Remove oauth integration for partner applications

Snowflake-Labs · Jul 3, 2024 · c7ce026 · c7ce026
1 parent 2c85896
commit c7ce026
Show file tree

Hide file tree

Showing 19 changed files with 67 additions and 1,022 deletions.
diff --git a/docs/resources/oauth_integration_for_partner_applications.md b/docs/resources/oauth_integration_for_partner_applications.md
diff --git a/pkg/provider/provider.go b/pkg/provider/provider.go
@@ -421,71 +421,70 @@ func Provider() *schema.Provider {
 
 func getResources() map[string]*schema.Resource {
 	return map[string]*schema.Resource{
-		"snowflake_account":                                    resources.Account(),
-		"snowflake_account_password_policy_attachment":         resources.AccountPasswordPolicyAttachment(),
-		"snowflake_account_parameter":                          resources.AccountParameter(),
-		"snowflake_alert":                                      resources.Alert(),
-		"snowflake_api_integration":                            resources.APIIntegration(),
-		"snowflake_cortex_search_service":                      resources.CortexSearchService(),
-		"snowflake_database_old":                               resources.DatabaseOld(),
-		"snowflake_database":                                   resources.Database(),
-		"snowflake_database_role":                              resources.DatabaseRole(),
-		"snowflake_dynamic_table":                              resources.DynamicTable(),
-		"snowflake_email_notification_integration":             resources.EmailNotificationIntegration(),
-		"snowflake_external_function":                          resources.ExternalFunction(),
-		"snowflake_external_oauth_integration":                 resources.ExternalOauthIntegration(),
-		"snowflake_external_table":                             resources.ExternalTable(),
-		"snowflake_failover_group":                             resources.FailoverGroup(),
-		"snowflake_file_format":                                resources.FileFormat(),
-		"snowflake_function":                                   resources.Function(),
-		"snowflake_grant_account_role":                         resources.GrantAccountRole(),
-		"snowflake_grant_application_role":                     resources.GrantApplicationRole(),
-		"snowflake_grant_database_role":                        resources.GrantDatabaseRole(),
-		"snowflake_grant_ownership":                            resources.GrantOwnership(),
-		"snowflake_grant_privileges_to_account_role":           resources.GrantPrivilegesToAccountRole(),
-		"snowflake_grant_privileges_to_database_role":          resources.GrantPrivilegesToDatabaseRole(),
-		"snowflake_grant_privileges_to_share":                  resources.GrantPrivilegesToShare(),
-		"snowflake_managed_account":                            resources.ManagedAccount(),
-		"snowflake_masking_policy":                             resources.MaskingPolicy(),
-		"snowflake_materialized_view":                          resources.MaterializedView(),
-		"snowflake_network_policy":                             resources.NetworkPolicy(),
-		"snowflake_network_policy_attachment":                  resources.NetworkPolicyAttachment(),
-		"snowflake_network_rule":                               resources.NetworkRule(),
-		"snowflake_notification_integration":                   resources.NotificationIntegration(),
-		"snowflake_oauth_integration":                          resources.OAuthIntegration(),
-		"snowflake_oauth_integration_for_custom_clients":       resources.OauthIntegrationForCustomClients(),
-		"snowflake_oauth_integration_for_partner_applications": resources.OauthIntegrationForPartnerApplications(),
-		"snowflake_object_parameter":                           resources.ObjectParameter(),
-		"snowflake_password_policy":                            resources.PasswordPolicy(),
-		"snowflake_pipe":                                       resources.Pipe(),
-		"snowflake_procedure":                                  resources.Procedure(),
-		"snowflake_resource_monitor":                           resources.ResourceMonitor(),
-		"snowflake_role":                                       resources.Role(),
-		"snowflake_row_access_policy":                          resources.RowAccessPolicy(),
-		"snowflake_saml_integration":                           resources.SAMLIntegration(),
-		"snowflake_schema":                                     resources.Schema(),
-		"snowflake_scim_integration":                           resources.SCIMIntegration(),
-		"snowflake_secondary_database":                         resources.SecondaryDatabase(),
-		"snowflake_sequence":                                   resources.Sequence(),
-		"snowflake_session_parameter":                          resources.SessionParameter(),
-		"snowflake_share":                                      resources.Share(),
-		"snowflake_shared_database":                            resources.SharedDatabase(),
-		"snowflake_stage":                                      resources.Stage(),
-		"snowflake_storage_integration":                        resources.StorageIntegration(),
-		"snowflake_stream":                                     resources.Stream(),
-		"snowflake_table":                                      resources.Table(),
-		"snowflake_table_column_masking_policy_application":    resources.TableColumnMaskingPolicyApplication(),
-		"snowflake_table_constraint":                           resources.TableConstraint(),
-		"snowflake_tag":                                        resources.Tag(),
-		"snowflake_tag_association":                            resources.TagAssociation(),
-		"snowflake_tag_masking_policy_association":             resources.TagMaskingPolicyAssociation(),
-		"snowflake_task":                                       resources.Task(),
-		"snowflake_unsafe_execute":                             resources.UnsafeExecute(),
