-
Notifications
You must be signed in to change notification settings - Fork 427
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Add authentication policies to SDK #2937
feat: Add authentication policies to SDK #2937
Conversation
const ( | ||
AuthenticationMethodsAll AuthenticationMethodsOption = "ALL" | ||
AuthenticationMethodsSaml AuthenticationMethodsOption = "SAML" | ||
AuthenticationMethodsPassword AuthenticationMethodsOption = "PASSWORD" | ||
AuthenticationMethodsOauth AuthenticationMethodsOption = "OAUTH" | ||
AuthenticationMethodsKeyPair AuthenticationMethodsOption = "KEYPAIR" | ||
) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wasn't sure how to get a list of an "enum" to work with QueryStruct and I couldn't find an existing pattern. If you have one let me know and I'll use these vs strings. Otherwise, I'll remove these sections.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can look at network_rule_def.go
(it's for single attribute enums, but a list with specified type should be similar). But I'm guess instead of g.KindOfT
you would use g.KindOfTSlice
(not sure, but strings are also fine, so you can leave it this way if the approach from network rules wouldn't apply here).
35dc61b
to
2cb8ee3
Compare
Also, is there a way to configure the integration test client with a keypair? If not, I'll create a disposable account and use a password. |
t.Run("with unsetting a policy", func(t *testing.T) { | ||
sessionPolicy := "SESSION_POLICY1" | ||
opts := &AlterUserOptions{ | ||
name: id, | ||
Set: &UserSet{ | ||
SessionPolicy: String(sessionPolicy), | ||
Unset: &UserUnset{ | ||
SessionPolicy: Bool(true), | ||
}, | ||
} | ||
assertOptsValidAndSQLEquals(t, opts, "ALTER USER %s UNSET SESSION POLICY", id.FullyQualifiedName()) | ||
}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This test was incorrect, it was setting a policy instead of unsetting one.
Hey @cmonty-paypal. Thanks for the contribution! We will do the review on Monday at the latest (we have a smaller team this week, sorry for the delay.) |
No worries. I still had some work to take care of in this PR. |
401e8b6
to
379089f
Compare
15d19dd
to
2b966a3
Compare
const ( | ||
AuthenticationMethodsAll AuthenticationMethodsOption = "ALL" | ||
AuthenticationMethodsSaml AuthenticationMethodsOption = "SAML" | ||
AuthenticationMethodsPassword AuthenticationMethodsOption = "PASSWORD" | ||
AuthenticationMethodsOauth AuthenticationMethodsOption = "OAUTH" | ||
AuthenticationMethodsKeyPair AuthenticationMethodsOption = "KEYPAIR" | ||
) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can look at network_rule_def.go
(it's for single attribute enums, but a list with specified type should be similar). But I'm guess instead of g.KindOfT
you would use g.KindOfTSlice
(not sure, but strings are also fine, so you can leave it this way if the approach from network rules wouldn't apply here).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey 👋
Thanks for the contribution! I left some comments, but overall the change is very good. After the changes I'll run the CI.
