMDescribe(details, "true", "", "GENERIC_SCIM_PROVISIONER", "", "") }) t.Run("Drop", func(t *testing.T) { From 68c5b993740fe1ff6ad0e2efdd499eb35e6fd613 Mon Sep 17 00:00:00 2001 From: Jakub Michalak Date: Tue, 14 May 2024 12:39:21 +0200 Subject: [PATCH 03/14] Fixes --- pkg/sdk/security_integrations_def.go | 23 +++--- .../security_integrations_dto_builders_gen.go | 56 +++++++++----- pkg/sdk/security_integrations_dto_gen.go | 24 +++--- pkg/sdk/security_integrations_gen.go | 16 ++-- pkg/sdk/security_integrations_gen_test.go | 27 +++++-- pkg/sdk/security_integrations_impl_gen.go | 26 ++++--- .../security_integrations_validations_gen.go | 14 +++- ...urity_integrations_gen_integration_test.go | 73 ++++++++++++++++--- 8 files changed, 183 insertions(+), 76 deletions(-) diff --git a/pkg/sdk/security_integrations_def.go b/pkg/sdk/security_integrations_def.go index c0c5e4314a..6faa05b262 100644 --- a/pkg/sdk/security_integrations_def.go +++ b/pkg/sdk/security_integrations_def.go @@ -28,12 +28,12 @@ func alterSecurityIntegrationOperation(structName string, apply func(qs *g.Query Alter(). SQL("SECURITY INTEGRATION"). IfExists(). - Name() - qs = apply(qs) - return qs. - NamedList("SET TAG", g.KindOfT[TagAssociation]()). - NamedList("UNSET TAG", g.KindOfT[ObjectIdentifier]()). + Name(). + OptionalSetTags(). + OptionalUnsetTags(). WithValidation(g.ValidIdentifier, "name") + qs = apply(qs) + return qs } var saml2IntegrationSetDef = g.NewQueryStruct("SAML2IntegrationSet"). @@ -61,7 +61,10 @@ var saml2IntegrationSetDef = g.NewQueryStruct("SAML2IntegrationSet"). var saml2IntegrationUnsetDef = g.NewQueryStruct("SAML2IntegrationUnset"). OptionalSQL("ENABLED"). OptionalSQL("SAML2_FORCE_AUTHN"). - WithValidation(g.AtLeastOneValueSet, "Enabled", "Saml2ForceAuthn") + OptionalSQL("SAML2_REQUESTED_NAMEID_FORMAT"). + OptionalSQL("SAML2_POST_LOGOUT_REDIRECT_URL"). + OptionalSQL("COMMENT"). + WithValidation(g.AtLeastOneValueSet, "Enabled", "Saml2ForceAuthn", "Saml2RequestedNameidFormat", "Saml2PostLogoutRedirectUrl", "Comment") var scimIntegrationSetDef = g.NewQueryStruct("SCIMIntegrationSet"). OptionalBooleanAssignment("ENABLED", g.ParameterOptions()). @@ -71,10 +74,11 @@ var scimIntegrationSetDef = g.NewQueryStruct("SCIMIntegrationSet"). WithValidation(g.AtLeastOneValueSet, "Enabled", "NetworkPolicy", "SyncPassword", "Comment") var scimIntegrationUnsetDef = g.NewQueryStruct("SCIMIntegrationUnset"). + OptionalSQL("ENABLED"). OptionalSQL("NETWORK_POLICY"). OptionalSQL("SYNC_PASSWORD"). OptionalSQL("COMMENT"). - WithValidation(g.AtLeastOneValueSet, "NetworkPolicy", "SyncPassword", "Comment") + WithValidation(g.AtLeastOneValueSet, "Enabled", "NetworkPolicy", "SyncPassword", "Comment") var SecurityIntegrationsDef = g.NewInterface( "SecurityIntegrations", @@ -132,7 +136,8 @@ var SecurityIntegrationsDef = g.NewInterface( "Unset", saml2IntegrationUnsetDef, g.ListOptions().NoParentheses().SQL("UNSET"), - ).OptionalSQL("REFRESH SAML2_SNOWFLAKE_PRIVATE_KEY") + ).OptionalSQL("REFRESH SAML2_SNOWFLAKE_PRIVATE_KEY"). + WithValidation(g.ExactlyOneValueSet, "Set", "Unset", "RefreshSaml2SnowflakePrivateKey", "SetTags", "UnsetTags") }), ). CustomOperation( @@ -147,7 +152,7 @@ var SecurityIntegrationsDef = g.NewInterface( "Unset", scimIntegrationUnsetDef, g.ListOptions().NoParentheses().SQL("UNSET"), - ) + ).WithValidation(g.ExactlyOneValueSet, "Set", "Unset", "SetTags", "UnsetTags") }), ). DropOperation( diff --git a/pkg/sdk/security_integrations_dto_builders_gen.go b/pkg/sdk/security_integrations_dto_builders_gen.go index f9d8bf1788..f7a29f3e24 100644 --- a/pkg/sdk/security_integrations_dto_builders_gen.go +++ b/pkg/sdk/security_integrations_dto_builders_gen.go @@ -144,28 +144,28 @@ func (s *AlterSAML2IntegrationSecurityIntegrationRequest) WithIfExists(IfExists return s } -func (s *AlterSAML2IntegrationSecurityIntegrationRequest) WithSet(Set *SAML2IntegrationSetRequest) *AlterSAML2IntegrationSecurityIntegrationRequest { - s.Set = Set +func (s *AlterSAML2IntegrationSecurityIntegrationRequest) WithSetTags(SetTags []TagAssociation) *AlterSAML2IntegrationSecurityIntegrationRequest { + s.SetTags = SetTags return s } -func (s *AlterSAML2IntegrationSecurityIntegrationRequest) WithUnset(Unset *SAML2IntegrationUnsetRequest) *AlterSAML2IntegrationSecurityIntegrationRequest { - s.Unset = Unset +func (s *AlterSAML2IntegrationSecurityIntegrationRequest) WithUnsetTags(UnsetTags []ObjectIdentifier) *AlterSAML2IntegrationSecurityIntegrationRequest { + s.UnsetTags = UnsetTags return s } -func (s *AlterSAML2IntegrationSecurityIntegrationRequest) WithRefreshSaml2SnowflakePrivateKey(RefreshSaml2SnowflakePrivateKey *bool) *AlterSAML2IntegrationSecurityIntegrationRequest { - s.RefreshSaml2SnowflakePrivateKey = RefreshSaml2SnowflakePrivateKey +func (s *AlterSAML2IntegrationSecurityIntegrationRequest) WithSet(Set *SAML2IntegrationSetRequest) *AlterSAML2IntegrationSecurityIntegrationRequest { + s.Set = Set return s } -func (s *AlterSAML2IntegrationSecurityIntegrationRequest) WithSetTag(SetTag []TagAssociation) *AlterSAML2IntegrationSecurityIntegrationRequest { - s.SetTag = SetTag +func (s *AlterSAML2IntegrationSecurityIntegrationRequest) WithUnset(Unset *SAML2IntegrationUnsetRequest) *AlterSAML2IntegrationSecurityIntegrationRequest { + s.Unset = Unset return s } -func (s *AlterSAML2IntegrationSecurityIntegrationRequest) WithUnsetTag(UnsetTag []ObjectIdentifier) *AlterSAML2IntegrationSecurityIntegrationRequest { - s.UnsetTag = UnsetTag +func (s *AlterSAML2IntegrationSecurityIntegrationRequest) WithRefreshSaml2SnowflakePrivateKey(RefreshSaml2SnowflakePrivateKey *bool) *AlterSAML2IntegrationSecurityIntegrationRequest { + s.RefreshSaml2SnowflakePrivateKey = RefreshSaml2SnowflakePrivateKey return s } @@ -272,6 +272,21 @@ func (s *SAML2IntegrationUnsetRequest) WithSaml2ForceAuthn(Saml2ForceAuthn *bool return s } +func (s *SAML2IntegrationUnsetRequest) WithSaml2RequestedNameidFormat(Saml2RequestedNameidFormat *bool) *SAML2IntegrationUnsetRequest { + s.Saml2RequestedNameidFormat = Saml2RequestedNameidFormat + return s +} + +func (s *SAML2IntegrationUnsetRequest) WithSaml2PostLogoutRedirectUrl(Saml2PostLogoutRedirectUrl *bool) *SAML2IntegrationUnsetRequest { + s.Saml2PostLogoutRedirectUrl = Saml2PostLogoutRedirectUrl + return s +} + +func (s *SAML2IntegrationUnsetRequest) WithComment(Comment *bool) *SAML2IntegrationUnsetRequest { + s.Comment = Comment + return s +} + func NewAlterSCIMIntegrationSecurityIntegrationRequest( name AccountObjectIdentifier, ) *AlterSCIMIntegrationSecurityIntegrationRequest { @@ -285,23 +300,23 @@ func (s *AlterSCIMIntegrationSecurityIntegrationRequest) WithIfExists(IfExists * return s } -func (s *AlterSCIMIntegrationSecurityIntegrationRequest) WithSet(Set *SCIMIntegrationSetRequest) *AlterSCIMIntegrationSecurityIntegrationRequest { - s.Set = Set +func (s *AlterSCIMIntegrationSecurityIntegrationRequest) WithSetTags(SetTags []TagAssociation) *AlterSCIMIntegrationSecurityIntegrationRequest { + s.SetTags = SetTags return s } -func (s *AlterSCIMIntegrationSecurityIntegrationRequest) WithUnset(Unset *SCIMIntegrationUnsetRequest) *AlterSCIMIntegrationSecurityIntegrationRequest { - s.Unset = Unset +func (s *AlterSCIMIntegrationSecurityIntegrationRequest) WithUnsetTags(UnsetTags []ObjectIdentifier) *AlterSCIMIntegrationSecurityIntegrationRequest { + s.UnsetTags = UnsetTags return s } -func (s *AlterSCIMIntegrationSecurityIntegrationRequest) WithSetTag(SetTag []TagAssociation) *AlterSCIMIntegrationSecurityIntegrationRequest { - s.SetTag = SetTag +func (s *AlterSCIMIntegrationSecurityIntegrationRequest) WithSet(Set *SCIMIntegrationSetRequest) *AlterSCIMIntegrationSecurityIntegrationRequest { + s.Set = Set return s } -func (s *AlterSCIMIntegrationSecurityIntegrationRequest) WithUnsetTag(UnsetTag []ObjectIdentifier) *AlterSCIMIntegrationSecurityIntegrationRequest { - s.UnsetTag = UnsetTag +func (s *AlterSCIMIntegrationSecurityIntegrationRequest) WithUnset(Unset *SCIMIntegrationUnsetRequest) *AlterSCIMIntegrationSecurityIntegrationRequest { + s.Unset = Unset return s } @@ -333,6 +348,11 @@ func NewSCIMIntegrationUnsetRequest() *SCIMIntegrationUnsetRequest { return &SCIMIntegrationUnsetRequest{} } +func (s *SCIMIntegrationUnsetRequest) WithEnabled(Enabled *bool) *SCIMIntegrationUnsetRequest { + s.Enabled = Enabled + return s +} + func (s *SCIMIntegrationUnsetRequest) WithNetworkPolicy(NetworkPolicy *bool) *SCIMIntegrationUnsetRequest { s.NetworkPolicy = NetworkPolicy return s diff --git a/pkg/sdk/security_integrations_dto_gen.go b/pkg/sdk/security_integrations_dto_gen.go index ebbc083c69..53834f9230 100644 --- a/pkg/sdk/security_integrations_dto_gen.go +++ b/pkg/sdk/security_integrations_dto_gen.go @@ -50,11 +50,11 @@ type CreateSCIMSecurityIntegrationRequest struct { type AlterSAML2IntegrationSecurityIntegrationRequest struct { IfExists *bool name AccountObjectIdentifier // required + SetTags []TagAssociation + UnsetTags []ObjectIdentifier Set *SAML2IntegrationSetRequest Unset *SAML2IntegrationUnsetRequest RefreshSaml2SnowflakePrivateKey *bool - SetTag []TagAssociation - UnsetTag []ObjectIdentifier } type SAML2IntegrationSetRequest struct { @@ -78,17 +78,20 @@ type SAML2IntegrationSetRequest struct { } type SAML2IntegrationUnsetRequest struct { - Enabled *bool - Saml2ForceAuthn *bool + Enabled *bool + Saml2ForceAuthn *bool + Saml2RequestedNameidFormat *bool + Saml2PostLogoutRedirectUrl *bool + Comment *bool } type AlterSCIMIntegrationSecurityIntegrationRequest struct { - IfExists *bool - name AccountObjectIdentifier // required - Set *SCIMIntegrationSetRequest - Unset *SCIMIntegrationUnsetRequest - SetTag []TagAssociation - UnsetTag []ObjectIdentifier + IfExists *bool + name AccountObjectIdentifier // required + SetTags []TagAssociation + UnsetTags []ObjectIdentifier + Set *SCIMIntegrationSetRequest + Unset *SCIMIntegrationUnsetRequest } type SCIMIntegrationSetRequest struct { @@ -99,6 +102,7 @@ type SCIMIntegrationSetRequest struct { } type SCIMIntegrationUnsetRequest struct { + Enabled *bool NetworkPolicy *bool SyncPassword *bool Comment *bool diff --git a/pkg/sdk/security_integrations_gen.go b/pkg/sdk/security_integrations_gen.go index 224c7823a2..dca8101842 100644 --- a/pkg/sdk/security_integrations_gen.go +++ b/pkg/sdk/security_integrations_gen.go @@ -74,11 +74,11 @@ type AlterSAML2IntegrationSecurityIntegrationOptions struct { securityIntegration bool `ddl:"static" sql:"SECURITY INTEGRATION"` IfExists *bool `ddl:"keyword" sql:"IF EXISTS"` name AccountObjectIdentifier `ddl:"identifier"` + SetTags []TagAssociation `ddl:"keyword" sql:"SET TAG"` + UnsetTags []ObjectIdentifier `ddl:"keyword" sql:"UNSET TAG"` Set *SAML2IntegrationSet `ddl:"keyword" sql:"SET"` Unset *SAML2IntegrationUnset `ddl:"list,no_parentheses" sql:"UNSET"` RefreshSaml2SnowflakePrivateKey *bool `ddl:"keyword" sql:"REFRESH SAML2_SNOWFLAKE_PRIVATE_KEY"` - SetTag []TagAssociation `ddl:"keyword" sql:"SET TAG"` - UnsetTag []ObjectIdentifier `ddl:"keyword" sql:"UNSET TAG"` } type SAML2IntegrationSet struct { @@ -102,8 +102,11 @@ type SAML2IntegrationSet struct { } type SAML2IntegrationUnset struct { - Enabled *bool `ddl:"keyword" sql:"ENABLED"` - Saml2ForceAuthn *bool `ddl:"keyword" sql:"SAML2_FORCE_AUTHN"` + Enabled *bool `ddl:"keyword" sql:"ENABLED"` + Saml2ForceAuthn *bool `ddl:"keyword" sql:"SAML2_FORCE_AUTHN"` + Saml2RequestedNameidFormat *bool `ddl:"keyword" sql:"SAML2_REQUESTED_NAMEID_FORMAT"` + Saml2PostLogoutRedirectUrl *bool `ddl:"keyword" sql:"SAML2_POST_LOGOUT_REDIRECT_URL"` + Comment *bool `ddl:"keyword" sql:"COMMENT"` } // AlterSCIMIntegrationSecurityIntegrationOptions is based on https://docs.snowflake.com/en/sql-reference/sql/alter-security-integration-scim. @@ -112,10 +115,10 @@ type AlterSCIMIntegrationSecurityIntegrationOptions struct { securityIntegration bool `ddl:"static" sql:"SECURITY INTEGRATION"` IfExists *bool `ddl:"keyword" sql:"IF EXISTS"` name AccountObjectIdentifier `ddl:"identifier"` + SetTags []TagAssociation `ddl:"keyword" sql:"SET TAG"` + UnsetTags []ObjectIdentifier `ddl:"keyword" sql:"UNSET TAG"` Set *SCIMIntegrationSet `ddl:"keyword" sql:"SET"` Unset *SCIMIntegrationUnset `ddl:"list,no_parentheses" sql:"UNSET"` - SetTag []TagAssociation `ddl:"keyword" sql:"SET TAG"` - UnsetTag []ObjectIdentifier `ddl:"keyword" sql:"UNSET TAG"` } type SCIMIntegrationSet struct { @@ -126,6 +129,7 @@ type SCIMIntegrationSet struct { } type SCIMIntegrationUnset struct { + Enabled *bool `ddl:"keyword" sql:"ENABLED"` NetworkPolicy *bool `ddl:"keyword" sql:"NETWORK_POLICY"` SyncPassword *bool `ddl:"keyword" sql:"SYNC_PASSWORD"` Comment *bool `ddl:"keyword" sql:"COMMENT"` diff --git a/pkg/sdk/security_integrations_gen_test.go b/pkg/sdk/security_integrations_gen_test.go index b270229e01..bbdc9fc5c8 100644 --- a/pkg/sdk/security_integrations_gen_test.go +++ b/pkg/sdk/security_integrations_gen_test.go @@ -114,6 +114,9 @@ func TestSecurityIntegrations_AlterSAML2Integration(t *testing.T) { t.Run("validation: valid identifier for [opts.name]", func(t *testing.T) { opts := defaultOpts() + opts.Set = &SAML2IntegrationSet{ + Enabled: Pointer(true), + } opts.name = NewAccountObjectIdentifier("") assertOptsInvalidJoinedErrors(t, opts, ErrInvalidObjectIdentifier) }) @@ -129,7 +132,8 @@ func TestSecurityIntegrations_AlterSAML2Integration(t *testing.T) { t.Run("validation: at least one of the fields [opts.Unset.*] should be set", func(t *testing.T) { opts := defaultOpts() opts.Unset = &SAML2IntegrationUnset{} - assertOptsInvalidJoinedErrors(t, opts, errAtLeastOneOf("AlterSAML2IntegrationSecurityIntegrationOptions.Unset", "Enabled", "Saml2ForceAuthn")) + assertOptsInvalidJoinedErrors(t, opts, errAtLeastOneOf("AlterSAML2IntegrationSecurityIntegrationOptions.Unset", + "Enabled", "Saml2ForceAuthn", "Saml2RequestedNameidFormat", "Saml2PostLogoutRedirectUrl", "Comment")) }) t.Run("all options - set", func(t *testing.T) { @@ -162,10 +166,13 @@ func TestSecurityIntegrations_AlterSAML2Integration(t *testing.T) { t.Run("all options - unset", func(t *testing.T) { opts := defaultOpts() opts.Unset = &SAML2IntegrationUnset{ - Enabled: Pointer(true), - Saml2ForceAuthn: Pointer(true), + Enabled: Pointer(true), + Saml2ForceAuthn: Pointer(true), + Saml2RequestedNameidFormat: Pointer(true), + Saml2PostLogoutRedirectUrl: Pointer(true), + Comment: Pointer(true), } - assertOptsValidAndSQLEquals(t, opts, "ALTER SECURITY INTEGRATION %s UNSET ENABLED, SAML2_FORCE_AUTHN", id.FullyQualifiedName()) + assertOptsValidAndSQLEquals(t, opts, "ALTER SECURITY INTEGRATION %s UNSET ENABLED, SAML2_FORCE_AUTHN, SAML2_REQUESTED_NAMEID_FORMAT, SAML2_POST_LOGOUT_REDIRECT_URL, COMMENT", id.FullyQualifiedName()) }) t.Run("refresh SAML2_SNOWFLAKE_PRIVATE_KEY", func(t *testing.T) { @@ -192,20 +199,23 @@ func TestSecurityIntegrations_AlterSCIMIntegration(t *testing.T) { t.Run("validation: valid identifier for [opts.name]", func(t *testing.T) { opts := defaultOpts() + opts.Set = &SCIMIntegrationSet{ + Enabled: Pointer(true), + } opts.name = NewAccountObjectIdentifier("") assertOptsInvalidJoinedErrors(t, opts, ErrInvalidObjectIdentifier) }) - t.Run("validation: at least one of the fields [opts.Set.Enabled opts.Set.NetworkPolicy opts.Set.SyncPassword opts.Set.Comment] should be set", func(t *testing.T) { + t.Run("validation: at least one of the fields [opts.Set.*] should be set", func(t *testing.T) { opts := defaultOpts() opts.Set = &SCIMIntegrationSet{} assertOptsInvalidJoinedErrors(t, opts, errAtLeastOneOf("AlterSCIMIntegrationSecurityIntegrationOptions.Set", "Enabled", "NetworkPolicy", "SyncPassword", "Comment")) }) - t.Run("validation: at least one of the fields [opts.Unset.NetworkPolicy opts.Unset.SyncPassword opts.Unset.Comment] should be set", func(t *testing.T) { + t.Run("validation: at least one of the fields [opts.Unset.*] should be set", func(t *testing.T) { opts := defaultOpts() opts.Unset = &SCIMIntegrationUnset{} - assertOptsInvalidJoinedErrors(t, opts, errAtLeastOneOf("AlterSCIMIntegrationSecurityIntegrationOptions.Unset", "NetworkPolicy", "SyncPassword", "Comment")) + assertOptsInvalidJoinedErrors(t, opts, errAtLeastOneOf("AlterSCIMIntegrationSecurityIntegrationOptions.Unset", "Enabled", "NetworkPolicy", "SyncPassword", "Comment")) }) t.Run("all options - set", func(t *testing.T) { @@ -224,11 +234,12 @@ func TestSecurityIntegrations_AlterSCIMIntegration(t *testing.T) { t.Run("all options - unset", func(t *testing.T) { opts := defaultOpts() opts.Unset = &SCIMIntegrationUnset{ + Enabled: Pointer(true), NetworkPolicy: Pointer(true), SyncPassword: Pointer(true), Comment: Pointer(true), } - assertOptsValidAndSQLEquals(t, opts, "ALTER SECURITY INTEGRATION %s UNSET NETWORK_POLICY, SYNC_PASSWORD, COMMENT", id.FullyQualifiedName()) + assertOptsValidAndSQLEquals(t, opts, "ALTER SECURITY INTEGRATION %s UNSET ENABLED, NETWORK_POLICY, SYNC_PASSWORD, COMMENT", id.FullyQualifiedName()) }) } diff --git a/pkg/sdk/security_integrations_impl_gen.go b/pkg/sdk/security_integrations_impl_gen.go index 80c4ef859c..fa2ae7b1b8 100644 --- a/pkg/sdk/security_integrations_impl_gen.go +++ b/pkg/sdk/security_integrations_impl_gen.go @@ -110,12 +110,12 @@ func (r *CreateSCIMSecurityIntegrationRequest) toOpts() *CreateSCIMSecurityInteg func (r *AlterSAML2IntegrationSecurityIntegrationRequest) toOpts() *AlterSAML2IntegrationSecurityIntegrationOptions { opts := &AlterSAML2IntegrationSecurityIntegrationOptions{ - IfExists: r.IfExists, - name: r.name, + IfExists: r.IfExists, + name: r.name, + SetTags: r.SetTags, + UnsetTags: r.UnsetTags, RefreshSaml2SnowflakePrivateKey: r.RefreshSaml2SnowflakePrivateKey, - SetTag: r.SetTag, - UnsetTag: r.UnsetTag, } if r.Set != nil { opts.Set = &SAML2IntegrationSet{ @@ -140,8 +140,11 @@ func (r *AlterSAML2IntegrationSecurityIntegrationRequest) toOpts() *AlterSAML2In } if r.Unset != nil { opts.Unset = &SAML2IntegrationUnset{ - Enabled: r.Unset.Enabled, - Saml2ForceAuthn: r.Unset.Saml2ForceAuthn, + Enabled: r.Unset.Enabled, + Saml2ForceAuthn: r.Unset.Saml2ForceAuthn, + Saml2RequestedNameidFormat: r.Unset.Saml2RequestedNameidFormat, + Saml2PostLogoutRedirectUrl: r.Unset.Saml2PostLogoutRedirectUrl, + Comment: r.Unset.Comment, } } return opts @@ -149,11 +152,10 @@ func (r *AlterSAML2IntegrationSecurityIntegrationRequest) toOpts() *AlterSAML2In func (r *AlterSCIMIntegrationSecurityIntegrationRequest) toOpts() *AlterSCIMIntegrationSecurityIntegrationOptions { opts := &AlterSCIMIntegrationSecurityIntegrationOptions{ - IfExists: r.IfExists, - name: r.name, - - SetTag: r.SetTag, - UnsetTag: r.UnsetTag, + IfExists: r.IfExists, + name: r.name, + SetTags: r.SetTags, + UnsetTags: r.UnsetTags, } if r.Set != nil { opts.Set = &SCIMIntegrationSet{ @@ -165,6 +167,7 @@ func (r *AlterSCIMIntegrationSecurityIntegrationRequest) toOpts() *AlterSCIMInte } if r.Unset != nil { opts.Unset = &SCIMIntegrationUnset{ + Enabled: r.Unset.Enabled, NetworkPolicy: r.Unset.NetworkPolicy, SyncPassword: r.Unset.SyncPassword, Comment: r.Unset.Comment, @@ -210,6 +213,7 @@ func (r securityIntegrationShowRow) convert() *SecurityIntegration { IntegrationType: r.Type, Enabled: r.Enabled, CreatedOn: r.CreatedOn, + Category: r.Category, } if r.Comment.Valid { s.Comment = r.Comment.String diff --git a/pkg/sdk/security_integrations_validations_gen.go b/pkg/sdk/security_integrations_validations_gen.go index 02864fa7fa..f34ad2a80f 100644 --- a/pkg/sdk/security_integrations_validations_gen.go +++ b/pkg/sdk/security_integrations_validations_gen.go @@ -46,14 +46,17 @@ func (opts *AlterSAML2IntegrationSecurityIntegrationOptions) validate() error { if !ValidObjectIdentifier(opts.name) { errs = append(errs, ErrInvalidObjectIdentifier) } + if !exactlyOneValueSet(opts.Set, opts.Unset, opts.RefreshSaml2SnowflakePrivateKey, opts.SetTags, opts.UnsetTags) { + errs = append(errs, errExactlyOneOf("AlterSAML2IntegrationSecurityIntegrationOptions", "Set", "Unset", "RefreshSaml2SnowflakePrivateKey", "SetTags", "UnsetTags")) + } if valueSet(opts.Set) { if !anyValueSet(opts.Set.Enabled, opts.Set.Saml2Issuer, opts.Set.Saml2SsoUrl, opts.Set.Saml2Provider, opts.Set.Saml2X509Cert, opts.Set.AllowedUserDomains, opts.Set.AllowedEmailPatterns, opts.Set.Saml2SpInitiatedLoginPageLabel, opts.Set.Saml2EnableSpInitiated, opts.Set.Saml2SnowflakeX509Cert, opts.Set.Saml2SignRequest, opts.Set.Saml2RequestedNameidFormat, opts.Set.Saml2PostLogoutRedirectUrl, opts.Set.Saml2ForceAuthn, opts.Set.Saml2SnowflakeIssuerUrl, opts.Set.Saml2SnowflakeAcsUrl, opts.Set.Comment) { errs = append(errs, errAtLeastOneOf("AlterSAML2IntegrationSecurityIntegrationOptions.Set", "Enabled", "Saml2Issuer", "Saml2SsoUrl", "Saml2Provider", "Saml2X509Cert", "AllowedUserDomains", "AllowedEmailPatterns", "Saml2SpInitiatedLoginPageLabel", "Saml2EnableSpInitiated", "Saml2SnowflakeX509Cert", "Saml2SignRequest", "Saml2RequestedNameidFormat", "Saml2PostLogoutRedirectUrl", "Saml2ForceAuthn", "Saml2SnowflakeIssuerUrl", "Saml2SnowflakeAcsUrl", "Comment")) } } if valueSet(opts.Unset) { - if !anyValueSet(opts.Unset.Enabled, opts.Unset.Saml2ForceAuthn) { - errs = append(errs, errAtLeastOneOf("AlterSAML2IntegrationSecurityIntegrationOptions.Unset", "Enabled", "Saml2ForceAuthn")) + if !anyValueSet(opts.Unset.Enabled, opts.Unset.Saml2ForceAuthn, opts.Unset.Saml2RequestedNameidFormat, opts.Unset.Saml2PostLogoutRedirectUrl, opts.Unset.Comment) { + errs = append(errs, errAtLeastOneOf("AlterSAML2IntegrationSecurityIntegrationOptions.Unset", "Enabled", "Saml2ForceAuthn", "Saml2RequestedNameidFormat", "Saml2PostLogoutRedirectUrl", "Comment")) } } return JoinErrors(errs...) @@ -67,14 +70,17 @@ func (opts *AlterSCIMIntegrationSecurityIntegrationOptions) validate() error { if !ValidObjectIdentifier(opts.name) { errs = append(errs, ErrInvalidObjectIdentifier) } + if !exactlyOneValueSet(opts.Set, opts.Unset, opts.SetTags, opts.UnsetTags) { + errs = append(errs, errExactlyOneOf("AlterSCIMIntegrationSecurityIntegrationOptions", "Set", "Unset", "SetTags", "UnsetTags")) + } if valueSet(opts.Set) { if !anyValueSet(opts.Set.Enabled, opts.Set.NetworkPolicy, opts.Set.SyncPassword, opts.Set.Comment) { errs = append(errs, errAtLeastOneOf("AlterSCIMIntegrationSecurityIntegrationOptions.Set", "Enabled", "NetworkPolicy", "SyncPassword", "Comment")) } } if valueSet(opts.Unset) { - if !anyValueSet(opts.Unset.NetworkPolicy, opts.Unset.SyncPassword, opts.Unset.Comment) { - errs = append(errs, errAtLeastOneOf("AlterSCIMIntegrationSecurityIntegrationOptions.Unset", "NetworkPolicy", "SyncPassword", "Comment")) + if !anyValueSet(opts.Unset.Enabled, opts.Unset.NetworkPolicy, opts.Unset.SyncPassword, opts.Unset.Comment) { + errs = append(errs, errAtLeastOneOf("AlterSCIMIntegrationSecurityIntegrationOptions.Unset", "Enabled", "NetworkPolicy", "SyncPassword", "Comment")) } } return JoinErrors(errs...) diff --git a/pkg/sdk/testint/security_integrations_gen_integration_test.go b/pkg/sdk/testint/security_integrations_gen_integration_test.go index 7d56db1700..b65843ece0 100644 --- a/pkg/sdk/testint/security_integrations_gen_integration_test.go +++ b/pkg/sdk/testint/security_integrations_gen_integration_test.go @@ -49,11 +49,14 @@ func TestInt_SecurityIntegrations(t *testing.T) { createSAML2Integration := func(t *testing.T, siID sdk.AccountObjectIdentifier, with func(*sdk.CreateSAML2SecurityIntegrationRequest)) { t.Helper() + _, err := client.ExecForTests(ctx, "ALTER ACCOUNT SET ENABLE_IDENTIFIER_FIRST_LOGIN = true") + require.NoError(t, err) + saml2Req := sdk.NewCreateSAML2SecurityIntegrationRequest(siID, false, "test", "https://example.com", "Custom", x509) if with != nil { with(saml2Req) } - err := client.SecurityIntegrations.CreateSAML2(ctx, saml2Req) + err = client.SecurityIntegrations.CreateSAML2(ctx, saml2Req) require.NoError(t, err) cleanupSecurityIntegration(t, siID) } @@ -86,6 +89,7 @@ func TestInt_SecurityIntegrations(t *testing.T) { assert.Equal(t, siType, si.IntegrationType) assert.Equal(t, enabled, si.Enabled) assert.Equal(t, comment, si.Comment) + assert.Equal(t, "SECURITY", si.Category) } assertSCIMDescribe := func(details []sdk.SecurityIntegrationProperty, enabled, networkPolicy, runAsRole, syncPassword, comment string) { @@ -109,6 +113,8 @@ func TestInt_SecurityIntegrations(t *testing.T) { comment string snowflakeIssuerURL string snowflakeAcsURL string + allowedUserDomains string + allowedEmailPatterns string } assertSAML2Describe := func(details []sdk.SecurityIntegrationProperty, d saml2details) { @@ -128,13 +134,15 @@ func TestInt_SecurityIntegrations(t *testing.T) { assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "COMMENT", Type: "String", Value: d.comment, Default: ""}) assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "SAML2_SNOWFLAKE_ISSUER_URL", Type: "String", Value: d.snowflakeIssuerURL, Default: ""}) assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "SAML2_SNOWFLAKE_ACS_URL", Type: "String", Value: d.snowflakeAcsURL, Default: ""}) + assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "ALLOWED_USER_DOMAINS", Type: "List", Value: d.allowedUserDomains, Default: "[]"}) + assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "ALLOWED_EMAIL_PATTERNS", Type: "List", Value: d.allowedEmailPatterns, Default: "[]"}) } t.Run("CreateSAML2", func(t *testing.T) { id := testClientHelper().Ids.RandomAccountObjectIdentifier() createSAML2Integration(t, id, func(r *sdk.CreateSAML2SecurityIntegrationRequest) { - r. // WithAllowedEmailPatterns([]sdk.EmailPattern{{Pattern: "^(.