From c7ce02688b8e4bed794e7d154382ccfe1c6ada5c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Cie=C5=9Blak?= Date: Wed, 3 Jul 2024 15:16:38 +0200 Subject: [PATCH] Remove oauth integration for partner applications --- ...th_integration_for_partner_applications.md | 41 -- pkg/provider/provider.go | 129 +++--- pkg/resources/common.go | 76 ---- pkg/resources/custom_diffs.go | 16 - .../oauth_integration_for_custom_clients.go | 10 +- ...th_integration_for_partner_applications.go | 418 ------------------ ...or_partner_applications_acceptance_test.go | 231 ---------- .../basic/test.tf | 4 - .../basic/variables.tf | 6 - .../complete/test.tf | 11 - .../complete/variables.tf | 28 -- .../complete_looker/test.tf | 11 - .../complete_looker/variables.tf | 28 -- .../complete_tableau_server copy/test.tf | 11 - .../complete_tableau_server copy/variables.tf | 28 -- .../complete_tableau_server/test.tf | 10 - .../complete_tableau_server/variables.tf | 25 -- .../invalid/test.tf | 3 - .../invalid/variables.tf | 3 - 19 files changed, 67 insertions(+), 1022 deletions(-) delete mode 100644 docs/resources/oauth_integration_for_partner_applications.md delete mode 100644 pkg/resources/oauth_integration_for_partner_applications.go delete mode 100644 pkg/resources/oauth_integration_for_partner_applications_acceptance_test.go delete mode 100644 pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/basic/test.tf delete mode 100644 pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/basic/variables.tf delete mode 100644 pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete/test.tf delete mode 100644 pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete/variables.tf delete mode 100644 pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete_looker/test.tf delete mode 100644 pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete_looker/variables.tf delete mode 100644 pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete_tableau_server copy/test.tf delete mode 100644 pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete_tableau_server copy/variables.tf delete mode 100644 pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete_tableau_server/test.tf delete mode 100644 pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete_tableau_server/variables.tf delete mode 100644 pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/invalid/test.tf delete mode 100644 pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/invalid/variables.tf diff --git a/docs/resources/oauth_integration_for_partner_applications.md b/docs/resources/oauth_integration_for_partner_applications.md deleted file mode 100644 index 854ea05cd6..0000000000 --- a/docs/resources/oauth_integration_for_partner_applications.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -page_title: "snowflake_oauth_integration_for_partner_applications Resource - terraform-provider-snowflake" -subcategory: "" -description: |- - ---- - -# snowflake_oauth_integration_for_partner_applications (Resource) - - - - - - -## Schema - -### Required - -- `name` (String) Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. -- `oauth_client` (String) Creates an OAuth interface between Snowflake and a partner application. Valid options are: [LOOKER TABLEAU_DESKTOP TABLEAU_SERVER] - -### Optional - -- `blocked_roles_list` (Set of String) List of roles that a user cannot explicitly consent to using after authenticating. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates. -- `comment` (String) Specifies a comment for the OAuth integration. -- `enabled` (Boolean) Specifies whether this OAuth integration is enabled or disabled. -- `oauth_issue_refresh_tokens` (String) Specifies whether to allow the client to exchange a refresh token for an access token when the current access token has expired. -- `oauth_redirect_uri` (String) Specifies the client URI. After a user is authenticated, the web browser is redirected to this URI. -- `oauth_refresh_token_validity` (Number) Specifies how long refresh tokens should be valid (in seconds). OAUTH_ISSUE_REFRESH_TOKENS must be set to TRUE. -- `oauth_use_secondary_roles` (String) Specifies whether default secondary roles set in the user properties are activated by default in the session being opened. - -### Read-Only - -- `created_on` (String) Date and time when the OAuth integration was created. -- `id` (String) The ID of this resource. -- `oauth_add_privileged_roles_to_blocked_list` (Boolean) -- `oauth_allowed_authorization_endpoints` (Set of String) A list of allowed authorization endpoints for oauth. -- `oauth_allowed_token_endpoints` (Set of String) A list of allowed token endpoints for oauth. -- `oauth_authorization_endpoint` (String) Authorization endpoint for oauth. -- `oauth_client_id` (String) Oauth client ID. -- `oauth_token_endpoint` (String) Token endpoint for oauth. diff --git a/pkg/provider/provider.go b/pkg/provider/provider.go index c063e8cd37..7fadd62573 100644 --- a/pkg/provider/provider.go +++ b/pkg/provider/provider.go @@ -421,71 +421,70 @@ func Provider() *schema.Provider { func getResources() map[string]*schema.Resource { return map[string]*schema.Resource{ - "snowflake_account": resources.Account(), - "snowflake_account_password_policy_attachment": resources.AccountPasswordPolicyAttachment(), - "snowflake_account_parameter": resources.AccountParameter(), - "snowflake_alert": resources.Alert(), - "snowflake_api_integration": resources.APIIntegration(), - "snowflake_cortex_search_service": resources.CortexSearchService(), - "snowflake_database_old": resources.DatabaseOld(), - "snowflake_database": resources.Database(), - "snowflake_database_role": resources.DatabaseRole(), - "snowflake_dynamic_table": resources.DynamicTable(), - "snowflake_email_notification_integration": resources.EmailNotificationIntegration(), - "snowflake_external_function": resources.ExternalFunction(), - "snowflake_external_oauth_integration": resources.ExternalOauthIntegration(), - "snowflake_external_table": resources.ExternalTable(), - "snowflake_failover_group": resources.FailoverGroup(), - "snowflake_file_format": resources.FileFormat(), - "snowflake_function": resources.Function(), - "snowflake_grant_account_role": resources.GrantAccountRole(), - "snowflake_grant_application_role": resources.GrantApplicationRole(), - "snowflake_grant_database_role": resources.GrantDatabaseRole(), - "snowflake_grant_ownership": resources.GrantOwnership(), - "snowflake_grant_privileges_to_account_role": resources.GrantPrivilegesToAccountRole(), - "snowflake_grant