-
Notifications
You must be signed in to change notification settings - Fork 414
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Add secret to sdk #3091
base: main
Are you sure you want to change the base?
feat: Add secret to sdk #3091
Conversation
Integration tests failure for 01a70062a3b2aed8351229d43d94e520ec3c1e05 |
Integration tests failure for 929c810a42e5eade5724b107bb10432ed35e376b |
929c810
to
8c5dcfb
Compare
Integration tests failure for 8c5dcfb3ad8ad5d7394d32c8c8f6896697c5e498 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall a good first PR 👍
return secret, c.CleanupSecretFunc(t, id) | ||
} | ||
|
||
func (c *SecretClient) CleanupSecretFunc(t *testing.T, id sdk.SchemaObjectIdentifier) func() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: In general, we name these functions like DropFunc
. Also, Secret
should be not present in function names.
return func() { | ||
_, err := c.client().ShowByID(ctx, id) | ||
if errors.Is(err, sdk.ErrObjectNotExistOrAuthorized) { | ||
return |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cool that you thought about checking an object here, but when we use IF EXISTS, this is not needed.
pkg/sdk/secrets_def.go
Outdated
Field("Owner", "string"). | ||
Field("Comment", "string"). | ||
Field("SecretType", "string"). | ||
Field("OauthScopes", "sql.NullString"). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In general, we try to parse fields containing lists/objects in convert
, so that they are available as slices in the object struct. So, this should be "[]string". The same applies to OauthScopes
in SecretDetails
.
pkg/sdk/secrets_def.go
Outdated
Field("OwnerRoleType", "string") | ||
|
||
var secretDetailsDbRow = g.DbStruct("secretDetailsDBRow"). | ||
Field("created_on", "string"). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why no Time()
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have changed it to use Time()
instead of string
pkg/sdk/secrets_def.go
Outdated
SQL("SECRET"). | ||
IfNotExists(). | ||
Name(). | ||
PredefinedQueryStructField("Type", "string", g.StaticOptions().SQL("TYPE = PASSWORD")). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: rather than having this field exported, you could use a name like secretType
. In other places as well.
assert.NotEmpty(t, s.DatabaseName) | ||
assert.NotEmpty(t, s.SchemaName) | ||
assert.NotEmpty(t, s.OwnerRoleType) | ||
assert.NotEmpty(t, s.Owner) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now we use generated asserts - check views integration tests.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have generated them and used after the first review
pkg/sdk/secrets_gen.go
Outdated
SchemaName string | ||
DatabaseName string | ||
Owner string | ||
Comment sql.NullString |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These sql.*
types should be present only in dbRows - we want to separate things returned from Snowflake from things returned by the SDK. You can use *string
here.
Name: id.Name(), | ||
SecretType: "OAUTH2", | ||
Comment: "a", | ||
OauthRefreshTokenExpiryTime: stringDateToSnowflakeTimeFormat(time.DateOnly, refreshTokenExpiryTime), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@sfc-gh-jcieslak Do we have a helper function for comparing time? If not, this could be moved to helpers somewhere.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think so, time is more complicated topic, that's why for a long time we avoided parsing time from SHOW and just saved it as strings (I'm not sure if we should keep doing that instead of having time.Time). Mostly, because in some cases Snowflake outputs strange time formats that are non-standard and hard to parse. It means this function will only apply to secrets and maybe other objects and it's not generic for all objects. For example, resource monitor's time format is totally different as far as I remember (you can check start or end time in SHOW for resource monitor). I'm wondering what should we do with this function, let's leave the thread open for now and I'll take a closer look at it in the 2nd round of review.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's leave it as it is right now, as a helper function just for secrets.
), | ||
) | ||
err := client.Secrets.Alter(ctx, setRequest) | ||
require.NoError(t, err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're missing assert here.
require.Contains(t, returnedSecrets, *secretGenericString) | ||
}) | ||
|
||
t.Run("Show: SecretWithOAuthClientCredentialsFlow with Like", func(t *testing.T) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's cool you've provided all of these cases, but I think that one case for each filtering option is enough (with an arbitrary type).
c8564af
to
4ccc4e7
Compare
Integration tests failure for 4ccc4e7c6e391151251af148c4f0d03d559d2344 |
Integration tests failure for bdf2585574da6c6a5f77546015d0d107907aae1b |
Integration tests failure for 7791f33dae8de262967283156065ac9cee49972e |
Changes
References