+dev)@example.com$"}}). TODO: fix - // WithAllowedUserDomains([]sdk.UserDomain{{Domain: "example.com"}}). TODO: fix + r.WithAllowedEmailPatterns([]sdk.EmailPattern{{Pattern: "^(.+dev)@example.com$"}}). + WithAllowedUserDomains([]sdk.UserDomain{{Domain: "example.com"}}). WithComment(sdk.Pointer("a")). WithSaml2EnableSpInitiated(sdk.Pointer(true)). WithSaml2ForceAuthn(sdk.Pointer(true)). @@ -161,6 +169,8 @@ func TestInt_SecurityIntegrations(t *testing.T) { comment: "a", snowflakeIssuerURL: issuerURL, snowflakeAcsURL: acsURL, + allowedUserDomains: "[example.com]", + allowedEmailPatterns: "[^(.+dev)@example.com$]", }) si, err := client.SecurityIntegrations.ShowByID(ctx, id) @@ -203,7 +213,9 @@ func TestInt_SecurityIntegrations(t *testing.T) { WithSaml2SignRequest(sdk.Pointer(true)). WithSaml2SnowflakeAcsUrl(&acsURL). WithSaml2SnowflakeIssuerUrl(&issuerURL). - WithSaml2SpInitiatedLoginPageLabel(sdk.Pointer("label")), + WithSaml2SpInitiatedLoginPageLabel(sdk.Pointer("label")). + WithAllowedEmailPatterns([]sdk.EmailPattern{{Pattern: "^(.+dev)@example.com$"}}). + WithAllowedUserDomains([]sdk.UserDomain{{Domain: "example.com"}}), ) err := client.SecurityIntegrations.AlterSAML2Integration(ctx, setRequest) require.NoError(t, err) @@ -224,12 +236,16 @@ func TestInt_SecurityIntegrations(t *testing.T) { comment: "a", snowflakeIssuerURL: issuerURL, snowflakeAcsURL: acsURL, + allowedUserDomains: "[example.com]", + allowedEmailPatterns: "[^(.+dev)@example.com$]", }) unsetRequest := sdk.NewAlterSAML2IntegrationSecurityIntegrationRequest(id). WithUnset( sdk.NewSAML2IntegrationUnsetRequest(). - WithSaml2ForceAuthn(sdk.Pointer(true)), + WithSaml2ForceAuthn(sdk.Pointer(true)). + WithSaml2RequestedNameidFormat(sdk.Pointer(true)). + WithSaml2PostLogoutRedirectUrl(sdk.Pointer(true)), ) err = client.SecurityIntegrations.AlterSAML2Integration(ctx, unsetRequest) require.NoError(t, err) @@ -237,6 +253,8 @@ func TestInt_SecurityIntegrations(t *testing.T) { details, err = client.SecurityIntegrations.Describe(ctx, id) require.NoError(t, err) assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "SAML2_FORCE_AUTHN", Type: "Boolean", Value: "false", Default: "false"}) + assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "SAML2_REQUESTED_NAMEID_FORMAT", Type: "String", Value: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", Default: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"}) + assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "SAML2_POST_LOGOUT_REDIRECT_URL", Type: "String", Value: "", Default: ""}) }) t.Run("AlterSAML2Integration - REFRESH SAML2_SNOWFLAKE_PRIVATE_KEY", func(t *testing.T) { @@ -256,7 +274,7 @@ func TestInt_SecurityIntegrations(t *testing.T) { WithSet( sdk.NewSCIMIntegrationSetRequest(). WithEnabled(sdk.Bool(true)). - WithSyncPassword(sdk.Bool(true)). + WithSyncPassword(sdk.Bool(false)). WithComment(sdk.String("altered")), ) err := client.SecurityIntegrations.AlterSCIMIntegration(ctx, setRequest) @@ -265,14 +283,13 @@ func TestInt_SecurityIntegrations(t *testing.T) { details, err := client.SecurityIntegrations.Describe(ctx, id) require.NoError(t, err) - assertSCIMDescribe(details, "true", "", "GENERIC_SCIM_PROVISIONER", "true", "altered") + assertSCIMDescribe(details, "true", "", "GENERIC_SCIM_PROVISIONER", "false", "altered") unsetRequest := sdk.NewAlterSCIMIntegrationSecurityIntegrationRequest(id). WithUnset( sdk.NewSCIMIntegrationUnsetRequest(). WithNetworkPolicy(sdk.Bool(true)). - WithSyncPassword(sdk.Bool(true)). - WithComment(sdk.Bool(true)), + WithSyncPassword(sdk.Bool(true)), ) err = client.SecurityIntegrations.AlterSCIMIntegration(ctx, unsetRequest) require.NoError(t, err) @@ -280,7 +297,43 @@ func TestInt_SecurityIntegrations(t *testing.T) { details, err = client.SecurityIntegrations.Describe(ctx, id) require.NoError(t, err) - assertSCIMDescribe(details, "true", "", "GENERIC_SCIM_PROVISIONER", "", "") + assertSCIMDescribe(details, "true", "", "GENERIC_SCIM_PROVISIONER", "true", "altered") + }) + + t.Run("Alter - set and unset tags", func(t *testing.T) { + tag, tagCleanup := testClientHelper().Tag.CreateTag(t) + t.Cleanup(tagCleanup) + + id := testClientHelper().Ids.RandomAccountObjectIdentifier() + createSCIMIntegration(t, id, nil) + + tagValue := "abc" + tags := []sdk.TagAssociation{ + { + Name: tag.ID(), + Value: tagValue, + }, + } + alterRequestSetTags := sdk.NewAlterSCIMIntegrationSecurityIntegrationRequest(id).WithSetTags(tags) + + err := client.SecurityIntegrations.AlterSCIMIntegration(ctx, alterRequestSetTags) + require.NoError(t, err) + + returnedTagValue, err := client.SystemFunctions.GetTag(ctx, tag.ID(), id, sdk.ObjectTypeIntegration) + require.NoError(t, err) + + assert.Equal(t, tagValue, returnedTagValue) + + unsetTags := []sdk.ObjectIdentifier{ + tag.ID(), + } + alterRequestUnsetTags := sdk.NewAlterSCIMIntegrationSecurityIntegrationRequest(id).WithUnsetTags(unsetTags) + + err = client.SecurityIntegrations.AlterSCIMIntegration(ctx, alterRequestUnsetTags) + require.NoError(t, err) + + _, err = client.SystemFunctions.GetTag(ctx, tag.ID(), id, sdk.ObjectTypeIntegration) + require.Error(t, err) }) t.Run("Drop", func(t *testing.T) { From fe257780e2b0ead3c097e88685a9b88af72b84e4 Mon Sep 17 00:00:00 2001 From: Jakub Michalak Date: Tue, 14 May 2024 12:40:56 +0200 Subject: [PATCH 04/14] Fix showbyid --- pkg/sdk/security_integrations_impl_gen.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkg/sdk/security_integrations_impl_gen.go b/pkg/sdk/security_integrations_impl_gen.go index fa2ae7b1b8..c2c57aa957 100644 --- a/pkg/sdk/security_integrations_impl_gen.go +++ b/pkg/sdk/security_integrations_impl_gen.go @@ -59,8 +59,9 @@ func (v *securityIntegrations) Show(ctx context.Context, request *ShowSecurityIn } func (v *securityIntegrations) ShowByID(ctx context.Context, id AccountObjectIdentifier) (*SecurityIntegration, error) { - // TODO: adjust request if e.g. LIKE is supported for the resource - securityIntegrations, err := v.Show(ctx, NewShowSecurityIntegrationRequest()) + securityIntegrations, err := v.Show(ctx, NewShowSecurityIntegrationRequest().WithLike(&Like{ + Pattern: String(id.Name()), + })) if err != nil { return nil, err } From 0fa4bc15bdc4feff4230f2a0281eba3cd1a22f32 Mon Sep 17 00:00:00 2001 From: Jakub Michalak Date: Tue, 14 May 2024 14:36:35 +0200 Subject: [PATCH 05/14] Use enums --- pkg/sdk/security_integrations_def.go | 28 +++++++++++++++++-- .../security_integrations_dto_builders_gen.go | 4 +-- pkg/sdk/security_integrations_dto_gen.go | 8 +++--- pkg/sdk/security_integrations_gen.go | 24 ++++++++-------- ...urity_integrations_gen_integration_test.go | 2 +- 5 files changed, 45 insertions(+), 21 deletions(-) diff --git a/pkg/sdk/security_integrations_def.go b/pkg/sdk/security_integrations_def.go index 6faa05b262..40dce2cbff 100644 --- a/pkg/sdk/security_integrations_def.go +++ b/pkg/sdk/security_integrations_def.go @@ -4,6 +4,22 @@ import g "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk/poc/gen //go:generate go run ./poc/main.go +type SCIMSecurityIntegrationSCIMClientOption string + +var ( + SCIMSecurityIntegrationSCIMClientOkta SCIMSecurityIntegrationSCIMClientOption = "OKTA" + SCIMSecurityIntegrationSCIMClientAzure SCIMSecurityIntegrationSCIMClientOption = "AZURE" + SCIMSecurityIntegrationSCIMClientGeneric SCIMSecurityIntegrationSCIMClientOption = "GENERIC" +) + +type SCIMSecurityIntegrationRunAsRoleOption string + +var ( + SCIMSecurityIntegrationRunAsRoleOktaProvisioner SCIMSecurityIntegrationRunAsRoleOption = "OKTA_PROVISIONER" + SCIMSecurityIntegrationRunAsRoleAadProvisioner SCIMSecurityIntegrationRunAsRoleOption = "AAD_PROVISIONER" + SCIMSecurityIntegrationRunAsRoleGenericScimProvisioner SCIMSecurityIntegrationRunAsRoleOption = "GENERIC_SCIM_PROVISIONER" +) + var ( userDomainDef = g.NewQueryStruct("UserDomain").Text("Domain", g.KeywordOptions().SingleQuotes().Required()) emailPatternDef = g.NewQueryStruct("EmailPattern").Text("Pattern", g.KeywordOptions().SingleQuotes().Required()) @@ -118,8 +134,16 @@ var SecurityIntegrationsDef = g.NewInterface( return qs. PredefinedQueryStructField("integrationType", "string", g.StaticOptions().SQL("TYPE = SCIM")). BooleanAssignment("ENABLED", g.ParameterOptions().Required()). - TextAssignment("SCIM_CLIENT", g.ParameterOptions().Required().SingleQuotes()). - TextAssignment("RUN_AS_ROLE", g.ParameterOptions().Required().SingleQuotes()). + OptionalAssignment( + "SCIM_CLIENT", + g.KindOfT[SCIMSecurityIntegrationSCIMClientOption](), + g.ParameterOptions().SingleQuotes().Required(), + ). + OptionalAssignment( + "RUN_AS_ROLE", + g.KindOfT[SCIMSecurityIntegrationRunAsRoleOption](), + g.ParameterOptions().SingleQuotes().Required(), + ). OptionalIdentifier("NetworkPolicy", g.KindOfT[AccountObjectIdentifier](), g.IdentifierOptions().Equals().SQL("NETWORK_POLICY")). OptionalBooleanAssignment("SYNC_PASSWORD", g.ParameterOptions()) }), diff --git a/pkg/sdk/security_integrations_dto_builders_gen.go b/pkg/sdk/security_integrations_dto_builders_gen.go index f7a29f3e24..8d33cf65b4 100644 --- a/pkg/sdk/security_integrations_dto_builders_gen.go +++ b/pkg/sdk/security_integrations_dto_builders_gen.go @@ -95,8 +95,8 @@ func (s *CreateSAML2SecurityIntegrationRequest) WithComment(Comment *string) *Cr func NewCreateSCIMSecurityIntegrationRequest( name AccountObjectIdentifier, Enabled bool, - ScimClient string, - RunAsRole string, + ScimClient *SCIMSecurityIntegrationSCIMClientOption, + RunAsRole *SCIMSecurityIntegrationRunAsRoleOption, ) *CreateSCIMSecurityIntegrationRequest { s := CreateSCIMSecurityIntegrationRequest{} s.name = name diff --git a/pkg/sdk/security_integrations_dto_gen.go b/pkg/sdk/security_integrations_dto_gen.go index 53834f9230..65807bfd50 100644 --- a/pkg/sdk/security_integrations_dto_gen.go +++ b/pkg/sdk/security_integrations_dto_gen.go @@ -38,10 +38,10 @@ type CreateSAML2SecurityIntegrationRequest struct { type CreateSCIMSecurityIntegrationRequest struct { OrReplace *bool IfNotExists *bool - name AccountObjectIdentifier // required - Enabled bool // required - ScimClient string // required - RunAsRole string // required + name AccountObjectIdentifier // required + Enabled bool // required + ScimClient *SCIMSecurityIntegrationSCIMClientOption // required + RunAsRole *SCIMSecurityIntegrationRunAsRoleOption // required NetworkPolicy *AccountObjectIdentifier SyncPassword *bool Comment *string diff --git a/pkg/sdk/security_integrations_gen.go b/pkg/sdk/security_integrations_gen.go index dca8101842..07c455d9c2 100644 --- a/pkg/sdk/security_integrations_gen.go +++ b/pkg/sdk/security_integrations_gen.go @@ -54,18 +54,18 @@ type EmailPattern struct { // CreateSCIMSecurityIntegrationOptions is based on https://docs.snowflake.com/en/sql-reference/sql/create-security-integration-scim. type CreateSCIMSecurityIntegrationOptions struct { - create bool `ddl:"static" sql:"CREATE"` - OrReplace *bool `ddl:"keyword" sql:"OR REPLACE"` - securityIntegration bool `ddl:"static" sql:"SECURITY INTEGRATION"` - IfNotExists *bool `ddl:"keyword" sql:"IF NOT EXISTS"` - name AccountObjectIdentifier `ddl:"identifier"` - integrationType string `ddl:"static" sql:"TYPE = SCIM"` - Enabled bool `ddl:"parameter" sql:"ENABLED"` - ScimClient string `ddl:"parameter,single_quotes" sql:"SCIM_CLIENT"` - RunAsRole string `ddl:"parameter,single_quotes" sql:"RUN_AS_ROLE"` - NetworkPolicy *AccountObjectIdentifier `ddl:"identifier,equals" sql:"NETWORK_POLICY"` - SyncPassword *bool `ddl:"parameter" sql:"SYNC_PASSWORD"` - Comment *string `ddl:"parameter,single_quotes" sql:"COMMENT"` + create bool `ddl:"static" sql:"CREATE"` + OrReplace *bool `ddl:"keyword" sql:"OR REPLACE"` + securityIntegration bool `ddl:"static" sql:"SECURITY INTEGRATION"` + IfNotExists *bool `ddl:"keyword" sql:"IF NOT EXISTS"` + name AccountObjectIdentifier `ddl:"identifier"` + integrationType string `ddl:"static" sql:"TYPE = SCIM"` + Enabled bool `ddl:"parameter" sql:"ENABLED"` + ScimClient *SCIMSecurityIntegrationSCIMClientOption `ddl:"parameter,single_quotes" sql:"SCIM_CLIENT"` + RunAsRole *SCIMSecurityIntegrationRunAsRoleOption `ddl:"parameter,single_quotes" sql:"RUN_AS_ROLE"` + NetworkPolicy *AccountObjectIdentifier `ddl:"identifier,equals" sql:"NETWORK_POLICY"` + SyncPassword *bool `ddl:"parameter" sql:"SYNC_PASSWORD"` + Comment *string `ddl:"parameter,single_quotes" sql:"COMMENT"` } // AlterSAML2IntegrationSecurityIntegrationOptions is based on https://docs.snowflake.com/en/sql-reference/sql/alter-security-integration-saml2. diff --git a/pkg/sdk/testint/security_integrations_gen_integration_test.go b/pkg/sdk/testint/security_integrations_gen_integration_test.go index b65843ece0..0ef5cbda6c 100644 --- a/pkg/sdk/testint/security_integrations_gen_integration_test.go +++ b/pkg/sdk/testint/security_integrations_gen_integration_test.go @@ -74,7 +74,7 @@ func TestInt_SecurityIntegrations(t *testing.T) { err = client.Roles.Grant(ctx, sdk.NewGrantRoleRequest(roleID, sdk.GrantRole{Role: sdk.Pointer(sdk.NewAccountObjectIdentifier(currentRole))})) require.NoError(t, err) - scimReq := sdk.NewCreateSCIMSecurityIntegrationRequest(siID, false, "GENERIC", roleID.Name()) + scimReq := sdk.NewCreateSCIMSecurityIntegrationRequest(siID, false, &sdk.SCIMSecurityIntegrationSCIMClientGeneric, &sdk.SCIMSecurityIntegrationRunAsRoleGenericScimProvisioner) if with != nil { with(scimReq) } From 939f823afd1e18429a2497cf4d7d4e94e0b45ec7 Mon Sep 17 00:00:00 2001 From: Jakub Michalak Date: Wed, 15 May 2024 16:01:49 +0200 Subject: [PATCH 06/14] Fixes --- .../helpers/security_integration_client.go | 93 ++++++++++ pkg/sdk/security_integrations_def.go | 48 ++--- .../security_integrations_dto_builders_gen.go | 164 +++++++++--------- pkg/sdk/security_integrations_dto_gen.go | 54 +++--- pkg/sdk/security_integrations_gen.go | 68 ++++---- pkg/sdk/security_integrations_gen_test.go | 72 ++++---- pkg/sdk/security_integrations_impl_gen.go | 32 ++-- .../security_integrations_validations_gen.go | 32 ++-- ...urity_integrations_gen_integration_test.go | 101 +++++++---- 9 files changed, 403 insertions(+), 261 deletions(-) create mode 100644 pkg/acceptance/helpers/security_integration_client.go diff --git a/pkg/acceptance/helpers/security_integration_client.go b/pkg/acceptance/helpers/security_integration_client.go new file mode 100644 index 0000000000..38c4f71c3a --- /dev/null +++ b/pkg/acceptance/helpers/security_integration_client.go @@ -0,0 +1,93 @@ +package helpers + +import ( + "context" + "testing" + + "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk" + "github.com/stretchr/testify/require" +) + +type SecurityIntegrationClient struct { + context *TestClientContext + ids *IdsGenerator +} + +func NewSecurityIntegrationClient(context *TestClientContext, idsGenerator *IdsGenerator) *SecurityIntegrationClient { + return &SecurityIntegrationClient{ + context: context, + ids: idsGenerator, + } +} + +func (c *SecurityIntegrationClient) client() sdk.SecurityIntegrations { + return c.context.client.SecurityIntegrations +} + +func (c *SecurityIntegrationClient) CreateSaml2(t *testing.T, id sdk.AccountObjectIdentifier) (*sdk.SecurityIntegration, func()) { + t.Helper() + // generated by `openssl req -x509 -new -newkey rsa:2048 -nodes -subj '/C=US/ST=California/L=San Francisco/O=Snowflake/CN=Snowflake' -out x509_key.pem -days 36500` + x509 := `MIIDpzCCAo+gAwIBAgIUfg15OPhCN6lOivWEUoprAY27/5EwDQYJKoZIhvcNAQEL + BQAwYjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM + DVNhbiBGcmFuY2lzY28xEjAQBgNVBAoMCVNub3dmbGFrZTESMBAGA1UEAwwJU25v + d2ZsYWtlMCAXDTI0MDUxMzA5MDM0NFoYDzIxMjQwNDE5MDkwMzQ0WjBiMQswCQYD + VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5j + aXNjbzESMBAGA1UECgwJU25vd2ZsYWtlMRIwEAYDVQQDDAlTbm93Zmxha2UwggEi + MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrlsZAAOrljWC1eeAZb9rSGmRi + HEozww9sb1/d2aQhi1j+RV+e1tuSiZ1fMTmtE/r67R2ryx8cStiqM88SM/M0UtWf + jPzQNnQ/zuOu1wvRcVAQmyIIaDQU1V+OVv5vz9G0MNdHUeerRfVuse0i1IlyDtX/ + sV9lcgU4fIsdwyg0+tyvG8QA8R8mCajy2UDcQS/qh0NB/WGa08tmbedMO5FQ7Obz + cBnksmyuq+l4AdbC5nDfK7BSo6CVPQBYLrmsTPKhU+ET50X4IN+nd3NmGlQH8kXo + OjU39Udf31fXBDuVC7dfL2uBHAkn9bUV5LwF2bKMeNMRQOrCydgy7jvsO+HrAgMB + AAGjUzBRMB0GA1UdDgQWBBT9mt6mehFcEHTTEQcTru4ync3T6DAfBgNVHSMEGDAW + gBT9mt6mehFcEHTTEQcTru4ync3T6DAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3 + DQEBCwUAA4IBAQB177MgJXJAHXbaJ0/KVhWnDDNuZYG+OwzrGaVXiOhXShfxzENc + cqsQB4DR7GEIrEicL2xQ23Kg3j7zASmo7T56CZiJ97jIiHDNrhGoAaW+aMhbp6wx + WYxLNx9pbaPIORAJ1KEC3hvE4strHJPlQddCYSsXDhIOUTUd71JvR26DHiYQ82TO + 3wpXHhYdWYZbMjrDDAz0PwdTXyFBuTZxdlTFTxX2lXAE33OsdAFt+oi7JTQh248k + 0+lmQdhQrSrzhM3WwwuYTEKQVoa2xvWajgqbo7iu2iadWkrxUx/5bjFc5kXej6j7 + PhfG6C4ddUpAISJhmEViuXq4nVxe0Vk3Efo2 + ` + return c.CreateSaml2WithRequest(t, sdk.NewCreateSaml2SecurityIntegrationRequest(id, false, "test", "https://example.com", "Custom", x509)) +} + +func (c *SecurityIntegrationClient) CreateSaml2WithRequest(t *testing.T, request *sdk.CreateSaml2SecurityIntegrationRequest) (*sdk.SecurityIntegration, func()) { + t.Helper() + ctx := context.Background() + + err := c.client().CreateSaml2(ctx, request) + require.NoError(t, err) + + si, err := c.client().ShowByID(ctx, request.GetName()) + require.NoError(t, err) + + return si, c.DropSecurityIntegrationFunc(t, request.GetName()) +} + +func (c *SecurityIntegrationClient) CreateScim(t *testing.T) (*sdk.SecurityIntegration, func()) { + t.Helper() + return c.CreateScimWithRequest(t, sdk.NewCreateScimSecurityIntegrationRequest(c.ids.RandomAccountObjectIdentifier(), false, sdk.ScimSecurityIntegrationScimClientGeneric, sdk.ScimSecurityIntegrationRunAsRoleGenericScimProvisioner)) +} + +func (c *SecurityIntegrationClient) CreateScimWithRequest(t *testing.T, request *sdk.CreateScimSecurityIntegrationRequest) (*sdk.SecurityIntegration, func()) { + t.Helper() + ctx := context.Background() + + err := c.client().CreateScim(ctx, request) + require.NoError(t, err) + + si, err := c.client().ShowByID(ctx, request.GetName()) + require.NoError(t, err) + + return si, c.DropSecurityIntegrationFunc(t, request.GetName()) +} + +func (c *SecurityIntegrationClient) DropSecurityIntegrationFunc(t *testing.T, id sdk.AccountObjectIdentifier) func() { + t.Helper() + ctx := context.Background() + + return func() { + err := c.client().Drop(ctx, sdk.NewDropSecurityIntegrationRequest(id).WithIfExists(sdk.Bool(true))) + require.NoError(t, err) + } +} diff --git a/pkg/sdk/security_integrations_def.go b/pkg/sdk/security_integrations_def.go index 40dce2cbff..f378d7dd9e 100644 --- a/pkg/sdk/security_integrations_def.go +++ b/pkg/sdk/security_integrations_def.go @@ -4,20 +4,20 @@ import g "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk/poc/gen //go:generate go run ./poc/main.go -type SCIMSecurityIntegrationSCIMClientOption string +type ScimSecurityIntegrationScimClientOption string var ( - SCIMSecurityIntegrationSCIMClientOkta SCIMSecurityIntegrationSCIMClientOption = "OKTA" - SCIMSecurityIntegrationSCIMClientAzure SCIMSecurityIntegrationSCIMClientOption = "AZURE" - SCIMSecurityIntegrationSCIMClientGeneric SCIMSecurityIntegrationSCIMClientOption = "GENERIC" + ScimSecurityIntegrationScimClientOkta ScimSecurityIntegrationScimClientOption = "OKTA" + ScimSecurityIntegrationScimClientAzure ScimSecurityIntegrationScimClientOption = "AZURE" + ScimSecurityIntegrationScimClientGeneric ScimSecurityIntegrationScimClientOption = "GENERIC" ) -type SCIMSecurityIntegrationRunAsRoleOption string +type ScimSecurityIntegrationRunAsRoleOption string var ( - SCIMSecurityIntegrationRunAsRoleOktaProvisioner SCIMSecurityIntegrationRunAsRoleOption = "OKTA_PROVISIONER" - SCIMSecurityIntegrationRunAsRoleAadProvisioner SCIMSecurityIntegrationRunAsRoleOption = "AAD_PROVISIONER" - SCIMSecurityIntegrationRunAsRoleGenericScimProvisioner SCIMSecurityIntegrationRunAsRoleOption = "GENERIC_SCIM_PROVISIONER" + ScimSecurityIntegrationRunAsRoleOktaProvisioner ScimSecurityIntegrationRunAsRoleOption = "OKTA_PROVISIONER" + ScimSecurityIntegrationRunAsRoleAadProvisioner ScimSecurityIntegrationRunAsRoleOption = "AAD_PROVISIONER" + ScimSecurityIntegrationRunAsRoleGenericScimProvisioner ScimSecurityIntegrationRunAsRoleOption = "GENERIC_SCIM_PROVISIONER" ) var ( @@ -52,7 +52,7 @@ func alterSecurityIntegrationOperation(structName string, apply func(qs *g.Query return qs } -var saml2IntegrationSetDef = g.NewQueryStruct("SAML2IntegrationSet"). +var saml2IntegrationSetDef = g.NewQueryStruct("Saml2IntegrationSet"). OptionalBooleanAssignment("ENABLED", g.ParameterOptions()). OptionalTextAssignment("SAML2_ISSUER", g.ParameterOptions().SingleQuotes()). OptionalTextAssignment("SAML2_SSO_URL", g.ParameterOptions().SingleQuotes()). @@ -74,7 +74,7 @@ var saml2IntegrationSetDef = g.NewQueryStruct("SAML2IntegrationSet"). "Saml2SpInitiatedLoginPageLabel", "Saml2EnableSpInitiated", "Saml2SnowflakeX509Cert", "Saml2SignRequest", "Saml2RequestedNameidFormat", "Saml2PostLogoutRedirectUrl", "Saml2ForceAuthn", "Saml2SnowflakeIssuerUrl", "Saml2SnowflakeAcsUrl", "Comment") -var saml2IntegrationUnsetDef = g.NewQueryStruct("SAML2IntegrationUnset"). +var saml2IntegrationUnsetDef = g.NewQueryStruct("Saml2IntegrationUnset"). OptionalSQL("ENABLED"). OptionalSQL("SAML2_FORCE_AUTHN"). OptionalSQL("SAML2_REQUESTED_NAMEID_FORMAT"). @@ -82,14 +82,14 @@ var saml2IntegrationUnsetDef = g.NewQueryStruct("SAML2IntegrationUnset"). OptionalSQL("COMMENT"). WithValidation(g.AtLeastOneValueSet, "Enabled", "Saml2ForceAuthn", "Saml2RequestedNameidFormat", "Saml2PostLogoutRedirectUrl", "Comment") -var scimIntegrationSetDef = g.NewQueryStruct("SCIMIntegrationSet"). +var scimIntegrationSetDef = g.NewQueryStruct("ScimIntegrationSet"). OptionalBooleanAssignment("ENABLED", g.ParameterOptions()). OptionalIdentifier("NetworkPolicy", g.KindOfT[AccountObjectIdentifier](), g.IdentifierOptions().Equals().SQL("NETWORK_POLICY")). OptionalBooleanAssignment("SYNC_PASSWORD", g.ParameterOptions()). OptionalComment(). WithValidation(g.AtLeastOneValueSet, "Enabled", "NetworkPolicy", "SyncPassword", "Comment") -var scimIntegrationUnsetDef = g.NewQueryStruct("SCIMIntegrationUnset"). +var scimIntegrationUnsetDef = g.NewQueryStruct("ScimIntegrationUnset"). OptionalSQL("ENABLED"). OptionalSQL("NETWORK_POLICY"). OptionalSQL("SYNC_PASSWORD"). @@ -102,9 +102,9 @@ var SecurityIntegrationsDef = g.NewInterface( g.KindOfT[AccountObjectIdentifier](), ). CustomOperation( - "CreateSAML2", + "CreateSaml2", "https://docs.snowflake.com/en/sql-reference/sql/create-security-integration-saml2", - createSecurityIntegrationOperation("CreateSAML2Integration", func(qs *g.QueryStruct) *g.QueryStruct { + createSecurityIntegrationOperation("CreateSaml2", func(qs *g.QueryStruct) *g.QueryStruct { return qs. PredefinedQueryStructField("integrationType", "string", g.StaticOptions().SQL("TYPE = SAML2")). BooleanAssignment("ENABLED", g.ParameterOptions().Required()). @@ -128,20 +128,20 @@ var SecurityIntegrationsDef = g.NewInterface( emailPatternDef, ). CustomOperation( - "CreateSCIM", + "CreateScim", "https://docs.snowflake.com/en/sql-reference/sql/create-security-integration-scim", - createSecurityIntegrationOperation("CreateSCIMIntegration", func(qs *g.QueryStruct) *g.QueryStruct { + createSecurityIntegrationOperation("CreateScim", func(qs *g.QueryStruct) *g.QueryStruct { return qs. PredefinedQueryStructField("integrationType", "string", g.StaticOptions().SQL("TYPE = SCIM")). BooleanAssignment("ENABLED", g.ParameterOptions().Required()). - OptionalAssignment( + Assignment( "SCIM_CLIENT", - g.KindOfT[SCIMSecurityIntegrationSCIMClientOption](), + g.KindOfT[ScimSecurityIntegrationScimClientOption](), g.ParameterOptions().SingleQuotes().Required(), ). - OptionalAssignment( + Assignment( "RUN_AS_ROLE", - g.KindOfT[SCIMSecurityIntegrationRunAsRoleOption](), + g.KindOfT[ScimSecurityIntegrationRunAsRoleOption](), g.ParameterOptions().SingleQuotes().Required(), ). OptionalIdentifier("NetworkPolicy", g.KindOfT[AccountObjectIdentifier](), g.IdentifierOptions().Equals().SQL("NETWORK_POLICY")). @@ -149,9 +149,9 @@ var SecurityIntegrationsDef = g.NewInterface( }), ). CustomOperation( - "AlterSAML2Integration", + "AlterSaml2", "https://docs.snowflake.com/en/sql-reference/sql/alter-security-integration-saml2", - alterSecurityIntegrationOperation("AlterSAML2Integration", func(qs *g.QueryStruct) *g.QueryStruct { + alterSecurityIntegrationOperation("AlterSaml2", func(qs *g.QueryStruct) *g.QueryStruct { return qs.OptionalQueryStructField( "Set", saml2IntegrationSetDef, @@ -165,9 +165,9 @@ var SecurityIntegrationsDef = g.NewInterface( }), ). CustomOperation( - "AlterSCIMIntegration", + "AlterScim", "https://docs.snowflake.com/en/sql-reference/sql/alter-security-integration-scim", - alterSecurityIntegrationOperation("AlterSCIMIntegration", func(qs *g.QueryStruct) *g.QueryStruct { + alterSecurityIntegrationOperation("AlterScim", func(qs *g.QueryStruct) *g.QueryStruct { return qs.OptionalQueryStructField( "Set", scimIntegrationSetDef, diff --git a/pkg/sdk/security_integrations_dto_builders_gen.go b/pkg/sdk/security_integrations_dto_builders_gen.go index 8d33cf65b4..ee150b237a 100644 --- a/pkg/sdk/security_integrations_dto_builders_gen.go +++ b/pkg/sdk/security_integrations_dto_builders_gen.go @@ -4,15 +4,15 @@ package sdk import () -func NewCreateSAML2SecurityIntegrationRequest( +func NewCreateSaml2SecurityIntegrationRequest( name AccountObjectIdentifier, Enabled bool, Saml2Issuer string, Saml2SsoUrl string, Saml2Provider string, Saml2X509Cert string, -) *CreateSAML2SecurityIntegrationRequest { - s := CreateSAML2SecurityIntegrationRequest{} +) *CreateSaml2SecurityIntegrationRequest { + s := CreateSaml2SecurityIntegrationRequest{} s.name = name s.Enabled = Enabled s.Saml2Issuer = Saml2Issuer @@ -22,83 +22,83 @@ func NewCreateSAML2SecurityIntegrationRequest( return &s } -func (s *CreateSAML2SecurityIntegrationRequest) WithOrReplace(OrReplace *bool) *CreateSAML2SecurityIntegrationRequest { +func (s *CreateSaml2SecurityIntegrationRequest) WithOrReplace(OrReplace *bool) *CreateSaml2SecurityIntegrationRequest { s.OrReplace = OrReplace return s } -func (s *CreateSAML2SecurityIntegrationRequest) WithIfNotExists(IfNotExists *bool) *CreateSAML2SecurityIntegrationRequest { +func (s *CreateSaml2SecurityIntegrationRequest) WithIfNotExists(IfNotExists *bool) *CreateSaml2SecurityIntegrationRequest { s.IfNotExists = IfNotExists return s } -func (s *CreateSAML2SecurityIntegrationRequest) WithAllowedUserDomains(AllowedUserDomains []UserDomain) *CreateSAML2SecurityIntegrationRequest { +func (s *CreateSaml2SecurityIntegrationRequest) WithAllowedUserDomains(AllowedUserDomains []UserDomain) *CreateSaml2SecurityIntegrationRequest { s.AllowedUserDomains = AllowedUserDomains return s } -func (s *CreateSAML2SecurityIntegrationRequest) WithAllowedEmailPatterns(AllowedEmailPatterns []EmailPattern) *CreateSAML2SecurityIntegrationRequest { +func (s *CreateSaml2SecurityIntegrationRequest) WithAllowedEmailPatterns(AllowedEmailPatterns []EmailPattern) *CreateSaml2SecurityIntegrationRequest { s.AllowedEmailPatterns = AllowedEmailPatterns return s } -func (s *CreateSAML2SecurityIntegrationRequest) WithSaml2SpInitiatedLoginPageLabel(Saml2SpInitiatedLoginPageLabel *string) *CreateSAML2SecurityIntegrationRequest { +func (s *CreateSaml2SecurityIntegrationRequest) WithSaml2SpInitiatedLoginPageLabel(Saml2SpInitiatedLoginPageLabel *string) *CreateSaml2SecurityIntegrationRequest { s.Saml2SpInitiatedLoginPageLabel = Saml2SpInitiatedLoginPageLabel return s } -func (s *CreateSAML2SecurityIntegrationRequest) WithSaml2EnableSpInitiated(Saml2EnableSpInitiated *bool) *CreateSAML2SecurityIntegrationRequest { +func (s *CreateSaml2SecurityIntegrationRequest) WithSaml2EnableSpInitiated(Saml2EnableSpInitiated *bool) *CreateSaml2SecurityIntegrationRequest { s.Saml2EnableSpInitiated = Saml2EnableSpInitiated return s } -func (s *CreateSAML2SecurityIntegrationRequest) WithSaml2SnowflakeX509Cert(Saml2SnowflakeX509Cert *string) *CreateSAML2SecurityIntegrationRequest { +func (s *CreateSaml2SecurityIntegrationRequest) WithSaml2SnowflakeX509Cert(Saml2SnowflakeX509Cert *string) *CreateSaml2SecurityIntegrationRequest { s.Saml2SnowflakeX509Cert = Saml2SnowflakeX509Cert return s } -func (s *CreateSAML2SecurityIntegrationRequest) WithSaml2SignRequest(Saml2SignRequest *bool) *CreateSAML2SecurityIntegrationRequest { +func (s *CreateSaml2SecurityIntegrationRequest) WithSaml2SignRequest(Saml2SignRequest *bool) *CreateSaml2SecurityIntegrationRequest { s.Saml2SignRequest = Saml2SignRequest return s } -func (s *CreateSAML2SecurityIntegrationRequest) WithSaml2RequestedNameidFormat(Saml2RequestedNameidFormat *string) *CreateSAML2SecurityIntegrationRequest { +func (s *CreateSaml2SecurityIntegrationRequest) WithSaml2RequestedNameidFormat(Saml2RequestedNameidFormat *string) *CreateSaml2SecurityIntegrationRequest { s.Saml2RequestedNameidFormat = Saml2RequestedNameidFormat return s } -func (s *CreateSAML2SecurityIntegrationRequest) WithSaml2PostLogoutRedirectUrl(Saml2PostLogoutRedirectUrl *string) *CreateSAML2SecurityIntegrationRequest { +func (s *CreateSaml2SecurityIntegrationRequest) WithSaml2PostLogoutRedirectUrl(Saml2PostLogoutRedirectUrl *string) *CreateSaml2SecurityIntegrationRequest { s.Saml2PostLogoutRedirectUrl = Saml2PostLogoutRedirectUrl return s } -func (s *CreateSAML2SecurityIntegrationRequest) WithSaml2ForceAuthn(Saml2ForceAuthn *bool) *CreateSAML2SecurityIntegrationRequest { +func (s *CreateSaml2SecurityIntegrationRequest) WithSaml2ForceAuthn(Saml2ForceAuthn *bool) *CreateSaml2SecurityIntegrationRequest { s.Saml2ForceAuthn = Saml2ForceAuthn return s } -func (s *CreateSAML2SecurityIntegrationRequest) WithSaml2SnowflakeIssuerUrl(Saml2SnowflakeIssuerUrl *string) *CreateSAML2SecurityIntegrationRequest { +func (s *CreateSaml2SecurityIntegrationRequest) WithSaml2SnowflakeIssuerUrl(Saml2SnowflakeIssuerUrl *string) *CreateSaml2SecurityIntegrationRequest { s.Saml2SnowflakeIssuerUrl = Saml2SnowflakeIssuerUrl return s } -func (s *CreateSAML2SecurityIntegrationRequest) WithSaml2SnowflakeAcsUrl(Saml2SnowflakeAcsUrl *string) *CreateSAML2SecurityIntegrationRequest { +func (s *CreateSaml2SecurityIntegrationRequest) WithSaml2SnowflakeAcsUrl(Saml2SnowflakeAcsUrl *string) *CreateSaml2SecurityIntegrationRequest { s.Saml2SnowflakeAcsUrl = Saml2SnowflakeAcsUrl return s } -func (s *CreateSAML2SecurityIntegrationRequest) WithComment(Comment *string) *CreateSAML2SecurityIntegrationRequest { +func (s *CreateSaml2SecurityIntegrationRequest) WithComment(Comment *string) *CreateSaml2SecurityIntegrationRequest { s.Comment = Comment return s } -func NewCreateSCIMSecurityIntegrationRequest( +func NewCreateScimSecurityIntegrationRequest( name AccountObjectIdentifier, Enabled bool, - ScimClient *SCIMSecurityIntegrationSCIMClientOption, - RunAsRole *SCIMSecurityIntegrationRunAsRoleOption, -) *CreateSCIMSecurityIntegrationRequest { - s := CreateSCIMSecurityIntegrationRequest{} + ScimClient ScimSecurityIntegrationScimClientOption, + RunAsRole ScimSecurityIntegrationRunAsRoleOption, +) *CreateScimSecurityIntegrationRequest { + s := CreateScimSecurityIntegrationRequest{} s.name = name s.Enabled = Enabled s.ScimClient = ScimClient @@ -106,264 +106,264 @@ func NewCreateSCIMSecurityIntegrationRequest( return &s } -func (s *CreateSCIMSecurityIntegrationRequest) WithOrReplace(OrReplace *bool) *CreateSCIMSecurityIntegrationRequest { +func (s *CreateScimSecurityIntegrationRequest) WithOrReplace(OrReplace *bool) *CreateScimSecurityIntegrationRequest { s.OrReplace = OrReplace return s } -func (s *CreateSCIMSecurityIntegrationRequest) WithIfNotExists(IfNotExists *bool) *CreateSCIMSecurityIntegrationRequest { +func (s *CreateScimSecurityIntegrationRequest) WithIfNotExists(IfNotExists *bool) *CreateScimSecurityIntegrationRequest { s.IfNotExists = IfNotExists return s } -func (s *CreateSCIMSecurityIntegrationRequest) WithNetworkPolicy(NetworkPolicy *AccountObjectIdentifier) *CreateSCIMSecurityIntegrationRequest { +func (s *CreateScimSecurityIntegrationRequest) WithNetworkPolicy(NetworkPolicy *AccountObjectIdentifier) *CreateScimSecurityIntegrationRequest { s.NetworkPolicy = NetworkPolicy return s } -func (s *CreateSCIMSecurityIntegrationRequest) WithSyncPassword(SyncPassword *bool) *CreateSCIMSecurityIntegrationRequest { +func (s *CreateScimSecurityIntegrationRequest) WithSyncPassword(SyncPassword *bool) *CreateScimSecurityIntegrationRequest { s.SyncPassword = SyncPassword return s } -func (s *CreateSCIMSecurityIntegrationRequest) WithComment(Comment *string) *CreateSCIMSecurityIntegrationRequest { +func (s *CreateScimSecurityIntegrationRequest) WithComment(Comment *string) *CreateScimSecurityIntegrationRequest { s.Comment = Comment return s } -func NewAlterSAML2IntegrationSecurityIntegrationRequest( +func NewAlterSaml2SecurityIntegrationRequest( name AccountObjectIdentifier, -) *AlterSAML2IntegrationSecurityIntegrationRequest { - s := AlterSAML2IntegrationSecurityIntegrationRequest{} +) *AlterSaml2SecurityIntegrationRequest { + s := AlterSaml2SecurityIntegrationRequest{} s.name = name return &s } -func (s *AlterSAML2IntegrationSecurityIntegrationRequest) WithIfExists(IfExists *bool) *AlterSAML2IntegrationSecurityIntegrationRequest { +func (s *AlterSaml2SecurityIntegrationRequest) WithIfExists(IfExists *bool) *AlterSaml2SecurityIntegrationRequest { s.IfExists = IfExists return s } -func (s *AlterSAML2IntegrationSecurityIntegrationRequest) WithSetTags(SetTags []TagAssociation) *AlterSAML2IntegrationSecurityIntegrationRequest { +func (s *AlterSaml2SecurityIntegrationRequest) WithSetTags(SetTags []TagAssociation) *AlterSaml2SecurityIntegrationRequest { s.SetTags = SetTags return s } -func (s *AlterSAML2IntegrationSecurityIntegrationRequest) WithUnsetTags(UnsetTags []ObjectIdentifier) *AlterSAML2IntegrationSecurityIntegrationRequest { +func (s *AlterSaml2SecurityIntegrationRequest) WithUnsetTags(UnsetTags []ObjectIdentifier) *AlterSaml2SecurityIntegrationRequest { s.UnsetTags = UnsetTags return s } -func (s *AlterSAML2IntegrationSecurityIntegrationRequest) WithSet(Set *SAML2IntegrationSetRequest) *AlterSAML2IntegrationSecurityIntegrationRequest { +func (s *AlterSaml2SecurityIntegrationRequest) WithSet(Set *Saml2IntegrationSetRequest) *AlterSaml2SecurityIntegrationRequest { s.Set = Set return s } -func (s *AlterSAML2IntegrationSecurityIntegrationRequest) WithUnset(Unset *SAML2IntegrationUnsetRequest) *AlterSAML2IntegrationSecurityIntegrationRequest { +func (s *AlterSaml2SecurityIntegrationRequest) WithUnset(Unset *Saml2IntegrationUnsetRequest) *AlterSaml2SecurityIntegrationRequest { s.Unset = Unset return s } -func (s *AlterSAML2IntegrationSecurityIntegrationRequest) WithRefreshSaml2SnowflakePrivateKey(RefreshSaml2SnowflakePrivateKey *bool) *AlterSAML2IntegrationSecurityIntegrationRequest { +func (s *AlterSaml2SecurityIntegrationRequest) WithRefreshSaml2SnowflakePrivateKey(RefreshSaml2SnowflakePrivateKey *bool) *AlterSaml2SecurityIntegrationRequest { s.RefreshSaml2SnowflakePrivateKey = RefreshSaml2SnowflakePrivateKey return s } -func NewSAML2IntegrationSetRequest() *SAML2IntegrationSetRequest { - return &SAML2IntegrationSetRequest{} +func NewSaml2IntegrationSetRequest() *Saml2IntegrationSetRequest { + return &Saml2IntegrationSetRequest{} } -func (s *SAML2IntegrationSetRequest) WithEnabled(Enabled *bool) *SAML2IntegrationSetRequest { +func (s *Saml2IntegrationSetRequest) WithEnabled(Enabled *bool) *Saml2IntegrationSetRequest { s.Enabled = Enabled return s } -func (s *SAML2IntegrationSetRequest) WithSaml2Issuer(Saml2Issuer *string) *SAML2IntegrationSetRequest { +func (s *Saml2IntegrationSetRequest) WithSaml2Issuer(Saml2Issuer *string) *Saml2IntegrationSetRequest { s.Saml2Issuer = Saml2Issuer return s } -func (s *SAML2IntegrationSetRequest) WithSaml2SsoUrl(Saml2SsoUrl *string) *SAML2IntegrationSetRequest { +func (s *Saml2IntegrationSetRequest) WithSaml2SsoUrl(Saml2SsoUrl *string) *Saml2IntegrationSetRequest { s.Saml2SsoUrl = Saml2SsoUrl return s } -func (s *SAML2IntegrationSetRequest) WithSaml2Provider(Saml2Provider *string) *SAML2IntegrationSetRequest { +func (s *Saml2IntegrationSetRequest) WithSaml2Provider(Saml2Provider *string) *Saml2IntegrationSetRequest { s.Saml2Provider = Saml2Provider return s } -func (s *SAML2IntegrationSetRequest) WithSaml2X509Cert(Saml2X509Cert *string) *SAML2IntegrationSetRequest { +func (s *Saml2IntegrationSetRequest) WithSaml2X509Cert(Saml2X509Cert *string) *Saml2IntegrationSetRequest { s.Saml2X509Cert = Saml2X509Cert return s } -func (s *SAML2IntegrationSetRequest) WithAllowedUserDomains(AllowedUserDomains []UserDomain) *SAML2IntegrationSetRequest { +func (s *Saml2IntegrationSetRequest) WithAllowedUserDomains(AllowedUserDomains []UserDomain) *Saml2IntegrationSetRequest { s.AllowedUserDomains = AllowedUserDomains return s } -func (s *SAML2IntegrationSetRequest) WithAllowedEmailPatterns(AllowedEmailPatterns []EmailPattern) *SAML2IntegrationSetRequest { +func (s *Saml2IntegrationSetRequest) WithAllowedEmailPatterns(AllowedEmailPatterns []EmailPattern) *Saml2IntegrationSetRequest { s.AllowedEmailPatterns = AllowedEmailPatterns return s } -func (s *SAML2IntegrationSetRequest) WithSaml2SpInitiatedLoginPageLabel(Saml2SpInitiatedLoginPageLabel *string) *SAML2IntegrationSetRequest { +func (s *Saml2IntegrationSetRequest) WithSaml2SpInitiatedLoginPageLabel(Saml2SpInitiatedLoginPageLabel *string) *Saml2IntegrationSetRequest { s.Saml2SpInitiatedLoginPageLabel = Saml2SpInitiatedLoginPageLabel return s } -func (s *SAML2IntegrationSetRequest) WithSaml2EnableSpInitiated(Saml2EnableSpInitiated *bool) *SAML2IntegrationSetRequest { +func (s *Saml2IntegrationSetRequest) WithSaml2EnableSpInitiated(Saml2EnableSpInitiated *bool) *Saml2IntegrationSetRequest { s.Saml2EnableSpInitiated = Saml2EnableSpInitiated return s } -func (s *SAML2IntegrationSetRequest) WithSaml2SnowflakeX509Cert(Saml2SnowflakeX509Cert *string) *SAML2IntegrationSetRequest { +func (s *Saml2IntegrationSetRequest) WithSaml2SnowflakeX509Cert(Saml2SnowflakeX509Cert *string) *Saml2IntegrationSetRequest { s.Saml2SnowflakeX509Cert = Saml2SnowflakeX509Cert return s } -func (s *SAML2IntegrationSetRequest) WithSaml2SignRequest(Saml2SignRequest *bool) *SAML2IntegrationSetRequest { +func (s *Saml2IntegrationSetRequest) WithSaml2SignRequest(Saml2SignRequest *bool) *Saml2IntegrationSetRequest { s.Saml2SignRequest = Saml2SignRequest return s } -func (s *SAML2IntegrationSetRequest) WithSaml2RequestedNameidFormat(Saml2RequestedNameidFormat *string) *SAML2IntegrationSetRequest { +func (s *Saml2IntegrationSetRequest) WithSaml2RequestedNameidFormat(Saml2RequestedNameidFormat *string) *Saml2IntegrationSetRequest { s.Saml2RequestedNameidFormat = Saml2RequestedNameidFormat return s } -func (s *SAML2IntegrationSetRequest) WithSaml2PostLogoutRedirectUrl(Saml2PostLogoutRedirectUrl *string) *SAML2IntegrationSetRequest { +func (s *Saml2IntegrationSetRequest) WithSaml2PostLogoutRedirectUrl(Saml2PostLogoutRedirectUrl *string) *Saml2IntegrationSetRequest { s.Saml2PostLogoutRedirectUrl = Saml2PostLogoutRedirectUrl return s } -func (s *SAML2IntegrationSetRequest) WithSaml2ForceAuthn(Saml2ForceAuthn *bool) *SAML2IntegrationSetRequest { +func (s *Saml2IntegrationSetRequest) WithSaml2ForceAuthn(Saml2ForceAuthn *bool) *Saml2IntegrationSetRequest { s.Saml2ForceAuthn = Saml2ForceAuthn return s } -func (s *SAML2IntegrationSetRequest) WithSaml2SnowflakeIssuerUrl(Saml2SnowflakeIssuerUrl *string) *SAML2IntegrationSetRequest { +func (s *Saml2IntegrationSetRequest) WithSaml2SnowflakeIssuerUrl(Saml2SnowflakeIssuerUrl *string) *Saml2IntegrationSetRequest { s.Saml2SnowflakeIssuerUrl = Saml2SnowflakeIssuerUrl return s } -func (s *SAML2IntegrationSetRequest) WithSaml2SnowflakeAcsUrl(Saml2SnowflakeAcsUrl *string) *SAML2IntegrationSetRequest { +func (s *Saml2IntegrationSetRequest) WithSaml2SnowflakeAcsUrl(Saml2SnowflakeAcsUrl *string) *Saml2IntegrationSetRequest { s.Saml2SnowflakeAcsUrl = Saml2SnowflakeAcsUrl return s } -func (s *SAML2IntegrationSetRequest) WithComment(Comment *string) *SAML2IntegrationSetRequest { +func (s *Saml2IntegrationSetRequest) WithComment(Comment *string) *Saml2IntegrationSetRequest { s.Comment = Comment return s } -func NewSAML2IntegrationUnsetRequest() *SAML2IntegrationUnsetRequest { - return &SAML2IntegrationUnsetRequest{} +func NewSaml2IntegrationUnsetRequest() *Saml2IntegrationUnsetRequest { + return &Saml2IntegrationUnsetRequest{} } -func (s *SAML2IntegrationUnsetRequest) WithEnabled(Enabled *bool) *SAML2IntegrationUnsetRequest { +func (s *Saml2IntegrationUnsetRequest) WithEnabled(Enabled *bool) *Saml2IntegrationUnsetRequest { s.Enabled = Enabled return s } -func (s *SAML2IntegrationUnsetRequest) WithSaml2ForceAuthn(Saml2ForceAuthn *bool) *SAML2IntegrationUnsetRequest { +func (s *Saml2IntegrationUnsetRequest) WithSaml2ForceAuthn(Saml2ForceAuthn *bool) *Saml2IntegrationUnsetRequest { s.Saml2ForceAuthn = Saml2ForceAuthn return s } -func (s *SAML2IntegrationUnsetRequest) WithSaml2RequestedNameidFormat(Saml2RequestedNameidFormat *bool) *SAML2IntegrationUnsetRequest { +func (s *Saml2IntegrationUnsetRequest) WithSaml2RequestedNameidFormat(Saml2RequestedNameidFormat *bool) *Saml2IntegrationUnsetRequest { s.Saml2RequestedNameidFormat = Saml2RequestedNameidFormat return s } -func (s *SAML2IntegrationUnsetRequest) WithSaml2PostLogoutRedirectUrl(Saml2PostLogoutRedirectUrl *bool) *SAML2IntegrationUnsetRequest { +func (s *Saml2IntegrationUnsetRequest) WithSaml2PostLogoutRedirectUrl(Saml2PostLogoutRedirectUrl *bool) *Saml2IntegrationUnsetRequest { s.Saml2PostLogoutRedirectUrl = Saml2PostLogoutRedirectUrl return s } -func (s *SAML2IntegrationUnsetRequest) WithComment(Comment *bool) *SAML2IntegrationUnsetRequest { +func (s *Saml2IntegrationUnsetRequest) WithComment(Comment *bool) *Saml2IntegrationUnsetRequest { s.Comment = Comment return s } -func NewAlterSCIMIntegrationSecurityIntegrationRequest( +func NewAlterScimIntegrationSecurityIntegrationRequest( name AccountObjectIdentifier, -) *AlterSCIMIntegrationSecurityIntegrationRequest { - s := AlterSCIMIntegrationSecurityIntegrationRequest{} +) *AlterScimIntegrationSecurityIntegrationRequest { + s := AlterScimIntegrationSecurityIntegrationRequest{} s.name = name return &s } -func (s *AlterSCIMIntegrationSecurityIntegrationRequest) WithIfExists(IfExists *bool) *AlterSCIMIntegrationSecurityIntegrationRequest { +func (s *AlterScimIntegrationSecurityIntegrationRequest) WithIfExists(IfExists *bool) *AlterScimIntegrationSecurityIntegrationRequest { s.IfExists = IfExists return s } -func (s *AlterSCIMIntegrationSecurityIntegrationRequest) WithSetTags(SetTags []TagAssociation) *AlterSCIMIntegrationSecurityIntegrationRequest { +func (s *AlterScimIntegrationSecurityIntegrationRequest) WithSetTags(SetTags []TagAssociation) *AlterScimIntegrationSecurityIntegrationRequest { s.SetTags = SetTags return s } -func (s *AlterSCIMIntegrationSecurityIntegrationRequest) WithUnsetTags(UnsetTags []ObjectIdentifier) *AlterSCIMIntegrationSecurityIntegrationRequest { +func (s *AlterScimIntegrationSecurityIntegrationRequest) WithUnsetTags(UnsetTags []ObjectIdentifier) *AlterScimIntegrationSecurityIntegrationRequest { s.UnsetTags = UnsetTags return s } -func (s *AlterSCIMIntegrationSecurityIntegrationRequest) WithSet(Set *SCIMIntegrationSetRequest) *AlterSCIMIntegrationSecurityIntegrationRequest { +func (s *AlterScimIntegrationSecurityIntegrationRequest) WithSet(Set *ScimIntegrationSetRequest) *AlterScimIntegrationSecurityIntegrationRequest { s.Set = Set return s } -func (s *AlterSCIMIntegrationSecurityIntegrationRequest) WithUnset(Unset *SCIMIntegrationUnsetRequest) *AlterSCIMIntegrationSecurityIntegrationRequest { +func (s *AlterScimIntegrationSecurityIntegrationRequest) WithUnset(Unset *ScimIntegrationUnsetRequest) *AlterScimIntegrationSecurityIntegrationRequest { s.Unset = Unset return s } -func NewSCIMIntegrationSetRequest() *SCIMIntegrationSetRequest { - return &SCIMIntegrationSetRequest{} +func NewScimIntegrationSetRequest() *ScimIntegrationSetRequest { + return &ScimIntegrationSetRequest{} } -func (s *SCIMIntegrationSetRequest) WithEnabled(Enabled *bool) *SCIMIntegrationSetRequest { +func (s *ScimIntegrationSetRequest) WithEnabled(Enabled *bool) *ScimIntegrationSetRequest { s.Enabled = Enabled return s } -func (s *SCIMIntegrationSetRequest) WithNetworkPolicy(NetworkPolicy *AccountObjectIdentifier) *SCIMIntegrationSetRequest { +func (s *ScimIntegrationSetRequest) WithNetworkPolicy(NetworkPolicy *AccountObjectIdentifier) *ScimIntegrationSetRequest { s.NetworkPolicy = NetworkPolicy return s } -func (s *SCIMIntegrationSetRequest) WithSyncPassword(SyncPassword *bool) *SCIMIntegrationSetRequest { +func (s *ScimIntegrationSetRequest) WithSyncPassword(SyncPassword *bool) *ScimIntegrationSetRequest { s.SyncPassword = SyncPassword return s } -func (s *SCIMIntegrationSetRequest) WithComment(Comment *string) *SCIMIntegrationSetRequest { +func (s *ScimIntegrationSetRequest) WithComment(Comment *string) *ScimIntegrationSetRequest { s.Comment = Comment return s } -func NewSCIMIntegrationUnsetRequest() *SCIMIntegrationUnsetRequest { - return &SCIMIntegrationUnsetRequest{} +func NewScimIntegrationUnsetRequest() *ScimIntegrationUnsetRequest { + return &ScimIntegrationUnsetRequest{} } -func (s *SCIMIntegrationUnsetRequest) WithEnabled(Enabled *bool) *SCIMIntegrationUnsetRequest { +func (s *ScimIntegrationUnsetRequest) WithEnabled(Enabled *bool) *ScimIntegrationUnsetRequest { s.Enabled = Enabled return s } -func (s *SCIMIntegrationUnsetRequest) WithNetworkPolicy(NetworkPolicy *bool) *SCIMIntegrationUnsetRequest { +func (s *ScimIntegrationUnsetRequest) WithNetworkPolicy(NetworkPolicy *bool) *ScimIntegrationUnsetRequest { s.NetworkPolicy = NetworkPolicy return s } -func (s *SCIMIntegrationUnsetRequest) WithSyncPassword(SyncPassword *bool) *SCIMIntegrationUnsetRequest { +func (s *ScimIntegrationUnsetRequest) WithSyncPassword(SyncPassword *bool) *ScimIntegrationUnsetRequest { s.SyncPassword = SyncPassword return s } -func (s *SCIMIntegrationUnsetRequest) WithComment(Comment *bool) *SCIMIntegrationUnsetRequest { +func (s *ScimIntegrationUnsetRequest) WithComment(Comment *bool) *ScimIntegrationUnsetRequest { s.Comment = Comment return s } diff --git a/pkg/sdk/security_integrations_dto_gen.go b/pkg/sdk/security_integrations_dto_gen.go index 65807bfd50..c66b1cbc84 100644 --- a/pkg/sdk/security_integrations_dto_gen.go +++ b/pkg/sdk/security_integrations_dto_gen.go @@ -3,16 +3,16 @@ package sdk //go:generate go run ./dto-builder-generator/main.go var ( - _ optionsProvider[CreateSAML2SecurityIntegrationOptions] = new(CreateSAML2SecurityIntegrationRequest) - _ optionsProvider[CreateSCIMSecurityIntegrationOptions] = new(CreateSCIMSecurityIntegrationRequest) - _ optionsProvider[AlterSAML2IntegrationSecurityIntegrationOptions] = new(AlterSAML2IntegrationSecurityIntegrationRequest) - _ optionsProvider[AlterSCIMIntegrationSecurityIntegrationOptions] = new(AlterSCIMIntegrationSecurityIntegrationRequest) - _ optionsProvider[DropSecurityIntegrationOptions] = new(DropSecurityIntegrationRequest) - _ optionsProvider[DescribeSecurityIntegrationOptions] = new(DescribeSecurityIntegrationRequest) - _ optionsProvider[ShowSecurityIntegrationOptions] = new(ShowSecurityIntegrationRequest) + _ optionsProvider[CreateSaml2SecurityIntegrationOptions] = new(CreateSaml2SecurityIntegrationRequest) + _ optionsProvider[CreateScimSecurityIntegrationOptions] = new(CreateScimSecurityIntegrationRequest) + _ optionsProvider[AlterSaml2SecurityIntegrationOptions] = new(AlterSaml2SecurityIntegrationRequest) + _ optionsProvider[AlterScimIntegrationSecurityIntegrationOptions] = new(AlterScimIntegrationSecurityIntegrationRequest) + _ optionsProvider[DropSecurityIntegrationOptions] = new(DropSecurityIntegrationRequest) + _ optionsProvider[DescribeSecurityIntegrationOptions] = new(DescribeSecurityIntegrationRequest) + _ optionsProvider[ShowSecurityIntegrationOptions] = new(ShowSecurityIntegrationRequest) ) -type CreateSAML2SecurityIntegrationRequest struct { +type CreateSaml2SecurityIntegrationRequest struct { OrReplace *bool IfNotExists *bool name AccountObjectIdentifier // required @@ -35,29 +35,37 @@ type CreateSAML2SecurityIntegrationRequest struct { Comment *string } -type CreateSCIMSecurityIntegrationRequest struct { +func (r *CreateSaml2SecurityIntegrationRequest) GetName() AccountObjectIdentifier { + return r.name +} + +type CreateScimSecurityIntegrationRequest struct { OrReplace *bool IfNotExists *bool - name AccountObjectIdentifier // required - Enabled bool // required - ScimClient *SCIMSecurityIntegrationSCIMClientOption // required - RunAsRole *SCIMSecurityIntegrationRunAsRoleOption // required + name AccountObjectIdentifier // required + Enabled bool // required + ScimClient ScimSecurityIntegrationScimClientOption // required + RunAsRole ScimSecurityIntegrationRunAsRoleOption // required NetworkPolicy *AccountObjectIdentifier SyncPassword *bool Comment *string } -type AlterSAML2IntegrationSecurityIntegrationRequest struct { +func (r *CreateScimSecurityIntegrationRequest) GetName() AccountObjectIdentifier { + return r.name +} + +type AlterSaml2SecurityIntegrationRequest struct { IfExists *bool name AccountObjectIdentifier // required SetTags []TagAssociation UnsetTags []ObjectIdentifier - Set *SAML2IntegrationSetRequest - Unset *SAML2IntegrationUnsetRequest + Set *Saml2IntegrationSetRequest + Unset *Saml2IntegrationUnsetRequest RefreshSaml2SnowflakePrivateKey *bool } -type SAML2IntegrationSetRequest struct { +type Saml2IntegrationSetRequest struct { Enabled *bool Saml2Issuer *string Saml2SsoUrl *string @@ -77,7 +85,7 @@ type SAML2IntegrationSetRequest struct { Comment *string } -type SAML2IntegrationUnsetRequest struct { +type Saml2IntegrationUnsetRequest struct { Enabled *bool Saml2ForceAuthn *bool Saml2RequestedNameidFormat *bool @@ -85,23 +93,23 @@ type SAML2IntegrationUnsetRequest struct { Comment *bool } -type AlterSCIMIntegrationSecurityIntegrationRequest struct { +type AlterScimIntegrationSecurityIntegrationRequest struct { IfExists *bool name AccountObjectIdentifier // required SetTags []TagAssociation UnsetTags []ObjectIdentifier - Set *SCIMIntegrationSetRequest - Unset *SCIMIntegrationUnsetRequest + Set *ScimIntegrationSetRequest + Unset *ScimIntegrationUnsetRequest } -type SCIMIntegrationSetRequest struct { +type ScimIntegrationSetRequest struct { Enabled *bool NetworkPolicy *AccountObjectIdentifier SyncPassword *bool Comment *string } -type SCIMIntegrationUnsetRequest struct { +type ScimIntegrationUnsetRequest struct { Enabled *bool NetworkPolicy *bool SyncPassword *bool diff --git a/pkg/sdk/security_integrations_gen.go b/pkg/sdk/security_integrations_gen.go index 07c455d9c2..4e6cbfa70e 100644 --- a/pkg/sdk/security_integrations_gen.go +++ b/pkg/sdk/security_integrations_gen.go @@ -7,18 +7,18 @@ import ( ) type SecurityIntegrations interface { - CreateSAML2(ctx context.Context, request *CreateSAML2SecurityIntegrationRequest) error - CreateSCIM(ctx context.Context, request *CreateSCIMSecurityIntegrationRequest) error - AlterSAML2Integration(ctx context.Context, request *AlterSAML2IntegrationSecurityIntegrationRequest) error - AlterSCIMIntegration(ctx context.Context, request *AlterSCIMIntegrationSecurityIntegrationRequest) error + CreateSaml2(ctx context.Context, request *CreateSaml2SecurityIntegrationRequest) error + CreateScim(ctx context.Context, request *CreateScimSecurityIntegrationRequest) error + AlterSaml2(ctx context.Context, request *AlterSaml2SecurityIntegrationRequest) error + AlterScimIntegration(ctx context.Context, request *AlterScimIntegrationSecurityIntegrationRequest) error Drop(ctx context.Context, request *DropSecurityIntegrationRequest) error Describe(ctx context.Context, id AccountObjectIdentifier) ([]SecurityIntegrationProperty, error) Show(ctx context.Context, request *ShowSecurityIntegrationRequest) ([]SecurityIntegration, error) ShowByID(ctx context.Context, id AccountObjectIdentifier) (*SecurityIntegration, error) } -// CreateSAML2SecurityIntegrationOptions is based on https://docs.snowflake.com/en/sql-reference/sql/create-security-integration-saml2. -type CreateSAML2SecurityIntegrationOptions struct { +// CreateSaml2SecurityIntegrationOptions is based on https://docs.snowflake.com/en/sql-reference/sql/create-security-integration-saml2. +type CreateSaml2SecurityIntegrationOptions struct { create bool `ddl:"static" sql:"CREATE"` OrReplace *bool `ddl:"keyword" sql:"OR REPLACE"` securityIntegration bool `ddl:"static" sql:"SECURITY INTEGRATION"` @@ -52,36 +52,36 @@ type EmailPattern struct { Pattern string `ddl:"keyword,single_quotes"` } -// CreateSCIMSecurityIntegrationOptions is based on https://docs.snowflake.com/en/sql-reference/sql/create-security-integration-scim. -type CreateSCIMSecurityIntegrationOptions struct { - create bool `ddl:"static" sql:"CREATE"` - OrReplace *bool `ddl:"keyword" sql:"OR REPLACE"` - securityIntegration bool `ddl:"static" sql:"SECURITY INTEGRATION"` - IfNotExists *bool `ddl:"keyword" sql:"IF NOT EXISTS"` - name AccountObjectIdentifier `ddl:"identifier"` - integrationType string `ddl:"static" sql:"TYPE = SCIM"` - Enabled bool `ddl:"parameter" sql:"ENABLED"` - ScimClient *SCIMSecurityIntegrationSCIMClientOption `ddl:"parameter,single_quotes" sql:"SCIM_CLIENT"` - RunAsRole *SCIMSecurityIntegrationRunAsRoleOption `ddl:"parameter,single_quotes" sql:"RUN_AS_ROLE"` - NetworkPolicy *AccountObjectIdentifier `ddl:"identifier,equals" sql:"NETWORK_POLICY"` - SyncPassword *bool `ddl:"parameter" sql:"SYNC_PASSWORD"` - Comment *string `ddl:"parameter,single_quotes" sql:"COMMENT"` -} - -// AlterSAML2IntegrationSecurityIntegrationOptions is based on https://docs.snowflake.com/en/sql-reference/sql/alter-security-integration-saml2. -type AlterSAML2IntegrationSecurityIntegrationOptions struct { +// CreateScimSecurityIntegrationOptions is based on https://docs.snowflake.com/en/sql-reference/sql/create-security-integration-scim. +type CreateScimSecurityIntegrationOptions struct { + create bool `ddl:"static" sql:"CREATE"` + OrReplace *bool `ddl:"keyword" sql:"OR REPLACE"` + securityIntegration bool `ddl:"static" sql:"SECURITY INTEGRATION"` + IfNotExists *bool `ddl:"keyword" sql:"IF NOT EXISTS"` + name AccountObjectIdentifier `ddl:"identifier"` + integrationType string `ddl:"static" sql:"TYPE = SCIM"` + Enabled bool `ddl:"parameter" sql:"ENABLED"` + ScimClient ScimSecurityIntegrationScimClientOption `ddl:"parameter,single_quotes" sql:"SCIM_CLIENT"` + RunAsRole ScimSecurityIntegrationRunAsRoleOption `ddl:"parameter,single_quotes" sql:"RUN_AS_ROLE"` + NetworkPolicy *AccountObjectIdentifier `ddl:"identifier,equals" sql:"NETWORK_POLICY"` + SyncPassword *bool `ddl:"parameter" sql:"SYNC_PASSWORD"` + Comment *string `ddl:"parameter,single_quotes" sql:"COMMENT"` +} + +// AlterSaml2SecurityIntegrationOptions is based on https://docs.snowflake.com/en/sql-reference/sql/alter-security-integration-saml2. +type AlterSaml2SecurityIntegrationOptions struct { alter bool `ddl:"static" sql:"ALTER"` securityIntegration bool `ddl:"static" sql:"SECURITY INTEGRATION"` IfExists *bool `ddl:"keyword" sql:"IF EXISTS"` name AccountObjectIdentifier `ddl:"identifier"` SetTags []TagAssociation `ddl:"keyword" sql:"SET TAG"` UnsetTags []ObjectIdentifier `ddl:"keyword" sql:"UNSET TAG"` - Set *SAML2IntegrationSet `ddl:"keyword" sql:"SET"` - Unset *SAML2IntegrationUnset `ddl:"list,no_parentheses" sql:"UNSET"` + Set *Saml2IntegrationSet `ddl:"keyword" sql:"SET"` + Unset *Saml2IntegrationUnset `ddl:"list,no_parentheses" sql:"UNSET"` RefreshSaml2SnowflakePrivateKey *bool `ddl:"keyword" sql:"REFRESH SAML2_SNOWFLAKE_PRIVATE_KEY"` } -type SAML2IntegrationSet struct { +type Saml2IntegrationSet struct { Enabled *bool `ddl:"parameter" sql:"ENABLED"` Saml2Issuer *string `ddl:"parameter,single_quotes" sql:"SAML2_ISSUER"` Saml2SsoUrl *string `ddl:"parameter,single_quotes" sql:"SAML2_SSO_URL"` @@ -101,7 +101,7 @@ type SAML2IntegrationSet struct { Comment *string `ddl:"parameter,single_quotes" sql:"COMMENT"` } -type SAML2IntegrationUnset struct { +type Saml2IntegrationUnset struct { Enabled *bool `ddl:"keyword" sql:"ENABLED"` Saml2ForceAuthn *bool `ddl:"keyword" sql:"SAML2_FORCE_AUTHN"` Saml2RequestedNameidFormat *bool `ddl:"keyword" sql:"SAML2_REQUESTED_NAMEID_FORMAT"` @@ -109,26 +109,26 @@ type SAML2IntegrationUnset struct { Comment *bool `ddl:"keyword" sql:"COMMENT"` } -// AlterSCIMIntegrationSecurityIntegrationOptions is based on https://docs.snowflake.com/en/sql-reference/sql/alter-security-integration-scim. -type AlterSCIMIntegrationSecurityIntegrationOptions struct { +// AlterScimIntegrationSecurityIntegrationOptions is based on https://docs.snowflake.com/en/sql-reference/sql/alter-security-integration-scim. +type AlterScimIntegrationSecurityIntegrationOptions struct { alter bool `ddl:"static" sql:"ALTER"` securityIntegration bool `ddl:"static" sql:"SECURITY INTEGRATION"` IfExists *bool `ddl:"keyword" sql:"IF EXISTS"` name AccountObjectIdentifier `ddl:"identifier"` SetTags []TagAssociation `ddl:"keyword" sql:"SET TAG"` UnsetTags []ObjectIdentifier `ddl:"keyword" sql:"UNSET TAG"` - Set *SCIMIntegrationSet `ddl:"keyword" sql:"SET"` - Unset *SCIMIntegrationUnset `ddl:"list,no_parentheses" sql:"UNSET"` + Set *ScimIntegrationSet `ddl:"keyword" sql:"SET"` + Unset *ScimIntegrationUnset `ddl:"list,no_parentheses" sql:"UNSET"` } -type SCIMIntegrationSet struct { +type ScimIntegrationSet struct { Enabled *bool `ddl:"parameter" sql:"ENABLED"` NetworkPolicy *AccountObjectIdentifier `ddl:"identifier,equals" sql:"NETWORK_POLICY"` SyncPassword *bool `ddl:"parameter" sql:"SYNC_PASSWORD"` Comment *string `ddl:"parameter,single_quotes" sql:"COMMENT"` } -type SCIMIntegrationUnset struct { +type ScimIntegrationUnset struct { Enabled *bool `ddl:"keyword" sql:"ENABLED"` NetworkPolicy *bool `ddl:"keyword" sql:"NETWORK_POLICY"` SyncPassword *bool `ddl:"keyword" sql:"SYNC_PASSWORD"` diff --git a/pkg/sdk/security_integrations_gen_test.go b/pkg/sdk/security_integrations_gen_test.go index bbdc9fc5c8..7265bf3b48 100644 --- a/pkg/sdk/security_integrations_gen_test.go +++ b/pkg/sdk/security_integrations_gen_test.go @@ -4,12 +4,12 @@ import ( "testing" ) -func TestSecurityIntegrations_CreateSAML2(t *testing.T) { +func TestSecurityIntegrations_CreateSaml2(t *testing.T) { id := randomAccountObjectIdentifier() - // Minimal valid CreateSAML2SecurityIntegrationOptions - defaultOpts := func() *CreateSAML2SecurityIntegrationOptions { - return &CreateSAML2SecurityIntegrationOptions{ + // Minimal valid CreateSaml2SecurityIntegrationOptions + defaultOpts := func() *CreateSaml2SecurityIntegrationOptions { + return &CreateSaml2SecurityIntegrationOptions{ name: id, Enabled: true, Saml2Issuer: "issuer", @@ -20,7 +20,7 @@ func TestSecurityIntegrations_CreateSAML2(t *testing.T) { } t.Run("validation: nil options", func(t *testing.T) { - var opts *CreateSAML2SecurityIntegrationOptions = nil + var opts *CreateSaml2SecurityIntegrationOptions = nil assertOptsInvalidJoinedErrors(t, opts, ErrNilOptions) }) @@ -28,7 +28,7 @@ func TestSecurityIntegrations_CreateSAML2(t *testing.T) { opts := defaultOpts() opts.OrReplace = Bool(true) opts.IfNotExists = Bool(true) - assertOptsInvalidJoinedErrors(t, opts, errOneOf("CreateSAML2SecurityIntegrationOptions", "OrReplace", "IfNotExists")) + assertOptsInvalidJoinedErrors(t, opts, errOneOf("CreateSaml2SecurityIntegrationOptions", "OrReplace", "IfNotExists")) }) t.Run("basic", func(t *testing.T) { @@ -57,12 +57,12 @@ func TestSecurityIntegrations_CreateSAML2(t *testing.T) { }) } -func TestSecurityIntegrations_CreateSCIM(t *testing.T) { +func TestSecurityIntegrations_CreateScim(t *testing.T) { id := randomAccountObjectIdentifier() - // Minimal valid CreateSCIMSecurityIntegrationOptions - defaultOpts := func() *CreateSCIMSecurityIntegrationOptions { - return &CreateSCIMSecurityIntegrationOptions{ + // Minimal valid CreateScimSecurityIntegrationOptions + defaultOpts := func() *CreateScimSecurityIntegrationOptions { + return &CreateScimSecurityIntegrationOptions{ name: id, Enabled: true, ScimClient: "GENERIC", @@ -71,7 +71,7 @@ func TestSecurityIntegrations_CreateSCIM(t *testing.T) { } t.Run("validation: nil options", func(t *testing.T) { - var opts *CreateSCIMSecurityIntegrationOptions = nil + var opts *CreateScimSecurityIntegrationOptions = nil assertOptsInvalidJoinedErrors(t, opts, ErrNilOptions) }) @@ -79,7 +79,7 @@ func TestSecurityIntegrations_CreateSCIM(t *testing.T) { opts := defaultOpts() opts.OrReplace = Bool(true) opts.IfNotExists = Bool(true) - assertOptsInvalidJoinedErrors(t, opts, errOneOf("CreateSCIMSecurityIntegrationOptions", "OrReplace", "IfNotExists")) + assertOptsInvalidJoinedErrors(t, opts, errOneOf("CreateScimSecurityIntegrationOptions", "OrReplace", "IfNotExists")) }) t.Run("basic", func(t *testing.T) { @@ -97,24 +97,24 @@ func TestSecurityIntegrations_CreateSCIM(t *testing.T) { }) } -func TestSecurityIntegrations_AlterSAML2Integration(t *testing.T) { +func TestSecurityIntegrations_AlterSaml2Integration(t *testing.T) { id := randomAccountObjectIdentifier() - // Minimal valid AlterSAML2IntegrationSecurityIntegrationOptions - defaultOpts := func() *AlterSAML2IntegrationSecurityIntegrationOptions { - return &AlterSAML2IntegrationSecurityIntegrationOptions{ + // Minimal valid AlterSaml2IntegrationSecurityIntegrationOptions + defaultOpts := func() *AlterSaml2SecurityIntegrationOptions { + return &AlterSaml2SecurityIntegrationOptions{ name: id, } } t.Run("validation: nil options", func(t *testing.T) { - var opts *AlterSAML2IntegrationSecurityIntegrationOptions = nil + var opts *AlterSaml2SecurityIntegrationOptions = nil assertOptsInvalidJoinedErrors(t, opts, ErrNilOptions) }) t.Run("validation: valid identifier for [opts.name]", func(t *testing.T) { opts := defaultOpts() - opts.Set = &SAML2IntegrationSet{ + opts.Set = &Saml2IntegrationSet{ Enabled: Pointer(true), } opts.name = NewAccountObjectIdentifier("") @@ -123,22 +123,22 @@ func TestSecurityIntegrations_AlterSAML2Integration(t *testing.T) { t.Run("validation: at least one of the fields [opts.Set.*] should be set", func(t *testing.T) { opts := defaultOpts() - opts.Set = &SAML2IntegrationSet{} - assertOptsInvalidJoinedErrors(t, opts, errAtLeastOneOf("AlterSAML2IntegrationSecurityIntegrationOptions.Set", "Enabled", "Saml2Issuer", "Saml2SsoUrl", "Saml2Provider", + opts.Set = &Saml2IntegrationSet{} + assertOptsInvalidJoinedErrors(t, opts, errAtLeastOneOf("AlterSaml2IntegrationSecurityIntegrationOptions.Set", "Enabled", "Saml2Issuer", "Saml2SsoUrl", "Saml2Provider", "Saml2X509Cert", "AllowedUserDomains", "AllowedEmailPatterns", "Saml2SpInitiatedLoginPageLabel", "Saml2EnableSpInitiated", "Saml2SnowflakeX509Cert", "Saml2SignRequest", "Saml2RequestedNameidFormat", "Saml2PostLogoutRedirectUrl", "Saml2ForceAuthn", "Saml2SnowflakeIssuerUrl", "Saml2SnowflakeAcsUrl", "Comment")) }) t.Run("validation: at least one of the fields [opts.Unset.*] should be set", func(t *testing.T) { opts := defaultOpts() - opts.Unset = &SAML2IntegrationUnset{} - assertOptsInvalidJoinedErrors(t, opts, errAtLeastOneOf("AlterSAML2IntegrationSecurityIntegrationOptions.Unset", + opts.Unset = &Saml2IntegrationUnset{} + assertOptsInvalidJoinedErrors(t, opts, errAtLeastOneOf("AlterSaml2IntegrationSecurityIntegrationOptions.Unset", "Enabled", "Saml2ForceAuthn", "Saml2RequestedNameidFormat", "Saml2PostLogoutRedirectUrl", "Comment")) }) t.Run("all options - set", func(t *testing.T) { opts := defaultOpts() - opts.Set = &SAML2IntegrationSet{ + opts.Set = &Saml2IntegrationSet{ Enabled: Pointer(true), Saml2Issuer: Pointer("issuer"), Saml2SsoUrl: Pointer("url"), @@ -165,7 +165,7 @@ func TestSecurityIntegrations_AlterSAML2Integration(t *testing.T) { t.Run("all options - unset", func(t *testing.T) { opts := defaultOpts() - opts.Unset = &SAML2IntegrationUnset{ + opts.Unset = &Saml2IntegrationUnset{ Enabled: Pointer(true), Saml2ForceAuthn: Pointer(true), Saml2RequestedNameidFormat: Pointer(true), @@ -182,24 +182,24 @@ func TestSecurityIntegrations_AlterSAML2Integration(t *testing.T) { }) } -func TestSecurityIntegrations_AlterSCIMIntegration(t *testing.T) { +func TestSecurityIntegrations_AlterScimIntegration(t *testing.T) { id := randomAccountObjectIdentifier() - // Minimal valid AlterSCIMIntegrationSecurityIntegrationOptions - defaultOpts := func() *AlterSCIMIntegrationSecurityIntegrationOptions { - return &AlterSCIMIntegrationSecurityIntegrationOptions{ + // Minimal valid AlterScimIntegrationSecurityIntegrationOptions + defaultOpts := func() *AlterScimIntegrationSecurityIntegrationOptions { + return &AlterScimIntegrationSecurityIntegrationOptions{ name: id, } } t.Run("validation: nil options", func(t *testing.T) { - var opts *AlterSCIMIntegrationSecurityIntegrationOptions = nil + var opts *AlterScimIntegrationSecurityIntegrationOptions = nil assertOptsInvalidJoinedErrors(t, opts, ErrNilOptions) }) t.Run("validation: valid identifier for [opts.name]", func(t *testing.T) { opts := defaultOpts() - opts.Set = &SCIMIntegrationSet{ + opts.Set = &ScimIntegrationSet{ Enabled: Pointer(true), } opts.name = NewAccountObjectIdentifier("") @@ -208,20 +208,20 @@ func TestSecurityIntegrations_AlterSCIMIntegration(t *testing.T) { t.Run("validation: at least one of the fields [opts.Set.*] should be set", func(t *testing.T) { opts := defaultOpts() - opts.Set = &SCIMIntegrationSet{} - assertOptsInvalidJoinedErrors(t, opts, errAtLeastOneOf("AlterSCIMIntegrationSecurityIntegrationOptions.Set", "Enabled", "NetworkPolicy", "SyncPassword", "Comment")) + opts.Set = &ScimIntegrationSet{} + assertOptsInvalidJoinedErrors(t, opts, errAtLeastOneOf("AlterScimIntegrationSecurityIntegrationOptions.Set", "Enabled", "NetworkPolicy", "SyncPassword", "Comment")) }) t.Run("validation: at least one of the fields [opts.Unset.*] should be set", func(t *testing.T) { opts := defaultOpts() - opts.Unset = &SCIMIntegrationUnset{} - assertOptsInvalidJoinedErrors(t, opts, errAtLeastOneOf("AlterSCIMIntegrationSecurityIntegrationOptions.Unset", "Enabled", "NetworkPolicy", "SyncPassword", "Comment")) + opts.Unset = &ScimIntegrationUnset{} + assertOptsInvalidJoinedErrors(t, opts, errAtLeastOneOf("AlterScimIntegrationSecurityIntegrationOptions.Unset", "Enabled", "NetworkPolicy", "SyncPassword", "Comment")) }) t.Run("all options - set", func(t *testing.T) { opts := defaultOpts() networkPolicyID := randomAccountObjectIdentifier() - opts.Set = &SCIMIntegrationSet{ + opts.Set = &ScimIntegrationSet{ Enabled: Pointer(true), NetworkPolicy: Pointer(networkPolicyID), SyncPassword: Pointer(true), @@ -233,7 +233,7 @@ func TestSecurityIntegrations_AlterSCIMIntegration(t *testing.T) { t.Run("all options - unset", func(t *testing.T) { opts := defaultOpts() - opts.Unset = &SCIMIntegrationUnset{ + opts.Unset = &ScimIntegrationUnset{ Enabled: Pointer(true), NetworkPolicy: Pointer(true), SyncPassword: Pointer(true), diff --git a/pkg/sdk/security_integrations_impl_gen.go b/pkg/sdk/security_integrations_impl_gen.go index c2c57aa957..a1284bcb32 100644 --- a/pkg/sdk/security_integrations_impl_gen.go +++ b/pkg/sdk/security_integrations_impl_gen.go @@ -12,22 +12,22 @@ type securityIntegrations struct { client *Client } -func (v *securityIntegrations) CreateSAML2(ctx context.Context, request *CreateSAML2SecurityIntegrationRequest) error { +func (v *securityIntegrations) CreateSaml2(ctx context.Context, request *CreateSaml2SecurityIntegrationRequest) error { opts := request.toOpts() return validateAndExec(v.client, ctx, opts) } -func (v *securityIntegrations) CreateSCIM(ctx context.Context, request *CreateSCIMSecurityIntegrationRequest) error { +func (v *securityIntegrations) CreateScim(ctx context.Context, request *CreateScimSecurityIntegrationRequest) error { opts := request.toOpts() return validateAndExec(v.client, ctx, opts) } -func (v *securityIntegrations) AlterSAML2Integration(ctx context.Context, request *AlterSAML2IntegrationSecurityIntegrationRequest) error { +func (v *securityIntegrations) AlterSaml2(ctx context.Context, request *AlterSaml2SecurityIntegrationRequest) error { opts := request.toOpts() return validateAndExec(v.client, ctx, opts) } -func (v *securityIntegrations) AlterSCIMIntegration(ctx context.Context, request *AlterSCIMIntegrationSecurityIntegrationRequest) error { +func (v *securityIntegrations) AlterScimIntegration(ctx context.Context, request *AlterScimIntegrationSecurityIntegrationRequest) error { opts := request.toOpts() return validateAndExec(v.client, ctx, opts) } @@ -68,8 +68,8 @@ func (v *securityIntegrations) ShowByID(ctx context.Context, id AccountObjectIde return collections.FindOne(securityIntegrations, func(r SecurityIntegration) bool { return r.Name == id.Name() }) } -func (r *CreateSAML2SecurityIntegrationRequest) toOpts() *CreateSAML2SecurityIntegrationOptions { - opts := &CreateSAML2SecurityIntegrationOptions{ +func (r *CreateSaml2SecurityIntegrationRequest) toOpts() *CreateSaml2SecurityIntegrationOptions { + opts := &CreateSaml2SecurityIntegrationOptions{ OrReplace: r.OrReplace, IfNotExists: r.IfNotExists, name: r.name, @@ -94,8 +94,8 @@ func (r *CreateSAML2SecurityIntegrationRequest) toOpts() *CreateSAML2SecurityInt return opts } -func (r *CreateSCIMSecurityIntegrationRequest) toOpts() *CreateSCIMSecurityIntegrationOptions { - opts := &CreateSCIMSecurityIntegrationOptions{ +func (r *CreateScimSecurityIntegrationRequest) toOpts() *CreateScimSecurityIntegrationOptions { + opts := &CreateScimSecurityIntegrationOptions{ OrReplace: r.OrReplace, IfNotExists: r.IfNotExists, name: r.name, @@ -109,8 +109,8 @@ func (r *CreateSCIMSecurityIntegrationRequest) toOpts() *CreateSCIMSecurityInteg return opts } -func (r *AlterSAML2IntegrationSecurityIntegrationRequest) toOpts() *AlterSAML2IntegrationSecurityIntegrationOptions { - opts := &AlterSAML2IntegrationSecurityIntegrationOptions{ +func (r *AlterSaml2SecurityIntegrationRequest) toOpts() *AlterSaml2SecurityIntegrationOptions { + opts := &AlterSaml2SecurityIntegrationOptions{ IfExists: r.IfExists, name: r.name, SetTags: r.SetTags, @@ -119,7 +119,7 @@ func (r *AlterSAML2IntegrationSecurityIntegrationRequest) toOpts() *AlterSAML2In RefreshSaml2SnowflakePrivateKey: r.RefreshSaml2SnowflakePrivateKey, } if r.Set != nil { - opts.Set = &SAML2IntegrationSet{ + opts.Set = &Saml2IntegrationSet{ Enabled: r.Set.Enabled, Saml2Issuer: r.Set.Saml2Issuer, Saml2SsoUrl: r.Set.Saml2SsoUrl, @@ -140,7 +140,7 @@ func (r *AlterSAML2IntegrationSecurityIntegrationRequest) toOpts() *AlterSAML2In } } if r.Unset != nil { - opts.Unset = &SAML2IntegrationUnset{ + opts.Unset = &Saml2IntegrationUnset{ Enabled: r.Unset.Enabled, Saml2ForceAuthn: r.Unset.Saml2ForceAuthn, Saml2RequestedNameidFormat: r.Unset.Saml2RequestedNameidFormat, @@ -151,15 +151,15 @@ func (r *AlterSAML2IntegrationSecurityIntegrationRequest) toOpts() *AlterSAML2In return opts } -func (r *AlterSCIMIntegrationSecurityIntegrationRequest) toOpts() *AlterSCIMIntegrationSecurityIntegrationOptions { - opts := &AlterSCIMIntegrationSecurityIntegrationOptions{ +func (r *AlterScimIntegrationSecurityIntegrationRequest) toOpts() *AlterScimIntegrationSecurityIntegrationOptions { + opts := &AlterScimIntegrationSecurityIntegrationOptions{ IfExists: r.IfExists, name: r.name, SetTags: r.SetTags, UnsetTags: r.UnsetTags, } if r.Set != nil { - opts.Set = &SCIMIntegrationSet{ + opts.Set = &ScimIntegrationSet{ Enabled: r.Set.Enabled, NetworkPolicy: r.Set.NetworkPolicy, SyncPassword: r.Set.SyncPassword, @@ -167,7 +167,7 @@ func (r *AlterSCIMIntegrationSecurityIntegrationRequest) toOpts() *AlterSCIMInte } } if r.Unset != nil { - opts.Unset = &SCIMIntegrationUnset{ + opts.Unset = &ScimIntegrationUnset{ Enabled: r.Unset.Enabled, NetworkPolicy: r.Unset.NetworkPolicy, SyncPassword: r.Unset.SyncPassword, diff --git a/pkg/sdk/security_integrations_validations_gen.go b/pkg/sdk/security_integrations_validations_gen.go index f34ad2a80f..bca264a404 100644 --- a/pkg/sdk/security_integrations_validations_gen.go +++ b/pkg/sdk/security_integrations_validations_gen.go @@ -1,16 +1,16 @@ package sdk var ( - _ validatable = new(CreateSAML2SecurityIntegrationOptions) - _ validatable = new(CreateSCIMSecurityIntegrationOptions) - _ validatable = new(AlterSAML2IntegrationSecurityIntegrationOptions) - _ validatable = new(AlterSCIMIntegrationSecurityIntegrationOptions) + _ validatable = new(CreateSaml2SecurityIntegrationOptions) + _ validatable = new(CreateScimSecurityIntegrationOptions) + _ validatable = new(AlterSaml2SecurityIntegrationOptions) + _ validatable = new(AlterScimIntegrationSecurityIntegrationOptions) _ validatable = new(DropSecurityIntegrationOptions) _ validatable = new(DescribeSecurityIntegrationOptions) _ validatable = new(ShowSecurityIntegrationOptions) ) -func (opts *CreateSAML2SecurityIntegrationOptions) validate() error { +func (opts *CreateSaml2SecurityIntegrationOptions) validate() error { if opts == nil { return ErrNilOptions } @@ -19,12 +19,12 @@ func (opts *CreateSAML2SecurityIntegrationOptions) validate() error { errs = append(errs, ErrInvalidObjectIdentifier) } if everyValueSet(opts.OrReplace, opts.IfNotExists) { - errs = append(errs, errOneOf("CreateSAML2SecurityIntegrationOptions", "OrReplace", "IfNotExists")) + errs = append(errs, errOneOf("CreateSaml2SecurityIntegrationOptions", "OrReplace", "IfNotExists")) } return JoinErrors(errs...) } -func (opts *CreateSCIMSecurityIntegrationOptions) validate() error { +func (opts *CreateScimSecurityIntegrationOptions) validate() error { if opts == nil { return ErrNilOptions } @@ -33,12 +33,12 @@ func (opts *CreateSCIMSecurityIntegrationOptions) validate() error { errs = append(errs, ErrInvalidObjectIdentifier) } if everyValueSet(opts.OrReplace, opts.IfNotExists) { - errs = append(errs, errOneOf("CreateSCIMSecurityIntegrationOptions", "OrReplace", "IfNotExists")) + errs = append(errs, errOneOf("CreateScimSecurityIntegrationOptions", "OrReplace", "IfNotExists")) } return JoinErrors(errs...) } -func (opts *AlterSAML2IntegrationSecurityIntegrationOptions) validate() error { +func (opts *AlterSaml2SecurityIntegrationOptions) validate() error { if opts == nil { return ErrNilOptions } @@ -47,22 +47,22 @@ func (opts *AlterSAML2IntegrationSecurityIntegrationOptions) validate() error { errs = append(errs, ErrInvalidObjectIdentifier) } if !exactlyOneValueSet(opts.Set, opts.Unset, opts.RefreshSaml2SnowflakePrivateKey, opts.SetTags, opts.UnsetTags) { - errs = append(errs, errExactlyOneOf("AlterSAML2IntegrationSecurityIntegrationOptions", "Set", "Unset", "RefreshSaml2SnowflakePrivateKey", "SetTags", "UnsetTags")) + errs = append(errs, errExactlyOneOf("AlterSaml2SecurityIntegrationOptions", "Set", "Unset", "RefreshSaml2SnowflakePrivateKey", "SetTags", "UnsetTags")) } if valueSet(opts.Set) { if !anyValueSet(opts.Set.Enabled, opts.Set.Saml2Issuer, opts.Set.Saml2SsoUrl, opts.Set.Saml2Provider, opts.Set.Saml2X509Cert, opts.Set.AllowedUserDomains, opts.Set.AllowedEmailPatterns, opts.Set.Saml2SpInitiatedLoginPageLabel, opts.Set.Saml2EnableSpInitiated, opts.Set.Saml2SnowflakeX509Cert, opts.Set.Saml2SignRequest, opts.Set.Saml2RequestedNameidFormat, opts.Set.Saml2PostLogoutRedirectUrl, opts.Set.Saml2ForceAuthn, opts.Set.Saml2SnowflakeIssuerUrl, opts.Set.Saml2SnowflakeAcsUrl, opts.Set.Comment) { - errs = append(errs, errAtLeastOneOf("AlterSAML2IntegrationSecurityIntegrationOptions.Set", "Enabled", "Saml2Issuer", "Saml2SsoUrl", "Saml2Provider", "Saml2X509Cert", "AllowedUserDomains", "AllowedEmailPatterns", "Saml2SpInitiatedLoginPageLabel", "Saml2EnableSpInitiated", "Saml2SnowflakeX509Cert", "Saml2SignRequest", "Saml2RequestedNameidFormat", "Saml2PostLogoutRedirectUrl", "Saml2ForceAuthn", "Saml2SnowflakeIssuerUrl", "Saml2SnowflakeAcsUrl", "Comment")) + errs = append(errs, errAtLeastOneOf("AlterSaml2SecurityIntegrationOptions.Set", "Enabled", "Saml2Issuer", "Saml2SsoUrl", "Saml2Provider", "Saml2X509Cert", "AllowedUserDomains", "AllowedEmailPatterns", "Saml2SpInitiatedLoginPageLabel", "Saml2EnableSpInitiated", "Saml2SnowflakeX509Cert", "Saml2SignRequest", "Saml2RequestedNameidFormat", "Saml2PostLogoutRedirectUrl", "Saml2ForceAuthn", "Saml2SnowflakeIssuerUrl", "Saml2SnowflakeAcsUrl", "Comment")) } } if valueSet(opts.Unset) { if !anyValueSet(opts.Unset.Enabled, opts.Unset.Saml2ForceAuthn, opts.Unset.Saml2RequestedNameidFormat, opts.Unset.Saml2PostLogoutRedirectUrl, opts.Unset.Comment) { - errs = append(errs, errAtLeastOneOf("AlterSAML2IntegrationSecurityIntegrationOptions.Unset", "Enabled", "Saml2ForceAuthn", "Saml2RequestedNameidFormat", "Saml2PostLogoutRedirectUrl", "Comment")) + errs = append(errs, errAtLeastOneOf("AlterSaml2SecurityIntegrationOptions.Unset", "Enabled", "Saml2ForceAuthn", "Saml2RequestedNameidFormat", "Saml2PostLogoutRedirectUrl", "Comment")) } } return JoinErrors(errs...) } -func (opts *AlterSCIMIntegrationSecurityIntegrationOptions) validate() error { +func (opts *AlterScimIntegrationSecurityIntegrationOptions) validate() error { if opts == nil { return ErrNilOptions } @@ -71,16 +71,16 @@ func (opts *AlterSCIMIntegrationSecurityIntegrationOptions) validate() error { errs = append(errs, ErrInvalidObjectIdentifier) } if !exactlyOneValueSet(opts.Set, opts.Unset, opts.SetTags, opts.UnsetTags) { - errs = append(errs, errExactlyOneOf("AlterSCIMIntegrationSecurityIntegrationOptions", "Set", "Unset", "SetTags", "UnsetTags")) + errs = append(errs, errExactlyOneOf("AlterScimIntegrationSecurityIntegrationOptions", "Set", "Unset", "SetTags", "UnsetTags")) } if valueSet(opts.Set) { if !anyValueSet(opts.Set.Enabled, opts.Set.NetworkPolicy, opts.Set.SyncPassword, opts.Set.Comment) { - errs = append(errs, errAtLeastOneOf("AlterSCIMIntegrationSecurityIntegrationOptions.Set", "Enabled", "NetworkPolicy", "SyncPassword", "Comment")) + errs = append(errs, errAtLeastOneOf("AlterScimIntegrationSecurityIntegrationOptions.Set", "Enabled", "NetworkPolicy", "SyncPassword", "Comment")) } } if valueSet(opts.Unset) { if !anyValueSet(opts.Unset.Enabled, opts.Unset.NetworkPolicy, opts.Unset.SyncPassword, opts.Unset.Comment) { - errs = append(errs, errAtLeastOneOf("AlterSCIMIntegrationSecurityIntegrationOptions.Unset", "Enabled", "NetworkPolicy", "SyncPassword", "Comment")) + errs = append(errs, errAtLeastOneOf("AlterScimIntegrationSecurityIntegrationOptions.Unset", "Enabled", "NetworkPolicy", "SyncPassword", "Comment")) } } return JoinErrors(errs...) diff --git a/pkg/sdk/testint/security_integrations_gen_integration_test.go b/pkg/sdk/testint/security_integrations_gen_integration_test.go index 0ef5cbda6c..974dd69fd5 100644 --- a/pkg/sdk/testint/security_integrations_gen_integration_test.go +++ b/pkg/sdk/testint/security_integrations_gen_integration_test.go @@ -47,21 +47,21 @@ func TestInt_SecurityIntegrations(t *testing.T) { PhfG6C4ddUpAISJhmEViuXq4nVxe0Vk3Efo2 ` - createSAML2Integration := func(t *testing.T, siID sdk.AccountObjectIdentifier, with func(*sdk.CreateSAML2SecurityIntegrationRequest)) { + createSAML2Integration := func(t *testing.T, siID sdk.AccountObjectIdentifier, with func(*sdk.CreateSaml2SecurityIntegrationRequest)) { t.Helper() _, err := client.ExecForTests(ctx, "ALTER ACCOUNT SET ENABLE_IDENTIFIER_FIRST_LOGIN = true") require.NoError(t, err) - saml2Req := sdk.NewCreateSAML2SecurityIntegrationRequest(siID, false, "test", "https://example.com", "Custom", x509) + saml2Req := sdk.NewCreateSaml2SecurityIntegrationRequest(siID, false, "test", "https://example.com", "Custom", x509) if with != nil { with(saml2Req) } - err = client.SecurityIntegrations.CreateSAML2(ctx, saml2Req) + err = client.SecurityIntegrations.CreateSaml2(ctx, saml2Req) require.NoError(t, err) cleanupSecurityIntegration(t, siID) } - createSCIMIntegration := func(t *testing.T, siID sdk.AccountObjectIdentifier, with func(*sdk.CreateSCIMSecurityIntegrationRequest)) { + createSCIMIntegration := func(t *testing.T, siID sdk.AccountObjectIdentifier, with func(*sdk.CreateScimSecurityIntegrationRequest)) { t.Helper() roleID := sdk.NewAccountObjectIdentifier("GENERIC_SCIM_PROVISIONER") err := client.Roles.Create(ctx, sdk.NewCreateRoleRequest(roleID).WithIfNotExists(true)) @@ -74,11 +74,11 @@ func TestInt_SecurityIntegrations(t *testing.T) { err = client.Roles.Grant(ctx, sdk.NewGrantRoleRequest(roleID, sdk.GrantRole{Role: sdk.Pointer(sdk.NewAccountObjectIdentifier(currentRole))})) require.NoError(t, err) - scimReq := sdk.NewCreateSCIMSecurityIntegrationRequest(siID, false, &sdk.SCIMSecurityIntegrationSCIMClientGeneric, &sdk.SCIMSecurityIntegrationRunAsRoleGenericScimProvisioner) + scimReq := sdk.NewCreateScimSecurityIntegrationRequest(siID, false, sdk.ScimSecurityIntegrationScimClientGeneric, sdk.ScimSecurityIntegrationRunAsRoleGenericScimProvisioner) if with != nil { with(scimReq) } - err = client.SecurityIntegrations.CreateSCIM(ctx, scimReq) + err = client.SecurityIntegrations.CreateScim(ctx, scimReq) require.NoError(t, err) cleanupSecurityIntegration(t, siID) } @@ -138,9 +138,9 @@ func TestInt_SecurityIntegrations(t *testing.T) { assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "ALLOWED_EMAIL_PATTERNS", Type: "List", Value: d.allowedEmailPatterns, Default: "[]"}) } - t.Run("CreateSAML2", func(t *testing.T) { + t.Run("CreateSaml2", func(t *testing.T) { id := testClientHelper().Ids.RandomAccountObjectIdentifier() - createSAML2Integration(t, id, func(r *sdk.CreateSAML2SecurityIntegrationRequest) { + createSAML2Integration(t, id, func(r *sdk.CreateSaml2SecurityIntegrationRequest) { r.WithAllowedEmailPatterns([]sdk.EmailPattern{{Pattern: "^(.+dev)@example.com$"}}). WithAllowedUserDomains([]sdk.UserDomain{{Domain: "example.com"}}). WithComment(sdk.Pointer("a")). @@ -152,6 +152,7 @@ func TestInt_SecurityIntegrations(t *testing.T) { WithSaml2SnowflakeAcsUrl(&acsURL). WithSaml2SnowflakeIssuerUrl(&issuerURL). WithSaml2SpInitiatedLoginPageLabel(sdk.Pointer("label")) + // WithSaml2SnowflakeX509Cert(sdk.Pointer(x509)) }) details, err := client.SecurityIntegrations.Describe(ctx, id) require.NoError(t, err) @@ -178,12 +179,12 @@ func TestInt_SecurityIntegrations(t *testing.T) { assertSecurityIntegration(t, si, id, "SAML2", false, "a") }) - t.Run("CreateSCIM", func(t *testing.T) { + t.Run("CreateScim", func(t *testing.T) { networkPolicy, networkPolicyCleanup := testClientHelper().NetworkPolicy.CreateNetworkPolicy(t) t.Cleanup(networkPolicyCleanup) id := testClientHelper().Ids.RandomAccountObjectIdentifier() - createSCIMIntegration(t, id, func(r *sdk.CreateSCIMSecurityIntegrationRequest) { + createSCIMIntegration(t, id, func(r *sdk.CreateScimSecurityIntegrationRequest) { r.WithComment(sdk.Pointer("a")). WithNetworkPolicy(sdk.Pointer(sdk.NewAccountObjectIdentifier(networkPolicy.Name))). WithSyncPassword(sdk.Pointer(false)) @@ -202,9 +203,9 @@ func TestInt_SecurityIntegrations(t *testing.T) { id := testClientHelper().Ids.RandomAccountObjectIdentifier() createSAML2Integration(t, id, nil) - setRequest := sdk.NewAlterSAML2IntegrationSecurityIntegrationRequest(id). + setRequest := sdk.NewAlterSaml2SecurityIntegrationRequest(id). WithSet( - sdk.NewSAML2IntegrationSetRequest(). + sdk.NewSaml2IntegrationSetRequest(). WithComment(sdk.Pointer("a")). WithSaml2EnableSpInitiated(sdk.Pointer(true)). WithSaml2ForceAuthn(sdk.Pointer(true)). @@ -217,7 +218,7 @@ func TestInt_SecurityIntegrations(t *testing.T) { WithAllowedEmailPatterns([]sdk.EmailPattern{{Pattern: "^(.+dev)@example.com$"}}). WithAllowedUserDomains([]sdk.UserDomain{{Domain: "example.com"}}), ) - err := client.SecurityIntegrations.AlterSAML2Integration(ctx, setRequest) + err := client.SecurityIntegrations.AlterSaml2(ctx, setRequest) require.NoError(t, err) details, err := client.SecurityIntegrations.Describe(ctx, id) @@ -240,14 +241,14 @@ func TestInt_SecurityIntegrations(t *testing.T) { allowedEmailPatterns: "[^(.+dev)@example.com$]", }) - unsetRequest := sdk.NewAlterSAML2IntegrationSecurityIntegrationRequest(id). + unsetRequest := sdk.NewAlterSaml2SecurityIntegrationRequest(id). WithUnset( - sdk.NewSAML2IntegrationUnsetRequest(). + sdk.NewSaml2IntegrationUnsetRequest(). WithSaml2ForceAuthn(sdk.Pointer(true)). WithSaml2RequestedNameidFormat(sdk.Pointer(true)). WithSaml2PostLogoutRedirectUrl(sdk.Pointer(true)), ) - err = client.SecurityIntegrations.AlterSAML2Integration(ctx, unsetRequest) + err = client.SecurityIntegrations.AlterSaml2(ctx, unsetRequest) require.NoError(t, err) details, err = client.SecurityIntegrations.Describe(ctx, id) @@ -261,37 +262,77 @@ func TestInt_SecurityIntegrations(t *testing.T) { id := testClientHelper().Ids.RandomAccountObjectIdentifier() createSAML2Integration(t, id, nil) - setRequest := sdk.NewAlterSAML2IntegrationSecurityIntegrationRequest(id).WithRefreshSaml2SnowflakePrivateKey(sdk.Pointer(true)) - err := client.SecurityIntegrations.AlterSAML2Integration(ctx, setRequest) + setRequest := sdk.NewAlterSaml2SecurityIntegrationRequest(id).WithRefreshSaml2SnowflakePrivateKey(sdk.Pointer(true)) + err := client.SecurityIntegrations.AlterSaml2(ctx, setRequest) require.NoError(t, err) }) + t.Run("AlterSAML2Integration - set and unset tags", func(t *testing.T) { + tag, tagCleanup := testClientHelper().Tag.CreateTag(t) + t.Cleanup(tagCleanup) + + id := testClientHelper().Ids.RandomAccountObjectIdentifier() + createSAML2Integration(t, id, nil) + + tagValue := "abc" + tags := []sdk.TagAssociation{ + { + Name: tag.ID(), + Value: tagValue, + }, + } + alterRequestSetTags := sdk.NewAlterSaml2SecurityIntegrationRequest(id).WithSetTags(tags) + + err := client.SecurityIntegrations.AlterSaml2(ctx, alterRequestSetTags) + require.NoError(t, err) + + returnedTagValue, err := client.SystemFunctions.GetTag(ctx, tag.ID(), id, sdk.ObjectTypeIntegration) + require.NoError(t, err) + + assert.Equal(t, tagValue, returnedTagValue) + + unsetTags := []sdk.ObjectIdentifier{ + tag.ID(), + } + alterRequestUnsetTags := sdk.NewAlterSaml2SecurityIntegrationRequest(id).WithUnsetTags(unsetTags) + + err = client.SecurityIntegrations.AlterSaml2(ctx, alterRequestUnsetTags) + require.NoError(t, err) + + _, err = client.SystemFunctions.GetTag(ctx, tag.ID(), id, sdk.ObjectTypeIntegration) + require.Error(t, err) + }) + t.Run("AlterSCIMIntegration", func(t *testing.T) { id := testClientHelper().Ids.RandomAccountObjectIdentifier() createSCIMIntegration(t, id, nil) - setRequest := sdk.NewAlterSCIMIntegrationSecurityIntegrationRequest(id). + networkPolicy, networkPolicyCleanup := testClientHelper().NetworkPolicy.CreateNetworkPolicy(t) + t.Cleanup(networkPolicyCleanup) + + setRequest := sdk.NewAlterScimIntegrationSecurityIntegrationRequest(id). WithSet( - sdk.NewSCIMIntegrationSetRequest(). + sdk.NewScimIntegrationSetRequest(). + WithNetworkPolicy(sdk.Pointer(sdk.NewAccountObjectIdentifier(networkPolicy.Name))). WithEnabled(sdk.Bool(true)). WithSyncPassword(sdk.Bool(false)). WithComment(sdk.String("altered")), ) - err := client.SecurityIntegrations.AlterSCIMIntegration(ctx, setRequest) + err := client.SecurityIntegrations.AlterScimIntegration(ctx, setRequest) require.NoError(t, err) details, err := client.SecurityIntegrations.Describe(ctx, id) require.NoError(t, err) - assertSCIMDescribe(details, "true", "", "GENERIC_SCIM_PROVISIONER", "false", "altered") + assertSCIMDescribe(details, "true", networkPolicy.Name, "GENERIC_SCIM_PROVISIONER", "false", "altered") - unsetRequest := sdk.NewAlterSCIMIntegrationSecurityIntegrationRequest(id). + unsetRequest := sdk.NewAlterScimIntegrationSecurityIntegrationRequest(id). WithUnset( - sdk.NewSCIMIntegrationUnsetRequest(). + sdk.NewScimIntegrationUnsetRequest(). WithNetworkPolicy(sdk.Bool(true)). WithSyncPassword(sdk.Bool(true)), ) - err = client.SecurityIntegrations.AlterSCIMIntegration(ctx, unsetRequest) + err = client.SecurityIntegrations.AlterScimIntegration(ctx, unsetRequest) require.NoError(t, err) details, err = client.SecurityIntegrations.Describe(ctx, id) @@ -300,7 +341,7 @@ func TestInt_SecurityIntegrations(t *testing.T) { assertSCIMDescribe(details, "true", "", "GENERIC_SCIM_PROVISIONER", "true", "altered") }) - t.Run("Alter - set and unset tags", func(t *testing.T) { + t.Run("AlterSCIMIntegration - set and unset tags", func(t *testing.T) { tag, tagCleanup := testClientHelper().Tag.CreateTag(t) t.Cleanup(tagCleanup) @@ -314,9 +355,9 @@ func TestInt_SecurityIntegrations(t *testing.T) { Value: tagValue, }, } - alterRequestSetTags := sdk.NewAlterSCIMIntegrationSecurityIntegrationRequest(id).WithSetTags(tags) + alterRequestSetTags := sdk.NewAlterScimIntegrationSecurityIntegrationRequest(id).WithSetTags(tags) - err := client.SecurityIntegrations.AlterSCIMIntegration(ctx, alterRequestSetTags) + err := client.SecurityIntegrations.AlterScimIntegration(ctx, alterRequestSetTags) require.NoError(t, err) returnedTagValue, err := client.SystemFunctions.GetTag(ctx, tag.ID(), id, sdk.ObjectTypeIntegration) @@ -327,9 +368,9 @@ func TestInt_SecurityIntegrations(t *testing.T) { unsetTags := []sdk.ObjectIdentifier{ tag.ID(), } - alterRequestUnsetTags := sdk.NewAlterSCIMIntegrationSecurityIntegrationRequest(id).WithUnsetTags(unsetTags) + alterRequestUnsetTags := sdk.NewAlterScimIntegrationSecurityIntegrationRequest(id).WithUnsetTags(unsetTags) - err = client.SecurityIntegrations.AlterSCIMIntegration(ctx, alterRequestUnsetTags) + err = client.SecurityIntegrations.AlterScimIntegration(ctx, alterRequestUnsetTags) require.NoError(t, err) _, err = client.SystemFunctions.GetTag(ctx, tag.ID(), id, sdk.ObjectTypeIntegration) From 994bcd142f656fe60323ee0bfd9ed10f5065e666 Mon Sep 17 00:00:00 2001 From: Jakub Michalak Date: Thu, 16 May 2024 11:27:07 +0200 Subject: [PATCH 07/14] Fix tests --- .../security_integrations_dto_builders_gen.go | 16 +-- pkg/sdk/security_integrations_dto_gen.go | 16 +-- pkg/sdk/security_integrations_gen.go | 6 +- pkg/sdk/security_integrations_gen_test.go | 107 +++++++++++++++--- pkg/sdk/security_integrations_impl_gen.go | 6 +- .../security_integrations_validations_gen.go | 10 +- ...urity_integrations_gen_integration_test.go | 16 +-- 7 files changed, 127 insertions(+), 50 deletions(-) diff --git a/pkg/sdk/security_integrations_dto_builders_gen.go b/pkg/sdk/security_integrations_dto_builders_gen.go index ee150b237a..3c292b1ff2 100644 --- a/pkg/sdk/security_integrations_dto_builders_gen.go +++ b/pkg/sdk/security_integrations_dto_builders_gen.go @@ -287,35 +287,35 @@ func (s *Saml2IntegrationUnsetRequest) WithComment(Comment *bool) *Saml2Integrat return s } -func NewAlterScimIntegrationSecurityIntegrationRequest( +func NewAlterScimSecurityIntegrationRequest( name AccountObjectIdentifier, -) *AlterScimIntegrationSecurityIntegrationRequest { - s := AlterScimIntegrationSecurityIntegrationRequest{} +) *AlterScimSecurityIntegrationRequest { + s := AlterScimSecurityIntegrationRequest{} s.name = name return &s } -func (s *AlterScimIntegrationSecurityIntegrationRequest) WithIfExists(IfExists *bool) *AlterScimIntegrationSecurityIntegrationRequest { +func (s *AlterScimSecurityIntegrationRequest) WithIfExists(IfExists *bool) *AlterScimSecurityIntegrationRequest { s.IfExists = IfExists return s } -func (s *AlterScimIntegrationSecurityIntegrationRequest) WithSetTags(SetTags []TagAssociation) *AlterScimIntegrationSecurityIntegrationRequest { +func (s *AlterScimSecurityIntegrationRequest) WithSetTags(SetTags []TagAssociation) *AlterScimSecurityIntegrationRequest { s.SetTags = SetTags return s } -func (s *AlterScimIntegrationSecurityIntegrationRequest) WithUnsetTags(UnsetTags []ObjectIdentifier) *AlterScimIntegrationSecurityIntegrationRequest { +func (s *AlterScimSecurityIntegrationRequest) WithUnsetTags(UnsetTags []ObjectIdentifier) *AlterScimSecurityIntegrationRequest { s.UnsetTags = UnsetTags return s } -func (s *AlterScimIntegrationSecurityIntegrationRequest) WithSet(Set *ScimIntegrationSetRequest) *AlterScimIntegrationSecurityIntegrationRequest { +func (s *AlterScimSecurityIntegrationRequest) WithSet(Set *ScimIntegrationSetRequest) *AlterScimSecurityIntegrationRequest { s.Set = Set return s } -func (s *AlterScimIntegrationSecurityIntegrationRequest) WithUnset(Unset *ScimIntegrationUnsetRequest) *AlterScimIntegrationSecurityIntegrationRequest { +func (s *AlterScimSecurityIntegrationRequest) WithUnset(Unset *ScimIntegrationUnsetRequest) *AlterScimSecurityIntegrationRequest { s.Unset = Unset return s } diff --git a/pkg/sdk/security_integrations_dto_gen.go b/pkg/sdk/security_integrations_dto_gen.go index c66b1cbc84..a2aa4761fc 100644 --- a/pkg/sdk/security_integrations_dto_gen.go +++ b/pkg/sdk/security_integrations_dto_gen.go @@ -3,13 +3,13 @@ package sdk //go:generate go run ./dto-builder-generator/main.go var ( - _ optionsProvider[CreateSaml2SecurityIntegrationOptions] = new(CreateSaml2SecurityIntegrationRequest) - _ optionsProvider[CreateScimSecurityIntegrationOptions] = new(CreateScimSecurityIntegrationRequest) - _ optionsProvider[AlterSaml2SecurityIntegrationOptions] = new(AlterSaml2SecurityIntegrationRequest) - _ optionsProvider[AlterScimIntegrationSecurityIntegrationOptions] = new(AlterScimIntegrationSecurityIntegrationRequest) - _ optionsProvider[DropSecurityIntegrationOptions] = new(DropSecurityIntegrationRequest) - _ optionsProvider[DescribeSecurityIntegrationOptions] = new(DescribeSecurityIntegrationRequest) - _ optionsProvider[ShowSecurityIntegrationOptions] = new(ShowSecurityIntegrationRequest) + _ optionsProvider[CreateSaml2SecurityIntegrationOptions] = new(CreateSaml2SecurityIntegrationRequest) + _ optionsProvider[CreateScimSecurityIntegrationOptions] = new(CreateScimSecurityIntegrationRequest) + _ optionsProvider[AlterSaml2SecurityIntegrationOptions] = new(AlterSaml2SecurityIntegrationRequest) + _ optionsProvider[AlterScimSecurityIntegrationOptions] = new(AlterScimSecurityIntegrationRequest) + _ optionsProvider[DropSecurityIntegrationOptions] = new(DropSecurityIntegrationRequest) + _ optionsProvider[DescribeSecurityIntegrationOptions] = new(DescribeSecurityIntegrationRequest) + _ optionsProvider[ShowSecurityIntegrationOptions] = new(ShowSecurityIntegrationRequest) ) type CreateSaml2SecurityIntegrationRequest struct { @@ -93,7 +93,7 @@ type Saml2IntegrationUnsetRequest struct { Comment *bool } -type AlterScimIntegrationSecurityIntegrationRequest struct { +type AlterScimSecurityIntegrationRequest struct { IfExists *bool name AccountObjectIdentifier // required SetTags []TagAssociation diff --git a/pkg/sdk/security_integrations_gen.go b/pkg/sdk/security_integrations_gen.go index 4e6cbfa70e..93173ae6cf 100644 --- a/pkg/sdk/security_integrations_gen.go +++ b/pkg/sdk/security_integrations_gen.go @@ -10,7 +10,7 @@ type SecurityIntegrations interface { CreateSaml2(ctx context.Context, request *CreateSaml2SecurityIntegrationRequest) error CreateScim(ctx context.Context, request *CreateScimSecurityIntegrationRequest) error AlterSaml2(ctx context.Context, request *AlterSaml2SecurityIntegrationRequest) error - AlterScimIntegration(ctx context.Context, request *AlterScimIntegrationSecurityIntegrationRequest) error + AlterScim(ctx context.Context, request *AlterScimSecurityIntegrationRequest) error Drop(ctx context.Context, request *DropSecurityIntegrationRequest) error Describe(ctx context.Context, id