_privileges_to_database_role": resources.GrantPrivilegesToDatabaseRole(), - "snowflake_grant_privileges_to_share": resources.GrantPrivilegesToShare(), - "snowflake_managed_account": resources.ManagedAccount(), - "snowflake_masking_policy": resources.MaskingPolicy(), - "snowflake_materialized_view": resources.MaterializedView(), - "snowflake_network_policy": resources.NetworkPolicy(), - "snowflake_network_policy_attachment": resources.NetworkPolicyAttachment(), - "snowflake_network_rule": resources.NetworkRule(), - "snowflake_notification_integration": resources.NotificationIntegration(), - "snowflake_oauth_integration": resources.OAuthIntegration(), - "snowflake_oauth_integration_for_custom_clients": resources.OauthIntegrationForCustomClients(), - "snowflake_oauth_integration_for_partner_applications": resources.OauthIntegrationForPartnerApplications(), - "snowflake_object_parameter": resources.ObjectParameter(), - "snowflake_password_policy": resources.PasswordPolicy(), - "snowflake_pipe": resources.Pipe(), - "snowflake_procedure": resources.Procedure(), - "snowflake_resource_monitor": resources.ResourceMonitor(), - "snowflake_role": resources.Role(), - "snowflake_row_access_policy": resources.RowAccessPolicy(), - "snowflake_saml_integration": resources.SAMLIntegration(), - "snowflake_schema": resources.Schema(), - "snowflake_scim_integration": resources.SCIMIntegration(), - "snowflake_secondary_database": resources.SecondaryDatabase(), - "snowflake_sequence": resources.Sequence(), - "snowflake_session_parameter": resources.SessionParameter(), - "snowflake_share": resources.Share(), - "snowflake_shared_database": resources.SharedDatabase(), - "snowflake_stage": resources.Stage(), - "snowflake_storage_integration": resources.StorageIntegration(), - "snowflake_stream": resources.Stream(), - "snowflake_table": resources.Table(), - "snowflake_table_column_masking_policy_application": resources.TableColumnMaskingPolicyApplication(), - "snowflake_table_constraint": resources.TableConstraint(), - "snowflake_tag": resources.Tag(), - "snowflake_tag_association": resources.TagAssociation(), - "snowflake_tag_masking_policy_association": resources.TagMaskingPolicyAssociation(), - "snowflake_task": resources.Task(), - "snowflake_unsafe_execute": resources.UnsafeExecute(), - "snowflake_user": resources.User(), - "snowflake_user_password_policy_attachment": resources.UserPasswordPolicyAttachment(), - "snowflake_user_public_keys": resources.UserPublicKeys(), - "snowflake_view": resources.View(), - "snowflake_warehouse": resources.Warehouse(), + "snowflake_account": resources.Account(), + "snowflake_account_password_policy_attachment": resources.AccountPasswordPolicyAttachment(), + "snowflake_account_parameter": resources.AccountParameter(), + "snowflake_alert": resources.Alert(), + "snowflake_api_integration": resources.APIIntegration(), + "snowflake_cortex_search_service": resources.CortexSearchService(), + "snowflake_database_old": resources.DatabaseOld(), + "snowflake_database": resources.Database(), + "snowflake_database_role": resources.DatabaseRole(), + "snowflake_dynamic_table": resources.DynamicTable(), + "snowflake_email_notification_integration": resources.EmailNotificationIntegration(), + "snowflake_external_function": resources.ExternalFunction(), + "snowflake_external_oauth_integration": resources.ExternalOauthIntegration(), + "snowflake_external_table": resources.ExternalTable(), + "snowflake_failover_group": resources.FailoverGroup(), + "snowflake_file_format": resources.FileFormat(), + "snowflake_function": resources.Function(), + "snowflake_grant_account_role": resources.GrantAccountRole(), + "snowflake_grant_application_role": resources.GrantApplicationRole(), + "snowflake_grant_database_role": resources.GrantDatabaseRole(), + "snowflake_grant_ownership": resources.GrantOwnership(), + "snowflake_grant_privileges_to_account_role": resources.GrantPrivilegesToAccountRole(), + "snowflake_grant_privileges_to_database_role": resources.GrantPrivilegesToDatabaseRole(), + "snowflake_grant_privileges_to_share": resources.GrantPrivilegesToShare(), + "snowflake_managed_account": resources.ManagedAccount(), + "snowflake_masking_policy": resources.MaskingPolicy(), + "snowflake_materialized_view": resources.MaterializedView(), + "snowflake_network_policy": resources.NetworkPolicy(), + "snowflake_network_policy_attachment": resources.NetworkPolicyAttachment(), + "snowflake_network_rule": resources.NetworkRule(), + "snowflake_notification_integration": resources.NotificationIntegration(), + "snowflake_oauth_integration": resources.OAuthIntegration(), + "snowflake_oauth_integration_for_custom_clients": resources.OauthIntegrationForCustomClients(), + "snowflake_object_parameter": resources.ObjectParameter(), + "snowflake_password_policy": resources.PasswordPolicy(), + "snowflake_pipe": resources.Pipe(), + "snowflake_procedure": resources.Procedure(), + "snowflake_resource_monitor": resources.ResourceMonitor(), + "snowflake_role": resources.Role(), + "snowflake_row_access_policy": resources.RowAccessPolicy(), + "snowflake_saml_integration": resources.SAMLIntegration(), + "snowflake_schema": resources.Schema(), + "snowflake_scim_integration": resources.SCIMIntegration(), + "snowflake_secondary_database": resources.SecondaryDatabase(), + "snowflake_sequence": resources.Sequence(), + "snowflake_session_parameter": resources.SessionParameter(), + "snowflake_share": resources.Share(), + "snowflake_shared_database": resources.SharedDatabase(), + "snowflake_stage": resources.Stage(), + "snowflake_storage_integration": resources.StorageIntegration(), + "snowflake_stream": resources.Stream(), + "snowflake_table": resources.Table(), + "snowflake_table_column_masking_policy_application": resources.TableColumnMaskingPolicyApplication(), + "snowflake_table_constraint": resources.TableConstraint(), + "snowflake_tag": resources.Tag(), + "snowflake_tag_association": resources.TagAssociation(), + "snowflake_tag_masking_policy_association": resources.TagMaskingPolicyAssociation(), + "snowflake_task": resources.Task(), + "snowflake_unsafe_execute": resources.UnsafeExecute(), + "snowflake_user": resources.User(), + "snowflake_user_password_policy_attachment": resources.UserPasswordPolicyAttachment(), + "snowflake_user_public_keys": resources.UserPublicKeys(), + "snowflake_view": resources.View(), + "snowflake_warehouse": resources.Warehouse(), } } diff --git a/pkg/resources/common.go b/pkg/resources/common.go index 3797a9fb06..3f6380258d 100644 --- a/pkg/resources/common.go +++ b/pkg/resources/common.go @@ -1,19 +1,9 @@ package resources import ( - "context" - "crypto/sha256" - "crypto/x509" - "encoding/base64" - "encoding/pem" - "errors" - "fmt" "strings" "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/helpers" - "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/internal/provider" - "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk" - "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) @@ -62,69 +52,3 @@ func suppressQuoting(_, oldValue, newValue string, _ *schema.ResourceData) bool return oldWithoutQuotes == newWithoutQuotes } } - -func DeleteContextSecurityIntegration(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { - id := helpers.DecodeSnowflakeID(d.Id()).