-		"snowflake_user":                                       resources.User(),
-		"snowflake_user_password_policy_attachment":            resources.UserPasswordPolicyAttachment(),
-		"snowflake_user_public_keys":                           resources.UserPublicKeys(),
-		"snowflake_view":                                       resources.View(),
-		"snowflake_warehouse":                                  resources.Warehouse(),
+		"snowflake_account":                                 resources.Account(),
+		"snowflake_account_password_policy_attachment":      resources.AccountPasswordPolicyAttachment(),
+		"snowflake_account_parameter":                       resources.AccountParameter(),
+		"snowflake_alert":                                   resources.Alert(),
+		"snowflake_api_integration":                         resources.APIIntegration(),
+		"snowflake_cortex_search_service":                   resources.CortexSearchService(),
+		"snowflake_database_old":                            resources.DatabaseOld(),
+		"snowflake_database":                                resources.Database(),
+		"snowflake_database_role":                           resources.DatabaseRole(),
+		"snowflake_dynamic_table":                           resources.DynamicTable(),
+		"snowflake_email_notification_integration":          resources.EmailNotificationIntegration(),
+		"snowflake_external_function":                       resources.ExternalFunction(),
+		"snowflake_external_oauth_integration":              resources.ExternalOauthIntegration(),
+		"snowflake_external_table":                          resources.ExternalTable(),
+		"snowflake_failover_group":                          resources.FailoverGroup(),
+		"snowflake_file_format":                             resources.FileFormat(),
+		"snowflake_function":                                resources.Function(),
+		"snowflake_grant_account_role":                      resources.GrantAccountRole(),
+		"snowflake_grant_application_role":                  resources.GrantApplicationRole(),
+		"snowflake_grant_database_role":                     resources.GrantDatabaseRole(),
+		"snowflake_grant_ownership":                         resources.GrantOwnership(),
+		"snowflake_grant_privileges_to_account_role":        resources.GrantPrivilegesToAccountRole(),
+		"snowflake_grant_privileges_to_database_role":       resources.GrantPrivilegesToDatabaseRole(),
+		"snowflake_grant_privileges_to_share":               resources.GrantPrivilegesToShare(),
+		"snowflake_managed_account":                         resources.ManagedAccount(),
+		"snowflake_masking_policy":                          resources.MaskingPolicy(),
+		"snowflake_materialized_view":                       resources.MaterializedView(),
+		"snowflake_network_policy":                          resources.NetworkPolicy(),
+		"snowflake_network_policy_attachment":               resources.NetworkPolicyAttachment(),
+		"snowflake_network_rule":                            resources.NetworkRule(),
+		"snowflake_notification_integration":                resources.NotificationIntegration(),
+		"snowflake_oauth_integration":                       resources.OAuthIntegration(),
+		"snowflake_oauth_integration_for_custom_clients":    resources.OauthIntegrationForCustomClients(),
+		"snowflake_object_parameter":                        resources.ObjectParameter(),
+		"snowflake_password_policy":                         resources.PasswordPolicy(),
+		"snowflake_pipe":                                    resources.Pipe(),
+		"snowflake_procedure":                               resources.Procedure(),
+		"snowflake_resource_monitor":                        resources.ResourceMonitor(),
+		"snowflake_role":                                    resources.Role(),
+		"snowflake_row_access_policy":                       resources.RowAccessPolicy(),
+		"snowflake_saml_integration":                        resources.SAMLIntegration(),
+		"snowflake_schema":                                  resources.Schema(),
+		"snowflake_scim_integration":                        resources.SCIMIntegration(),
+		"snowflake_secondary_database":                      resources.SecondaryDatabase(),
+		"snowflake_sequence":                                resources.Sequence(),
+		"snowflake_session_parameter":                       resources.SessionParameter(),
+		"snowflake_share":                                   resources.Share(),
+		"snowflake_shared_database":                         resources.SharedDatabase(),
+		"snowflake_stage":                                   resources.Stage(),
+		"snowflake_storage_integration":                     resources.StorageIntegration(),
+		"snowflake_stream":                                  resources.Stream(),
+		"snowflake_table":                                   resources.Table(),
+		"snowflake_table_column_masking_policy_application": resources.TableColumnMaskingPolicyApplication(),
+		"snowflake_table_constraint":                        resources.TableConstraint(),
+		"snowflake_tag":                                     resources.Tag(),
+		"snowflake_tag_association":                         resources.TagAssociation(),
+		"snowflake_tag_masking_policy_association":          resources.TagMaskingPolicyAssociation(),
+		"snowflake_task":                                    resources.Task(),
+		"snowflake_unsafe_execute":                          resources.UnsafeExecute(),
+		"snowflake_user":                                    resources.User(),
+		"snowflake_user_password_policy_attachment":         resources.UserPasswordPolicyAttachment(),
+		"snowflake_user_public_keys":                        resources.UserPublicKeys(),
+		"snowflake_view":                                    resources.View(),
+		"snowflake_warehouse":                               resources.Warehouse(),
 	}
 }
 