AccountObjectIdentifier) ([]SecurityIntegrationProperty, error) Show(ctx context.Context, request *ShowSecurityIntegrationRequest) ([]SecurityIntegration, error) @@ -109,8 +109,8 @@ type Saml2IntegrationUnset struct { Comment *bool `ddl:"keyword" sql:"COMMENT"` } -// AlterScimIntegrationSecurityIntegrationOptions is based on https://docs.snowflake.com/en/sql-reference/sql/alter-security-integration-scim. -type AlterScimIntegrationSecurityIntegrationOptions struct { +// AlterScimSecurityIntegrationOptions is based on https://docs.snowflake.com/en/sql-reference/sql/alter-security-integration-scim. +type AlterScimSecurityIntegrationOptions struct { alter bool `ddl:"static" sql:"ALTER"` securityIntegration bool `ddl:"static" sql:"SECURITY INTEGRATION"` IfExists *bool `ddl:"keyword" sql:"IF EXISTS"` diff --git a/pkg/sdk/security_integrations_gen_test.go b/pkg/sdk/security_integrations_gen_test.go index 7265bf3b48..462ec5b711 100644 --- a/pkg/sdk/security_integrations_gen_test.go +++ b/pkg/sdk/security_integrations_gen_test.go @@ -33,11 +33,13 @@ func TestSecurityIntegrations_CreateSaml2(t *testing.T) { t.Run("basic", func(t *testing.T) { opts := defaultOpts() - assertOptsValidAndSQLEquals(t, opts, "CREATE SECURITY INTEGRATION %s TYPE = SAML2 ENABLED = true SAML2_ISSUER = 'issuer' SAML2_SSO_URL = 'url' SAML2_PROVIDER = 'provider' SAML2_X509_CERT = 'cert'", id.FullyQualifiedName()) + opts.OrReplace = Bool(true) + assertOptsValidAndSQLEquals(t, opts, "CREATE OR REPLACE SECURITY INTEGRATION %s TYPE = SAML2 ENABLED = true SAML2_ISSUER = 'issuer' SAML2_SSO_URL = 'url' SAML2_PROVIDER = 'provider' SAML2_X509_CERT = 'cert'", id.FullyQualifiedName()) }) t.Run("all options", func(t *testing.T) { opts := defaultOpts() + opts.IfNotExists = Bool(true) opts.AllowedEmailPatterns = []EmailPattern{{Pattern: "pattern"}} opts.AllowedUserDomains = []UserDomain{{Domain: "domain"}} opts.Comment = Pointer("a") @@ -49,9 +51,10 @@ func TestSecurityIntegrations_CreateSaml2(t *testing.T) { opts.Saml2SnowflakeAcsUrl = Pointer("acs") opts.Saml2SnowflakeIssuerUrl = Pointer("issuer") opts.Saml2SpInitiatedLoginPageLabel = Pointer("label") + opts.Saml2SnowflakeX509Cert = Pointer("cert") - assertOptsValidAndSQLEquals(t, opts, "CREATE SECURITY INTEGRATION %s TYPE = SAML2 ENABLED = true SAML2_ISSUER = 'issuer' SAML2_SSO_URL = 'url' SAML2_PROVIDER = 'provider' SAML2_X509_CERT = 'cert'"+ - " ALLOWED_USER_DOMAINS = ('domain') ALLOWED_EMAIL_PATTERNS = ('pattern') SAML2_SP_INITIATED_LOGIN_PAGE_LABEL = 'label' SAML2_ENABLE_SP_INITIATED = true SAML2_SIGN_REQUEST = true"+ + assertOptsValidAndSQLEquals(t, opts, "CREATE SECURITY INTEGRATION IF NOT EXISTS %s TYPE = SAML2 ENABLED = true SAML2_ISSUER = 'issuer' SAML2_SSO_URL = 'url' SAML2_PROVIDER = 'provider' SAML2_X509_CERT = 'cert'"+ + " ALLOWED_USER_DOMAINS = ('domain') ALLOWED_EMAIL_PATTERNS = ('pattern') SAML2_SP_INITIATED_LOGIN_PAGE_LABEL = 'label' SAML2_ENABLE_SP_INITIATED = true SAML2_SNOWFLAKE_X509_CERT = 'cert' SAML2_SIGN_REQUEST = true"+ " SAML2_REQUESTED_NAMEID_FORMAT = 'format' SAML2_POST_LOGOUT_REDIRECT_URL = 'redirect' SAML2_FORCE_AUTHN = true SAML2_SNOWFLAKE_ISSUER_URL = 'issuer' SAML2_SNOWFLAKE_ACS_URL = 'acs'"+ " COMMENT = 'a'", id.FullyQualifiedName()) }) @@ -84,20 +87,22 @@ func TestSecurityIntegrations_CreateScim(t *testing.T) { t.Run("basic", func(t *testing.T) { opts := defaultOpts() - assertOptsValidAndSQLEquals(t, opts, "CREATE SECURITY INTEGRATION %s TYPE = SCIM ENABLED = true SCIM_CLIENT = 'GENERIC' RUN_AS_ROLE = 'GENERIC_SCIM_PROVISIONER'", id.FullyQualifiedName()) + opts.OrReplace = Pointer(true) + assertOptsValidAndSQLEquals(t, opts, "CREATE OR REPLACE SECURITY INTEGRATION %s TYPE = SCIM ENABLED = true SCIM_CLIENT = 'GENERIC' RUN_AS_ROLE = 'GENERIC_SCIM_PROVISIONER'", id.FullyQualifiedName()) }) t.Run("all options", func(t *testing.T) { opts := defaultOpts() networkPolicyID := randomAccountObjectIdentifier() + opts.IfNotExists = Pointer(true) opts.NetworkPolicy = Pointer(networkPolicyID) opts.SyncPassword = Pointer(true) - assertOptsValidAndSQLEquals(t, opts, "CREATE SECURITY INTEGRATION %s TYPE = SCIM ENABLED = true SCIM_CLIENT = 'GENERIC' RUN_AS_ROLE = 'GENERIC_SCIM_PROVISIONER'"+ + assertOptsValidAndSQLEquals(t, opts, "CREATE SECURITY INTEGRATION IF NOT EXISTS %s TYPE = SCIM ENABLED = true SCIM_CLIENT = 'GENERIC' RUN_AS_ROLE = 'GENERIC_SCIM_PROVISIONER'"+ " NETWORK_POLICY = %s SYNC_PASSWORD = true", id.FullyQualifiedName(), networkPolicyID.FullyQualifiedName()) }) } -func TestSecurityIntegrations_AlterSaml2Integration(t *testing.T) { +func TestSecurityIntegrations_AlterSaml2(t *testing.T) { id := randomAccountObjectIdentifier() // Minimal valid AlterSaml2IntegrationSecurityIntegrationOptions @@ -121,10 +126,15 @@ func TestSecurityIntegrations_AlterSaml2Integration(t *testing.T) { assertOptsInvalidJoinedErrors(t, opts, ErrInvalidObjectIdentifier) }) + t.Run("validation: exactly of the fields [opts.*] should be set", func(t *testing.T) { + opts := defaultOpts() + assertOptsInvalidJoinedErrors(t, opts, errExactlyOneOf("AlterSaml2SecurityIntegrationOptions", "Set", "Unset", "RefreshSaml2SnowflakePrivateKey", "SetTags", "UnsetTags")) + }) + t.Run("validation: at least one of the fields [opts.Set.*] should be set", func(t *testing.T) { opts := defaultOpts() opts.Set = &Saml2IntegrationSet{} - assertOptsInvalidJoinedErrors(t, opts, errAtLeastOneOf("AlterSaml2IntegrationSecurityIntegrationOptions.Set", "Enabled", "Saml2Issuer", "Saml2SsoUrl", "Saml2Provider", + assertOptsInvalidJoinedErrors(t, opts, errAtLeastOneOf("AlterSaml2SecurityIntegrationOptions.Set", "Enabled", "Saml2Issuer", "Saml2SsoUrl", "Saml2Provider", "Saml2X509Cert", "AllowedUserDomains", "AllowedEmailPatterns", "Saml2SpInitiatedLoginPageLabel", "Saml2EnableSpInitiated", "Saml2SnowflakeX509Cert", "Saml2SignRequest", "Saml2RequestedNameidFormat", "Saml2PostLogoutRedirectUrl", "Saml2ForceAuthn", "Saml2SnowflakeIssuerUrl", "Saml2SnowflakeAcsUrl", "Comment")) }) @@ -132,10 +142,17 @@ func TestSecurityIntegrations_AlterSaml2Integration(t *testing.T) { t.Run("validation: at least one of the fields [opts.Unset.*] should be set", func(t *testing.T) { opts := defaultOpts() opts.Unset = &Saml2IntegrationUnset{} - assertOptsInvalidJoinedErrors(t, opts, errAtLeastOneOf("AlterSaml2IntegrationSecurityIntegrationOptions.Unset", + assertOptsInvalidJoinedErrors(t, opts, errAtLeastOneOf("AlterSaml2SecurityIntegrationOptions.Unset", "Enabled", "Saml2ForceAuthn", "Saml2RequestedNameidFormat", "Saml2PostLogoutRedirectUrl", "Comment")) }) + t.Run("validation: exactly one of the fields [opts.*] should be set", func(t *testing.T) { + opts := defaultOpts() + opts.Set = &Saml2IntegrationSet{} + opts.Unset = &Saml2IntegrationUnset{} + assertOptsInvalidJoinedErrors(t, opts, errExactlyOneOf("AlterSaml2SecurityIntegrationOptions", "Set", "Unset", "RefreshSaml2SnowflakePrivateKey", "SetTags", "UnsetTags")) + }) + t.Run("all options - set", func(t *testing.T) { opts := defaultOpts() opts.Set = &Saml2IntegrationSet{ @@ -180,20 +197,44 @@ func TestSecurityIntegrations_AlterSaml2Integration(t *testing.T) { opts.RefreshSaml2SnowflakePrivateKey = Pointer(true) assertOptsValidAndSQLEquals(t, opts, "ALTER SECURITY INTEGRATION %s REFRESH SAML2_SNOWFLAKE_PRIVATE_KEY", id.FullyQualifiedName()) }) + + t.Run("set tags", func(t *testing.T) { + opts := defaultOpts() + opts.SetTags = []TagAssociation{ + { + Name: NewAccountObjectIdentifier("name"), + Value: "value", + }, + { + Name: NewAccountObjectIdentifier("second-name"), + Value: "second-value", + }, + } + assertOptsValidAndSQLEquals(t, opts, `ALTER SECURITY INTEGRATION %s SET TAG "name" = 'value', "second-name" = 'second-value'`, id.FullyQualifiedName()) + }) + + t.Run("unset tags", func(t *testing.T) { + opts := defaultOpts() + opts.UnsetTags = []ObjectIdentifier{ + NewAccountObjectIdentifier("name"), + NewAccountObjectIdentifier("second-name"), + } + assertOptsValidAndSQLEquals(t, opts, `ALTER SECURITY INTEGRATION %s UNSET TAG "name", "second-name"`, id.FullyQualifiedName()) + }) } -func TestSecurityIntegrations_AlterScimIntegration(t *testing.T) { +func TestSecurityIntegrations_AlterScim(t *testing.T) { id := randomAccountObjectIdentifier() - // Minimal valid AlterScimIntegrationSecurityIntegrationOptions - defaultOpts := func() *AlterScimIntegrationSecurityIntegrationOptions { - return &AlterScimIntegrationSecurityIntegrationOptions{ + // Minimal valid AlterScimSecurityIntegrationOptions + defaultOpts := func() *AlterScimSecurityIntegrationOptions { + return &AlterScimSecurityIntegrationOptions{ name: id, } } t.Run("validation: nil options", func(t *testing.T) { - var opts *AlterScimIntegrationSecurityIntegrationOptions = nil + var opts *AlterScimSecurityIntegrationOptions = nil assertOptsInvalidJoinedErrors(t, opts, ErrNilOptions) }) @@ -206,16 +247,28 @@ func TestSecurityIntegrations_AlterScimIntegration(t *testing.T) { assertOptsInvalidJoinedErrors(t, opts, ErrInvalidObjectIdentifier) }) + t.Run("validation: exactly of the fields [opts.*] should be set", func(t *testing.T) { + opts := defaultOpts() + assertOptsInvalidJoinedErrors(t, opts, errExactlyOneOf("AlterScimSecurityIntegrationOptions", "Set", "Unset", "SetTags", "UnsetTags")) + }) + + t.Run("validation: exactly one of the fields [opts.*] should be set", func(t *testing.T) { + opts := defaultOpts() + opts.Set = &ScimIntegrationSet{} + opts.Unset = &ScimIntegrationUnset{} + assertOptsInvalidJoinedErrors(t, opts, errExactlyOneOf("AlterScimSecurityIntegrationOptions", "Set", "Unset", "SetTags", "UnsetTags")) + }) + t.Run("validation: at least one of the fields [opts.Set.*] should be set", func(t *testing.T) { opts := defaultOpts() opts.Set = &ScimIntegrationSet{} - assertOptsInvalidJoinedErrors(t, opts, errAtLeastOneOf("AlterScimIntegrationSecurityIntegrationOptions.Set", "Enabled", "NetworkPolicy", "SyncPassword", "Comment")) + assertOptsInvalidJoinedErrors(t, opts, errAtLeastOneOf("AlterScimSecurityIntegrationOptions.Set", "Enabled", "NetworkPolicy", "SyncPassword", "Comment")) }) t.Run("validation: at least one of the fields [opts.Unset.*] should be set", func(t *testing.T) { opts := defaultOpts() opts.Unset = &ScimIntegrationUnset{} - assertOptsInvalidJoinedErrors(t, opts, errAtLeastOneOf("AlterScimIntegrationSecurityIntegrationOptions.Unset", "Enabled", "NetworkPolicy", "SyncPassword", "Comment")) + assertOptsInvalidJoinedErrors(t, opts, errAtLeastOneOf("AlterScimSecurityIntegrationOptions.Unset", "Enabled", "NetworkPolicy", "SyncPassword", "Comment")) }) t.Run("all options - set", func(t *testing.T) { @@ -241,6 +294,30 @@ func TestSecurityIntegrations_AlterScimIntegration(t *testing.T) { } assertOptsValidAndSQLEquals(t, opts, "ALTER SECURITY INTEGRATION %s UNSET ENABLED, NETWORK_POLICY, SYNC_PASSWORD, COMMENT", id.FullyQualifiedName()) }) + + t.Run("set tags", func(t *testing.T) { + opts := defaultOpts() + opts.SetTags = []TagAssociation{ + { + Name: NewAccountObjectIdentifier("name"), + Value: "value", + }, + { + Name: NewAccountObjectIdentifier("second-name"), + Value: "second-value", + }, + } + assertOptsValidAndSQLEquals(t, opts, `ALTER SECURITY INTEGRATION %s SET TAG "name" = 'value', "second-name" = 'second-value'`, id.FullyQualifiedName()) + }) + + t.Run("unset tags", func(t *testing.T) { + opts := defaultOpts() + opts.UnsetTags = []ObjectIdentifier{ + NewAccountObjectIdentifier("name"), + NewAccountObjectIdentifier("second-name"), + } + assertOptsValidAndSQLEquals(t, opts, `ALTER SECURITY INTEGRATION %s UNSET TAG "name", "second-name"`, id.FullyQualifiedName()) + }) } func TestSecurityIntegrations_Drop(t *testing.T) { diff --git a/pkg/sdk/security_integrations_impl_gen.go b/pkg/sdk/security_integrations_impl_gen.go index a1284bcb32..fc2181043a 100644 --- a/pkg/sdk/security_integrations_impl_gen.go +++ b/pkg/sdk/security_integrations_impl_gen.go @@ -27,7 +27,7 @@ func (v *securityIntegrations) AlterSaml2(ctx context.Context, request *AlterSam return validateAndExec(v.client, ctx, opts) } -func (v *securityIntegrations) AlterScimIntegration(ctx context.Context, request *AlterScimIntegrationSecurityIntegrationRequest) error { +func (v *securityIntegrations) AlterScim(ctx context.Context, request *AlterScimSecurityIntegrationRequest) error { opts := request.toOpts() return validateAndExec(v.client, ctx, opts) } @@ -151,8 +151,8 @@ func (r *AlterSaml2SecurityIntegrationRequest) toOpts() *AlterSaml2SecurityInteg return opts } -func (r *AlterScimIntegrationSecurityIntegrationRequest) toOpts() *AlterScimIntegrationSecurityIntegrationOptions { - opts := &AlterScimIntegrationSecurityIntegrationOptions{ +func (r *AlterScimSecurityIntegrationRequest) toOpts() *AlterScimSecurityIntegrationOptions { + opts := &AlterScimSecurityIntegrationOptions{ IfExists: r.IfExists, name: r.name, SetTags: r.SetTags, diff --git a/pkg/sdk/security_integrations_validations_gen.go b/pkg/sdk/security_integrations_validations_gen.go index bca264a404..cc1cb5668a 100644 --- a/pkg/sdk/security_integrations_validations_gen.go +++ b/pkg/sdk/security_integrations_validations_gen.go @@ -4,7 +4,7 @@ var ( _ validatable = new(CreateSaml2SecurityIntegrationOptions) _ validatable = new(CreateScimSecurityIntegrationOptions) _ validatable = new(AlterSaml2SecurityIntegrationOptions) - _ validatable = new(AlterScimIntegrationSecurityIntegrationOptions) + _ validatable = new(AlterScimSecurityIntegrationOptions) _ validatable = new(DropSecurityIntegrationOptions) _ validatable = new(DescribeSecurityIntegrationOptions) _ validatable = new(ShowSecurityIntegrationOptions) @@ -62,7 +62,7 @@ func (opts *AlterSaml2SecurityIntegrationOptions) validate() error { return JoinErrors(errs...) } -func (opts *AlterScimIntegrationSecurityIntegrationOptions) validate() error { +func (opts *AlterScimSecurityIntegrationOptions) validate() error { if opts == nil { return ErrNilOptions } @@ -71,16 +71,16 @@ func (opts *AlterScimIntegrationSecurityIntegrationOptions) validate() error { errs = append(errs, ErrInvalidObjectIdentifier) } if !exactlyOneValueSet(opts.Set, opts.Unset, opts.SetTags, opts.UnsetTags) { - errs = append(errs, errExactlyOneOf("AlterScimIntegrationSecurityIntegrationOptions", "Set", "Unset", "SetTags", "UnsetTags")) + errs = append(errs, errExactlyOneOf("AlterScimSecurityIntegrationOptions", "Set", "Unset", "SetTags", "UnsetTags")) } if valueSet(opts.Set) { if !anyValueSet(opts.Set.Enabled, opts.Set.NetworkPolicy, opts.Set.SyncPassword, opts.Set.Comment) { - errs = append(errs, errAtLeastOneOf("AlterScimIntegrationSecurityIntegrationOptions.Set", "Enabled", "NetworkPolicy", "SyncPassword", "Comment")) + errs = append(errs, errAtLeastOneOf("AlterScimSecurityIntegrationOptions.Set", "Enabled", "NetworkPolicy", "SyncPassword", "Comment")) } } if valueSet(opts.Unset) { if !anyValueSet(opts.Unset.Enabled, opts.Unset.NetworkPolicy, opts.Unset.SyncPassword, opts.Unset.Comment) { - errs = append(errs, errAtLeastOneOf("AlterScimIntegrationSecurityIntegrationOptions.Unset", "Enabled", "NetworkPolicy", "SyncPassword", "Comment")) + errs = append(errs, errAtLeastOneOf("AlterScimSecurityIntegrationOptions.Unset", "Enabled", "NetworkPolicy", "SyncPassword", "Comment")) } } return JoinErrors(errs...) diff --git a/pkg/sdk/testint/security_integrations_gen_integration_test.go b/pkg/sdk/testint/security_integrations_gen_integration_test.go index 974dd69fd5..a77d6e8007 100644 --- a/pkg/sdk/testint/security_integrations_gen_integration_test.go +++ b/pkg/sdk/testint/security_integrations_gen_integration_test.go @@ -310,7 +310,7 @@ func TestInt_SecurityIntegrations(t *testing.T) { networkPolicy, networkPolicyCleanup := testClientHelper().NetworkPolicy.CreateNetworkPolicy(t) t.Cleanup(networkPolicyCleanup) - setRequest := sdk.NewAlterScimIntegrationSecurityIntegrationRequest(id). + setRequest := sdk.NewAlterScimSecurityIntegrationRequest(id). WithSet( sdk.NewScimIntegrationSetRequest(). WithNetworkPolicy(sdk.Pointer(sdk.NewAccountObjectIdentifier(networkPolicy.Name))). @@ -318,7 +318,7 @@ func TestInt_SecurityIntegrations(t *testing.T) { WithSyncPassword(sdk.Bool(false)). WithComment(sdk.String("altered")), ) - err := client.SecurityIntegrations.AlterScimIntegration(ctx, setRequest) + err := client.SecurityIntegrations.AlterScim(ctx, setRequest) require.NoError(t, err) details, err := client.SecurityIntegrations.Describe(ctx, id) @@ -326,13 +326,13 @@ func TestInt_SecurityIntegrations(t *testing.T) { assertSCIMDescribe(details, "true", networkPolicy.Name, "GENERIC_SCIM_PROVISIONER", "false", "altered") - unsetRequest := sdk.NewAlterScimIntegrationSecurityIntegrationRequest(id). + unsetRequest := sdk.NewAlterScimSecurityIntegrationRequest(id). WithUnset( sdk.NewScimIntegrationUnsetRequest(). WithNetworkPolicy(sdk.Bool(true)). WithSyncPassword(sdk.Bool(true)), ) - err = client.SecurityIntegrations.AlterScimIntegration(ctx, unsetRequest) + err = client.SecurityIntegrations.AlterScim(ctx, unsetRequest) require.NoError(t, err) details, err = client.SecurityIntegrations.Describe(ctx, id) @@ -355,9 +355,9 @@ func TestInt_SecurityIntegrations(t *testing.T) { Value: tagValue, }, } - alterRequestSetTags := sdk.NewAlterScimIntegrationSecurityIntegrationRequest(id).WithSetTags(tags) + alterRequestSetTags := sdk.NewAlterScimSecurityIntegrationRequest(id).WithSetTags(tags) - err := client.SecurityIntegrations.AlterScimIntegration(ctx, alterRequestSetTags) + err := client.SecurityIntegrations.AlterScim(ctx, alterRequestSetTags) require.NoError(t, err) returnedTagValue, err := client.SystemFunctions.GetTag(ctx, tag.ID(), id, sdk.ObjectTypeIntegration) @@ -368,9 +368,9 @@ func TestInt_SecurityIntegrations(t *testing.T) { unsetTags := []sdk.ObjectIdentifier{ tag.ID(), } - alterRequestUnsetTags := sdk.NewAlterScimIntegrationSecurityIntegrationRequest(id).WithUnsetTags(unsetTags) + alterRequestUnsetTags := sdk.NewAlterScimSecurityIntegrationRequest(id).WithUnsetTags(unsetTags) - err = client.SecurityIntegrations.AlterScimIntegration(ctx, alterRequestUnsetTags) + err = client.SecurityIntegrations.AlterScim(ctx, alterRequestUnsetTags) require.NoError(t, err) _, err = client.SystemFunctions.GetTag(ctx, tag.ID(), id, sdk.ObjectTypeIntegration) From 40dde78876ec3aa5d103a0e49270c83c966f9edd Mon Sep 17 00:00:00 2001 From: Jakub Michalak Date: Thu, 16 May 2024 13:04:18 +0200 Subject: [PATCH 08/14] Fix tests, proper x509 handling --- pkg/acceptance/helpers/role_client.go | 13 ++ pkg/acceptance/helpers/test_client.go | 118 +++++++++--------- pkg/sdk/security_integrations_gen_test.go | 3 +- ...urity_integrations_gen_integration_test.go | 86 +++++++------ 4 files changed, 123 insertions(+), 97 deletions(-) diff --git a/pkg/acceptance/helpers/role_client.go b/pkg/acceptance/helpers/role_client.go index bff4f133e8..590cf5ebb2 100644 --- a/pkg/acceptance/helpers/role_client.go +++ b/pkg/acceptance/helpers/role_client.go @@ -93,6 +93,19 @@ func (c *RoleClient) GrantRoleToCurrentUser(t *testing.T, id sdk.AccountObjectId require.NoError(t, err) } +func (c *RoleClient) GrantRoleToCurrentRole(t *testing.T, id sdk.AccountObjectIdentifier) { + t.Helper() + ctx := context.Background() + + currentRole, err := c.context.client.ContextFunctions.CurrentRole(ctx) + require.NoError(t, err) + + err = c.client().Grant(ctx, sdk.NewGrantRoleRequest(id, sdk.GrantRole{ + Role: sdk.Pointer(sdk.NewAccountObjectIdentifier(currentRole)), + })) + require.NoError(t, err) +} + // TODO: move later to grants client func (c *RoleClient) GrantOwnershipOnAccountObject(t *testing.T, roleId sdk.AccountObjectIdentifier, objectId sdk.AccountObjectIdentifier, objectType sdk.ObjectType) { t.Helper() diff --git a/pkg/acceptance/helpers/test_client.go b/pkg/acceptance/helpers/test_client.go index 198aa38a79..40f1889180 100644 --- a/pkg/acceptance/helpers/test_client.go +++ b/pkg/acceptance/helpers/test_client.go @@ -9,35 +9,36 @@ type TestClient struct { Ids *IdsGenerator - Account *AccountClient - Alert *AlertClient - ApiIntegration *ApiIntegrationClient - Application *ApplicationClient - ApplicationPackage *ApplicationPackageClient - Context *ContextClient - Database *DatabaseClient - DatabaseRole *DatabaseRoleClient - DynamicTable *DynamicTableClient - FailoverGroup *FailoverGroupClient - FileFormat *FileFormatClient - MaskingPolicy *MaskingPolicyClient - NetworkPolicy *NetworkPolicyClient - Parameter *ParameterClient - PasswordPolicy *PasswordPolicyClient - Pipe *PipeClient - ResourceMonitor *ResourceMonitorClient - Role *RoleClient - RowAccessPolicy *RowAccessPolicyClient - Schema *SchemaClient - SessionPolicy *SessionPolicyClient - Share *ShareClient - Stage *StageClient - Table *TableClient - Tag *TagClient - Task *TaskClient - User *UserClient - View *ViewClient - Warehouse *WarehouseClient + Account *AccountClient + Alert *AlertClient + ApiIntegration *ApiIntegrationClient + Application *ApplicationClient + ApplicationPackage *ApplicationPackageClient + Context *ContextClient + Database *DatabaseClient + DatabaseRole *DatabaseRoleClient + DynamicTable *DynamicTableClient + FailoverGroup *FailoverGroupClient + FileFormat *FileFormatClient + MaskingPolicy *MaskingPolicyClient + NetworkPolicy *NetworkPolicyClient + Parameter *ParameterClient + PasswordPolicy *PasswordPolicyClient + Pipe *PipeClient + ResourceMonitor *ResourceMonitorClient + Role *RoleClient + RowAccessPolicy *RowAccessPolicyClient + Schema *SchemaClient + SecurityIntegration *SecurityIntegrationClient + SessionPolicy *SessionPolicyClient + Share *ShareClient + Stage *StageClient + Table *TableClient + Tag *TagClient + Task *TaskClient + User *UserClient + View *ViewClient + Warehouse *WarehouseClient } func NewTestClient(c *sdk.Client, database string, schema string, warehouse string, testObjectSuffix string) *TestClient { @@ -54,35 +55,36 @@ func NewTestClient(c *sdk.Client, database string, schema string, warehouse stri Ids: idsGenerator, - Account: NewAccountClient(context), - Alert: NewAlertClient(context, idsGenerator), - ApiIntegration: NewApiIntegrationClient(context, idsGenerator), - Application: NewApplicationClient(context, idsGenerator), - ApplicationPackage: NewApplicationPackageClient(context, idsGenerator), - Context: NewContextClient(context), - Database: NewDatabaseClient(context, idsGenerator), - DatabaseRole: NewDatabaseRoleClient(context, idsGenerator), - DynamicTable: NewDynamicTableClient(context, idsGenerator), - FailoverGroup: NewFailoverGroupClient(context, idsGenerator), - FileFormat: NewFileFormatClient(context, idsGenerator), - MaskingPolicy: NewMaskingPolicyClient(context, idsGenerator), - NetworkPolicy: NewNetworkPolicyClient(context, idsGenerator), - Parameter: NewParameterClient(context), - PasswordPolicy: NewPasswordPolicyClient(context, idsGenerator), - Pipe: NewPipeClient(context, idsGenerator), - ResourceMonitor: NewResourceMonitorClient(context, idsGenerator), - Role: NewRoleClient(context, idsGenerator), - RowAccessPolicy: NewRowAccessPolicyClient(context, idsGenerator), - Schema: NewSchemaClient(context, idsGenerator), - SessionPolicy: NewSessionPolicyClient(context, idsGenerator), - Share: NewShareClient(context, idsGenerator), - Stage: NewStageClient(context, idsGenerator), - Table: NewTableClient(context, idsGenerator), - Tag: NewTagClient(context, idsGenerator), - Task: NewTaskClient(context, idsGenerator), - User: NewUserClient(context, idsGenerator), - View: NewViewClient(context, idsGenerator), - Warehouse: NewWarehouseClient(context, idsGenerator), + Account: NewAccountClient(context), + Alert: NewAlertClient(context, idsGenerator), + ApiIntegration: NewApiIntegrationClient(context, idsGenerator), + Application: NewApplicationClient(context, idsGenerator), + ApplicationPackage: NewApplicationPackageClient(context, idsGenerator), + Context: NewContextClient(context), + Database: NewDatabaseClient(context, idsGenerator), + DatabaseRole: NewDatabaseRoleClient(context, idsGenerator), + DynamicTable: NewDynamicTableClient(context, idsGenerator), + FailoverGroup: NewFailoverGroupClient(context, idsGenerator), + FileFormat: NewFileFormatClient(context, idsGenerator), + MaskingPolicy: NewMaskingPolicyClient(context, idsGenerator), + NetworkPolicy: NewNetworkPolicyClient(context, idsGenerator), + Parameter: NewParameterClient(context), + PasswordPolicy: NewPasswordPolicyClient(context, idsGenerator), + Pipe: NewPipeClient(context, idsGenerator), + ResourceMonitor: NewResourceMonitorClient(context, idsGenerator), + Role: NewRoleClient(context, idsGenerator), + RowAccessPolicy: NewRowAccessPolicyClient(context, idsGenerator), + Schema: NewSchemaClient(context, idsGenerator), + SecurityIntegration: NewSecurityIntegrationClient(context, idsGenerator), + SessionPolicy: NewSessionPolicyClient(context, idsGenerator), + Share: NewShareClient(context, idsGenerator), + Stage: NewStageClient(context, idsGenerator), + Table: NewTableClient(context, idsGenerator), + Tag: NewTagClient(context, idsGenerator), + Task: NewTaskClient(context, idsGenerator), + User: NewUserClient(context, idsGenerator), + View: NewViewClient(context, idsGenerator), + Warehouse: NewWarehouseClient(context, idsGenerator), } } diff --git a/pkg/sdk/security_integrations_gen_test.go b/pkg/sdk/security_integrations_gen_test.go index 462ec5b711..7fda6b182d 100644 --- a/pkg/sdk/security_integrations_gen_test.go +++ b/pkg/sdk/security_integrations_gen_test.go @@ -97,8 +97,9 @@ func TestSecurityIntegrations_CreateScim(t *testing.T) { opts.IfNotExists = Pointer(true) opts.NetworkPolicy = Pointer(networkPolicyID) opts.SyncPassword = Pointer(true) + opts.Comment = Pointer("a") assertOptsValidAndSQLEquals(t, opts, "CREATE SECURITY INTEGRATION IF NOT EXISTS %s TYPE = SCIM ENABLED = true SCIM_CLIENT = 'GENERIC' RUN_AS_ROLE = 'GENERIC_SCIM_PROVISIONER'"+ - " NETWORK_POLICY = %s SYNC_PASSWORD = true", id.FullyQualifiedName(), networkPolicyID.FullyQualifiedName()) + " NETWORK_POLICY = %s SYNC_PASSWORD = true COMMENT = 'a'", id.FullyQualifiedName(), networkPolicyID.FullyQualifiedName()) }) } diff --git a/pkg/sdk/testint/security_integrations_gen_integration_test.go b/pkg/sdk/testint/security_integrations_gen_integration_test.go index a77d6e8007..c20a905db0 100644 --- a/pkg/sdk/testint/security_integrations_gen_integration_test.go +++ b/pkg/sdk/testint/security_integrations_gen_integration_test.go @@ -1,8 +1,17 @@ package testint import ( + "bytes" + "crypto/rand" + "crypto/rsa" + "crypto/x509" + "crypto/x509/pkix" + "encoding/pem" "fmt" + "math/big" + "strings" "testing" + "time" "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk" "github.com/stretchr/testify/assert" @@ -24,35 +33,38 @@ func TestInt_SecurityIntegrations(t *testing.T) { }) } - // generated by `openssl req -x509 -new -newkey rsa:2048 -nodes -subj '/C=US/ST=California/L=San Francisco/O=Snowflake/CN=Snowflake' -out x509_key.pem -days 36500` - x509 := `MIIDpzCCAo+gAwIBAgIUfg15OPhCN6lOivWEUoprAY27/5EwDQYJKoZIhvcNAQEL - BQAwYjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM - DVNhbiBGcmFuY2lzY28xEjAQBgNVBAoMCVNub3dmbGFrZTESMBAGA1UEAwwJU25v - d2ZsYWtlMCAXDTI0MDUxMzA5MDM0NFoYDzIxMjQwNDE5MDkwMzQ0WjBiMQswCQYD - VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5j - aXNjbzESMBAGA1UECgwJU25vd2ZsYWtlMRIwEAYDVQQDDAlTbm93Zmxha2UwggEi - MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrlsZAAOrljWC1eeAZb9rSGmRi - HEozww9sb1/d2aQhi1j+RV+e1tuSiZ1fMTmtE/r67R2ryx8cStiqM88SM/M0UtWf - jPzQNnQ/zuOu1wvRcVAQmyIIaDQU1V+OVv5vz9G0MNdHUeerRfVuse0i1IlyDtX/ - sV9lcgU4fIsdwyg0+tyvG8QA8R8mCajy2UDcQS/qh0NB/WGa08tmbedMO5FQ7Obz - cBnksmyuq+l4AdbC5nDfK7BSo6CVPQBYLrmsTPKhU+ET50X4IN+nd3NmGlQH8kXo - OjU39Udf31fXBDuVC7dfL2uBHAkn9bUV5LwF2bKMeNMRQOrCydgy7jvsO+HrAgMB - AAGjUzBRMB0GA1UdDgQWBBT9mt6mehFcEHTTEQcTru4ync3T6DAfBgNVHSMEGDAW - gBT9mt6mehFcEHTTEQcTru4ync3T6DAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3 - DQEBCwUAA4IBAQB177MgJXJAHXbaJ0/KVhWnDDNuZYG+OwzrGaVXiOhXShfxzENc - cqsQB4DR7GEIrEicL2xQ23Kg3j7zASmo7T56CZiJ97jIiHDNrhGoAaW+aMhbp6wx - WYxLNx9pbaPIORAJ1KEC3hvE4strHJPlQddCYSsXDhIOUTUd71JvR26DHiYQ82TO - 3wpXHhYdWYZbMjrDDAz0PwdTXyFBuTZxdlTFTxX2lXAE33OsdAFt+oi7JTQh248k - 0+lmQdhQrSrzhM3WwwuYTEKQVoa2xvWajgqbo7iu2iadWkrxUx/5bjFc5kXej6j7 - PhfG6C4ddUpAISJhmEViuXq4nVxe0Vk3Efo2 - ` + ca := &x509.Certificate{ + SerialNumber: big.NewInt(1658), + Subject: pkix.Name{ + Organization: []string{"Company, INC."}, + }, + NotAfter: time.Now().AddDate(10, 0, 0), + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, + KeyUsage: x509.KeyUsageDigitalSignature, + } + + caPrivKey, err := rsa.GenerateKey(rand.Reader, 2048) + require.NoError(t, err) + + caBytes, err := x509.CreateCertificate(rand.Reader, ca, ca, &caPrivKey.PublicKey, caPrivKey) + require.NoError(t, err) + + certPEM := new(bytes.Buffer) + err = pem.Encode(certPEM, &pem.Block{ + Type: "CERTIFICATE", + Bytes: caBytes, + }) + require.NoError(t, err) + + cert := strings.TrimPrefix(certPEM.String(), "-----BEGIN CERTIFICATE-----\n") + cert = strings.TrimSuffix(cert, "-----END CERTIFICATE-----\n") createSAML2Integration := func(t *testing.T, siID sdk.AccountObjectIdentifier, with func(*sdk.CreateSaml2SecurityIntegrationRequest)) { t.Helper() _, err := client.ExecForTests(ctx, "ALTER ACCOUNT SET ENABLE_IDENTIFIER_FIRST_LOGIN = true") require.NoError(t, err) - saml2Req := sdk.NewCreateSaml2SecurityIntegrationRequest(siID, false, "test", "https://example.com", "Custom", x509) + saml2Req := sdk.NewCreateSaml2SecurityIntegrationRequest(siID, false, "test", "https://example.com", "Custom", cert) if with != nil { with(saml2Req) } @@ -63,16 +75,9 @@ func TestInt_SecurityIntegrations(t *testing.T) { createSCIMIntegration := func(t *testing.T, siID sdk.AccountObjectIdentifier, with func(*sdk.CreateScimSecurityIntegrationRequest)) { t.Helper() - roleID := sdk.NewAccountObjectIdentifier("GENERIC_SCIM_PROVISIONER") - err := client.Roles.Create(ctx, sdk.NewCreateRoleRequest(roleID).WithIfNotExists(true)) - require.NoError(t, err) - t.Cleanup(func() { - err = client.Roles.Drop(ctx, sdk.NewDropRoleRequest(roleID)) - assert.NoError(t, err) - }) - currentRole := testClientHelper().Context.CurrentRole(t) - err = client.Roles.Grant(ctx, sdk.NewGrantRoleRequest(roleID, sdk.GrantRole{Role: sdk.Pointer(sdk.NewAccountObjectIdentifier(currentRole))})) - require.NoError(t, err) + role, roleCleanup := testClientHelper().Role.CreateRoleWithName(t, "GENERIC_SCIM_PROVISIONER") + t.Cleanup(roleCleanup) + testClientHelper().Role.GrantRoleToCurrentRole(t, role.ID()) scimReq := sdk.NewCreateScimSecurityIntegrationRequest(siID, false, sdk.ScimSecurityIntegrationScimClientGeneric, sdk.ScimSecurityIntegrationRunAsRoleGenericScimProvisioner) if with != nil { @@ -118,8 +123,7 @@ func TestInt_SecurityIntegrations(t *testing.T) { } assertSAML2Describe := func(details []sdk.SecurityIntegrationProperty, d saml2details) { - assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "SAML2_X509_CERT", Type: "String", Value: "MIIDpzCCAo+gAwIBAgIUfg15OPhCN6lOivWEUoprAY27/5EwDQYJKoZIhvcNAQEL\n\tBQAwYjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM\n\tDVNhbiBGcmFuY2lzY28xEjAQBgNVBAoMCVNub3dmbGFrZTESMBAGA1UEAwwJU25v\n\td2ZsYWtlMCAXDTI0MDUxMzA5MDM0NFoYDzIxMjQwNDE5MDkwMzQ0WjBiMQswCQYD\n\tVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5j\n\taXNjbzESMBAGA1UECgwJU25vd2ZsYWtlMRIwEAYDVQQDDAlTbm93Zmxha2UwggEi\n\tMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrlsZAAOrljWC1eeAZb9rSGmRi\n\tHEozww9sb1/d2aQhi1j+RV+e1tuSiZ1fMTmtE/r67R2ryx8cStiqM88SM/M0UtWf\n\tjPzQNnQ/zuOu1wvRcVAQmyIIaDQU1V+OVv5vz9G0MNdHUeerRfVuse0i1IlyDtX/\n\tsV9lcgU4fIsdwyg0+tyvG8QA8R8mCajy2UDcQS/qh0NB/WGa08tmbedMO5FQ7Obz\n\tcBnksmyuq+l4AdbC5nDfK7BSo6CVPQBYLrmsTPKhU+ET50X4IN+nd3NmGlQH8kXo\n\tOjU39Udf31fXBDuVC7dfL2uBHAkn9bUV5LwF2bKMeNMRQOrCydgy7jvsO+HrAgMB\n\tAAGjUzBRMB0GA1UdDgQWBBT9mt6mehFcEHTTEQcTru4ync3T6DAfBgNVHSMEGDAW\n\tgBT9mt" + - "6mehFcEHTTEQcTru4ync3T6DAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3\n\tDQEBCwUAA4IBAQB177MgJXJAHXbaJ0/KVhWnDDNuZYG+OwzrGaVXiOhXShfxzENc\n\tcqsQB4DR7GEIrEicL2xQ23Kg3j7zASmo7T56CZiJ97jIiHDNrhGoAaW+aMhbp6wx\n\tWYxLNx9pbaPIORAJ1KEC3hvE4strHJPlQddCYSsXDhIOUTUd71JvR26DHiYQ82TO\n\t3wpXHhYdWYZbMjrDDAz0PwdTXyFBuTZxdlTFTxX2lXAE33OsdAFt+oi7JTQh248k\n\t0+lmQdhQrSrzhM3WwwuYTEKQVoa2xvWajgqbo7iu2iadWkrxUx/5bjFc5kXej6j7\n\tPhfG6C4ddUpAISJhmEViuXq4nVxe0Vk3Efo2\n\t", Default: ""}) + assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "SAML2_X509_CERT", Type: "String", Value: cert, Default: ""}) assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "SAML2_PROVIDER", Type: "String", Value: d.provider, Default: ""}) assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "SAML2_ENABLE_SP_INITIATED", Type: "Boolean", Value: d.enableSPInitiated, Default: "false"}) assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "SAML2_SP_INITIATED_LOGIN_PAGE_LABEL", Type: "String", Value: d.spInitiatedLoginPageLabel, Default: ""}) @@ -206,6 +210,11 @@ func TestInt_SecurityIntegrations(t *testing.T) { setRequest := sdk.NewAlterSaml2SecurityIntegrationRequest(id). WithSet( sdk.NewSaml2IntegrationSetRequest(). + WithEnabled(sdk.Pointer(true)). + WithSaml2Issuer(sdk.Pointer("issuer")). + WithSaml2SsoUrl(sdk.Pointer("http://example.com")). + WithSaml2Provider(sdk.Pointer("OKTA")). + WithSaml2X509Cert(sdk.Pointer(cert)). WithComment(sdk.Pointer("a")). WithSaml2EnableSpInitiated(sdk.Pointer(true)). WithSaml2ForceAuthn(sdk.Pointer(true)). @@ -215,6 +224,7 @@ func TestInt_SecurityIntegrations(t *testing.T) { WithSaml2SnowflakeAcsUrl(&acsURL). WithSaml2SnowflakeIssuerUrl(&issuerURL). WithSaml2SpInitiatedLoginPageLabel(sdk.Pointer("label")). + // WithSaml2SnowflakeX509Cert(sdk.Pointer(cert)). WithAllowedEmailPatterns([]sdk.EmailPattern{{Pattern: "^(.+dev)@example.com$"}}). WithAllowedUserDomains([]sdk.UserDomain{{Domain: "example.com"}}), ) @@ -225,11 +235,11 @@ func TestInt_SecurityIntegrations(t *testing.T) { require.NoError(t, err) assertSAML2Describe(details, saml2details{ - provider: "Custom", + provider: "OKTA", enableSPInitiated: "true", spInitiatedLoginPageLabel: "label", - ssoURL: "https://example.com", - issuer: "test", + ssoURL: "http://example.com", + issuer: "issuer", requestedNameIDFormat: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", forceAuthn: "true", postLogoutRedirectUrl: "http://example.com/logout", From c881bd255bc588a395f0925e3a289e62c9b7c743 Mon Sep 17 00:00:00 2001 From: Jakub Michalak Date: Thu, 16 May 2024 16:01:07 +0200 Subject: [PATCH 09/14] Improve tests --- pkg/sdk/security_integrations_def.go | 4 +- pkg/sdk/security_integrations_gen.go | 4 +- pkg/sdk/security_integrations_gen_test.go | 8 ++-- ...urity_integrations_gen_integration_test.go | 45 ++++++++++++++----- 4 files changed, 42 insertions(+), 19 deletions(-) diff --git a/pkg/sdk/security_integrations_def.go b/pkg/sdk/security_integrations_def.go index f378d7dd9e..26c4a87c4e 100644 --- a/pkg/sdk/security_integrations_def.go +++ b/pkg/sdk/security_integrations_def.go @@ -155,7 +155,7 @@ var SecurityIntegrationsDef = g.NewInterface( return qs.OptionalQueryStructField( "Set", saml2IntegrationSetDef, - g.KeywordOptions().SQL("SET"), + g.ListOptions().NoParentheses().SQL("SET"), ).OptionalQueryStructField( "Unset", saml2IntegrationUnsetDef, @@ -171,7 +171,7 @@ var SecurityIntegrationsDef = g.NewInterface( return qs.OptionalQueryStructField( "Set", scimIntegrationSetDef, - g.KeywordOptions().SQL("SET"), + g.ListOptions().NoParentheses().SQL("SET"), ).OptionalQueryStructField( "Unset", scimIntegrationUnsetDef, diff --git a/pkg/sdk/security_integrations_gen.go b/pkg/sdk/security_integrations_gen.go index 93173ae6cf..df86babe53 100644 --- a/pkg/sdk/security_integrations_gen.go +++ b/pkg/sdk/security_integrations_gen.go @@ -76,7 +76,7 @@ type AlterSaml2SecurityIntegrationOptions struct { name AccountObjectIdentifier `ddl:"identifier"` SetTags []TagAssociation `ddl:"keyword" sql:"SET TAG"` UnsetTags []ObjectIdentifier `ddl:"keyword" sql:"UNSET TAG"` - Set *Saml2IntegrationSet `ddl:"keyword" sql:"SET"` + Set *Saml2IntegrationSet `ddl:"list,no_parentheses" sql:"SET"` Unset *Saml2IntegrationUnset `ddl:"list,no_parentheses" sql:"UNSET"` RefreshSaml2SnowflakePrivateKey *bool `ddl:"keyword" sql:"REFRESH SAML2_SNOWFLAKE_PRIVATE_KEY"` } @@ -117,7 +117,7 @@ type AlterScimSecurityIntegrationOptions struct { name AccountObjectIdentifier `ddl:"identifier"` SetTags []TagAssociation `ddl:"keyword" sql:"SET TAG"` UnsetTags []ObjectIdentifier `ddl:"keyword" sql:"UNSET TAG"` - Set *ScimIntegrationSet `ddl:"keyword" sql:"SET"` + Set *ScimIntegrationSet `ddl:"list,no_parentheses" sql:"SET"` Unset *ScimIntegrationUnset `ddl:"list,no_parentheses" sql:"UNSET"` } diff --git a/pkg/sdk/security_integrations_gen_test.go b/pkg/sdk/security_integrations_gen_test.go index 7fda6b182d..d3871947a8 100644 --- a/pkg/sdk/security_integrations_gen_test.go +++ b/pkg/sdk/security_integrations_gen_test.go @@ -175,9 +175,9 @@ func TestSecurityIntegrations_AlterSaml2(t *testing.T) { Saml2SnowflakeAcsUrl: Pointer("acs"), Comment: Pointer("a"), } - assertOptsValidAndSQLEquals(t, opts, "ALTER SECURITY INTEGRATION %s SET ENABLED = true SAML2_ISSUER = 'issuer' SAML2_SSO_URL = 'url' SAML2_PROVIDER = 'provider' SAML2_X509_CERT = 'cert'"+ - " ALLOWED_USER_DOMAINS = ('domain') ALLOWED_EMAIL_PATTERNS = ('pattern') SAML2_SP_INITIATED_LOGIN_PAGE_LABEL = 'label' SAML2_ENABLE_SP_INITIATED = true SAML2_SNOWFLAKE_X509_CERT = 'cert' SAML2_SIGN_REQUEST = true"+ - " SAML2_REQUESTED_NAMEID_FORMAT = 'format' SAML2_POST_LOGOUT_REDIRECT_URL = 'redirect' SAML2_FORCE_AUTHN = true SAML2_SNOWFLAKE_ISSUER_URL = 'issuer' SAML2_SNOWFLAKE_ACS_URL = 'acs'"+ + assertOptsValidAndSQLEquals(t, opts, "ALTER SECURITY INTEGRATION %s SET ENABLED = true, SAML2_ISSUER = 'issuer', SAML2_SSO_URL = 'url', SAML2_PROVIDER = 'provider', SAML2_X509_CERT = 'cert',"+ + " ALLOWED_USER_DOMAINS = ('domain'), ALLOWED_EMAIL_PATTERNS = ('pattern'), SAML2_SP_INITIATED_LOGIN_PAGE_LABEL = 'label', SAML2_ENABLE_SP_INITIATED = true, SAML2_SNOWFLAKE_X509_CERT = 'cert', SAML2_SIGN_REQUEST = true,"+ + " SAML2_REQUESTED_NAMEID_FORMAT = 'format', SAML2_POST_LOGOUT_REDIRECT_URL = 'redirect', SAML2_FORCE_AUTHN = true, SAML2_SNOWFLAKE_ISSUER_URL = 'issuer', SAML2_SNOWFLAKE_ACS_URL = 'acs',"+ " COMMENT = 'a'", id.FullyQualifiedName()) }) @@ -281,7 +281,7 @@ func TestSecurityIntegrations_AlterScim(t *testing.T) { SyncPassword: Pointer(true), Comment: Pointer("test"), } - assertOptsValidAndSQLEquals(t, opts, "ALTER SECURITY INTEGRATION %s SET ENABLED = true NETWORK_POLICY = %s SYNC_PASSWORD = true COMMENT = 'test'", + assertOptsValidAndSQLEquals(t, opts, "ALTER SECURITY INTEGRATION %s SET ENABLED = true, NETWORK_POLICY = %s, SYNC_PASSWORD = true, COMMENT = 'test'", id.FullyQualifiedName(), networkPolicyID.FullyQualifiedName()) }) diff --git a/pkg/sdk/testint/security_integrations_gen_integration_test.go b/pkg/sdk/testint/security_integrations_gen_integration_test.go index c20a905db0..dc8e2153b1 100644 --- a/pkg/sdk/testint/security_integrations_gen_integration_test.go +++ b/pkg/sdk/testint/security_integrations_gen_integration_test.go @@ -59,12 +59,12 @@ func TestInt_SecurityIntegrations(t *testing.T) { cert := strings.TrimPrefix(certPEM.String(), "-----BEGIN CERTIFICATE-----\n") cert = strings.TrimSuffix(cert, "-----END CERTIFICATE-----\n") - createSAML2Integration := func(t *testing.T, siID sdk.AccountObjectIdentifier, with func(*sdk.CreateSaml2SecurityIntegrationRequest)) { + createSAML2Integration := func(t *testing.T, siID sdk.AccountObjectIdentifier, issuer string, with func(*sdk.CreateSaml2SecurityIntegrationRequest)) { t.Helper() _, err := client.ExecForTests(ctx, "ALTER ACCOUNT SET ENABLE_IDENTIFIER_FIRST_LOGIN = true") require.NoError(t, err) - saml2Req := sdk.NewCreateSaml2SecurityIntegrationRequest(siID, false, "test", "https://example.com", "Custom", cert) + saml2Req := sdk.NewCreateSaml2SecurityIntegrationRequest(siID, false, issuer, "https://example.com", "Custom", cert) if with != nil { with(saml2Req) } @@ -73,9 +73,9 @@ func TestInt_SecurityIntegrations(t *testing.T) { cleanupSecurityIntegration(t, siID) } - createSCIMIntegration := func(t *testing.T, siID sdk.AccountObjectIdentifier, with func(*sdk.CreateScimSecurityIntegrationRequest)) { + createSCIMIntegration := func(t *testing.T, siID sdk.AccountObjectIdentifier, with func(*sdk.CreateScimSecurityIntegrationRequest)) *sdk.SecurityIntegration { t.Helper() - role, roleCleanup := testClientHelper().Role.CreateRoleWithName(t, "GENERIC_SCIM_PROVISIONER") + role, roleCleanup := testClientHelper().Role.CreateRoleWithRequest(t, sdk.NewCreateRoleRequest(sdk.NewAccountObjectIdentifier("GENERIC_SCIM_PROVISIONER")).WithOrReplace(true)) t.Cleanup(roleCleanup) testClientHelper().Role.GrantRoleToCurrentRole(t, role.ID()) @@ -86,6 +86,10 @@ func TestInt_SecurityIntegrations(t *testing.T) { err = client.SecurityIntegrations.CreateScim(ctx, scimReq) require.NoError(t, err) cleanupSecurityIntegration(t, siID) + integration, err := client.SecurityIntegrations.ShowByID(ctx, siID) + require.NoError(t, err) + + return integration } assertSecurityIntegration := func(t *testing.T, si *sdk.SecurityIntegration, id sdk.AccountObjectIdentifier, siType string, enabled bool, comment string) { @@ -144,7 +148,9 @@ func TestInt_SecurityIntegrations(t *testing.T) { t.Run("CreateSaml2", func(t *testing.T) { id := testClientHelper().Ids.RandomAccountObjectIdentifier() - createSAML2Integration(t, id, func(r *sdk.CreateSaml2SecurityIntegrationRequest) { + issuer := testClientHelper().Ids.Alpha() + + createSAML2Integration(t, id, issuer, func(r *sdk.CreateSaml2SecurityIntegrationRequest) { r.WithAllowedEmailPatterns([]sdk.EmailPattern{{Pattern: "^(.+dev)@example.com$"}}). WithAllowedUserDomains([]sdk.UserDomain{{Domain: "example.com"}}). WithComment(sdk.Pointer("a")). @@ -166,7 +172,7 @@ func TestInt_SecurityIntegrations(t *testing.T) { enableSPInitiated: "true", spInitiatedLoginPageLabel: "label", ssoURL: "https://example.com", - issuer: "test", + issuer: issuer, requestedNameIDFormat: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", forceAuthn: "true", postLogoutRedirectUrl: "http://example.com/logout", @@ -205,13 +211,14 @@ func TestInt_SecurityIntegrations(t *testing.T) { t.Run("AlterSAML2Integration", func(t *testing.T) { id := testClientHelper().Ids.RandomAccountObjectIdentifier() - createSAML2Integration(t, id, nil) + issuer := testClientHelper().Ids.Alpha() + createSAML2Integration(t, id, issuer, nil) setRequest := sdk.NewAlterSaml2SecurityIntegrationRequest(id). WithSet( sdk.NewSaml2IntegrationSetRequest(). WithEnabled(sdk.Pointer(true)). - WithSaml2Issuer(sdk.Pointer("issuer")). + WithSaml2Issuer(sdk.Pointer(issuer)). WithSaml2SsoUrl(sdk.Pointer("http://example.com")). WithSaml2Provider(sdk.Pointer("OKTA")). WithSaml2X509Cert(sdk.Pointer(cert)). @@ -239,7 +246,7 @@ func TestInt_SecurityIntegrations(t *testing.T) { enableSPInitiated: "true", spInitiatedLoginPageLabel: "label", ssoURL: "http://example.com", - issuer: "issuer", + issuer: issuer, requestedNameIDFormat: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", forceAuthn: "true", postLogoutRedirectUrl: "http://example.com/logout", @@ -270,7 +277,8 @@ func TestInt_SecurityIntegrations(t *testing.T) { t.Run("AlterSAML2Integration - REFRESH SAML2_SNOWFLAKE_PRIVATE_KEY", func(t *testing.T) { id := testClientHelper().Ids.RandomAccountObjectIdentifier() - createSAML2Integration(t, id, nil) + issuer := testClientHelper().Ids.Alpha() + createSAML2Integration(t, id, issuer, nil) setRequest := sdk.NewAlterSaml2SecurityIntegrationRequest(id).WithRefreshSaml2SnowflakePrivateKey(sdk.Pointer(true)) err := client.SecurityIntegrations.AlterSaml2(ctx, setRequest) @@ -282,7 +290,8 @@ func TestInt_SecurityIntegrations(t *testing.T) { t.Cleanup(tagCleanup) id := testClientHelper().Ids.RandomAccountObjectIdentifier() - createSAML2Integration(t, id, nil) + issuer := testClientHelper().Ids.Alpha() + createSAML2Integration(t, id, issuer, nil) tagValue := "abc" tags := []sdk.TagAssociation{ @@ -428,4 +437,18 @@ func TestInt_SecurityIntegrations(t *testing.T) { require.NoError(t, err) assertSecurityIntegration(t, si, id, "SCIM - GENERIC", false, "") }) + + t.Run("Show", func(t *testing.T) { + id := testClientHelper().Ids.RandomAccountObjectIdentifier() + si1 := createSCIMIntegration(t, id, nil) + id2 := testClientHelper().Ids.RandomAccountObjectIdentifier() + si2 := createSCIMIntegration(t, id2, nil) + + returnedIntegrations, err := client.SecurityIntegrations.Show(ctx, sdk.NewShowSecurityIntegrationRequest().WithLike(&sdk.Like{ + Pattern: sdk.Pointer(id.Name()), + })) + require.NoError(t, err) + assert.Contains(t, returnedIntegrations, *si1) + assert.NotContains(t, returnedIntegrations, *si2) + }) } From 834dabdb5d151c9073b0c2b6dcdfe33c6d5b0dd7 Mon Sep 17 00:00:00 2001 From: Jakub Michalak Date: Mon, 20 May 2024 10:22:18 +0200 Subject: [PATCH 10/14] Remove scim2 enabled --- pkg/sdk/security_integrations_def.go | 3 +-- pkg/sdk/security_integrations_dto_builders_gen.go | 5 ----- pkg/sdk/security_integrations_dto_gen.go | 1 - pkg/sdk/security_integrations_gen.go | 1 - pkg/sdk/security_integrations_gen_test.go | 5 ++--- pkg/sdk/security_integrations_impl_gen.go | 1 - pkg/sdk/security_integrations_validations_gen.go | 4 ++-- .../testint/security_integrations_gen_integration_test.go | 8 ++++++-- 8 files changed, 11 insertions(+), 17 deletions(-) diff --git a/pkg/sdk/security_integrations_def.go b/pkg/sdk/security_integrations_def.go index 26c4a87c4e..d2b5e47e90 100644 --- a/pkg/sdk/security_integrations_def.go +++ b/pkg/sdk/security_integrations_def.go @@ -75,12 +75,11 @@ var saml2IntegrationSetDef = g.NewQueryStruct("Saml2IntegrationSet"). "Saml2ForceAuthn", "Saml2SnowflakeIssuerUrl", "Saml2SnowflakeAcsUrl", "Comment") var saml2IntegrationUnsetDef = g.NewQueryStruct("Saml2IntegrationUnset"). - OptionalSQL("ENABLED"). OptionalSQL("SAML2_FORCE_AUTHN"). OptionalSQL("SAML2_REQUESTED_NAMEID_FORMAT"). OptionalSQL("SAML2_POST_LOGOUT_REDIRECT_URL"). OptionalSQL("COMMENT"). - WithValidation(g.AtLeastOneValueSet, "Enabled", "Saml2ForceAuthn", "Saml2RequestedNameidFormat", "Saml2PostLogoutRedirectUrl", "Comment") + WithValidation(g.AtLeastOneValueSet, "Saml2ForceAuthn", "Saml2RequestedNameidFormat", "Saml2PostLogoutRedirectUrl", "Comment") var scimIntegrationSetDef = g.NewQueryStruct("ScimIntegrationSet"). OptionalBooleanAssignment("ENABLED", g.ParameterOptions()). diff --git a/pkg/sdk/security_integrations_dto_builders_gen.go b/pkg/sdk/security_integrations_dto_builders_gen.go index 3c292b1ff2..d2a70ed326 100644 --- a/pkg/sdk/security_integrations_dto_builders_gen.go +++ b/pkg/sdk/security_integrations_dto_builders_gen.go @@ -262,11 +262,6 @@ func NewSaml2IntegrationUnsetRequest() *Saml2IntegrationUnsetRequest { return &Saml2IntegrationUnsetRequest{} } -func (s *Saml2IntegrationUnsetRequest) WithEnabled(Enabled *bool) *Saml2IntegrationUnsetRequest { - s.Enabled = Enabled - return s -} - func (s *Saml2IntegrationUnsetRequest) WithSaml2ForceAuthn(Saml2ForceAuthn *bool) *Saml2IntegrationUnsetRequest { s.Saml2ForceAuthn = Saml2ForceAuthn return s diff --git a/pkg/sdk/security_integrations_dto_gen.go b/pkg/sdk/security_integrations_dto_gen.go index a2aa4761fc..41019279fc 100644 --- a/pkg/sdk/security_integrations_dto_gen.go +++ b/pkg/sdk/security_integrations_dto_gen.go @@ -86,7 +86,6 @@ type Saml2IntegrationSetRequest struct { } type Saml2IntegrationUnsetRequest struct { - Enabled *bool Saml2ForceAuthn *bool Saml2RequestedNameidFormat *bool Saml2PostLogoutRedirectUrl *bool diff --git a/pkg/sdk/security_integrations_gen.go b/pkg/sdk/security_integrations_gen.go index df86babe53..6c32053016 100644 --- a/pkg/sdk/security_integrations_gen.go +++ b/pkg/sdk/security_integrations_gen.go @@ -102,7 +102,6 @@ type Saml2IntegrationSet struct { } type Saml2IntegrationUnset struct { - Enabled *bool `ddl:"keyword" sql:"ENABLED"` Saml2ForceAuthn *bool `ddl:"keyword" sql:"SAML2_FORCE_AUTHN"` Saml2RequestedNameidFormat *bool `ddl:"keyword" sql:"SAML2_REQUESTED_NAMEID_FORMAT"` Saml2PostLogoutRedirectUrl *bool `ddl:"keyword" sql:"SAML2_POST_LOGOUT_REDIRECT_URL"` diff --git a/pkg/sdk/security_integrations_gen_test.go b/pkg/sdk/security_integrations_gen_test.go index d3871947a8..6f0d835cef 100644 --- a/pkg/sdk/security_integrations_gen_test.go +++ b/pkg/sdk/security_integrations_gen_test.go @@ -144,7 +144,7 @@ func TestSecurityIntegrations_AlterSaml2(t *testing.T) { opts := defaultOpts() opts.Unset = &Saml2IntegrationUnset{} assertOptsInvalidJoinedErrors(t, opts, errAtLeastOneOf("AlterSaml2SecurityIntegrationOptions.Unset", - "Enabled", "Saml2ForceAuthn", "Saml2RequestedNameidFormat", "Saml2PostLogoutRedirectUrl", "Comment")) + "Saml2ForceAuthn", "Saml2RequestedNameidFormat", "Saml2PostLogoutRedirectUrl", "Comment")) }) t.Run("validation: exactly one of the fields [opts.