(sdk.AccountObjectIdentifier) - client := meta.(*provider.Context).Client - - err := client.SecurityIntegrations.Drop(ctx, sdk.NewDropSecurityIntegrationRequest(sdk.NewAccountObjectIdentifier(id.Name())).WithIfExists(true)) - if err != nil { - return diag.Diagnostics{ - diag.Diagnostic{ - Severity: diag.Error, - Summary: "Error deleting integration", - Detail: fmt.Sprintf("id %v err = %v", id.Name(), err), - }, - } - } - - d.SetId("") - return nil -} - -func RSAKeyHash(key string) (string, error) { - keyBytes := []byte(fmt.Sprintf("-----BEGIN PUBLIC KEY-----\n%s\n-----END PUBLIC KEY-----", key)) - - block, _ := pem.Decode(keyBytes) - if block == nil || block.Type != "PUBLIC KEY" { - return "", errors.New("Failed to decode PEM block containing public key") - } - - pubKey, err := x509.ParsePKIXPublicKey(block.Bytes) - if err != nil { - return "", fmt.Errorf("Unable to parse public key: %w", err) - } - - pubKeyBytes, err := x509.MarshalPKIXPublicKey(pubKey) - if err != nil { - return "", fmt.Errorf("Unable to marshal public key: %w", err) - } - - hash := sha256.Sum256(pubKeyBytes) - return fmt.Sprintf("SHA256:%s", base64.StdEncoding.EncodeToString(hash[:])), nil -} - -func getParameterInAccount(ctx context.Context, client *sdk.Client, param string) (string, error) { - params, err := client.Parameters.ShowParameters(ctx, &sdk.ShowParametersOptions{ - Like: &sdk.Like{ - Pattern: sdk.Pointer(param), - }, - In: &sdk.ParametersIn{ - Account: sdk.Pointer(true), - }, - }) - if err != nil { - return "", err - } - var found *sdk.Parameter - for _, v := range params { - if v.Key == param { - found = v - break - } - } - if found == nil { - return "", fmt.Errorf("parameter %s not found", param) - } - return found.Value, nil -} diff --git a/pkg/resources/custom_diffs.go b/pkg/resources/custom_diffs.go index 86a4d04c6e..72183af3e5 100644 --- a/pkg/resources/custom_diffs.go +++ b/pkg/resources/custom_diffs.go @@ -58,22 +58,6 @@ func ParameterValueComputedIf(key string, parameters []*sdk.Parameter, objectPar } } -// ForceNewIfChangeToEmptySet sets a ForceNew for a set field which was set to an empty value. -func ForceNewIfChangeToEmptySet[T any](key string) schema.CustomizeDiffFunc { - return customdiff.ForceNewIfChange(key, func(ctx context.Context, oldValue, newValue, meta any) bool { - oldList, newList := oldValue.(*schema.Set).List(), newValue.(*schema.Set).List() - return len(oldList) > 0 && len(newList) == 0 - }) -} - -// ForceNewIfChangeToEmptyString sets a ForceNew for a string field which was set to an empty value. -func ForceNewIfChangeToEmptyString(key string) schema.CustomizeDiffFunc { - return customdiff.ForceNewIfChange(key, func(ctx context.Context, oldValue, newValue, meta any) bool { - oldString, newString := oldValue.(string), newValue.(string) - return len(oldString) > 0 && len(newString) == 0 - }) -} - // TODO [follow-up PR]: test func ComputedIfAnyAttributeChanged(key string, changedAttributeKeys ...string) schema.CustomizeDiffFunc { return customdiff.ComputedIf(key, func(ctx context.Context, diff *schema.ResourceDiff, meta interface{}) bool { diff --git a/pkg/resources/oauth_integration_for_custom_clients.go b/pkg/resources/oauth_integration_for_custom_clients.go index 39f393dc3a..2af44a18f3 100644 --- a/pkg/resources/oauth_integration_for_custom_clients.go +++ b/pkg/resources/oauth_integration_for_custom_clients.go @@ -99,14 +99,10 @@ var oauthIntegrationForCustomClientsSchema = map[string]*schema.Schema{ Description: "Specifies how long refresh tokens should be valid (in seconds). OAUTH_ISSUE_REFRESH_TOKENS must be set to TRUE.", }, "network_policy": { - Type: schema.TypeString, - Optional: true, - Description: "Specifies an existing network policy. This network policy controls network traffic that is attempting to exchange an authorization " + - "code for an access or refresh token or to use a refresh token to obtain a new access token.", + Type: schema.TypeString, + Optional: true, + Description: "Specifies an existing network policy. This network policy controls network traffic that is attempting to exchange an authorization code for an access or refresh token or to use a refresh token to obtain a new access token.", ValidateDiagFunc: IsValidIdentifier[sdk.AccountObjectIdentifier](), - DiffSuppressFunc: func(_, old, new string, d *schema.ResourceData) bool { - return sdk.NewAccountObjectIdentifierFromFullyQualifiedName(old) == sdk.NewAccountObjectIdentifierFromFullyQualifiedName(new) - }, }, "oauth_client_rsa_public_key": { Type: schema.TypeString, diff --git a/pkg/resources/oauth_integration_for_partner_applications.go b/pkg/resources/oauth_integration_for_partner_applications.go deleted file mode 100644 index 9044b9836a..0000000000 --- a/pkg/resources/oauth_integration_for_partner_applications.go +++ /dev/null @@ -1,418 +0,0 @@ -package resources - -import ( - "context" - "fmt" - "log" - "reflect" - "strconv" - "strings" - - "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/helpers" - "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/internal/provider" - "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk" - - "github.com/hashicorp/terraform-plugin-sdk/v2/diag" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" -) - -var oauthIntegrationForPartnerApplicationsSchema = map[string]*schema.Schema{ - "name": { - Type: schema.TypeString, - Required: true, - ForceNew: true, - Description: "Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.", - }, - "oauth_client": { - Type: schema.TypeString, - Required: true, - ForceNew: true, - Description: fmt.Sprintf("Creates an OAuth interface between Snowflake and a partner application. Valid options are: %v", sdk.AllOauthSecurityIntegrationClients), - ValidateFunc: validation.StringInSlice(sdk.AsStringList(sdk.AllOauthSecurityIntegrationClients), false), - DiffSuppressFunc: ignoreCaseAndTrimSpaceSuppressFunc, - }, - "oauth_redirect_uri": { - Type: schema.TypeString, - Optional: true, - Description: "Specifies the client URI. After a user is authenticated, the web browser is redirected to this URI.", - }, - "enabled": { - Type: schema.TypeBool, - Optional: true, - Description: "Specifies whether this OAuth integration is enabled or disabled.", - }, - "oauth_issue_refresh_tokens": { - Type: schema.TypeString, - ValidateFunc: validation.StringInSlice([]string{"true", "false"}, true), - Default: "unknown", - Optional: true, - Description: "Specifies whether to allow the client to exchange a refresh token for an access token when the current access token has expired.", - DiffSuppressFunc: func(k, oldValue, newValue string, d *schema.ResourceData) bool { - return oldValue == "true" && newValue == "unknown" - }, - }, - "oauth_refresh_token_validity": { - Type: schema.TypeInt, - Optional: true, - ValidateFunc: validation.IntAtLeast(1), - Description: "Specifies how long refresh tokens should be valid (in seconds). OAUTH_ISSUE_REFRESH_TOKENS must be set to TRUE.", - DiffSuppressFunc: func(k, oldValue, newValue string, d *schema.ResourceData) bool { - return d.Get(k).(int) == 7776000 && newValue == "0" - }, - }, - "oauth_use_secondary_roles": { - Type: schema.TypeString, - Optional: true, - Description: "Specifies whether default secondary roles set in the user properties are activated by default in the session being opened.", - ValidateFunc: validation.StringInSlice(sdk.AsStringList(sdk.AllOauthSecurityIntegrationUseSecondaryRoles), false), - DiffSuppressFunc: func(k, oldValue, newValue string, d *schema.ResourceData) bool { - return strings.EqualFold(oldValue, newValue) || d.Get(k).(string) == string(sdk.OauthSecurityIntegrationUseSecondaryRolesNone) && newValue == "" - }, - }, - "blocked_roles_list": { - Type: schema.TypeSet, - Elem: &schema.Schema{Type: schema.TypeString}, - Optional: true, - Computed: true, - Description: "List of roles that a user cannot explicitly consent to using after authenticating. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.", - DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool { - value := d.Get("oauth_add_privileged_roles_to_blocked_list").(bool) - if !value { - return old == new - } - return old == "ACCOUNTADMIN" || old == "SECURITYADMIN" - }, - }, - "oauth_add_privileged_roles_to_blocked_list": { - Type: schema.TypeBool, - Computed: true, - }, - "oauth_authorization_endpoint": { - Type: schema.TypeString, - Computed: true, - Description: "Authorization endpoint for oauth.", - }, - "oauth_token_endpoint": { - Type: schema.TypeString, - Computed: true, - Description: "Token endpoint for oauth.", - }, - "oauth_allowed_authorization_endpoints": { - Type: schema.TypeSet, - Elem: &schema.Schema{Type: schema.TypeString}, - Computed: true, - Description: "A list of allowed authorization endpoints for oauth.", - }, - "oauth_allowed_token_endpoints": { - Type: schema.TypeSet, - Elem: &schema.Schema{Type: schema.TypeString}, - Computed: true, - Description: "A list of allowed token endpoints for oauth.", - }, - "oauth_client_id": { - Type: schema.TypeString, - Computed: true, - Description: "Oauth client ID.", - }, - "comment": { - Type: schema.TypeString, - Optional: true, - Description: "Specifies a comment for the OAuth integration.", - }, - "created_on": { - Type: schema.TypeString, - Computed: true, - Description: "Date and time when the OAuth integration was created.", - }, -} - -func OauthIntegrationForPartnerApplications() *schema.Resource { - return &schema.Resource{ - CreateContext: CreateContextOauthIntegrationForPartnerApplications, - ReadContext: ReadContextOauthIntegrationForPartnerApplications, - UpdateContext: UpdateContextOauthIntegrationForPartnerApplications, - DeleteContext: DeleteContextSecurityIntegration, - Schema: oauthIntegrationForPartnerApplicationsSchema, - CustomizeDiff: customdiff.All( - // SuppressIfParameterSet("blocked_roles_list", "OAUTH_ADD_PRIVILEGED_ROLES_TO_BLOCKED_LIST"), - ), - Importer: &schema.ResourceImporter{ - StateContext: schema.ImportStatePassthroughContext, - }, - } -} - -func CreateContextOauthIntegrationForPartnerApplications(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { - client := meta.(*provider.Context).Client - name := d.Get("name").(string) - oauthClientRaw := d.Get("oauth_client").(string) - id := sdk.NewAccountObjectIdentifier(name) - oauthClient, err := sdk.ToOauthSecurityIntegrationClientOption(oauthClientRaw) - if err != nil { - return diag.FromErr(err) - } - req := sdk.NewCreateOauthForPartnerApplicationsSecurityIntegrationRequest(id, oauthClient) - - if v, ok := d.GetOk("blocked_roles_list"); ok { - elems := expandStringList(v.(*schema.Set).List()) - blockedRoles := make([]sdk.AccountObjectIdentifier, len(elems)) - for i := range elems { - blockedRoles[i] = sdk.NewAccountObjectIdentifier(elems[i]) - } - req.WithBlockedRolesList(sdk.BlockedRolesListRequest{BlockedRolesList: blockedRoles}) - } - - if v, ok := d.GetOk("comment"); ok { - req.WithComment(v.(string)) - } - - if v, ok := d.GetOk("enabled"); ok { - req.WithEnabled(v.(bool)) - } - if v := d.Get("oauth_issue_refresh_tokens").(string); v != "unknown" { - parsed, err := strconv.ParseBool(v) - if err != nil { - return diag.FromErr(err) - } - req.WithOauthIssueRefreshTokens(parsed) - } - - if v, ok := d.GetOk("oauth_redirect_uri"); ok { - req.WithOauthRedirectUri(v.(string)) - } - - if v, ok := d.GetOk("oauth_refresh_token_validity"); ok { - req.WithOauthRefreshTokenValidity(v.(int)) - } - - if v, ok := d.GetOk("oauth_use_secondary_roles"); ok { - valueRaw := v.(string) - value, err := sdk.ToOauthSecurityIntegrationUseSecondaryRolesOption(valueRaw) - if err != nil { - return diag.FromErr(err) - } - req.WithOauthUseSecondaryRoles(value) - } - - if err := client.SecurityIntegrations.CreateOauthForPartnerApplications(ctx, req); err != nil { - return diag.FromErr(err) - } - - d.SetId(name) - - return ReadContextOauthIntegrationForPartnerApplications(ctx, d, meta) -} - -func ReadContextOauthIntegrationForPartnerApplications(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { - client := meta.(*provider.Context).Client - id := helpers.DecodeSnowflakeID(d.Id()).