diff --git a/pkg/resources/common.go b/pkg/resources/common.go
@@ -1,19 +1,9 @@
 package resources
 
 import (
-	"context"
-	"crypto/sha256"
-	"crypto/x509"
-	"encoding/base64"
-	"encoding/pem"
-	"errors"
-	"fmt"
 	"strings"
 
 	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/helpers"
-	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/internal/provider"
-	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk"
-	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
 
@@ -62,69 +52,3 @@ func suppressQuoting(_, oldValue, newValue string, _ *schema.ResourceData) bool
 		return oldWithoutQuotes == newWithoutQuotes
 	}
 }
-
-func DeleteContextSecurityIntegration(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
-	id := helpers.DecodeSnowflakeID(d.Id()).(sdk.AccountObjectIdentifier)
-	client := meta.(*provider.Context).Client
-
-	err := client.SecurityIntegrations.Drop(ctx, sdk.NewDropSecurityIntegrationRequest(sdk.NewAccountObjectIdentifier(id.Name())).WithIfExists(true))
-	if err != nil {
-		return diag.Diagnostics{
-			diag.Diagnostic{
-				Severity: diag.Error,
-				Summary:  "Error deleting integration",
-				Detail:   fmt.Sprintf("id %v err = %v", id.Name(), err),
-			},
-		}
-	}
-
-	d.SetId("")
-	return nil
-}
-
-func RSAKeyHash(key string) (string, error) {
-	keyBytes := []byte(fmt.Sprintf("-----BEGIN PUBLIC KEY-----\n%s\n-----END PUBLIC KEY-----", key))
-
-	block, _ := pem.Decode(keyBytes)
-	if block == nil || block.Type != "PUBLIC KEY" {
-		return "", errors.New("Failed to decode PEM block containing public key")
-	}
-
-	pubKey, err := x509.ParsePKIXPublicKey(block.Bytes)
-	if err != nil {
-		return "", fmt.Errorf("Unable to parse public key: %w", err)
-	}
-
-	pubKeyBytes, err := x509.MarshalPKIXPublicKey(pubKey)
-	if err != nil {
-		return "", fmt.Errorf("Unable to marshal public key: %w", err)
-	}
-
-	hash := sha256.Sum256(pubKeyBytes)
-	return fmt.Sprintf("SHA256:%s", base64.StdEncoding.EncodeToString(hash[:])), nil
-}
-
-func getParameterInAccount(ctx context.Context, client *sdk.Client, param string) (string, error) {
-	params, err := client.Parameters.ShowParameters(ctx, &sdk.ShowParametersOptions{
-		Like: &sdk.Like{
-			Pattern: sdk.Pointer(param),
-		},
-		In: &sdk.ParametersIn{
-			Account: sdk.Pointer(true),
-		},
-	})
-	if err != nil {
-		return "", err
-	}
-	var found *sdk.Parameter
-	for _, v := range params {
-		if v.Key == param {
-			found = v
-			break
-		}
-	}
-	if found == nil {
-		return "", fmt.Errorf("parameter %s not found", param)
-	}
-	return found.Value, nil
-}
diff --git a/pkg/resources/custom_diffs.go b/pkg/resources/custom_diffs.go
@@ -58,22 +58,6 @@ func ParameterValueComputedIf(key string, parameters []*sdk.Parameter, objectPar
 	}
 }
 
