-
Notifications
You must be signed in to change notification settings - Fork 427
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: network policy v1 readiness (#2914)
Changes: - refactored the resource and created the data source for network policy - changes documented in the migration guide - examples refreshed/added ## Test Plan <!-- detail ways in which this PR has been tested or needs to be tested --> * [x] acceptance tests ## References <!-- issues documentation links, etc --> * [CREATE NETWORK POLICY](https://docs.snowflake.com/en/sql-reference/sql/create-network-policy)
- Loading branch information
1 parent
70a1c9a
commit 3408c3f
Showing
33 changed files
with
1,644 additions
and
425 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,111 @@ | ||
--- | ||
page_title: "snowflake_network_policies Data Source - terraform-provider-snowflake" | ||
subcategory: "" | ||
description: |- | ||
Datasource used to get details of filtered network policies. Filtering is aligned with the current possibilities for SHOW NETWORK POLICIES https://docs.snowflake.com/en/sql-reference/sql/show-network-policies query (like is supported). The results of SHOW and DESCRIBE are encapsulated in one output collection. | ||
--- | ||
|
||
!> **V1 release candidate** This resource was reworked and is a release candidate for the V1. We do not expect significant changes in it before the V1. We will welcome any feedback and adjust the resource if needed. Any errors reported will be resolved with a higher priority. We encourage checking this resource out before the V1 release. Please follow the [migration guide](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md#v0920--v0930) to use it. | ||
|
||
# snowflake_network_policies (Data Source) | ||
|
||
Datasource used to get details of filtered network policies. Filtering is aligned with the current possibilities for [SHOW NETWORK POLICIES](https://docs.snowflake.com/en/sql-reference/sql/show-network-policies) query (`like` is supported). The results of SHOW and DESCRIBE are encapsulated in one output collection. | ||
|
||
## Example Usage | ||
|
||
```terraform | ||
# Simple usage | ||
data "snowflake_network_policies" "simple" { | ||
} | ||
output "simple_output" { | ||
value = data.snowflake_network_policies.simple.network_policies | ||
} | ||
# Filtering (like) | ||
data "snowflake_network_policies" "like" { | ||
like = "network-policy-name" | ||
} | ||
output "like_output" { | ||
value = data.snowflake_network_policies.like.network_policies | ||
} | ||
# Without additional data (to limit the number of calls make for every found network policy) | ||
data "snowflake_network_policies" "only_show" { | ||
# with_describe is turned on by default and it calls DESCRIBE NETWORK POLICY for every network policy found and attaches its output to network_policies.*.describe_output field | ||
with_describe = false | ||
} | ||
output "only_show_output" { | ||
value = data.snowflake_network_policies.only_show.network_policies | ||
} | ||
# Ensure the number of network policies is equal to at least one element (with the use of postcondition) | ||
data "snowflake_network_policies" "assert_with_postcondition" { | ||
starts_with = "network-policy-name" | ||
lifecycle { | ||
postcondition { | ||
condition = length(self.network_policies) > 0 | ||
error_message = "there should be at least one network policy" | ||
} | ||
} | ||
} | ||
# Ensure the number of network policies is equal to at exactly one element (with the use of check block) | ||
check "network_policy_check" { | ||
data "snowflake_network_policies" "assert_with_check_block" { | ||
like = "network-policy-name" | ||
} | ||
assert { | ||
condition = length(data.snowflake_network_policies.assert_with_check_block.network_policies) == 1 | ||
error_message = "Network policies filtered by '${data.snowflake_network_policies.assert_with_check_block.like}' returned ${length(data.snowflake_network_policies.assert_with_check_block.network_policies)} network policies where one was expected" | ||
} | ||
} | ||
``` | ||
|
||
<!-- schema generated by tfplugindocs --> | ||
## Schema | ||
|
||
### Optional | ||
|
||
- `like` (String) Filters the output with **case-insensitive** pattern, with support for SQL wildcard characters (`%` and `_`). | ||
- `with_describe` (Boolean) Runs DESC NETWORK POLICY for each network policy returned by SHOW NETWORK POLICIES. The output of describe is saved to the description field. By default this value is set to true. | ||
|
||
### Read-Only | ||
|
||
- `id` (String) The ID of this resource. | ||
- `network_policies` (List of Object) Holds the aggregated output of all network policies details queries. (see [below for nested schema](#nestedatt--network_policies)) | ||
|
||
<a id="nestedatt--network_policies"></a> | ||
### Nested Schema for `network_policies` | ||
|
