Changes after review

Snowflake-Labs · Jul 3, 2024 · 8e87551 · 8e87551
1 parent 53dc57e
commit 8e87551
Show file tree

Hide file tree

Showing 6 changed files with 64 additions and 56 deletions.
diff --git a/pkg/resources/saml2_integration.go b/pkg/resources/saml2_integration.go
@@ -683,7 +683,7 @@ func UpdateContextSAML2Integration(ctx context.Context, d *schema.ResourceData,
 			}
 			set.WithEnabled(parsed)
 		} else {
-			// TODO(SNOW-1517559): UNSET is not implemented
+			// TODO(SNOW-1515781): UNSET is not implemented
 			set.WithEnabled(false)
 		}
 	}
@@ -710,7 +710,7 @@ func UpdateContextSAML2Integration(ctx context.Context, d *schema.ResourceData,
 	}
 
 	if d.HasChange("saml2_sp_initiated_login_page_label") {
-		// TODO(SNOW-1517559): UNSET is not implemented and SET with empty value is invalid (conditional ForceNew on unset)
+		// TODO(SNOW-1515781): UNSET is not implemented and SET with empty value is invalid (conditional ForceNew on unset)
 		set.WithSaml2SpInitiatedLoginPageLabel(d.Get("saml2_sp_initiated_login_page_label").(string))
 	}
 
@@ -722,7 +722,7 @@ func UpdateContextSAML2Integration(ctx context.Context, d *schema.ResourceData,
 			}
 			set.WithSaml2EnableSpInitiated(parsed)
 		} else {
-			// TODO(SNOW-1517559): UNSET is not implemented
+			// TODO(SNOW-1515781): UNSET is not implemented
 			set.WithSaml2EnableSpInitiated(false)
 		}
 	}
@@ -735,7 +735,7 @@ func UpdateContextSAML2Integration(ctx context.Context, d *schema.ResourceData,
 			}
 			set.WithSaml2SignRequest(parsed)
 		} else {
-			// TODO(SNOW-1517559): UNSET is not implemented
+			// TODO(SNOW-1515781): UNSET is not implemented
 			set.WithSaml2SignRequest(false)
 		}
 	}
@@ -768,23 +768,23 @@ func UpdateContextSAML2Integration(ctx context.Context, d *schema.ResourceData,
 			}
 			set.WithSaml2ForceAuthn(parsed)
 		} else {
-			// TODO(SNOW-1517559): UNSET is not implemented
+			// TODO(SNOW-1515781): UNSET is not implemented
 			set.WithSaml2ForceAuthn(false)
 		}
 	}
 
 	if d.HasChange("saml2_snowflake_issuer_url") {
-		// TODO(SNOW-1517559): UNSET is not implemented and SET with empty value is invalid (conditional ForceNew on unset)
+		// TODO(SNOW-1515781): UNSET is not implemented and SET with empty value is invalid (conditional ForceNew on unset)
 		set.WithSaml2SnowflakeIssuerUrl(d.Get("saml2_snowflake_issuer_url").(string))
 	}
 
 	if d.HasChange("saml2_snowflake_acs_url") {
-		// TODO(SNOW-1517559): UNSET is not implemented and SET with empty value is invalid (conditional ForceNew on unset)
+		// TODO(SNOW-1515781): UNSET is not implemented and SET with empty value is invalid (conditional ForceNew on unset)
 		set.WithSaml2SnowflakeAcsUrl(d.Get("saml2_snowflake_acs_url").(string))
 	}
 
 	if d.HasChange("allowed_user_domains") {
-		// TODO(SNOW-1517559): UNSET is not implemented and SET with empty list is invalid (conditional ForceNew on non-empty to empty set)
+		// TODO(SNOW-1515781): UNSET is not implemented and SET with empty list is invalid (conditional ForceNew on non-empty to empty set)
 		v := d.Get("allowed_user_domains").(*schema.Set).List()
 		userDomains := make([]sdk.UserDomain, len(v))
 		for i := range v {
@@ -796,7 +796,7 @@ func UpdateContextSAML2Integration(ctx context.Context, d *schema.ResourceData,
 	}
 
