Skip to content

Commit

Permalink
wip
Browse files Browse the repository at this point in the history
  • Loading branch information
sfc-gh-jcieslak committed Dec 6, 2024
1 parent b61d78c commit ad87118
Show file tree
Hide file tree
Showing 11 changed files with 140 additions and 42 deletions.
11 changes: 10 additions & 1 deletion MIGRATION_GUIDE.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,18 @@ across different versions.
## v0.99.0 ➞ v0.100.0

### snowflake_account resource changes

Changes:
- Account renaming is now supported.
- `is_org_admin` is a settable field (previously it was read-only field). Changing its value is also supported.
- `must_change_password` and `is_org_admin` type was changed from `bool` to bool-string (more on that [here](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/v1-preparations/CHANGES_BEFORE_V1.md#empty-values)). No action should be required during the migration.
- The underlying resource identifier was changed from `<account_locator>` to `<organization_name>.<account_name>`. Migration will be done automatically. Notice this introduces changes in how `snowflake_account` resource is imported.


### snowflake_tag_association resource changes
#### *(behavior change)* new id format
In order to provide more functionality for tagging objects, we have changed the resource id from `"TAG_DATABASE"."TAG_SCHEMA"."TAG_NAME"` to `"TAG_DATABASE"."TAG_SCHEMA"."TAG_NAME"|TAG_VALUE|OBJECT_TYPE`. This allows to group tags associations per tag ID, tag value and object type in one resource.
To provide more functionality for tagging objects, we have changed the resource id from `"TAG_DATABASE"."TAG_SCHEMA"."TAG_NAME"` to `"TAG_DATABASE"."TAG_SCHEMA"."TAG_NAME"|TAG_VALUE|OBJECT_TYPE`. This allows to group tags associations per tag ID, tag value and object type in one resource.
```
resource "snowflake_tag_association" "gold_warehouses" {
object_identifiers = [snowflake_warehouse.w1.fully_qualified_name, snowflake_warehouse.w2.fully_qualified_name]
Expand Down
1 change: 1 addition & 0 deletions examples/resources/snowflake_account/import.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
terraform import snowflake_account.example '"<organization_name>"."<account_name>"'
40 changes: 36 additions & 4 deletions examples/resources/snowflake_account/resource.tf
Original file line number Diff line number Diff line change
@@ -1,10 +1,42 @@

## TODO:

## Minimal
resource "snowflake_account" "minimal" {
name = "ACCOUNT_NAME"
admin_name = "ADMIN_NAME"
admin_password = "ADMIN_PASSWORD"
email = "[email protected]"
edition = "STANDARD"
grace_period_in_days = 3
}

## Complete (with SERVICE user type)
resource "snowflake_account" "complete" {
name = "ACCOUNT_NAME"
admin_name = "ADMIN_NAME"
admin_rsa_public_key = "<public_key>"
admin_user_type = "SERVICE"
email = "[email protected]"
edition = "STANDARD"
region_group = "PUBLIC"
region = "AWS_US_WEST_2"
comment = "some comment"
is_org_admin = "true"
grace_period_in_days = 3
}

## Complete (with every optional set)
## Complete (with PERSON user type)
resource "snowflake_account" "complete" {
name = "ACCOUNT_NAME"
admin_name = "ADMIN_NAME"
admin_password = "ADMIN_PASSWORD"
admin_user_type = "PERSON"
first_name = "first_name"
last_name = "last_name"
email = "[email protected]"
must_change_password = "false"
edition = "STANDARD"
region_group = "PUBLIC"
region = "AWS_US_WEST_2"
comment = "some comment"
is_org_admin = "true"
grace_period_in_days = 3
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
package resourceassert

import (
"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance/bettertestspoc/assert"
"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk"
)

func (a *AccountResourceAssert) HasAdminUserType(expected sdk.UserType) *AccountResourceAssert {
a.AddAssertion(assert.ValueSet("admin_user_type", string(expected)))
return a
}

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

11 changes: 11 additions & 0 deletions pkg/acceptance/bettertestspoc/config/model/account_model_ext.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
package model

import (
"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk"
tfconfig "github.com/hashicorp/terraform-plugin-testing/config"
)

func (a *AccountModel) WithAdminUserTypeEnum(adminUserType sdk.UserType) *AccountModel {
a.AdminUserType = tfconfig.StringVariable(string(adminUserType))
