Fixes

Snowflake-Labs · May 15, 2024 · 939f823 · 939f823
1 parent 0fa4bc1
commit 939f823
Show file tree

Hide file tree

Showing 9 changed files with 403 additions and 261 deletions.
diff --git a/pkg/acceptance/helpers/security_integration_client.go b/pkg/acceptance/helpers/security_integration_client.go
@@ -0,0 +1,93 @@
+package helpers
+
+import (
+	"context"
+	"testing"
+
+	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk"
+	"github.com/stretchr/testify/require"
+)
+
+type SecurityIntegrationClient struct {
+	context *TestClientContext
+	ids     *IdsGenerator
+}
+
+func NewSecurityIntegrationClient(context *TestClientContext, idsGenerator *IdsGenerator) *SecurityIntegrationClient {
+	return &SecurityIntegrationClient{
+		context: context,
+		ids:     idsGenerator,
+	}
+}
+
+func (c *SecurityIntegrationClient) client() sdk.SecurityIntegrations {
+	return c.context.client.SecurityIntegrations
+}
+
+func (c *SecurityIntegrationClient) CreateSaml2(t *testing.T, id sdk.AccountObjectIdentifier) (*sdk.SecurityIntegration, func()) {
+	t.Helper()
+	// generated by `openssl req -x509 -new -newkey rsa:2048 -nodes -subj '/C=US/ST=California/L=San Francisco/O=Snowflake/CN=Snowflake' -out x509_key.pem -days 36500`
+	x509 := `MIIDpzCCAo+gAwIBAgIUfg15OPhCN6lOivWEUoprAY27/5EwDQYJKoZIhvcNAQEL
+		BQAwYjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM
+		DVNhbiBGcmFuY2lzY28xEjAQBgNVBAoMCVNub3dmbGFrZTESMBAGA1UEAwwJU25v
+		d2ZsYWtlMCAXDTI0MDUxMzA5MDM0NFoYDzIxMjQwNDE5MDkwMzQ0WjBiMQswCQYD
+		VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5j
+		aXNjbzESMBAGA1UECgwJU25vd2ZsYWtlMRIwEAYDVQQDDAlTbm93Zmxha2UwggEi
+		MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrlsZAAOrljWC1eeAZb9rSGmRi
+		HEozww9sb1/d2aQhi1j+RV+e1tuSiZ1fMTmtE/r67R2ryx8cStiqM88SM/M0UtWf
+		jPzQNnQ/zuOu1wvRcVAQmyIIaDQU1V+OVv5vz9G0MNdHUeerRfVuse0i1IlyDtX/
+		sV9lcgU4fIsdwyg0+tyvG8QA8R8mCajy2UDcQS/qh0NB/WGa08tmbedMO5FQ7Obz
+		cBnksmyuq+l4AdbC5nDfK7BSo6CVPQBYLrmsTPKhU+ET50X4IN+nd3NmGlQH8kXo
+		OjU39Udf31fXBDuVC7dfL2uBHAkn9bUV5LwF2bKMeNMRQOrCydgy7jvsO+HrAgMB
+		AAGjUzBRMB0GA1UdDgQWBBT9mt6mehFcEHTTEQcTru4ync3T6DAfBgNVHSMEGDAW
+		gBT9mt6mehFcEHTTEQcTru4ync3T6DAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
