From a6d81cb483f157a50ce0ce7d66bdebdfa6260cd8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Cie=C5=9Blak?= Date: Mon, 3 Mar 2025 12:43:29 +0100 Subject: [PATCH 1/9] wip --- pkg/acceptance/helpers/common.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/acceptance/helpers/common.go b/pkg/acceptance/helpers/common.go index 153b007e39..5c598d2bec 100644 --- a/pkg/acceptance/helpers/common.go +++ b/pkg/acceptance/helpers/common.go @@ -22,6 +22,7 @@ func EnsureQuotedIdentifiersIgnoreCaseIsSetToFalse(client *sdk.Client, ctx conte return fmt.Errorf("parameter QUOTED_IDENTIFIERS_IGNORE_CASE has value %s, expected: false", param.Value) } return nil + } func EnsureScimProvisionerRolesExist(client *sdk.Client, ctx context.Context) error { From 2135df96f0212cd49a4de5af3fc60e9166cb4425 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Cie=C5=9Blak?= Date: Mon, 3 Mar 2025 16:12:36 +0100 Subject: [PATCH 2/9] Fix failing tests --- pkg/acceptance/helpers/common.go | 1 - ...gration_for_partner_applications_acceptance_test.go | 8 ++++---- .../authentication_policies_gen_integration_test.go | 10 +++++----- 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/pkg/acceptance/helpers/common.go b/pkg/acceptance/helpers/common.go index 5c598d2bec..153b007e39 100644 --- a/pkg/acceptance/helpers/common.go +++ b/pkg/acceptance/helpers/common.go @@ -22,7 +22,6 @@ func EnsureQuotedIdentifiersIgnoreCaseIsSetToFalse(client *sdk.Client, ctx conte return fmt.Errorf("parameter QUOTED_IDENTIFIERS_IGNORE_CASE has value %s, expected: false", param.Value) } return nil - } func EnsureScimProvisionerRolesExist(client *sdk.Client, ctx context.Context) error { diff --git a/pkg/resources/oauth_integration_for_partner_applications_acceptance_test.go b/pkg/resources/oauth_integration_for_partner_applications_acceptance_test.go index cc251e8f86..3e6bafe2db 100644 --- a/pkg/resources/oauth_integration_for_partner_applications_acceptance_test.go +++ b/pkg/resources/oauth_integration_for_partner_applications_acceptance_test.go @@ -79,7 +79,7 @@ func TestAcc_OauthIntegrationForPartnerApplications_Basic(t *testing.T) { resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.#", "1"), resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_client_type.0.value", string(sdk.OauthSecurityIntegrationClientTypeConfidential)), - resource.TestCheckNoResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_redirect_uri.0.value"), + resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_redirect_uri.0.value"), resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.enabled.0.value", "false"), resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_use_secondary_roles.0.value", "NONE"), resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.blocked_roles_list.0.value", "ACCOUNTADMIN,SECURITYADMIN"), @@ -140,7 +140,7 @@ func TestAcc_OauthIntegrationForPartnerApplications_Basic(t *testing.T) { resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.#", "1"), resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_client_type.0.value", string(sdk.OauthSecurityIntegrationClientTypeConfidential)), - resource.TestCheckNoResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_redirect_uri.0.value"), + resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_redirect_uri.0.value"), resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.enabled.0.value", "true"), resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_use_secondary_roles.0.value", "IMPLICIT"), resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.blocked_roles_list.0.value", "ACCOUNTADMIN,SECURITYADMIN"), @@ -227,7 +227,7 @@ func TestAcc_OauthIntegrationForPartnerApplications_Basic(t *testing.T) { resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.