return a
}

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

16 changes: 8 additions & 8 deletions pkg/resources/account.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,10 +24,9 @@ import (

var accountSchema = map[string]*schema.Schema{
"name": {
Type: schema.TypeString,
Required: true,
Description: "Specifies the identifier (i.e. name) for the account. It be unique within an organization, regardless of which Snowflake Region the account is in and must start with an alphabetic character and cannot contain spaces or special characters except for underscores (_). Note that if the account name includes underscores, features that do not accept account names with underscores (e.g. Okta SSO or SCIM) can reference a version of the account name that substitutes hyphens (-) for the underscores.",
ValidateDiagFunc: IsValidIdentifier[sdk.AccountObjectIdentifier](),
Type: schema.TypeString,
Required: true,
Description: "Specifies the identifier (i.e. name) for the account. It be unique within an organization, regardless of which Snowflake Region the account is in and must start with an alphabetic character and cannot contain spaces or special characters except for underscores (_). Note that if the account name includes underscores, features that do not accept account names with underscores (e.g. Okta SSO or SCIM) can reference a version of the account name that substitutes hyphens (-) for the underscores.",
},
"admin_name": {
Type: schema.TypeString,
Expand All @@ -40,7 +39,7 @@ var accountSchema = map[string]*schema.Schema{
Type: schema.TypeString,
Optional: true,
Sensitive: true,
Description: externalChangesNotDetectedFieldDescription("Password for the initial administrative user of the account. Either admin_password or admin_rsa_public_key has to be specified."),
Description: externalChangesNotDetectedFieldDescription("Password for the initial administrative user of the account. Either admin_password or admin_rsa_public_key has to be specified. This field cannot be used whenever admin_user_type is set to SERVICE."),
DiffSuppressFunc: IgnoreAfterCreation,
AtLeastOneOf: []string{"admin_password", "admin_rsa_public_key"},
},
Expand All @@ -63,14 +62,14 @@ var accountSchema = map[string]*schema.Schema{
Type: schema.TypeString,
Optional: true,
Sensitive: true,
Description: externalChangesNotDetectedFieldDescription("First name of the initial administrative user of the account."),
Description: externalChangesNotDetectedFieldDescription("First name of the initial administrative user of the account. This field cannot be used whenever admin_user_type is set to SERVICE."),
DiffSuppressFunc: IgnoreAfterCreation,
},
"last_name": {
Type: schema.TypeString,
Optional: true,
Sensitive: true,
Description: externalChangesNotDetectedFieldDescription("Last name of the initial administrative user of the account."),
Description: externalChangesNotDetectedFieldDescription("Last name of the initial administrative user of the account. This field cannot be used whenever admin_user_type is set to SERVICE."),
DiffSuppressFunc: IgnoreAfterCreation,
},
"email": {
Expand All @@ -84,7 +83,7 @@ var accountSchema = map[string]*schema.Schema{
Type: schema.TypeString,
Optional: true,
Default: BooleanDefault,
Description: externalChangesNotDetectedFieldDescription("Specifies whether the new user created to administer the account is forced to change their password upon first login into the account."),
Description: externalChangesNotDetectedFieldDescription("Specifies whether the new user created to administer the account is forced to change their password upon first login into the account. This field cannot be used whenever admin_user_type is set to SERVICE."),
DiffSuppressFunc: IgnoreAfterCreation,
ValidateDiagFunc: validateBooleanString,
},
Expand All @@ -93,6 +92,7 @@ var accountSchema = map[string]*schema.Schema{
Required: true,
ForceNew: true,
Description: fmt.Sprintf("Snowflake Edition of the account. See more about Snowflake Editions in the [official documentation](https://docs.snowflake.com/en/user-guide/intro-editions). Valid options are: %s", docs.PossibleValuesListed(sdk.AllAccountEditions)),
DiffSuppressFunc: NormalizeAndCompare(sdk.ToAccountEdition),
ValidateDiagFunc: sdkValidation(sdk.ToAccountEdition),
},
"region_group": {
Expand Down
Loading

0 comments on commit ad87118

Please sign in to comment.