+		DQEBCwUAA4IBAQB177MgJXJAHXbaJ0/KVhWnDDNuZYG+OwzrGaVXiOhXShfxzENc
+		cqsQB4DR7GEIrEicL2xQ23Kg3j7zASmo7T56CZiJ97jIiHDNrhGoAaW+aMhbp6wx
+		WYxLNx9pbaPIORAJ1KEC3hvE4strHJPlQddCYSsXDhIOUTUd71JvR26DHiYQ82TO
+		3wpXHhYdWYZbMjrDDAz0PwdTXyFBuTZxdlTFTxX2lXAE33OsdAFt+oi7JTQh248k
+		0+lmQdhQrSrzhM3WwwuYTEKQVoa2xvWajgqbo7iu2iadWkrxUx/5bjFc5kXej6j7
+		PhfG6C4ddUpAISJhmEViuXq4nVxe0Vk3Efo2
+		`
+	return c.CreateSaml2WithRequest(t, sdk.NewCreateSaml2SecurityIntegrationRequest(id, false, "test", "https://example.com", "Custom", x509))
+}
+
+func (c *SecurityIntegrationClient) CreateSaml2WithRequest(t *testing.T, request *sdk.CreateSaml2SecurityIntegrationRequest) (*sdk.SecurityIntegration, func()) {
+	t.Helper()
+	ctx := context.Background()
+
+	err := c.client().CreateSaml2(ctx, request)
+	require.NoError(t, err)
+
+	si, err := c.client().ShowByID(ctx, request.GetName())
+	require.NoError(t, err)
+
+	return si, c.DropSecurityIntegrationFunc(t, request.GetName())
+}
+
+func (c *SecurityIntegrationClient) CreateScim(t *testing.T) (*sdk.SecurityIntegration, func()) {
+	t.Helper()
+	return c.CreateScimWithRequest(t, sdk.NewCreateScimSecurityIntegrationRequest(c.ids.RandomAccountObjectIdentifier(), false, sdk.ScimSecurityIntegrationScimClientGeneric, sdk.ScimSecurityIntegrationRunAsRoleGenericScimProvisioner))
+}
+
+func (c *SecurityIntegrationClient) CreateScimWithRequest(t *testing.T, request *sdk.CreateScimSecurityIntegrationRequest) (*sdk.SecurityIntegration, func()) {
+	t.Helper()
+	ctx := context.Background()
+
+	err := c.client().CreateScim(ctx, request)
+	require.NoError(t, err)
+
+	si, err := c.client().ShowByID(ctx, request.GetName())
+	require.NoError(t, err)
+
+	return si, c.DropSecurityIntegrationFunc(t, request.GetName())
+}
+
+func (c *SecurityIntegrationClient) DropSecurityIntegrationFunc(t *testing.T, id sdk.AccountObjectIdentifier) func() {
+	t.Helper()
+	ctx := context.Background()
+
+	return func() {
+		err := c.client().Drop(ctx, sdk.NewDropSecurityIntegrationRequest(id).WithIfExists(sdk.Bool(true)))
+		require.NoError(t, err)
+	}
+}
diff --git a/pkg/sdk/security_integrations_def.go b/pkg/sdk/security_integrations_def.go
@@ -4,20 +4,20 @@ import g "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk/poc/gen
 