*] should be set", func(t *testing.T) { @@ -184,13 +184,12 @@ func TestSecurityIntegrations_AlterSaml2(t *testing.T) { t.Run("all options - unset", func(t *testing.T) { opts := defaultOpts() opts.Unset = &Saml2IntegrationUnset{ - Enabled: Pointer(true), Saml2ForceAuthn: Pointer(true), Saml2RequestedNameidFormat: Pointer(true), Saml2PostLogoutRedirectUrl: Pointer(true), Comment: Pointer(true), } - assertOptsValidAndSQLEquals(t, opts, "ALTER SECURITY INTEGRATION %s UNSET ENABLED, SAML2_FORCE_AUTHN, SAML2_REQUESTED_NAMEID_FORMAT, SAML2_POST_LOGOUT_REDIRECT_URL, COMMENT", id.FullyQualifiedName()) + assertOptsValidAndSQLEquals(t, opts, "ALTER SECURITY INTEGRATION %s UNSET SAML2_FORCE_AUTHN, SAML2_REQUESTED_NAMEID_FORMAT, SAML2_POST_LOGOUT_REDIRECT_URL, COMMENT", id.FullyQualifiedName()) }) t.Run("refresh SAML2_SNOWFLAKE_PRIVATE_KEY", func(t *testing.T) { diff --git a/pkg/sdk/security_integrations_impl_gen.go b/pkg/sdk/security_integrations_impl_gen.go index fc2181043a..479af50878 100644 --- a/pkg/sdk/security_integrations_impl_gen.go +++ b/pkg/sdk/security_integrations_impl_gen.go @@ -141,7 +141,6 @@ func (r *AlterSaml2SecurityIntegrationRequest) toOpts() *AlterSaml2SecurityInteg } if r.Unset != nil { opts.Unset = &Saml2IntegrationUnset{ - Enabled: r.Unset.Enabled, Saml2ForceAuthn: r.Unset.Saml2ForceAuthn, Saml2RequestedNameidFormat: r.Unset.Saml2RequestedNameidFormat, Saml2PostLogoutRedirectUrl: r.Unset.Saml2PostLogoutRedirectUrl, diff --git a/pkg/sdk/security_integrations_validations_gen.go b/pkg/sdk/security_integrations_validations_gen.go index cc1cb5668a..c3330209b6 100644 --- a/pkg/sdk/security_integrations_validations_gen.go +++ b/pkg/sdk/security_integrations_validations_gen.go @@ -55,8 +55,8 @@ func (opts *AlterSaml2SecurityIntegrationOptions) validate() error { } } if valueSet(opts.Unset) { - if !anyValueSet(opts.Unset.Enabled, opts.Unset.Saml2ForceAuthn, opts.Unset.Saml2RequestedNameidFormat, opts.Unset.Saml2PostLogoutRedirectUrl, opts.Unset.Comment) { - errs = append(errs, errAtLeastOneOf("AlterSaml2SecurityIntegrationOptions.Unset", "Enabled", "Saml2ForceAuthn", "Saml2RequestedNameidFormat", "Saml2PostLogoutRedirectUrl", "Comment")) + if !anyValueSet(opts.Unset.Saml2ForceAuthn, opts.Unset.Saml2RequestedNameidFormat, opts.Unset.Saml2PostLogoutRedirectUrl, opts.Unset.Comment) { + errs = append(errs, errAtLeastOneOf("AlterSaml2SecurityIntegrationOptions.Unset", "Saml2ForceAuthn", "Saml2RequestedNameidFormat", "Saml2PostLogoutRedirectUrl", "Comment")) } } return JoinErrors(errs...) diff --git a/pkg/sdk/testint/security_integrations_gen_integration_test.go b/pkg/sdk/testint/security_integrations_gen_integration_test.go index dc8e2153b1..bfc96e21d9 100644 --- a/pkg/sdk/testint/security_integrations_gen_integration_test.go +++ b/pkg/sdk/testint/security_integrations_gen_integration_test.go @@ -162,6 +162,7 @@ func TestInt_SecurityIntegrations(t *testing.T) { WithSaml2SnowflakeAcsUrl(&acsURL). WithSaml2SnowflakeIssuerUrl(&issuerURL). WithSaml2SpInitiatedLoginPageLabel(sdk.Pointer("label")) + // TODO: fix after format clarification // WithSaml2SnowflakeX509Cert(sdk.Pointer(x509)) }) details, err := client.SecurityIntegrations.Describe(ctx, id) @@ -231,9 +232,10 @@ func TestInt_SecurityIntegrations(t *testing.T) { WithSaml2SnowflakeAcsUrl(&acsURL). WithSaml2SnowflakeIssuerUrl(&issuerURL). WithSaml2SpInitiatedLoginPageLabel(sdk.Pointer("label")). - // WithSaml2SnowflakeX509Cert(sdk.Pointer(cert)). WithAllowedEmailPatterns([]sdk.EmailPattern{{Pattern: "^(.+dev)@example.com$"}}). WithAllowedUserDomains([]sdk.UserDomain{{Domain: "example.com"}}), + // TODO: fix after format clarification + // WithSaml2SnowflakeX509Cert(sdk.Pointer(cert)). ) err := client.SecurityIntegrations.AlterSaml2(ctx, setRequest) require.NoError(t, err) @@ -263,7 +265,8 @@ func TestInt_SecurityIntegrations(t *testing.T) { sdk.NewSaml2IntegrationUnsetRequest(). WithSaml2ForceAuthn(sdk.Pointer(true)). WithSaml2RequestedNameidFormat(sdk.Pointer(true)). - WithSaml2PostLogoutRedirectUrl(sdk.Pointer(true)), + WithSaml2PostLogoutRedirectUrl(sdk.Pointer(true)). + WithComment(sdk.Pointer(true)), ) err = client.SecurityIntegrations.AlterSaml2(ctx, unsetRequest) require.NoError(t, err) @@ -273,6 +276,7 @@ func TestInt_SecurityIntegrations(t *testing.T) { assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "SAML2_FORCE_AUTHN", Type: "Boolean", Value: "false", Default: "false"}) assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "SAML2_REQUESTED_NAMEID_FORMAT", Type: "String", Value: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", Default: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"}) assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "SAML2_POST_LOGOUT_REDIRECT_URL", Type: "String", Value: "", Default: ""}) + assert.Contains(t, details, sdk.SecurityIntegrationProperty{Name: "COMMENT", Type: "String", Value: "", Default: ""}) }) t.Run("AlterSAML2Integration - REFRESH SAML2_SNOWFLAKE_PRIVATE_KEY", func(t *testing.T) { From f9c9d3ca33284c53717348b502eaff5d96e8ca20 Mon Sep 17 00:00:00 2001 From: Jakub Michalak Date: Mon, 20 May 2024 11:28:08 +0200 Subject: [PATCH 11/14] Improve certs generation in tests --- .../helpers/security_integration_client.go | 25 +----------- ...urity_integrations_gen_integration_test.go | 40 ++----------------- 2 files changed, 5 insertions(+), 60 deletions(-) diff --git a/pkg/acceptance/helpers/security_integration_client.go b/pkg/acceptance/helpers/security_integration_client.go index 38c4f71c3a..d86a098a5e 100644 --- a/pkg/acceptance/helpers/security_integration_client.go +++ b/pkg/acceptance/helpers/security_integration_client.go @@ -4,6 +4,7 @@ import ( "context" "testing" + "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance/helpers/random" "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk" "github.com/stretchr/testify/require" ) @@ -26,29 +27,7 @@ func (c *SecurityIntegrationClient) client() sdk.SecurityIntegrations { func (c *SecurityIntegrationClient) CreateSaml2(t *testing.T, id sdk.AccountObjectIdentifier) (*sdk.SecurityIntegration, func()) { t.Helper() - // generated by `openssl req -x509 -new -newkey rsa:2048 -nodes -subj '/C=US/ST=California/L=San Francisco/O=Snowflake/CN=Snowflake' -out x509_key.pem -days 36500` - x509 := `MIIDpzCCAo+gAwIBAgIUfg15OPhCN6lOivWEUoprAY27/5EwDQYJKoZIhvcNAQEL - BQAwYjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM - DVNhbiBGcmFuY2lzY28xEjAQBgNVBAoMCVNub3dmbGFrZTESMBAGA1UEAwwJU25v - d2ZsYWtlMCAXDTI0MDUxMzA5MDM0NFoYDzIxMjQwNDE5MDkwMzQ0WjBiMQswCQYD - VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5j - aXNjbzESMBAGA1UECgwJU25vd2ZsYWtlMRIwEAYDVQQDDAlTbm93Zmxha2UwggEi - MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrlsZAAOrljWC1eeAZb9rSGmRi - HEozww9sb1/d2aQhi1j+RV+e1tuSiZ1fMTmtE/r67R2ryx8cStiqM88SM/M0UtWf - jPzQNnQ/zuOu1wvRcVAQmyIIaDQU1V+OVv5vz9G0MNdHUeerRfVuse0i1IlyDtX/ - sV9lcgU4fIsdwyg0+tyvG8QA8R8mCajy2UDcQS/qh0NB/WGa08tmbedMO5FQ7Obz - cBnksmyuq+l4AdbC5nDfK7BSo6CVPQBYLrmsTPKhU+ET50X4IN+nd3NmGlQH8kXo - OjU39Udf31fXBDuVC7dfL2uBHAkn9bUV5LwF2bKMeNMRQOrCydgy7jvsO+HrAgMB - AAGjUzBRMB0GA1UdDgQWBBT9mt6mehFcEHTTEQcTru4ync3T6DAfBgNVHSMEGDAW - gBT9mt6mehFcEHTTEQcTru4ync3T6DAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3 - DQEBCwUAA4IBAQB177MgJXJAHXbaJ0/KVhWnDDNuZYG+OwzrGaVXiOhXShfxzENc - cqsQB4DR7GEIrEicL2xQ23Kg3j7zASmo7T56CZiJ97jIiHDNrhGoAaW+aMhbp6wx - WYxLNx9pbaPIORAJ1KEC3hvE4strHJPlQddCYSsXDhIOUTUd71JvR26DHiYQ82TO - 3wpXHhYdWYZbMjrDDAz0PwdTXyFBuTZxdlTFTxX2lXAE33OsdAFt+oi7JTQh248k - 0+lmQdhQrSrzhM3WwwuYTEKQVoa2xvWajgqbo7iu2iadWkrxUx/5bjFc5kXej6j7 - PhfG6C4ddUpAISJhmEViuXq4nVxe0Vk3Efo2 - ` - return c.CreateSaml2WithRequest(t, sdk.NewCreateSaml2SecurityIntegrationRequest(id, false, "test", "https://example.com", "Custom", x509)) + return c.CreateSaml2WithRequest(t, sdk.NewCreateSaml2SecurityIntegrationRequest(id, false, c.ids.RandomSchemaObjectIdentifier().Name(), "https://example.com", "Custom", random.GenerateX509(t))) } func (c *SecurityIntegrationClient) CreateSaml2WithRequest(t *testing.T, request *sdk.CreateSaml2SecurityIntegrationRequest) (*sdk.SecurityIntegration, func()) { diff --git a/pkg/sdk/testint/security_integrations_gen_integration_test.go b/pkg/sdk/testint/security_integrations_gen_integration_test.go index bfc96e21d9..1f0d27663e 100644 --- a/pkg/sdk/testint/security_integrations_gen_integration_test.go +++ b/pkg/sdk/testint/security_integrations_gen_integration_test.go @@ -1,18 +1,10 @@ package testint import ( - "bytes" - "crypto/rand" - "crypto/rsa" - "crypto/x509" - "crypto/x509/pkix" - "encoding/pem" "fmt" - "math/big" - "strings" "testing" - "time" + "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance/helpers/random" "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -32,33 +24,7 @@ func TestInt_SecurityIntegrations(t *testing.T) { assert.NoError(t, err) }) } - - ca := &x509.Certificate{ - SerialNumber: big.NewInt(1658), - Subject: pkix.Name{ - Organization: []string{"Company, INC."}, - }, - NotAfter: time.Now().AddDate(10, 0, 0), - ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, - KeyUsage: x509.KeyUsageDigitalSignature, - } - - caPrivKey, err := rsa.GenerateKey(rand.Reader, 2048) - require.NoError(t, err) - - caBytes, err := x509.CreateCertificate(rand.Reader, ca, ca, &caPrivKey.PublicKey, caPrivKey) - require.NoError(t, err) - - certPEM := new(bytes.Buffer) - err = pem.Encode(certPEM, &pem.Block{ - Type: "CERTIFICATE", - Bytes: caBytes, - }) - require.NoError(t, err) - - cert := strings.TrimPrefix(certPEM.String(), "-----BEGIN CERTIFICATE-----\n") - cert = strings.TrimSuffix(cert, "-----END CERTIFICATE-----\n") - + cert := random.GenerateX509(t) createSAML2Integration := func(t *testing.T, siID sdk.AccountObjectIdentifier, issuer string, with func(*sdk.CreateSaml2SecurityIntegrationRequest)) { t.Helper() _, err := client.ExecForTests(ctx, "ALTER ACCOUNT SET ENABLE_IDENTIFIER_FIRST_LOGIN = true") @@ -83,7 +49,7 @@ func TestInt_SecurityIntegrations(t *testing.T) { if with != nil { with(scimReq) } - err = client.SecurityIntegrations.CreateScim(ctx, scimReq) + err := client.SecurityIntegrations.CreateScim(ctx, scimReq) require.NoError(t, err) cleanupSecurityIntegration(t, siID) integration, err := client.SecurityIntegrations.ShowByID(ctx, siID) From c5eede3d487c8fa080f45f47a27db7eefdf64c4b Mon Sep 17 00:00:00 2001 From: Jakub Michalak Date: Mon, 20 May 2024 11:32:31 +0200 Subject: [PATCH 12/14] Fix tests --- pkg/acceptance/helpers/random/certs.go | 47 ++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 pkg/acceptance/helpers/random/certs.go diff --git a/pkg/acceptance/helpers/random/certs.go b/pkg/acceptance/helpers/random/certs.go new file mode 100644 index 0000000000..aa23b530b4 --- /dev/null +++ b/pkg/acceptance/helpers/random/certs.go @@ -0,0 +1,47 @@ +package random + +import ( + "bytes" + "crypto/rand" + "crypto/rsa" + "crypto/x509" + "crypto/x509/pkix" + "encoding/pem" + "math/big" + "strings" + "testing" + "time" + + "github.com/stretchr/testify/require" +) + +// Generate X509 returns base64 encoded certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers. +func GenerateX509(t *testing.T) string { + t.Helper() + ca := &x509.Certificate{ + SerialNumber: big.NewInt(1658), + Subject: pkix.Name{ + Organization: []string{"Company, INC."}, + }, + NotAfter: time.Now().AddDate(10, 0, 0), + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, + KeyUsage: x509.KeyUsageDigitalSignature, + } + + caPrivKey, err := rsa.GenerateKey(rand.Reader, 2048) + require.NoError(t, err) + + caBytes, err := x509.CreateCertificate(rand.Reader, ca, ca, &caPrivKey.PublicKey, caPrivKey) + require.NoError(t, err) + + certPEM := new(bytes.Buffer) + err = pem.Encode(certPEM, &pem.Block{ + Type: "CERTIFICATE", + Bytes: caBytes, + }) + require.NoError(t, err) + + cert := strings.TrimPrefix(certPEM.String(), "-----BEGIN CERTIFICATE-----\n") + cert = strings.TrimSuffix(cert, "-----END CERTIFICATE-----\n") + return cert +} From 77fdb8d4adee1b06a0dc44456e88b807c1c8a806 Mon Sep 17 00:00:00 2001 From: Jakub Michalak Date: Mon, 20 May 2024 11:55:34 +0200 Subject: [PATCH 13/14] Restore account param --- pkg/sdk/parameters.go | 9 +++++++++ .../security_integrations_gen_integration_test.go | 8 ++++---- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/pkg/sdk/parameters.go b/pkg/sdk/parameters.go index 385abdb7a7..9944d51f2b 100644 --- a/pkg/sdk/parameters.go +++ b/pkg/sdk/parameters.go @@ -64,6 +64,12 @@ func (parameters *parameters) SetAccountParameter(ctx context.Context, parameter return fmt.Errorf("CLIENT_ENCRYPTION_KEY_SIZE session parameter is an integer, got %v", value) } opts.Set.Parameters.AccountParameters.ClientEncryptionKeySize = Pointer(v) + case AccountParameterEnableIdentifierFirstLogin: + b, err := parseBooleanParameter(string(parameter), value) + if err != nil { + return err + } + opts.Set.Parameters.AccountParameters.EnableIdentifierFirstLogin = b case AccountParameterEnableInternalStagesPrivatelink: b, err := parseBooleanParameter(string(parameter), value) if err != nil { @@ -328,6 +334,7 @@ const ( AccountParameterAllowClientMFACaching AccountParameter = "ALLOW_CLIENT_MFA_CACHING" AccountParameterAllowIDToken AccountParameter = "ALLOW_ID_TOKEN" // #nosec G101 AccountParameterClientEncryptionKeySize AccountParameter = "CLIENT_ENCRYPTION_KEY_SIZE" + AccountParameterEnableIdentifierFirstLogin AccountParameter = "ENABLE_IDENTIFIER_FIRST_LOGIN" AccountParameterEnableInternalStagesPrivatelink AccountParameter = "ENABLE_INTERNAL_STAGES_PRIVATELINK" AccountParameterEnableTriSecretAndRekeyOptOutForImageRepository AccountParameter = "ENABLE_TRI_SECRET_AND_REKEY_OPT_OUT_FOR_IMAGE_REPOSITORY" // #nosec G101 AccountParameterEnableTriSecretAndRekeyOptOutForSpcsBlockStorage AccountParameter = "ENABLE_TRI_SECRET_AND_REKEY_OPT_OUT_FOR_SPCS_BLOCK_STORAGE" // #nosec G101 @@ -524,6 +531,7 @@ type AccountParameters struct { AllowClientMFACaching *bool `ddl:"parameter" sql:"ALLOW_CLIENT_MFA_CACHING"` AllowIDToken *bool `ddl:"parameter" sql:"ALLOW_ID_TOKEN"` ClientEncryptionKeySize *int `ddl:"parameter" sql:"CLIENT_ENCRYPTION_KEY_SIZE"` + EnableIdentifierFirstLogin *bool `ddl:"parameter" sql:"ENABLE_IDENTIFIER_FIRST_LOGIN"` EnableInternalStagesPrivatelink *bool `ddl:"parameter" sql:"ENABLE_INTERNAL_STAGES_PRIVATELINK"` EnableUnredactedQuerySyntaxError *bool `ddl:"parameter" sql:"ENABLE_UNREDACTED_QUERY_SYNTAX_ERROR"` EnableTriSecretAndRekeyOptOutForImageRepository *bool `ddl:"parameter" sql:"ENABLE_TRI_SECRET_AND_REKEY_OPT_OUT_FOR_IMAGE_REPOSITORY"` @@ -567,6 +575,7 @@ type AccountParametersUnset struct { AllowClientMFACaching *bool `ddl:"keyword" sql:"ALLOW_CLIENT_MFA_CACHING"` AllowIDToken *bool `ddl:"keyword" sql:"ALLOW_ID_TOKEN"` ClientEncryptionKeySize *bool `ddl:"keyword" sql:"CLIENT_ENCRYPTION_KEY_SIZE"` + EnableIdentifierFirstLogin *bool `ddl:"keyword" sql:"ENABLE_IDENTIFIER_FIRST_LOGIN"` EnableInternalStagesPrivatelink *bool `ddl:"keyword" sql:"ENABLE_INTERNAL_STAGES_PRIVATELINK"` EnableTriSecretAndRekeyOptOutForImageRepository *bool `ddl:"keyword" sql:"ENABLE_TRI_SECRET_AND_REKEY_OPT_OUT_FOR_IMAGE_REPOSITORY"` EnableTriSecretAndRekeyOptOutForSpcsBlockStorage *bool `ddl:"keyword" sql:"ENABLE_TRI_SECRET_AND_REKEY_OPT_OUT_FOR_SPCS_BLOCK_STORAGE"` diff --git a/pkg/sdk/testint/security_integrations_gen_integration_test.go b/pkg/sdk/testint/security_integrations_gen_integration_test.go index 1f0d27663e..c632d97010 100644 --- a/pkg/sdk/testint/security_integrations_gen_integration_test.go +++ b/pkg/sdk/testint/security_integrations_gen_integration_test.go @@ -16,6 +16,7 @@ func TestInt_SecurityIntegrations(t *testing.T) { acsURL := fmt.Sprintf("https://%s.snowflakecomputing.com/fed/login", testClientHelper().Context.CurrentAccount(t)) issuerURL := fmt.Sprintf("https://%s.snowflakecomputing.com", testClientHelper().Context.CurrentAccount(t)) + cert := random.GenerateX509(t) cleanupSecurityIntegration := func(t *testing.T, id sdk.AccountObjectIdentifier) { t.Helper() @@ -24,17 +25,16 @@ func TestInt_SecurityIntegrations(t *testing.T) { assert.NoError(t, err) }) } - cert := random.GenerateX509(t) createSAML2Integration := func(t *testing.T, siID sdk.AccountObjectIdentifier, issuer string, with func(*sdk.CreateSaml2SecurityIntegrationRequest)) { t.Helper() - _, err := client.ExecForTests(ctx, "ALTER ACCOUNT SET ENABLE_IDENTIFIER_FIRST_LOGIN = true") - require.NoError(t, err) + revertParameter := testClientHelper().Parameter.UpdateAccountParameterTemporarily(t, sdk.AccountParameterEnableIdentifierFirstLogin, "true") + t.Cleanup(revertParameter) saml2Req := sdk.NewCreateSaml2SecurityIntegrationRequest(siID, false, issuer, "https://example.com", "Custom", cert) if with != nil { with(saml2Req) } - err = client.SecurityIntegrations.CreateSaml2(ctx, saml2Req) + err := client.SecurityIntegrations.CreateSaml2(ctx, saml2Req) require.NoError(t, err) cleanupSecurityIntegration(t, siID) } From aa792e2f190f2c874551e8a679acfe1b17654282 Mon Sep 17 00:00:00 2001 From: Jakub Michalak Date: Mon, 20 May 2024 12:44:39 +0200 Subject: [PATCH 14/14] Fix --- pkg/acceptance/helpers/role_client.go | 2 +- .../helpers/security_integration_client.go | 2 +- .../snowflake_predefined_roles.go | 5 ++-- ...urity_integrations_gen_integration_test.go | 30 +++++++++++++++---- 4 files changed, 30 insertions(+), 9 deletions(-) diff --git a/pkg/acceptance/helpers/role_client.go b/pkg/acceptance/helpers/role_client.go index 8ee97b6298..9e36712500 100644 --- a/pkg/acceptance/helpers/role_client.go +++ b/pkg/acceptance/helpers/role_client.go @@ -103,7 +103,7 @@ func (c *RoleClient) GrantRoleToCurrentRole(t *testing.T, id sdk.AccountObjectId require.NoError(t, err) err = c.client().Grant(ctx, sdk.NewGrantRoleRequest(id, sdk.GrantRole{ - Role: sdk.Pointer(sdk.NewAccountObjectIdentifier(currentRole)), + Role: sdk.Pointer(currentRole), })) require.NoError(t, err) } diff --git a/pkg/acceptance/helpers/security_integration_client.go b/pkg/acceptance/helpers/security_integration_client.go index d86a098a5e..0c37b0b48d 100644 --- a/pkg/acceptance/helpers/security_integration_client.go +++ b/pkg/acceptance/helpers/security_integration_client.go @@ -27,7 +27,7 @@ func (c *SecurityIntegrationClient) client() sdk.SecurityIntegrations { func (c *SecurityIntegrationClient) CreateSaml2(t *testing.T, id sdk.AccountObjectIdentifier) (*sdk.SecurityIntegration, func()) { t.Helper() - return c.CreateSaml2WithRequest(t, sdk.NewCreateSaml2SecurityIntegrationRequest(id, false, c.ids.RandomSchemaObjectIdentifier().Name(), "https://example.com", "Custom", random.GenerateX509(t))) + return c.CreateSaml2WithRequest(t, sdk.NewCreateSaml2SecurityIntegrationRequest(id, false, c.ids.Alpha(), "https://example.com", "Custom", random.GenerateX509(t))) } func (c *SecurityIntegrationClient) CreateSaml2WithRequest(t *testing.T, request *sdk.CreateSaml2SecurityIntegrationRequest) (*sdk.SecurityIntegration, func()) { diff --git a/pkg/internal/snowflakeroles/snowflake_predefined_roles.go b/pkg/internal/snowflakeroles/snowflake_predefined_roles.go index 065b624694..067abc4fe7 100644 --- a/pkg/internal/snowflakeroles/snowflake_predefined_roles.go +++ b/pkg/internal/snowflakeroles/snowflake_predefined_roles.go @@ -3,6 +3,7 @@ package snowflakeroles import "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk" var ( - Orgadmin = sdk.NewAccountObjectIdentifier("ORGADMIN") - Accountadmin = sdk.NewAccountObjectIdentifier("ACCOUNTADMIN") + Orgadmin = sdk.NewAccountObjectIdentifier("ORGADMIN") + Accountadmin = sdk.NewAccountObjectIdentifier("ACCOUNTADMIN") + GenericScimProvisioner = sdk.NewAccountObjectIdentifier("GENERIC_SCIM_PROVISIONER") ) diff --git a/pkg/sdk/testint/security_integrations_gen_integration_test.go b/pkg/sdk/testint/security_integrations_gen_integration_test.go index c632d97010..4c2a3c164f 100644 --- a/pkg/sdk/testint/security_integrations_gen_integration_test.go +++ b/pkg/sdk/testint/security_integrations_gen_integration_test.go @@ -5,6 +5,7 @@ import ( "testing" "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance/helpers/random" + "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/internal/snowflakeroles" "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -14,9 +15,12 @@ func TestInt_SecurityIntegrations(t *testing.T) { client := testClient(t) ctx := testContext(t) + // TODO: move URL to helpers acsURL := fmt.Sprintf("https://%s.snowflakecomputing.com/fed/login", testClientHelper().Context.CurrentAccount(t)) issuerURL := fmt.Sprintf("https://%s.snowflakecomputing.com", testClientHelper().Context.CurrentAccount(t)) cert := random.GenerateX509(t) + revertParameter := testClientHelper().Parameter.UpdateAccountParameterTemporarily(t, sdk.AccountParameterEnableIdentifierFirstLogin, "true") + t.Cleanup(revertParameter) cleanupSecurityIntegration := func(t *testing.T, id sdk.AccountObjectIdentifier) { t.Helper() @@ -25,10 +29,8 @@ func TestInt_SecurityIntegrations(t *testing.T) { assert.NoError(t, err) }) } - createSAML2Integration := func(t *testing.T, siID sdk.AccountObjectIdentifier, issuer string, with func(*sdk.CreateSaml2SecurityIntegrationRequest)) { + createSAML2Integration := func(t *testing.T, siID sdk.AccountObjectIdentifier, issuer string, with func(*sdk.CreateSaml2SecurityIntegrationRequest)) *sdk.SecurityIntegration { t.Helper() - revertParameter := testClientHelper().Parameter.UpdateAccountParameterTemporarily(t, sdk.AccountParameterEnableIdentifierFirstLogin, "true") - t.Cleanup(revertParameter) saml2Req := sdk.NewCreateSaml2SecurityIntegrationRequest(siID, false, issuer, "https://example.com", "Custom", cert) if with != nil { @@ -37,11 +39,15 @@ func TestInt_SecurityIntegrations(t *testing.T) { err := client.SecurityIntegrations.CreateSaml2(ctx, saml2Req) require.NoError(t, err) cleanupSecurityIntegration(t, siID) + integration, err := client.SecurityIntegrations.ShowByID(ctx, siID) + require.NoError(t, err) + + return integration } createSCIMIntegration := func(t *testing.T, siID sdk.AccountObjectIdentifier, with func(*sdk.CreateScimSecurityIntegrationRequest)) *sdk.SecurityIntegration { t.Helper() - role, roleCleanup := testClientHelper().Role.CreateRoleWithRequest(t, sdk.NewCreateRoleRequest(sdk.NewAccountObjectIdentifier("GENERIC_SCIM_PROVISIONER")).WithOrReplace(true)) + role, roleCleanup := testClientHelper().Role.CreateRoleWithRequest(t, sdk.NewCreateRoleRequest(snowflakeroles.GenericScimProvisioner).WithOrReplace(true)) t.Cleanup(roleCleanup) testClientHelper().Role.GrantRoleToCurrentRole(t, role.ID()) @@ -408,7 +414,21 @@ func TestInt_SecurityIntegrations(t *testing.T) { assertSecurityIntegration(t, si, id, "SCIM - GENERIC", false, "") }) - t.Run("Show", func(t *testing.T) { + t.Run("Show SAML2", func(t *testing.T) { + id := testClientHelper().Ids.RandomAccountObjectIdentifier() + si1 := createSAML2Integration(t, id, testClientHelper().Ids.Alpha(), nil) + id2 := testClientHelper().Ids.RandomAccountObjectIdentifier() + si2 := createSAML2Integration(t, id2, testClientHelper().Ids.Alpha(), nil) + + returnedIntegrations, err := client.SecurityIntegrations.Show(ctx, sdk.NewShowSecurityIntegrationRequest().WithLike(&sdk.Like{ + Pattern: sdk.Pointer(id.Name()), + })) + require.NoError(t, err) + assert.Contains(t, returnedIntegrations, *si1) + assert.NotContains(t, returnedIntegrations, *si2) + }) + + t.Run("Show SCIM", func(t *testing.T) { id := testClientHelper().Ids.RandomAccountObjectIdentifier() si1 := createSCIMIntegration(t, id, nil) id2 := testClientHelper().Ids.RandomAccountObjectIdentifier()