fix: handle external change of secret type (#3141)

## Changes * Added secret_type computed filed to secret resources * Added CustomDiff for handling external change of secret_type * Refactored show_and_describe_handlers for flat describe_output and show_output * Tested external change of secret type for each resource ## Test Plan  * [x] acceptance tests ## References  * #3110 (comment) * #3110 (comment)
Snowflake-Labs · Oct 24, 2024 · 649b839 · 649b839
1 parent 4391473
commit 649b839
Show file tree

Hide file tree

Showing 41 changed files with 984 additions and 169 deletions.
diff --git a/docs/resources/secret_with_authorization_code_grant.md b/docs/resources/secret_with_authorization_code_grant.md
@@ -59,6 +59,7 @@ resource "snowflake_secret_with_authorization_code_grant" "test" {
 - `describe_output` (List of Object) Outputs the result of `DESCRIBE SECRET` for the given secret. (see [below for nested schema](#nestedatt--describe_output))
 - `fully_qualified_name` (String) Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
 - `id` (String) The ID of this resource.
+- `secret_type` (String) Specifies a type for the secret. This field is used for checking external changes and recreating the resources if needed.
 - `show_output` (List of Object) Outputs the result of `SHOW SECRETS` for the given secret. (see [below for nested schema](#nestedatt--show_output))
 
 <a id="nestedatt--describe_output"></a>

diff --git a/docs/resources/secret_with_basic_authentication.md b/docs/resources/secret_with_basic_authentication.md
@@ -56,6 +56,7 @@ resource "snowflake_secret_with_basic_authentication" "test" {
 - `describe_output` (List of Object) Outputs the result of `DESCRIBE SECRET` for the given secret. (see [below for nested schema](#nestedatt--describe_output))
 - `fully_qualified_name` (String) Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
 - `id` (String) The ID of this resource.
+- `secret_type` (String) Specifies a type for the secret. This field is used for checking external changes and recreating the resources if needed.
 - `show_output` (List of Object) Outputs the result of `SHOW SECRETS` for the given secret. (see [below for nested schema](#nestedatt--show_output))
 
 <a id="nestedatt--describe_output"></a>

diff --git a/docs/resources/secret_with_client_credentials.md b/docs/resources/secret_with_client_credentials.md
@@ -56,6 +56,7 @@ resource "snowflake_secret_with_client_credentials" "test" {
 - `describe_output` (List of Object) Outputs the result of `DESCRIBE SECRET` for the given secret. (see [below for nested schema](#nestedatt--describe_output))
 - `fully_qualified_name` (String) Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
 - `id` (String) The ID of this resource.
+- `secret_type` (String) Specifies a type for the secret. This field is used for checking external changes and recreating the resources if needed.
 - `show_output` (List of Object) Outputs the result of `SHOW SECRETS` for the given secret. (see [below for nested schema](#nestedatt--show_output))
 
 <a id="nestedatt--describe_output"></a>

diff --git a/docs/resources/secret_with_generic_string.md b/docs/resources/secret_with_generic_string.md
@@ -53,6 +53,7 @@ resource "snowflake_secret_with_generic_string" "test" {
 - `describe_output` (List of Object) Outputs the result of `DESCRIBE SECRET` for the given secret. (see [below for nested schema](#nestedatt--describe_output))
 - `fully_qualified_name` (String) Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
 - `id` (String) The ID of this resource.
+- `secret_type` (String) Specifies a type for the secret. This field is used for checking external changes and recreating the resources if needed.
 - `show_output` (List of Object) Outputs the result of `SHOW SECRETS` for the given secret. (see [below for nested schema](#nestedatt--show_output))
 