(sdk.AccountObjectIdentifier) - - integration, err := client.SecurityIntegrations.ShowByID(ctx, id) - if err != nil { - log.Printf("[DEBUG] OauthIntegrationForPartnerApplications (%s) not found", d.Id()) - d.SetId("") - return diag.FromErr(err) - } - - if c := integration.Category; c != sdk.SecurityIntegrationCategory { - return diag.FromErr(fmt.Errorf("expected %v to be a %s integration, got %v", id, sdk.SecurityIntegrationCategory, c)) - } - if err := d.Set("name", integration.Name); err != nil { - return diag.FromErr(err) - } - if err := d.Set("comment", integration.Comment); err != nil { - return diag.FromErr(err) - } - - if err := d.Set("created_on", integration.CreatedOn.String()); err != nil { - return diag.FromErr(err) - } - - if err := d.Set("enabled", integration.Enabled); err != nil { - return diag.FromErr(err) - } - oauthClient, err := integration.SubType() - if err != nil { - return diag.FromErr(err) - } - if err := d.Set("oauth_client", oauthClient); err != nil { - return diag.FromErr(err) - } - - properties, err := client.SecurityIntegrations.Describe(ctx, id) - if err != nil { - return diag.FromErr(err) - } - defaults := make(map[string]string) - for _, property := range properties { - name := property.Name - value := property.Value - switch name { - case "BLOCKED_ROLES_LIST": - var blockedRoles []string - if len(value) > 0 { - blockedRoles = strings.Split(value, ",") - } - - if err := d.Set("blocked_roles_list", blockedRoles); err != nil { - return diag.FromErr(err) - } - case "COMMENT": - if err := d.Set("comment", value); err != nil { - return diag.FromErr(err) - } - case "CREATED_ON": - if err := d.Set("created_on", value); err != nil { - return diag.FromErr(err) - } - case "ENABLED": - if err := d.Set("enabled", helpers.StringToBool(value)); err != nil { - return diag.FromErr(err) - } - case "OAUTH_CLIENT": - if err := d.Set("oauth_client", value); err != nil { - return diag.FromErr(err) - } - case "OAUTH_ISSUE_REFRESH_TOKENS": - defaults["OAUTH_ISSUE_REFRESH_TOKENS"] = property.Default - if err := d.Set("oauth_issue_refresh_tokens", value); err != nil { - return diag.FromErr(err) - } - case "OAUTH_REDIRECT_URI": - if err := d.Set("oauth_redirect_uri", value); err != nil { - return diag.FromErr(err) - } - case "OAUTH_REFRESH_TOKEN_VALIDITY": - v, err := strconv.Atoi(value) - if err != nil { - return diag.FromErr(err) - } - defaults["OAUTH_REFRESH_TOKEN_VALIDITY"] = property.Default - if err := d.Set("oauth_refresh_token_validity", v); err != nil { - return diag.FromErr(err) - } - case "OAUTH_USE_SECONDARY_ROLES": - if err := d.Set("oauth_use_secondary_roles", value); err != nil { - return diag.FromErr(err) - } - case "OAUTH_AUTHORIZATION_ENDPOINT": - if err := d.Set("oauth_authorization_endpoint", value); err != nil { - return diag.FromErr(err) - } - case "OAUTH_TOKEN_ENDPOINT": - if err := d.Set("oauth_token_endpoint", value); err != nil { - return diag.FromErr(err) - } - case "OAUTH_ALLOWED_AUTHORIZATION_ENDPOINTS": - var elems []string - if len(value) > 0 { - elems = strings.Split(value, ",") - } - - if err := d.Set("oauth_allowed_authorization_endpoints", elems); err != nil { - return diag.FromErr(err) - } - case "OAUTH_ALLOWED_TOKEN_ENDPOINTS": - var elems []string - if len(value) > 0 { - elems = strings.Split(value, ",") - } - if err := d.Set("oauth_allowed_token_endpoints", elems); err != nil { - return diag.FromErr(err) - } - case "OAUTH_CLIENT_ID": - if err := d.Set("oauth_client_id", value); err != nil { - return diag.FromErr(err) - } - - default: - log.Printf("[WARN] unexpected property %v returned from Snowflake", name) - } - } - paramRaw, err := getParameterInAccount(ctx, client, "OAUTH_ADD_PRIVILEGED_ROLES_TO_BLOCKED_LIST") - if err != nil { - return nil - } - param := helpers.StringToBool(paramRaw) - if err := d.Set("oauth_add_privileged_roles_to_blocked_list", param); err != nil { - return diag.FromErr(err) - } - return nil -} - -func UpdateContextOauthIntegrationForPartnerApplications(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { - client := meta.(*provider.Context).Client - id := helpers.DecodeSnowflakeID(d.Id()).(sdk.AccountObjectIdentifier) - set, unset := sdk.NewOauthForPartnerApplicationsIntegrationSetRequest(), sdk.NewOauthForPartnerApplicationsIntegrationUnsetRequest() - - if d.HasChange("blocked_roles_list") { - elems := expandStringList(d.Get("blocked_roles_list").(*schema.Set).List()) - blockedRoles := make([]sdk.AccountObjectIdentifier, len(elems)) - for i := range elems { - blockedRoles[i] = sdk.NewAccountObjectIdentifier(elems[i]) - } - set.WithBlockedRolesList(sdk.BlockedRolesListRequest{BlockedRolesList: blockedRoles}) - } - - if d.HasChange("comment") { - set.WithComment(d.Get("comment").(string)) - } - - if d.HasChange("enabled") { - set.WithEnabled(d.Get("enabled").(bool)) - } - - if d.HasChange("oauth_issue_refresh_tokens") { - if v := d.Get("oauth_issue_refresh_tokens").(string); v != "unknown" { - parsed, err := strconv.ParseBool(v) - if err != nil { - return diag.FromErr(err) - } - set.WithOauthIssueRefreshTokens(parsed) - } else { - // TODO: fix - set.WithOauthIssueRefreshTokens(true) - } - } - - if d.HasChange("oauth_redirect_uri") { - set.WithOauthRedirectUri(d.Get("oauth_redirect_uri").(string)) - } - - if d.HasChange("oauth_refresh_token_validity") { - v := d.Get("oauth_refresh_token_validity").(int) - if v > 0 { - set.WithOauthRefreshTokenValidity(v) - } else { - // TODO: fix - // TODO: better logic, like in docs - set.WithOauthRefreshTokenValidity(7776000) - } - } - - if d.HasChange("oauth_use_secondary_roles") { - v := d.Get("oauth_use_secondary_roles").(string) - if len(v) > 0 { - value, err := sdk.ToOauthSecurityIntegrationUseSecondaryRolesOption(v) - if err != nil { - return diag.FromErr(err) - } - set.WithOauthUseSecondaryRoles(value) - } else { - unset.WithOauthUseSecondaryRoles(true) - } - } - if !reflect.DeepEqual(*set, sdk.OauthForPartnerApplicationsIntegrationSetRequest{}) { - if err := client.SecurityIntegrations.AlterOauthForPartnerApplications(ctx, sdk.NewAlterOauthForPartnerApplicationsSecurityIntegrationRequest(id).WithSet(*set)); err != nil { - return diag.FromErr(err) - } - } - if !reflect.DeepEqual(*unset, sdk.OauthForPartnerApplicationsIntegrationUnsetRequest{}) { - if err := client.SecurityIntegrations.AlterOauthForPartnerApplications(ctx, sdk.NewAlterOauthForPartnerApplicationsSecurityIntegrationRequest(id).WithUnset(*unset)); err != nil { - return diag.FromErr(err) - } - } - return ReadContextOauthIntegrationForPartnerApplications(ctx, d, meta) -} diff --git a/pkg/resources/oauth_integration_for_partner_applications_acceptance_test.go b/pkg/resources/oauth_integration_for_partner_applications_acceptance_test.go