 //go:generate go run ./poc/main.go
 
-type SCIMSecurityIntegrationSCIMClientOption string
+type ScimSecurityIntegrationScimClientOption string
 
 var (
-	SCIMSecurityIntegrationSCIMClientOkta    SCIMSecurityIntegrationSCIMClientOption = "OKTA"
-	SCIMSecurityIntegrationSCIMClientAzure   SCIMSecurityIntegrationSCIMClientOption = "AZURE"
-	SCIMSecurityIntegrationSCIMClientGeneric SCIMSecurityIntegrationSCIMClientOption = "GENERIC"
+	ScimSecurityIntegrationScimClientOkta    ScimSecurityIntegrationScimClientOption = "OKTA"
+	ScimSecurityIntegrationScimClientAzure   ScimSecurityIntegrationScimClientOption = "AZURE"
+	ScimSecurityIntegrationScimClientGeneric ScimSecurityIntegrationScimClientOption = "GENERIC"
 )
 
-type SCIMSecurityIntegrationRunAsRoleOption string
+type ScimSecurityIntegrationRunAsRoleOption string
 
 var (
-	SCIMSecurityIntegrationRunAsRoleOktaProvisioner        SCIMSecurityIntegrationRunAsRoleOption = "OKTA_PROVISIONER"
-	SCIMSecurityIntegrationRunAsRoleAadProvisioner         SCIMSecurityIntegrationRunAsRoleOption = "AAD_PROVISIONER"
-	SCIMSecurityIntegrationRunAsRoleGenericScimProvisioner SCIMSecurityIntegrationRunAsRoleOption = "GENERIC_SCIM_PROVISIONER"
+	ScimSecurityIntegrationRunAsRoleOktaProvisioner        ScimSecurityIntegrationRunAsRoleOption = "OKTA_PROVISIONER"
+	ScimSecurityIntegrationRunAsRoleAadProvisioner         ScimSecurityIntegrationRunAsRoleOption = "AAD_PROVISIONER"
+	ScimSecurityIntegrationRunAsRoleGenericScimProvisioner ScimSecurityIntegrationRunAsRoleOption = "GENERIC_SCIM_PROVISIONER"
 )
 
 var (
@@ -52,7 +52,7 @@ func alterSecurityIntegrationOperation(structName string, apply func(qs *g.Query
 	return qs
 }
 
-var saml2IntegrationSetDef = g.NewQueryStruct("SAML2IntegrationSet").
+var saml2IntegrationSetDef = g.NewQueryStruct("Saml2IntegrationSet").
 	OptionalBooleanAssignment("ENABLED", g.ParameterOptions()).
 	OptionalTextAssignment("SAML2_ISSUER", g.ParameterOptions().SingleQuotes()).
 	OptionalTextAssignment("SAML2_SSO_URL", g.ParameterOptions().SingleQuotes()).
@@ -74,22 +74,22 @@ var saml2IntegrationSetDef = g.NewQueryStruct("SAML2IntegrationSet").
 		"Saml2SpInitiatedLoginPageLabel", "Saml2EnableSpInitiated", "Saml2SnowflakeX509Cert", "Saml2SignRequest", "Saml2RequestedNameidFormat", "Saml2PostLogoutRedirectUrl",
 		"Saml2ForceAuthn", "Saml2SnowflakeIssuerUrl", "Saml2SnowflakeAcsUrl", "Comment")
 
-var saml2IntegrationUnsetDef = g.NewQueryStruct("SAML2IntegrationUnset").
+var saml2IntegrationUnsetDef = g.NewQueryStruct("Saml2IntegrationUnset").
 	OptionalSQL("ENABLED").
 	OptionalSQL("SAML2_FORCE_AUTHN").
 	OptionalSQL("SAML2_REQUESTED_NAMEID_FORMAT").
 	OptionalSQL("SAML2_POST_LOGOUT_REDIRECT_URL").
 	OptionalSQL("COMMENT").
 	WithValidation(g.AtLeastOneValueSet, "Enabled", "Saml2ForceAuthn", "Saml2RequestedNameidFormat", "Saml2PostLogoutRedirectUrl", "Comment")
 
-var scimIntegrationSetDef = g.NewQueryStruct("SCIMIntegrationSet").
+var scimIntegrationSetDef = g.NewQueryStruct("ScimIntegrationSet").
 	OptionalBooleanAssignment("ENABLED", g.ParameterOptions()).
 	OptionalIdentifier("NetworkPolicy", g.KindOfT[AccountObjectIdentifier](), g.IdentifierOptions().Equals().SQL("NETWORK_POLICY")).
 	OptionalBooleanAssignment("SYNC_PASSWORD", g.ParameterOptions()).
 	OptionalComment().
 	WithValidation(g.AtLeastOneValueSet, "Enabled", "NetworkPolicy", "SyncPassword", "Comment")
 