 <a id="nestedatt--describe_output"></a>

diff --git a/pkg/acceptance/bettertestspoc/assert/resourceassert/gen/resource_schema_def.go b/pkg/acceptance/bettertestspoc/assert/resourceassert/gen/resource_schema_def.go
@@ -73,6 +73,22 @@ var allResourceSchemaDefs = []ResourceSchemaDef{
 		name:   "StreamOnExternalTable",
 		schema: resources.StreamOnExternalTable().Schema,
 	},
+	{
+		name:   "SecretWithAuthorizationCodeGrant",
+		schema: resources.SecretWithAuthorizationCodeGrant().Schema,
+	},
+	{
+		name:   "SecretWithBasicAuthentication",
+		schema: resources.SecretWithBasicAuthentication().Schema,
+	},
+	{
+		name:   "SecretWithClientCredentials",
+		schema: resources.SecretWithClientCredentials().Schema,
+	},
+	{
+		name:   "SecretWithGenericString",
+		schema: resources.SecretWithGenericString().Schema,
+	},
 	{
 		name:   "StreamOnDirectoryTable",
 		schema: resources.StreamOnDirectoryTable().Schema,

diff --git a/...bettertestspoc/assert/resourceassert/secret_with_authorization_code_grant_resource_ext.go b/...bettertestspoc/assert/resourceassert/secret_with_authorization_code_grant_resource_ext.go
@@ -4,7 +4,7 @@ import (
 	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance/bettertestspoc/assert"
 )
 
-func (s *SecretWithAuthorizationCodeResourceAssert) HasOauthRefreshTokenExpiryTimeNotEmpty() *SecretWithAuthorizationCodeResourceAssert {
+func (s *SecretWithAuthorizationCodeGrantResourceAssert) HasOauthRefreshTokenExpiryTimeNotEmpty() *SecretWithAuthorizationCodeGrantResourceAssert {
 	s.AddAssertion(assert.ValuePresent("oauth_refresh_token_expiry_time"))
 	return s
 }
diff --git a/...bettertestspoc/assert/resourceassert/secret_with_authorization_code_grant_resource_gen.go b/...bettertestspoc/assert/resourceassert/secret_with_authorization_code_grant_resource_gen.go
diff --git a/...nce/bettertestspoc/assert/resourceassert/secret_with_basic_authentication_resource_gen.go b/...nce/bettertestspoc/assert/resourceassert/secret_with_basic_authentication_resource_gen.go
diff --git a/...tance/bettertestspoc/assert/resourceassert/secret_with_client_credentials_resource_gen.go b/...tance/bettertestspoc/assert/resourceassert/secret_with_client_credentials_resource_gen.go
diff --git a/...cceptance/bettertestspoc/assert/resourceassert/secret_with_generic_string_resource_gen.go b/...cceptance/bettertestspoc/assert/resourceassert/secret_with_generic_string_resource_gen.go
diff --git a/...uth_authorization_code_grant_model_gen.go → ...ith_authorization_code_grant_model_gen.go b/...uth_authorization_code_grant_model_gen.go → ...ith_authorization_code_grant_model_gen.go
diff --git a/pkg/acceptance/bettertestspoc/config/model/secret_with_basic_authentication_model_gen.go b/pkg/acceptance/bettertestspoc/config/model/secret_with_basic_authentication_model_gen.go
diff --git a/pkg/acceptance/bettertestspoc/config/model/secret_with_client_credentials_model_ext.go b/pkg/acceptance/bettertestspoc/config/model/secret_with_client_credentials_model_ext.go
@@ -0,0 +1,13 @@
+package model
+
+import tfconfig "github.com/hashicorp/terraform-plugin-testing/config"
+
+func (s *SecretWithClientCredentialsModel) WithOauthScopes(oauthScopes []string) *SecretWithClientCredentialsModel {
+	oauthScopesStringVariables := make([]tfconfig.Variable, len(oauthScopes))
+	for i, v := range oauthScopes {
+		oauthScopesStringVariables[i] = tfconfig.StringVariable(v)
+	}
+
+	s.OauthScopes = tfconfig.SetVariable(oauthScopesStringVariables...)
+	return s
+}
diff --git a/...ith_oauth_client_credentials_model_gen.go → ...cret_with_client_credentials_model_gen.go b/...ith_oauth_client_credentials_model_gen.go → ...cret_with_client_credentials_model_gen.go