 	if d.HasChange("allowed_email_patterns") {
-		// TODO(SNOW-1517559): UNSET is not implemented and SET with empty list is invalid (conditional ForceNew on non-empty to empty set)
+		// TODO(SNOW-SNOW-1515781): UNSET is not implemented and SET with empty list is invalid (conditional ForceNew on non-empty to empty set)
 		v := d.Get("allowed_email_patterns").(*schema.Set).List()
 		emailPatterns := make([]sdk.EmailPattern, len(v))
 		for i := range v {

diff --git a/pkg/resources/saml2_integration_acceptance_test.go b/pkg/resources/saml2_integration_acceptance_test.go
@@ -3,13 +3,13 @@ package resources_test
 import (
 	"fmt"
 	"maps"
+	"regexp"
 	"strings"
 	"testing"
 
 	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/provider/resources"
 
 	acc "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance"
-	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance/helpers"
 	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance/helpers/random"
 	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance/importchecks"
 	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance/planchecks"
@@ -670,71 +670,65 @@ func TestAcc_Saml2Integration_complete(t *testing.T) {
 	})
 }
 
-func TestAcc_Saml2Integration_invalid(t *testing.T) {
-	m := func() map[string]config.Variable {
-		return map[string]config.Variable{
-			"allowed_email_patterns":              config.ListVariable(config.StringVariable("foo")),
-			"allowed_user_domains":                config.ListVariable(config.StringVariable("foo")),
-			"comment":                             config.StringVariable("foo"),
-			"enabled":                             config.BoolVariable(true),
-			"name":                                config.StringVariable("foo"),
-			"saml2_enable_sp_initiated":           config.BoolVariable(true),
-			"saml2_force_authn":                   config.BoolVariable(true),
-			"saml2_issuer":                        config.StringVariable("foo"),
-			"saml2_post_logout_redirect_url":      config.StringVariable("foo"),
-			"saml2_provider":                      config.StringVariable("invalid"),
-			"saml2_requested_nameid_format":       config.StringVariable("invalid"),
-			"saml2_sign_request":                  config.BoolVariable(true),
-			"saml2_snowflake_acs_url":             config.StringVariable("foo"),
-			"saml2_snowflake_issuer_url":          config.StringVariable("foo"),
-			"saml2_sp_initiated_login_page_label": config.StringVariable("foo"),
-			"saml2_sso_url":                       config.StringVariable("foo"),
-			"saml2_x509_cert":                     config.StringVariable("foo"),
-		}
+func TestAcc_Saml2Integration_InvalidNameIdFormat(t *testing.T) {
+	id := acc.TestClient().Ids.RandomAccountObjectIdentifier()
+	issuer := acc.TestClient().Ids.Alpha()
+	cert := random.GenerateX509(t)
+	validUrl := "http://example.com"
+
+	configVariables := config.Variables{
+		"name":                          config.StringVariable(id.Name()),
+		"saml2_issuer":                  config.StringVariable(issuer),
+		"saml2_provider":                config.StringVariable(string(sdk.Saml2SecurityIntegrationSaml2ProviderCustom)),
+		"saml2_sso_url":                 config.StringVariable(validUrl),
+		"saml2_x509_cert":               config.StringVariable(cert),
+		"saml2_requested_nameid_format": config.StringVariable("invalid"),
 	}
+
 	resource.Test(t, resource.TestCase{
 		ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories,
 		PreCheck:                 func() { acc.TestAccPreCheck(t) },
 		TerraformVersionChecks: []tfversion.TerraformVersionCheck{
 			tfversion.RequireAbove(tfversion.Version1_5_0),
 		},
-		ErrorCheck: helpers.AssertErrorContainsPartsFunc(t, []string{
-			`Error: invalid Saml2SecurityIntegrationSaml2RequestedNameidFormatOption: invalid`,
-			`Error: invalid Saml2SecurityIntegrationSaml2ProviderOption: INVALID`,
-		}),
 		CheckDestroy: acc.CheckDestroy(t, resources.Saml2SecurityIntegration),
 		Steps: []resource.TestStep{
 			{
-				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_Saml2Integration/complete"),
-				ConfigVariables: m(),
+				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_Saml2Integration/invalid"),
+				ConfigVariables: configVariables,
+				ExpectError:     regexp.MustCompile("Error: invalid Saml2SecurityIntegrationSaml2RequestedNameidFormatOption: invalid"),
 			},
 		},
 	})
 }
 