||
Read-Only: | ||
|
||
- `describe_output` (List of Object) (see [below for nested schema](#nestedobjatt--network_policies--describe_output)) | ||
- `show_output` (List of Object) (see [below for nested schema](#nestedobjatt--network_policies--show_output)) | ||
|
||
<a id="nestedobjatt--network_policies--describe_output"></a> | ||
### Nested Schema for `network_policies.describe_output` | ||
|
||
Read-Only: | ||
|
||
- `allowed_ip_list` (String) | ||
- `allowed_network_rule_list` (String) | ||
- `blocked_ip_list` (String) | ||
- `blocked_network_rule_list` (String) | ||
|
||
|
||
<a id="nestedobjatt--network_policies--show_output"></a> | ||
### Nested Schema for `network_policies.show_output` | ||
|
||
Read-Only: | ||
|
||
- `comment` (String) | ||
- `created_on` (String) | ||
- `entries_in_allowed_ip_list` (Number) | ||
- `entries_in_allowed_network_rules` (Number) | ||
- `entries_in_blocked_ip_list` (Number) | ||
- `entries_in_blocked_network_rules` (Number) | ||
- `name` (String) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
49 changes: 49 additions & 0 deletions
49
examples/data-sources/snowflake_network_policies/data-source.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
# Simple usage | ||
data "snowflake_network_policies" "simple" { | ||
} | ||
|
||
output "simple_output" { | ||
value = data.snowflake_network_policies.simple.network_policies | ||
} | ||
|
||
# Filtering (like) | ||
data "snowflake_network_policies" "like" { | ||
like = "network-policy-name" | ||
} | ||
|
||
output "like_output" { | ||
value = data.snowflake_network_policies.like.network_policies | ||
} | ||
|
||
# Without additional data (to limit the number of calls make for every found network policy) | ||
data "snowflake_network_policies" "only_show" { | ||
# with_describe is turned on by default and it calls DESCRIBE NETWORK POLICY for every network policy found and attaches its output to network_policies.*.describe_output field | ||
with_describe = false | ||
} | ||
|
||
output "only_show_output" { | ||
value = data.snowflake_network_policies.only_show.network_policies | ||
} | ||
|
||
# Ensure the number of network policies is equal to at least one element (with the use of postcondition) | ||
data "snowflake_network_policies" "assert_with_postcondition" { | ||
starts_with = "network-policy-name" | ||
lifecycle { | ||
postcondition { | ||
condition = length(self.network_policies) > 0 | ||
error_message = "there should be at least one network policy" | ||
} | ||
} | ||
} | ||
|
||
# Ensure the number of network policies is equal to at exactly one element (with the use of check block) | ||
check "network_policy_check" { | ||
data "snowflake_network_policies" "assert_with_check_block" { | ||
like = "network-policy-name" | ||
} | ||
|
||
assert { | ||
condition = length(data.snowflake_network_policies.assert_with_check_block.network_policies) == 1 | ||
error_message = "Network policies filtered by '${data.snowflake_network_policies.assert_with_check_block.like}' returned ${length(data.snowflake_network_policies.assert_with_check_block.network_policies)} network policies where one was expected" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
terraform import snowflake_network_policy.example policyname | ||
terraform import snowflake_network_policy.example "name" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,33 +1,14 @@ | ||
################################## | ||
### using network rules | ||
################################## | ||
|
||
resource "snowflake_network_rule" "rule" { | ||
name = "rule" | ||
database = "EXAMPLE_DB" | ||
schema = "EXAMPLE_SCHEMA" | ||
comment = "A rule." | ||
type = "IPV4" | ||
mode = "INGRESS" | ||
value_list = ["192.168.0.100/24", "29.254.123.20"] | ||
} | ||
|
||
resource "snowflake_network_policy" "policy" { | ||
name = "policy" | ||
comment = "A policy." | ||
|
||
allowed_network_rule_list = [snowflake_network_rule.rule.qualified_name] | ||
## Minimal | ||
resource "snowflake_network_policy" "basic" { | ||
name = "network_policy_name" | ||
} | ||
|
||
|
||
################################## | ||
### using ip lists | ||
################################## | ||
|
||
resource "snowflake_network_policy" "policy" { | ||
name = "policy" | ||
comment = "A policy." | ||
|
||
allowed_ip_list = ["192.168.0.100/24"] | ||
blocked_ip_list = ["192.168.0.101"] | ||
} | ||
## Complete (with every optional set) | ||
resource "snowflake_network_policy" "basic" { | ||
name = "network_policy_name" | ||
allowed_network_rule_list = ["<fully qualified network rule id>"] | ||
blocked_network_rule_list = ["<fully qualified network rule id>"] | ||
allowed_ip_list = ["192.168.1.0/24"] | ||
blocked_ip_list = ["192.168.1.99"] | ||
comment = "my network policy" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.