#", "1"), resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_client_type.0.value", string(sdk.OauthSecurityIntegrationClientTypeConfidential)), - resource.TestCheckNoResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_redirect_uri.0.value"), + resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_redirect_uri.0.value"), resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.enabled.0.value", "true"), resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_use_secondary_roles.0.value", "IMPLICIT"), resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.blocked_roles_list.0.value", "ACCOUNTADMIN,SECURITYADMIN"), @@ -271,7 +271,7 @@ func TestAcc_OauthIntegrationForPartnerApplications_Basic(t *testing.T) { resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.#", "1"), resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_client_type.0.value", string(sdk.OauthSecurityIntegrationClientTypeConfidential)), - resource.TestCheckNoResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_redirect_uri.0.value"), + resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_redirect_uri.0.value"), resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.enabled.0.value", "false"), resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_use_secondary_roles.0.value", "NONE"), resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.blocked_roles_list.0.value", "ACCOUNTADMIN,SECURITYADMIN"), diff --git a/pkg/sdk/testint/authentication_policies_gen_integration_test.go b/pkg/sdk/testint/authentication_policies_gen_integration_test.go index 6de2607031..29c423e3f6 100644 --- a/pkg/sdk/testint/authentication_policies_gen_integration_test.go +++ b/pkg/sdk/testint/authentication_policies_gen_integration_test.go @@ -2,6 +2,7 @@ package testint import ( "fmt" + "strings" "testing" assertions "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance/bettertestspoc/assert" @@ -223,10 +224,9 @@ func TestInt_AuthenticationPolicies(t *testing.T) { assert.Len(t, authenticationPolicies, 1) }) - // TODO(SNOW-1663343): starts_with doesn't work (returns all) t.Run("starts_with", func(t *testing.T) { authenticationPolicies, err := client.AuthenticationPolicies.Show(ctx, sdk.NewShowAuthenticationPolicyRequest(). - WithStartsWith("test_auth_policy_"). + WithStartsWith("test_auth_policy"). WithIn(sdk.In{Schema: id.SchemaId()})) require.NoError(t, err) assert.Len(t, authenticationPolicies, 3) @@ -258,13 +258,13 @@ func TestInt_AuthenticationPolicies(t *testing.T) { assert.Len(t, authenticationPolicies, 1) }) - // TODO(SNOW-1663343): limit from doesn't work (should return 0 elements because alphabetically test_auth_policyzzz is last in the output) t.Run("limit from", func(t *testing.T) { authenticationPolicies, err := client.AuthenticationPolicies.Show(ctx, sdk.NewShowAuthenticationPolicyRequest(). - WithLimit(sdk.LimitFrom{Rows: sdk.Int(2), From: sdk.String(id.Name())}). + WithLimit(sdk.LimitFrom{Rows: sdk.Int(1), From: sdk.String("test_auth_policy")}). WithIn(sdk.In{Schema: id.SchemaId()})) require.NoError(t, err) - assert.Len(t, authenticationPolicies, 2) + require.Len(t, authenticationPolicies, 1) + require.True(t, strings.HasPrefix(authenticationPolicies[0].Name, "test_auth_policy")) }) }) From 422ba5ab328aaeaa208ee65cdfed6bb2707ad5cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Cie=C5=9Blak?= Date: Tue, 4 Mar 2025 07:57:48 +0100 Subject: [PATCH 3/9] Fix failing tests --- .../config/model/account_model_ext.go | 6 +++++ pkg/resources/account_acceptance_test.go | 22 +++++++++---------- 2 files changed, 17 insertions(+), 11 deletions(-) diff --git a/pkg/acceptance/bettertestspoc/config/model/account_model_ext.go b/pkg/acceptance/bettertestspoc/config/model/account_model_ext.go index 4d81e2e589..a03d313529 100644 --- a/pkg/acceptance/bettertestspoc/config/model/account_model_ext.go +++ b/pkg/acceptance/bettertestspoc/config/model/account_model_ext.go @@ -1,6 +1,7 @@ package model import ( + "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance/bettertestspoc/config" "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk" tfconfig "github.com/hashicorp/terraform-plugin-testing/config" ) @@ -9,3 +10,8 @@ func (a *AccountModel) WithAdminUserTypeEnum(adminUserType sdk.UserType) *Accoun