Hey @cmonty-paypal 👋 |
@sfc-gh-jcieslak Yes, please do! Sorry I had a bit of travel last week and I'm gonna be out of office next week. I was hoping to get to this tomorrow but if you want to take over, I'm all for it. |
No worries, Thank You! We still have to finish some other topics, but we'll get to it as soon as possible. |
@@ -122,6 +122,16 @@ func TestAccountAlter(t *testing.T) { | |||
assertOptsValidAndSQLEquals(t, opts, `ALTER ACCOUNT SET SESSION POLICY %s`, id.FullyQualifiedName()) | |||
}) | |||
|
|||
t.Run("with set authentication policy", func(t *testing.T) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the validation tests are missing (validations were updated but no test failed here)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Addressed in #3068
import ( | ||
"context" | ||
|
||
"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk/internal/collections" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this was moved to pkg/internal/collections
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Resolved in the follow-up pr
@@ -44,6 +44,7 @@ var definitionMapping = map[string]*generator.Interface{ | |||
"cortex_search_services_def.go": sdk.CortexSearchServiceDef, | |||
"data_metric_function_references_def.go": sdk.DataMetricFunctionReferenceDef, | |||
"external_volumes_def.go": sdk.ExternalVolumesDef, | |||
"authentication_policies_def.go": sdk.AuthenticationPoliciesDef, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
formatting?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Resolved in the follow-up pr
@@ -267,6 +267,27 @@ func TestInt_AccountAlter(t *testing.T) { | |||
require.NoError(t, err) | |||
}) | |||
|
|||
t.Run("set and unset authentication policy", func(t *testing.T) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
skip this test for now @sfc-gh-jcieslak - can you have multiple authentication policies on the account? if not, it messes with our account setup
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Addressed in this pr, can be resolved right away
|
||
assertAuthenticationPolicy := func(t *testing.T, authenticationPolicy *sdk.AuthenticationPolicy, id sdk.SchemaObjectIdentifier, expectedComment string) { | ||
t.Helper() | ||
assert.NotEmpty(t, authenticationPolicy.CreatedOn) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please generate assertion in the following change @sfc-gh-jcieslak
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Addressed in #3068
assert.Contains(t, desc, sdk.AuthenticationPolicyDescription{Property: "MFA_ENROLLMENT", Value: "REQUIRED"}) | ||
}) | ||
|
||
t.Run("Alter - set comment", func(t *testing.T) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@sfc-gh-jcieslak do we need such granular tests here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Addressed in #3068 I merged those tests into one set and unset
## Changes * Addressed comments from #2937 * Fixed failing tests caused by this change * Changed and added multiple tests connected to auth policies * Adjusted a few parts of the SDK implementation (using enums where possible, added a few missing parts, etc.) ## TODO * Mention in #2880 that the SDK for Auth Policies is ready
## Changes * Addressed comments from #2937 * Fixed failing tests caused by this change * Changed and added multiple tests connected to auth policies * Adjusted a few parts of the SDK implementation (using enums where possible, added a few missing parts, etc.) ## TODO * Mention in #2880 that the SDK for Auth Policies is ready
🤖 I have created a release *beep* *boop* --- ## [0.96.0](v0.95.0...v0.96.0) (2024-09-18) Essential GA object readiness for V1: [link](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/v1-preparations/ESSENTIAL_GA_OBJECTS.MD) ([Roadmap reference](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/ROADMAP.md#preparing-essential-ga-objects-for-the-provider-v1)). :exclamation: Migration guide: [v0.95.0 -> v0.96.0](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md#v0950--v0960) ### 🎉 **What's new:** * V1 redesign of resources and data sources * Row access policy ([#3066](#3066)) ([#3063](#3063)) * Resource monitor ([#3052](#3052)) ([#3064](#3064)) * Masking policy ([#3078](#3078)) ([#3083](#3083)) * SDK upgrades * External volume ([#3033](#3033)) * Authentication policy ([#2937](#2937)) ([#3068](#3068)) ([#3061](#3061)) ### 🔧 **Misc** * Clean up old test object helpers ([#3049](#3049)) * Add example of granting role to multiple objects ([#3047](#3047)) * Update readme and objects rework state ([#3046](#3046)) ### 🐛 **Bug fixes:** * Fix model grants ([#3070](#3070)) * Fix database show by and resource logic ([#3055](#3055)) * Fix default secondary roles option import ([#3041](#3041)) * Fix sweepers for warehouse and database ([#3057](#3057)) * Fix views permadiff ([#3079](#3079)) * Update v0.95.0 migration guide ([#3062](#3062)) Co-authored-by: snowflake-release-please[bot] <105954990+snowflake-release-please[bot]@users.noreply.github.com>
Adds Authentication Policy methods to the SDK.
Test Plan
References