-// ForceNewIfChangeToEmptySet sets a ForceNew for a set field which was set to an empty value.
-func ForceNewIfChangeToEmptySet[T any](key string) schema.CustomizeDiffFunc {
-	return customdiff.ForceNewIfChange(key, func(ctx context.Context, oldValue, newValue, meta any) bool {
-		oldList, newList := oldValue.(*schema.Set).List(), newValue.(*schema.Set).List()
-		return len(oldList) > 0 && len(newList) == 0
-	})
-}
-
-// ForceNewIfChangeToEmptyString sets a ForceNew for a string field which was set to an empty value.
-func ForceNewIfChangeToEmptyString(key string) schema.CustomizeDiffFunc {
-	return customdiff.ForceNewIfChange(key, func(ctx context.Context, oldValue, newValue, meta any) bool {
-		oldString, newString := oldValue.(string), newValue.(string)
-		return len(oldString) > 0 && len(newString) == 0
-	})
-}
-
 // TODO [follow-up PR]: test
 func ComputedIfAnyAttributeChanged(key string, changedAttributeKeys ...string) schema.CustomizeDiffFunc {
 	return customdiff.ComputedIf(key, func(ctx context.Context, diff *schema.ResourceDiff, meta interface{}) bool {

diff --git a/pkg/resources/oauth_integration_for_custom_clients.go b/pkg/resources/oauth_integration_for_custom_clients.go
@@ -99,14 +99,10 @@ var oauthIntegrationForCustomClientsSchema = map[string]*schema.Schema{
 		Description:  "Specifies how long refresh tokens should be valid (in seconds). OAUTH_ISSUE_REFRESH_TOKENS must be set to TRUE.",
 	},
 	"network_policy": {
-		Type:     schema.TypeString,
-		Optional: true,
-		Description: "Specifies an existing network policy. This network policy controls network traffic that is attempting to exchange an authorization " +
-			"code for an access or refresh token or to use a refresh token to obtain a new access token.",
+		Type:             schema.TypeString,
+		Optional:         true,
+		Description:      "Specifies an existing network policy. This network policy controls network traffic that is attempting to exchange an authorization code for an access or refresh token or to use a refresh token to obtain a new access token.",
 		ValidateDiagFunc: IsValidIdentifier[sdk.AccountObjectIdentifier](),
-		DiffSuppressFunc: func(_, old, new string, d *schema.ResourceData) bool {
-			return sdk.NewAccountObjectIdentifierFromFullyQualifiedName(old) == sdk.NewAccountObjectIdentifierFromFullyQualifiedName(new)
-		},
 	},
 	"oauth_client_rsa_public_key": {
 		Type:        schema.TypeString,