a.AdminUserType = tfconfig.StringVariable(string(adminUserType)) return a } + +func (a *AccountModel) WithAdminRsaPublicKeyMultiline(adminRsaPublicKey string) *AccountModel { + a.AdminRsaPublicKey = config.MultilineWrapperVariable(adminRsaPublicKey) + return a +} diff --git a/pkg/resources/account_acceptance_test.go b/pkg/resources/account_acceptance_test.go index f3d23ad32e..047a48ab0d 100644 --- a/pkg/resources/account_acceptance_test.go +++ b/pkg/resources/account_acceptance_test.go @@ -39,7 +39,7 @@ func TestAcc_Account_Minimal(t *testing.T) { region := acc.TestClient().Context.CurrentRegion(t) configModel := model.Account("test", name, string(sdk.EditionStandard), email, 3, id). - WithAdminRsaPublicKey(key) + WithAdminRsaPublicKeyMultiline(key) resource.Test(t, resource.TestCase{ ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories, @@ -142,7 +142,7 @@ func TestAcc_Account_Complete(t *testing.T) { configModel := model.Account("test", name, string(sdk.EditionStandard), email, 3, id). WithAdminUserTypeEnum(sdk.UserTypePerson). - WithAdminRsaPublicKey(key). + WithAdminRsaPublicKeyMultiline(key). WithFirstName(firstName). WithLastName(lastName). WithMustChangePassword(r.BooleanTrue). @@ -252,10 +252,10 @@ func TestAcc_Account_Rename(t *testing.T) { configModel := model.Account("test", name, string(sdk.EditionStandard), email, 3, id). WithAdminUserTypeEnum(sdk.UserTypeService). - WithAdminRsaPublicKey(key) + WithAdminRsaPublicKeyMultiline(key) newConfigModel := model.Account("test", name, string(sdk.EditionStandard), email, 3, newId). WithAdminUserTypeEnum(sdk.UserTypeService). - WithAdminRsaPublicKey(key) + WithAdminRsaPublicKeyMultiline(key) resource.Test(t, resource.TestCase{ ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories, @@ -311,17 +311,17 @@ func TestAcc_Account_IsOrgAdmin(t *testing.T) { configModelWithOrgAdminTrue := model.Account("test", name, string(sdk.EditionStandard), email, 3, id). WithAdminUserTypeEnum(sdk.UserTypeService). - WithAdminRsaPublicKey(key). + WithAdminRsaPublicKeyMultiline(key). WithIsOrgAdmin(r.BooleanTrue) configModelWithOrgAdminFalse := model.Account("test", name, string(sdk.EditionStandard), email, 3, id). WithAdminUserTypeEnum(sdk.UserTypeService). - WithAdminRsaPublicKey(key). + WithAdminRsaPublicKeyMultiline(key). WithIsOrgAdmin(r.BooleanFalse) configModelWithoutOrgAdmin := model.Account("test", name, string(sdk.EditionStandard), email, 3, id). WithAdminUserTypeEnum(sdk.UserTypeService). - WithAdminRsaPublicKey(key) + WithAdminRsaPublicKeyMultiline(key) resource.Test(t, resource.TestCase{ ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories, @@ -510,7 +510,7 @@ func TestAcc_Account_TryToCreateWithoutOrgadmin(t *testing.T) { configModel := model.Account("test", name, string(sdk.EditionStandard), email, 3, id). WithAdminUserTypeEnum(sdk.UserTypeService). - WithAdminRsaPublicKey(key) + WithAdminRsaPublicKeyMultiline(key) resource.Test(t, resource.TestCase{ ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories, @@ -538,15 +538,15 @@ func TestAcc_Account_InvalidValues(t *testing.T) { configModelInvalidUserType := model.Account("test", name, string(sdk.EditionStandard), email, 3, id). WithAdminUserType("invalid_user_type"). - WithAdminRsaPublicKey(key) + WithAdminRsaPublicKeyMultiline(key) configModelInvalidAccountEdition := model.Account("test", name, "invalid_account_edition", email, 3, id). WithAdminUserTypeEnum(sdk.UserTypeService). - WithAdminRsaPublicKey(key) + WithAdminRsaPublicKeyMultiline(key) configModelInvalidGracePeriodInDays := model.Account("test", name, string(sdk.EditionStandard), email, 2, id). WithAdminUserTypeEnum(sdk.UserTypeService). - WithAdminRsaPublicKey(key) + WithAdminRsaPublicKeyMultiline(key) resource.Test(t, resource.TestCase{ ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories, From cfa09042a9dd39c31f0a6482139df7623e7d3133 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Cie=C5=9Blak?