deleted file mode 100644 index edf0bcd9de..0000000000 --- a/pkg/resources/oauth_integration_for_partner_applications_acceptance_test.go +++ /dev/null @@ -1,231 +0,0 @@ -package resources_test - -import ( - "testing" - - acc "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance" - "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance/helpers" - "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk" - - "github.com/hashicorp/terraform-plugin-testing/config" - "github.com/hashicorp/terraform-plugin-testing/helper/resource" - "github.com/hashicorp/terraform-plugin-testing/tfversion" -) - -func TestAcc_OauthIntegrationForPartnerApplications_basic(t *testing.T) { - id := acc.TestClient().Ids.RandomAccountObjectIdentifier() - role1, role1Cleanup := acc.TestClient().Role.CreateRole(t) - t.Cleanup(role1Cleanup) - - m := func(oauthClient string, complete bool, redirectUri *string) map[string]config.Variable { - c := map[string]config.Variable{ - "name": config.StringVariable(id.Name()), - "oauth_client": config.StringVariable(oauthClient), - } - if complete { - c["blocked_roles_list"] = config.SetVariable(config.StringVariable(role1.ID().Name())) - c["comment"] = config.StringVariable("foo") - c["enabled"] = config.BoolVariable(true) - c["oauth_issue_refresh_tokens"] = config.StringVariable("false") - c["oauth_refresh_token_validity"] = config.IntegerVariable(12345) - c["oauth_use_secondary_roles"] = config.StringVariable(string(sdk.OauthSecurityIntegrationUseSecondaryRolesImplicit)) - } - if redirectUri != nil { - c["oauth_redirect_uri"] = config.StringVariable(*redirectUri) - } - return c - } - resource.Test(t, resource.TestCase{ - ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories, - PreCheck: func() { acc.TestAccPreCheck(t) }, - TerraformVersionChecks: []tfversion.TerraformVersionCheck{ - tfversion.RequireAbove(tfversion.Version1_5_0), - }, - Steps: []resource.TestStep{ - { - ConfigDirectory: acc.ConfigurationDirectory("TestAcc_OauthIntegrationForPartnerApplications/basic"), - ConfigVariables: m(string(sdk.OauthSecurityIntegrationClientTableauServer), false, nil), - Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "name", id.Name()), - resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_client", string(sdk.OauthSecurityIntegrationClientTableauServer)), - resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "oauth_allowed_authorization_endpoints.#"), - resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "oauth_allowed_token_endpoints.#"), - resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "oauth_authorization_endpoint"), - resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "enabled"), - resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "oauth_issue_refresh_tokens"), - resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "oauth_refresh_token_validity"), - resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "oauth_use_secondary_roles"), - resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "created_on"), - ), - }, - { - ConfigDirectory: acc.ConfigurationDirectory("TestAcc_OauthIntegrationForPartnerApplications/complete_tableau_server"), - ConfigVariables: m(string(sdk.OauthSecurityIntegrationClientTableauServer), true, nil), - Check: resource.ComposeTestCheckFunc( - // TODO: proper check - // resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "blocked_roles_list.#", "1"), - // resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "blocked_roles_list.0", role1.ID().Name()), - resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "comment", "foo"), - resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "enabled", "true"), - resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "name", id.Name()), - resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_client", string(sdk.OauthSecurityIntegrationClientTableauServer)), - resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_issue_refresh_tokens", "false"), - resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_refresh_token_validity", "12345"), - resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_use_secondary_roles", string(sdk.OauthSecurityIntegrationUseSecondaryRolesImplicit)), - resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "created_on"), - ), - }, - { - ConfigDirectory: acc.ConfigurationDirectory("TestAcc_OauthIntegrationForPartnerApplications/complete_tableau_server"), - ConfigVariables: m(string(sdk.OauthSecurityIntegrationClientTableauServer), true, nil), - ResourceName: "snowflake_oauth_integration_for_partner_applications.test", - ImportState: true, - ImportStateVerify: true, - }, - // unset - { - ConfigDirectory: acc.ConfigurationDirectory("TestAcc_OauthIntegrationForPartnerApplications/basic"), - ConfigVariables: m(string(sdk.OauthSecurityIntegrationClientTableauServer), false, nil), - Check: resource.ComposeTestCheckFunc( - // TODO: proper check - // resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "blocked_roles_list.#", "0"), - resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "comment", ""), - resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "enabled", "false"), - resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "name", id.Name()), - resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_client", string(sdk.OauthSecurityIntegrationClientTableauServer)), - resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_issue_refresh_tokens", "true"), - resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_use_secondary_roles", string(sdk.OauthSecurityIntegrationUseSecondaryRolesNone)), - resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_refresh_token_validity", "7776000"), - - resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "created_on"), - ), - }, - // change client_type - { - ConfigDirectory: acc.ConfigurationDirectory("TestAcc_OauthIntegrationForPartnerApplications/complete_looker"), - ConfigVariables: m(string(sdk.OauthSecurityIntegrationClientLooker), true, sdk.Pointer("https://example.com")), - Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "name", id.Name()), - resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_client", string(sdk.OauthSecurityIntegrationClientLooker)), - resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_redirect_uri", "https://example.com"), - resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "created_on"), - ), - }, - }, - }) -} - -func TestAcc_OauthIntegrationForPartnerApplications_complete(t *testing.T) { - id := acc.TestClient().Ids.RandomAccountObjectIdentifier() - validURL := "https://example.com" - role1, role1Cleanup := acc.TestClient().Role.CreateRole(t) - t.Cleanup(role1Cleanup) - - m := func() map[string]config.Variable { - return map[string]config.Variable{ - "blocked_roles_list": config.SetVariable(config.StringVariable(role1.ID().Name())), - "comment": config.StringVariable("foo"), - "enabled": config.BoolVariable(true), - "name": config.StringVariable(id.Name()), - "oauth_client": config.StringVariable(string(sdk.OauthSecurityIntegrationClientLooker)), - "oauth_issue_refresh_tokens": config.BoolVariable(true), - "oauth_redirect_uri": config.StringVariable(validURL), - "oauth_refresh_token_validity": config.IntegerVariable(12345), - "oauth_use_secondary_roles": config.StringVariable(string(sdk.OauthSecurityIntegrationUseSecondaryRolesImplicit)), - } - } - resource.Test(t, resource.TestCase{ - ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories, - PreCheck: func() { acc.TestAccPreCheck(t) }, - TerraformVersionChecks: []tfversion.TerraformVersionCheck{ - tfversion.RequireAbove(tfversion.Version1_5_0), - }, - Steps: []resource.TestStep{ - { - ConfigDirectory: acc.ConfigurationDirectory("TestAcc_OauthIntegrationForPartnerApplications/complete"), - ConfigVariables: m(), - Check: resource.ComposeTestCheckFunc( - // TODO: proper assert, also assert OAUTH_ADD_PRIVILEGED_ROLES_TO_BLOCKED_LIST - // resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "blocked_roles_list.#", "3"), - // resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "blocked_roles_list.0", role1.ID().Name()), - resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "comment", "foo"), - resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "enabled", "true"), - resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "name", id.Name()), - resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_client", string(sdk.OauthSecurityIntegrationClientLooker)), - resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_issue_refresh_tokens", "true"), - resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_redirect_uri", validURL), - resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_refresh_token_validity", "12345"), - resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_use_secondary_roles", string(sdk.OauthSecurityIntegrationUseSecondaryRolesImplicit)), - resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "oauth_allowed_authorization_endpoints.#"), - resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "oauth_allowed_token_endpoints.#"), - resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "oauth_authorization_endpoint"), - resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "oauth_token_endpoint"), - resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "oauth_client_id"), - resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "created_on"), - ), - }, - { - ConfigDirectory: acc.ConfigurationDirectory("TestAcc_OauthIntegrationForPartnerApplications/complete"), - ConfigVariables: m(), - ResourceName: "snowflake_oauth_integration_for_partner_applications.test", - ImportState: true, - ImportStateVerify: true, - // ignore because this field is not returned from snowflake - ImportStateVerifyIgnore: []string{"oauth_redirect_uri"}, - }, - }, - }) -} - -func TestAcc_OauthIntegrationForPartnerApplications_invalid(t *testing.T) { - m := func() map[string]config.Variable { - return map[string]config.Variable{ - "blocked_roles_list": config.SetVariable(config.StringVariable("foo")), - "comment": config.StringVariable("foo"), - "enabled": config.BoolVariable(true), - "name": config.StringVariable("foo"), - "oauth_client": config.StringVariable("invalid"), - "oauth_issue_refresh_tokens": config.BoolVariable(true), - "oauth_redirect_uri": config.StringVariable("foo"), - "oauth_refresh_token_validity": config.IntegerVariable(1), - "oauth_use_secondary_roles": config.StringVariable("invalid"), - } - } - resource.Test(t, resource.TestCase{ - ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories, - PreCheck: func() { acc.TestAccPreCheck(t) }, - TerraformVersionChecks: []tfversion.TerraformVersionCheck{ - tfversion.RequireAbove(tfversion.Version1_5_0), - }, - Steps: []resource.TestStep{ - { - ConfigDirectory: acc.ConfigurationDirectory("TestAcc_OauthIntegrationForPartnerApplications/complete"), - ConfigVariables: m(), - }, - }, - }) -} - -func TestAcc_OauthIntegrationForPartnerApplications_InvalidIncomplete(t *testing.T) { - m := func() map[string]config.Variable { - return map[string]config.Variable{ - "name": config.StringVariable("foo"), - } - } - resource.Test(t, resource.TestCase{ - ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories, - PreCheck: func() { acc.TestAccPreCheck(t) }, - TerraformVersionChecks: []tfversion.TerraformVersionCheck{ - tfversion.RequireAbove(tfversion.Version1_5_0), - }, - ErrorCheck: helpers.AssertErrorContainsPartsFunc(t, []string{ - `The argument "oauth_client" is required, but no definition was found.`, - }), - Steps: []resource.TestStep{ - { - ConfigDirectory: acc.ConfigurationDirectory("TestAcc_OauthIntegrationForPartnerApplications/invalid"), - ConfigVariables: m(), - }, - }, - }) -} diff --git a/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/basic/test.tf b/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/basic/test.tf deleted file mode 100644 index 77aab112a1..0000000000 --- a/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/basic/test.tf +++ /dev/null @@ -1,4 +0,0 @@ -resource "snowflake_oauth_integration_for_partner_applications" "test" { - name = var.name - oauth_client = var.oauth_client -} diff --git a/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/basic/variables.tf b/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/basic/variables.tf deleted file mode 100644 index bb7c71f314..0000000000 --- a/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/basic/variables.tf +++ /dev/null @@ -1,6 +0,0 @@ -variable "name" { - type = string -} -variable "oauth_client" { - type = string -} diff --git a/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete/test.tf b/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete/test.tf deleted file mode 100644 index 87c2a43cb7..0000000000 --- a/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete/test.tf +++ /dev/null @@ -1,11 +0,0 @@ -resource "snowflake_oauth_integration_for_partner_applications" "test" { - blocked_roles_list = var.blocked_roles_list - comment = var.comment - enabled = var.enabled - name = var.name - oauth_client = var.oauth_client - oauth_issue_refresh_tokens = var.oauth_issue_refresh_tokens - oauth_redirect_uri = var.oauth_redirect_uri - oauth_refresh_token_validity = var.oauth_refresh_token_validity - oauth_use_secondary_roles = var.oauth_use_secondary_roles -} diff --git a/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete/variables.tf b/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete/variables.tf deleted file mode 100644 index e16f09d94b..0000000000 --- a/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete/variables.tf +++ /dev/null @@ -1,28 +0,0 @@ - -variable "blocked_roles_list" { - type = set(string) -} -variable "comment" { - type = string -} -variable "enabled" { - type = bool -} -variable "name" { - type = string -} -variable "oauth_client" { - type = string -} -variable "oauth_issue_refresh_tokens" { - type = bool -} -variable "oauth_redirect_uri" { - type = string -} -variable "oauth_refresh_token_validity" { - type = number -} -variable "oauth_use_secondary_roles" { - type = string -} diff --git a/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete_looker/test.tf b/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete_looker/test.tf deleted file mode 100644 index 87c2a43cb7..0000000000 --- a/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete_looker/test.tf +++ /dev/null @@ -1,11 +0,0 @@ -resource "snowflake_oauth_integration_for_partner_applications" "test" { - blocked_roles_list = var.blocked_roles_list - comment = var.comment - enabled = var.enabled - name = var.name - oauth_client = var.oauth_client - oauth_issue_refresh_tokens = var.oauth_issue_refresh_tokens - oauth_redirect_uri = var.oauth_redirect_uri - oauth_refresh_token_validity = var.oauth_refresh_token_validity - oauth_use_secondary_roles = var.oauth_use_secondary_roles -} diff --git a/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete_looker/variables.tf b/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete_looker/variables.tf deleted file mode 100644 index e16f09d94b..0000000000 --- a/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete_looker/variables.tf +++ /dev/null @@ -1,28 +0,0 @@ - -variable "blocked_roles_list" { - type = set(string) -} -variable "comment" { - type = string -} -variable "enabled" { - type = bool -} -variable "name" { - type = string -} -variable "oauth_client" { - type = string -} -variable "oauth_issue_refresh_tokens" { - type = bool -} -variable "oauth_redirect_uri" { - type = string -} -variable "oauth_refresh_token_validity" { - type = number -} -variable "oauth_use_secondary_roles" { - type = string -} diff --git a/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete_tableau_server copy/test.tf b/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete_tableau_server copy/test.tf deleted file mode 100644 index 87c2a43cb7..0000000000 --- a/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete_tableau_server copy/test.tf +++ /dev/null @@ -1,11 +0,0 @@ -resource "snowflake_oauth_integration_for_partner_applications" "test" { - blocked_roles_list = var.blocked_roles_list - comment = var.comment - enabled = var.enabled - name = var.name - oauth_client = var.oauth_client - oauth_issue_refresh_tokens = var.oauth_issue_refresh_tokens - oauth_redirect_uri = var.oauth_redirect_uri - oauth_refresh_token_validity = var.oauth_refresh_token_validity - oauth_use_secondary_roles = var.oauth_use_secondary_roles -} diff --git a/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete_tableau_server copy/variables.tf b/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete_tableau_server copy/variables.tf deleted file mode 100644 index e16f09d94b..0000000000 --- a/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete_tableau_server copy/variables.tf +++ /dev/null @@ -1,28 +0,0 @@ - -variable "blocked_roles_list" { - type = set(string) -} -variable "comment" { - type = string -} -variable "enabled" { - type = bool -} -variable "name" { - type = string -} -variable "oauth_client" { - type = string -} -variable "oauth_issue_refresh_tokens" { - type = bool -} -variable "oauth_redirect_uri" { - type = string -} -variable "oauth_refresh_token_validity" { - type = number -} -variable "oauth_use_secondary_roles" { - type = string -} diff --git a/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete_tableau_server/test.tf b/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete_tableau_server/test.tf deleted file mode 100644 index bbfd609f49..0000000000 --- a/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete_tableau_server/test.tf +++ /dev/null @@ -1,10 +0,0 @@ -resource "snowflake_oauth_integration_for_partner_applications" "test" { - blocked_roles_list = var.blocked_roles_list - comment = var.comment - enabled = var.enabled - name = var.name - oauth_client = var.oauth_client - oauth_issue_refresh_tokens = var.oauth_issue_refresh_tokens - oauth_refresh_token_validity = var.oauth_refresh_token_validity - oauth_use_secondary_roles = var.oauth_use_secondary_roles -} diff --git a/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete_tableau_server/variables.tf b/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete_tableau_server/variables.tf deleted file mode 100644 index 2dc336ee1f..0000000000 --- a/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete_tableau_server/variables.tf +++ /dev/null @@ -1,25 +0,0 @@ - -variable "blocked_roles_list" { - type = set(string) -} -variable "comment" { - type = string -} -variable "enabled" { - type = bool -} -variable "name" { - type = string -} -variable "oauth_client" { - type = string -} -variable "oauth_issue_refresh_tokens" { - type = string -} -variable "oauth_refresh_token_validity" { - type = number -} -variable "oauth_use_secondary_roles" { - type = string -} diff --git a/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/invalid/test.tf b/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/invalid/test.tf deleted file mode 100644 index dc0806c21b..0000000000 --- a/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/invalid/test.tf +++ /dev/null @@ -1,3 +0,0 @@ -resource "snowflake_oauth_integration_for_partner_applications" "test" { - name = var.name -} diff --git a/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/invalid/variables.tf b/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/invalid/variables.tf deleted file mode 100644 index 77e5cc9698..0000000000 --- a/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/invalid/variables.tf +++ /dev/null @@ -1,3 +0,0 @@ -variable "name" { - type = string -}