-var scimIntegrationUnsetDef = g.NewQueryStruct("SCIMIntegrationUnset").
+var scimIntegrationUnsetDef = g.NewQueryStruct("ScimIntegrationUnset").
 	OptionalSQL("ENABLED").
 	OptionalSQL("NETWORK_POLICY").
 	OptionalSQL("SYNC_PASSWORD").
@@ -102,9 +102,9 @@ var SecurityIntegrationsDef = g.NewInterface(
 	g.KindOfT[AccountObjectIdentifier](),
 ).
 	CustomOperation(
-		"CreateSAML2",
+		"CreateSaml2",
 		"https://docs.snowflake.com/en/sql-reference/sql/create-security-integration-saml2",
-		createSecurityIntegrationOperation("CreateSAML2Integration", func(qs *g.QueryStruct) *g.QueryStruct {
+		createSecurityIntegrationOperation("CreateSaml2", func(qs *g.QueryStruct) *g.QueryStruct {
 			return qs.
 				PredefinedQueryStructField("integrationType", "string", g.StaticOptions().SQL("TYPE = SAML2")).
 				BooleanAssignment("ENABLED", g.ParameterOptions().Required()).
@@ -128,30 +128,30 @@ var SecurityIntegrationsDef = g.NewInterface(
 		emailPatternDef,
 	).
 	CustomOperation(
-		"CreateSCIM",
+		"CreateScim",
 		"https://docs.snowflake.com/en/sql-reference/sql/create-security-integration-scim",
-		createSecurityIntegrationOperation("CreateSCIMIntegration", func(qs *g.QueryStruct) *g.QueryStruct {
+		createSecurityIntegrationOperation("CreateScim", func(qs *g.QueryStruct) *g.QueryStruct {
 			return qs.
 				PredefinedQueryStructField("integrationType", "string", g.StaticOptions().SQL("TYPE = SCIM")).
 				BooleanAssignment("ENABLED", g.ParameterOptions().Required()).
-				OptionalAssignment(
+				Assignment(
 					"SCIM_CLIENT",
-					g.KindOfT[SCIMSecurityIntegrationSCIMClientOption](),
+					g.KindOfT[ScimSecurityIntegrationScimClientOption](),
 					g.ParameterOptions().SingleQuotes().Required(),
 				).
-				OptionalAssignment(
+				Assignment(
 					"RUN_AS_ROLE",
-					g.KindOfT[SCIMSecurityIntegrationRunAsRoleOption](),
+					g.KindOfT[ScimSecurityIntegrationRunAsRoleOption](),
 					g.ParameterOptions().SingleQuotes().Required(),
 				).
 				OptionalIdentifier("NetworkPolicy", g.KindOfT[AccountObjectIdentifier](), g.IdentifierOptions().Equals().SQL("NETWORK_POLICY")).
 				OptionalBooleanAssignment("SYNC_PASSWORD", g.ParameterOptions())
 		}),
 	).
 	CustomOperation(
-		"AlterSAML2Integration",
+		"AlterSaml2",
 		"https://docs.snowflake.com/en/sql-reference/sql/alter-security-integration-saml2",
-		alterSecurityIntegrationOperation("AlterSAML2Integration", func(qs *g.QueryStruct) *g.QueryStruct {
+		alterSecurityIntegrationOperation("AlterSaml2", func(qs *g.QueryStruct) *g.QueryStruct {
 			return qs.OptionalQueryStructField(
 				"Set",
 				saml2IntegrationSetDef,
@@ -165,9 +165,9 @@ var SecurityIntegrationsDef = g.NewInterface(
 		}),
 	).
 	CustomOperation(
-		"AlterSCIMIntegration",
+		"AlterScim",
 		"https://docs.snowflake.com/en/sql-reference/sql/alter-security-integration-scim",
-		alterSecurityIntegrationOperation("AlterSCIMIntegration", func(qs *g.QueryStruct) *g.QueryStruct {
+		alterSecurityIntegrationOperation("AlterScim", func(qs *g.QueryStruct) *g.QueryStruct {
 			return qs.OptionalQueryStructField(
 				"Set",
 				scimIntegrationSetDef,