= Date: Tue, 4 Mar 2025 10:37:35 +0100 Subject: [PATCH 4/9] Changes after review --- .../authentication_policies_gen_integration_test.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/sdk/testint/authentication_policies_gen_integration_test.go b/pkg/sdk/testint/authentication_policies_gen_integration_test.go index 29c423e3f6..cbaeeca28a 100644 --- a/pkg/sdk/testint/authentication_policies_gen_integration_test.go +++ b/pkg/sdk/testint/authentication_policies_gen_integration_test.go @@ -226,10 +226,10 @@ func TestInt_AuthenticationPolicies(t *testing.T) { t.Run("starts_with", func(t *testing.T) { authenticationPolicies, err := client.AuthenticationPolicies.Show(ctx, sdk.NewShowAuthenticationPolicyRequest(). - WithStartsWith("test_auth_policy"). + WithStartsWith("test_auth_policy_"). WithIn(sdk.In{Schema: id.SchemaId()})) require.NoError(t, err) - assert.Len(t, authenticationPolicies, 3) + assert.Len(t, authenticationPolicies, 2) }) t.Run("in_account", func(t *testing.T) { @@ -260,11 +260,11 @@ func TestInt_AuthenticationPolicies(t *testing.T) { t.Run("limit from", func(t *testing.T) { authenticationPolicies, err := client.AuthenticationPolicies.Show(ctx, sdk.NewShowAuthenticationPolicyRequest(). - WithLimit(sdk.LimitFrom{Rows: sdk.Int(1), From: sdk.String("test_auth_policy")}). + WithLimit(sdk.LimitFrom{Rows: sdk.Int(1), From: sdk.String("test_auth_policy_")}). WithIn(sdk.In{Schema: id.SchemaId()})) require.NoError(t, err) require.Len(t, authenticationPolicies, 1) - require.True(t, strings.HasPrefix(authenticationPolicies[0].Name, "test_auth_policy")) + require.True(t, strings.HasPrefix(authenticationPolicies[0].Name, "test_auth_policy_2")) }) }) From 4f5992276957585970a13dd28a30082e884ceb00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Cie=C5=9Blak?= Date: Tue, 4 Mar 2025 13:03:06 +0100 Subject: [PATCH 5/9] Changes after review --- pkg/acceptance/bettertestspoc/config/model/account_model_gen.go | 2 +- .../config/model/gen/multiline_attributes_overrides.go | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/pkg/acceptance/bettertestspoc/config/model/account_model_gen.go b/pkg/acceptance/bettertestspoc/config/model/account_model_gen.go index 88cac4abc3..258096de6b 100644 --- a/pkg/acceptance/bettertestspoc/config/model/account_model_gen.go +++ b/pkg/acceptance/bettertestspoc/config/model/account_model_gen.go @@ -104,7 +104,7 @@ func (a *AccountModel) WithAdminPassword(adminPassword string) *AccountModel { } func (a *AccountModel) WithAdminRsaPublicKey(adminRsaPublicKey string) *AccountModel { - a.AdminRsaPublicKey = tfconfig.StringVariable(adminRsaPublicKey) + a.AdminRsaPublicKey = config.MultilineWrapperVariable(adminRsaPublicKey) return a } diff --git a/pkg/acceptance/bettertestspoc/config/model/gen/multiline_attributes_overrides.go b/pkg/acceptance/bettertestspoc/config/model/gen/multiline_attributes_overrides.go index 1faa489bba..a3f188f6ee 100644 --- a/pkg/acceptance/bettertestspoc/config/model/gen/multiline_attributes_overrides.go +++ b/pkg/acceptance/bettertestspoc/config/model/gen/multiline_attributes_overrides.go @@ -14,4 +14,5 @@ var multilineAttributesOverrides = map[string][]string{ "ProcedurePython": {"procedure_definition"}, "ProcedureScala": {"procedure_definition"}, "ProcedureSql": {"procedure_definition"}, + "Account": {"admin_rsa_public_key"}, } From ecde2e6f48c5f8f4464a893f8879b9bc95aa5041 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Cie=C5=9Blak?= Date: Tue, 4 Mar 2025 14:04:13 +0100 Subject: [PATCH 6/9] Changes after review --- MIGRATION_GUIDE.md | 4 ++ .../config/model/account_model_ext.go | 6 --- pkg/resources/account_acceptance_test.go | 22 ++++----- ...th_integration_for_partner_applications.go | 20 +++++++- ...or_partner_applications_acceptance_test.go | 49 +++++++++++++++++++ 5 files changed, 83 insertions(+), 18 deletions(-) diff --git a/MIGRATION_GUIDE.md b/MIGRATION_GUIDE.md index 04e76a9423..2a6f1240c0 100644 --- a/MIGRATION_GUIDE.md +++ b/MIGRATION_GUIDE.md @@ -7,6 +7,10 @@ across different versions. > [!TIP] > We highly recommend upgrading the versions one by one instead of bulk upgrades. +## v1.0.4 ➞ v1.0.5 + +### Tracking remote changes + ## v1.0.3 ➞ v1.0.4 ### Fixed external_function VARCHAR return_type diff --git a/pkg/acceptance/bettertestspoc/config/model/account_model_ext.go b/pkg/acceptance/bettertestspoc/config/model/account_model_ext.go index a03d313529..4d81e2e589 100644 --- a/pkg/acceptance/bettertestspoc/config/model/account_model_ext.go +++ b/pkg/acceptance/bettertestspoc/config/model/account_model_ext.go @@ -1,7 +1,6 @@ package model import ( - "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance/bettertestspoc/config" "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk" tfconfig "github.com/hashicorp/terraform-plugin-testing/config" ) @@ -10,8 +9,3 @@ func (a *AccountModel) WithAdminUserTypeEnum(adminUserType sdk.UserType) *Accoun a.AdminUserType = tfconfig.StringVariable(string(adminUserType)) return a } - -func (a *AccountModel) WithAdminRsaPublicKeyMultiline(adminRsaPublicKey string) *AccountModel { - a.AdminRsaPublicKey = config.MultilineWrapperVariable(adminRsaPublicKey) - return a -} diff --git a/pkg/resources/account_acceptance_test.go b/pkg/resources/account_acceptance_test.go index 047a48ab0d..f3d23ad32e 100644 --- a/pkg/resources/account_acceptance_test.go +++ b/pkg/resources/account_acceptance_test.go @@ -39,7 +39,7 @@ func TestAcc_Account_Minimal(t *testing.T) { region := acc.TestClient().Context.CurrentRegion(t) configModel := model.Account("test", name, string(sdk.EditionStandard), email, 3, id). - WithAdminRsaPublicKeyMultiline(key) + WithAdminRsaPublicKey(key) resource.Test(t, resource.TestCase{ ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories, @@ -142,7 +142,7 @@ func TestAcc_Account_Complete(t *testing.T) { configModel := model.Account("test", name, string(sdk.EditionStandard), email, 3, id). WithAdminUserTypeEnum(sdk.UserTypePerson). - WithAdminRsaPublicKeyMultiline(key). + WithAdminRsaPublicKey(key). WithFirstName(firstName). WithLastName(lastName). WithMustChangePassword(r.BooleanTrue). @@ -252,10 +252,10 @@ func TestAcc_Account_Rename(t *testing.T) { configModel := model.Account("test", name, string(sdk.EditionStandard), email, 3, id). WithAdminUserTypeEnum(sdk.UserTypeService). - WithAdminRsaPublicKeyMultiline(key) + WithAdminRsaPublicKey(key) newConfigModel := model.Account("test", name, string(sdk.EditionStandard), email, 3, newId). WithAdminUserTypeEnum(sdk.UserTypeService). - WithAdminRsaPublicKeyMultiline(key) + WithAdminRsaPublicKey(key) resource.Test(t, resource.TestCase{ ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories, @@ -311,17 +311,17 @@ func TestAcc_Account_IsOrgAdmin(t *testing.T) { configModelWithOrgAdminTrue := model.Account("test", name, string(sdk.EditionStandard), email, 3, id). WithAdminUserTypeEnum(sdk.UserTypeService). - WithAdminRsaPublicKeyMultiline(key). + WithAdminRsaPublicKey(key). WithIsOrgAdmin(r.BooleanTrue) configModelWithOrgAdminFalse := model.Account("test", name, string(sdk.EditionStandard), email, 3, id). WithAdminUserTypeEnum(sdk.UserTypeService). - WithAdminRsaPublicKeyMultiline(key). + WithAdminRsaPublicKey(key). WithIsOrgAdmin(r.BooleanFalse) configModelWithoutOrgAdmin := model.Account("test", name, string(sdk.EditionStandard), email, 3, id). WithAdminUserTypeEnum(sdk.UserTypeService). - WithAdminRsaPublicKeyMultiline(key) + WithAdminRsaPublicKey(key) resource.Test(t, resource.TestCase{ ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories, @@ -510,7 +510,7 @@ func TestAcc_Account_TryToCreateWithoutOrgadmin(t *testing.T) { configModel := model.Account("test", name, string(sdk.EditionStandard), email, 3, id). WithAdminUserTypeEnum(sdk.UserTypeService). - WithAdminRsaPublicKeyMultiline(key) + WithAdminRsaPublicKey(key) resource.Test(t, resource.TestCase{ ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories, @@ -538,15 +538,15 @@ func TestAcc_Account_InvalidValues(t *testing.T) { configModelInvalidUserType := model.Account("test", name, string(sdk.EditionStandard), email, 3, id). WithAdminUserType("invalid_user_type"). - WithAdminRsaPublicKeyMultiline(key) + WithAdminRsaPublicKey(key) configModelInvalidAccountEdition := model.Account("test", name, "invalid_account_edition", email, 3, id). WithAdminUserTypeEnum(sdk.UserTypeService). - WithAdminRsaPublicKeyMultiline(key) + WithAdminRsaPublicKey(key) configModelInvalidGracePeriodInDays := model.Account("test", name, string(sdk.EditionStandard), email, 2, id). WithAdminUserTypeEnum(sdk.UserTypeService). - WithAdminRsaPublicKeyMultiline(key) + WithAdminRsaPublicKey(key) resource.Test(t, resource.TestCase{ ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories, diff --git a/pkg/resources/oauth_integration_for_partner_applications.go b/pkg/resources/oauth_integration_for_partner_applications.go index 0074b3a3f5..5bb935f88f 100644 --- a/pkg/resources/oauth_integration_for_partner_applications.go +++ b/pkg/resources/oauth_integration_for_partner_applications.go @@ -41,7 +41,7 @@ var oauthIntegrationForPartnerApplicationsSchema = map[string]*schema.Schema{ "oauth_redirect_uri": { Type: schema.TypeString, Optional: true, - Description: externalChangesNotDetectedFieldDescription("Specifies the client URI. After a user is authenticated, the web browser is redirected to this URI. The field should be only set when OAUTH_CLIENT = LOOKER. In any other case the field should be left out empty."), + Description: "Specifies the client URI. After a user is authenticated, the web browser is redirected to this URI. The field should be only set when OAUTH_CLIENT = LOOKER. In any other case the field should be left out empty.", }, "enabled": { Type: schema.TypeString, @@ -143,6 +143,7 @@ func OauthIntegrationForPartnerApplications() *schema.Resource { oauthIntegrationForPartnerApplicationsSchema, DescribeOutputAttributeName, "oauth_client", + "oauth_redirect_uri", "enabled", "oauth_issue_refresh_tokens", "oauth_refresh_token_validity", @@ -192,6 +193,14 @@ func ImportOauthForPartnerApplicationIntegration(ctx context.Context, d *schema. } } + if oauthRedirectUri, err := collections.FindFirst(integrationProperties, func(property sdk.SecurityIntegrationProperty) bool { + return property.Name == "OAUTH_REDIRECT_URI" + }); err == nil { + if err = d.Set("oauth_redirect_uri", oauthRedirectUri.Value); err != nil { + return nil, err + } + } + if refreshTokenValidity, err := collections.FindFirst(integrationProperties, func(property sdk.SecurityIntegrationProperty) bool { return property.Name == "OAUTH_REFRESH_TOKEN_VALIDITY" }); err == nil { @@ -381,11 +390,19 @@ func ReadContextOauthIntegrationForPartnerApplications(withExternalChangesMarkin return diag.FromErr(err) } + oauthRedirectUri, err := collections.FindFirst(integrationProperties, func(property sdk.SecurityIntegrationProperty) bool { + return property.Name == "OAUTH_REDIRECT_URI" + }) + if err != nil { + return diag.FromErr(err) + } + if err = handleExternalChangesToObjectInDescribe(d, describeMapping{"oauth_issue_refresh_tokens", "oauth_issue_refresh_tokens", oauthIssueRefreshTokens.Value, oauthIssueRefreshTokens.Value, nil}, describeMapping{"oauth_refresh_token_validity", "oauth_refresh_token_validity", oauthRefreshTokenValidity.Value, oauthRefreshTokenValidityValue, nil}, describeMapping{"oauth_use_secondary_roles", "oauth_use_secondary_roles", oauthUseSecondaryRoles.Value, oauthUseSecondaryRoles.Value, nil}, describeMapping{"blocked_roles_list", "blocked_roles_list", blockedRolesList.Value, sdk.ParseCommaSeparatedStringArray(blockedRolesList.Value, false), nil}, + describeMapping{"oauth_redirect_uri", "oauth_redirect_uri", oauthRedirectUri.Value, oauthRedirectUri.Value, nil}, ); err != nil { return diag.FromErr(err) } @@ -397,6 +414,7 @@ func ReadContextOauthIntegrationForPartnerApplications(withExternalChangesMarkin "oauth_refresh_token_validity", "oauth_use_secondary_roles", "blocked_roles_list", + "oauth_redirect_uri", }); err != nil { return diag.FromErr(err) } diff --git a/pkg/resources/oauth_integration_for_partner_applications_acceptance_test.go b/pkg/resources/oauth_integration_for_partner_applications_acceptance_test.go index 3e6bafe2db..f0e69f85f1 100644 --- a/pkg/resources/oauth_integration_for_partner_applications_acceptance_test.go +++ b/pkg/resources/oauth_integration_for_partner_applications_acceptance_test.go @@ -6,6 +6,9 @@ import ( "strings" "testing" + "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance/bettertestspoc/assert" + "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance/bettertestspoc/assert/resourceassert" + acc "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance" accconfig "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance/bettertestspoc/config" resourcehelpers "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/helpers" @@ -839,3 +842,49 @@ func TestAcc_OauthIntegrationForPartnerApplications_WithPrivilegedRolesBlockedLi }, }) } + +func TestAcc_OauthIntegrationForPartnerApplications_DetectExternalChangesForOauthRedirectUri(t *testing.T) { + id := acc.TestClient().Ids.RandomAccountObjectIdentifier() + oauthRedirectUri := "https://example.com" + otherOauthRedirectUri := "https://example2.com" + configModel := model.OauthIntegrationForPartnerApplications( + "test", + id.Name(), + string(sdk.OauthSecurityIntegrationClientLooker), + ).WithOauthRedirectUri(oauthRedirectUri) + + resource.Test(t, resource.TestCase{ + ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories, + PreCheck: func() { acc.TestAccPreCheck(t) }, + TerraformVersionChecks: []tfversion.TerraformVersionCheck{ + tfversion.RequireAbove(tfversion.Version1_5_0), + }, + CheckDestroy: acc.CheckDestroy(t, resources.OauthIntegrationForPartnerApplications), + Steps: []resource.TestStep{ + { + Config: accconfig.FromModels(t, configModel), + Check: assert.AssertThat(t, + resourceassert.OauthIntegrationForPartnerApplicationsResource(t, configModel.ResourceReference()). + HasOauthRedirectUriString(oauthRedirectUri), + ), + }, + { + PreConfig: func() { + acc.TestClient().SecurityIntegration.UpdateOauthForPartnerApplications(t, sdk.NewAlterOauthForPartnerApplicationsSecurityIntegrationRequest(id).WithSet( + *sdk.NewOauthForPartnerApplicationsIntegrationSetRequest().WithOauthRedirectUri(otherOauthRedirectUri), + )) + }, + ConfigPlanChecks: resource.ConfigPlanChecks{ + PreApply: []plancheck.PlanCheck{ + plancheck.ExpectResourceAction(configModel.ResourceReference(), plancheck.ResourceActionUpdate), + }, + }, + Config: accconfig.FromModels(t, configModel), + Check: assert.AssertThat(t, + resourceassert.OauthIntegrationForPartnerApplicationsResource(t, configModel.ResourceReference()). + HasOauthRedirectUriString(oauthRedirectUri), + ), + }, + }, + }) +} From a1031f851671d492d4f27e125d52c6f0e555c62c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Cie=C5=9Blak?= Date: Tue, 4 Mar 2025 15:23:26 +0100 Subject: [PATCH 7/9] Changes after review --- docs/resources/oauth_integration_for_partner_applications.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/resources/oauth_integration_for_partner_applications.md b/docs/resources/oauth_integration_for_partner_applications.md index c2c73167c0..d230227921 100644 --- a/docs/resources/oauth_integration_for_partner_applications.md +++ b/docs/resources/oauth_integration_for_partner_applications.md @@ -50,7 +50,7 @@ resource "snowflake_oauth_integration_for_partner_applications" "test" { - `comment` (String) Specifies a comment for the OAuth integration. - `enabled` (String) Specifies whether this OAuth integration is enabled or disabled. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value. - `oauth_issue_refresh_tokens` (String) Specifies whether to allow the client to exchange a refresh token for an access token when the current access token has expired. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value. -- `oauth_redirect_uri` (String) Specifies the client URI. After a user is authenticated, the web browser is redirected to this URI. The field should be only set when OAUTH_CLIENT = LOOKER. In any other case the field should be left out empty. External changes for this field won't be detected. In case you want to apply external changes, you can re-create the resource manually using "terraform taint". +- `oauth_redirect_uri` (String) Specifies the client URI. After a user is authenticated, the web browser is redirected to this URI. The field should be only set when OAUTH_CLIENT = LOOKER. In any other case the field should be left out empty. - `oauth_refresh_token_validity` (Number) Specifies how long refresh tokens should be valid (in seconds). OAUTH_ISSUE_REFRESH_TOKENS must be set to TRUE. - `oauth_use_secondary_roles` (String) Specifies whether default secondary roles set in the user properties are activated by default in the session being opened. Valid options are: `IMPLICIT` | `NONE`. From 95283e93297d3a4e2a8add4092ebe8b134b81ae6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Cie=C5=9Blak?= Date: Wed, 5 Mar 2025 12:49:08 +0100 Subject: [PATCH 8/9] Changes after failing test --- .../oauth_integration_for_partner_applications.go | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/pkg/resources/oauth_integration_for_partner_applications.go b/pkg/resources/oauth_integration_for_partner_applications.go index 5bb935f88f..edf5f4eff6 100644 --- a/pkg/resources/oauth_integration_for_partner_applications.go +++ b/pkg/resources/oauth_integration_for_partner_applications.go @@ -390,11 +390,12 @@ func ReadContextOauthIntegrationForPartnerApplications(withExternalChangesMarkin return diag.FromErr(err) } - oauthRedirectUri, err := collections.FindFirst(integrationProperties, func(property sdk.SecurityIntegrationProperty) bool { + // This has to be handled differently as OAUTH_REDIRECT_URI is only visible for a given OAUTH_CLIENT type. + var oauthRedirectUri string + if oauthRedirectUriProp, err := collections.FindFirst(integrationProperties, func(property sdk.SecurityIntegrationProperty) bool { return property.Name == "OAUTH_REDIRECT_URI" - }) - if err != nil { - return diag.FromErr(err) + }); err == nil { + oauthRedirectUri = oauthRedirectUriProp.Value } if err = handleExternalChangesToObjectInDescribe(d, @@ -402,7 +403,7 @@ func ReadContextOauthIntegrationForPartnerApplications(withExternalChangesMarkin describeMapping{"oauth_refresh_token_validity", "oauth_refresh_token_validity", oauthRefreshTokenValidity.Value, oauthRefreshTokenValidityValue, nil}, describeMapping{"oauth_use_secondary_roles", "oauth_use_secondary_roles", oauthUseSecondaryRoles.Value, oauthUseSecondaryRoles.Value, nil}, describeMapping{"blocked_roles_list", "blocked_roles_list", blockedRolesList.Value, sdk.ParseCommaSeparatedStringArray(blockedRolesList.Value, false), nil}, - describeMapping{"oauth_redirect_uri", "oauth_redirect_uri", oauthRedirectUri.Value, oauthRedirectUri.Value, nil}, + describeMapping{"oauth_redirect_uri", "oauth_redirect_uri", oauthRedirectUri, oauthRedirectUri, nil}, ); err != nil { return diag.FromErr(err) } From be290c3a23fe0fcfeb5e6ddc3bc0a4ebc6c4b173 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Cie=C5=9Blak?= Date: Thu, 6 Mar 2025 10:40:28 +0100 Subject: [PATCH 9/9] Update migration guide --- MIGRATION_GUIDE.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/MIGRATION_GUIDE.md b/MIGRATION_GUIDE.md index 2a6f1240c0..d968d13203 100644 --- a/MIGRATION_GUIDE.md +++ b/MIGRATION_GUIDE.md @@ -9,7 +9,10 @@ across different versions. ## v1.0.4 ➞ v1.0.5 -### Tracking remote changes +### Tracking external changes for oauth_redirect_uri in the snowflake_oauth_integration_for_partner_applications resource +From this version, the snowflake_oauth_integration_for_partner_applications resource is able to +detect changes on the Snowflake side and apply appropriate action from the provider level. This may produce +changes after running `terraform plan`, as before the configuration could contain different value than on the Snowflake side. ## v1.0.3 ➞ v1.0.4