-func TestAcc_Saml2Integration_InvalidIncomplete(t *testing.T) {
-	m := func() map[string]config.Variable {
-		return map[string]config.Variable{
-			"name": config.StringVariable("foo"),
-		}
+func TestAcc_Saml2Integration_InvalidProvider(t *testing.T) {
+	id := acc.TestClient().Ids.RandomAccountObjectIdentifier()
+	issuer := acc.TestClient().Ids.Alpha()
+	cert := random.GenerateX509(t)
+	validUrl := "http://example.com"
+
+	configVariables := config.Variables{
+		"name":                          config.StringVariable(id.Name()),
+		"saml2_issuer":                  config.StringVariable(issuer),
+		"saml2_provider":                config.StringVariable("invalid"),
+		"saml2_sso_url":                 config.StringVariable(validUrl),
+		"saml2_x509_cert":               config.StringVariable(cert),
+		"saml2_requested_nameid_format": config.StringVariable(string(sdk.Saml2SecurityIntegrationSaml2RequestedNameidFormatEmailAddress)),
 	}
+
 	resource.Test(t, resource.TestCase{
 		ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories,
 		PreCheck:                 func() { acc.TestAccPreCheck(t) },
 		TerraformVersionChecks: []tfversion.TerraformVersionCheck{
 			tfversion.RequireAbove(tfversion.Version1_5_0),
 		},
-		ErrorCheck: helpers.AssertErrorContainsPartsFunc(t, []string{
-			`The argument "saml2_issuer" is required, but no definition was found.`,
-			`The argument "saml2_provider" is required, but no definition was found.`,
-			`The argument "saml2_sso_url" is required, but no definition was found.`,
-			`The argument "saml2_x509_cert" is required, but no definition was found.`,
-		}),
 		CheckDestroy: acc.CheckDestroy(t, resources.Saml2SecurityIntegration),
 		Steps: []resource.TestStep{
 			{
 				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_Saml2Integration/invalid"),
-				ConfigVariables: m(),
+				ConfigVariables: configVariables,
+				ExpectError:     regexp.MustCompile("Error: invalid Saml2SecurityIntegrationSaml2ProviderOption: INVALID"),
 			},
 		},
 	})

diff --git a/pkg/resources/testdata/TestAcc_Saml2Integration/incomplete/test.tf b/pkg/resources/testdata/TestAcc_Saml2Integration/incomplete/test.tf
diff --git a/pkg/resources/testdata/TestAcc_Saml2Integration/incomplete/variables.tf b/pkg/resources/testdata/TestAcc_Saml2Integration/incomplete/variables.tf
diff --git a/pkg/resources/testdata/TestAcc_Saml2Integration/invalid/test.tf b/pkg/resources/testdata/TestAcc_Saml2Integration/invalid/test.tf
@@ -1,3 +1,8 @@
 resource "snowflake_saml2_integration" "test" {
-  name = var.name
+  name            = var.name
+  saml2_issuer    = var.saml2_issuer
+  saml2_sso_url   = var.saml2_sso_url
+  saml2_provider  = var.saml2_provider
+  saml2_x509_cert = var.saml2_x509_cert
+  saml2_requested_nameid_format       = var.saml2_requested_nameid_format
 }
diff --git a/pkg/resources/testdata/TestAcc_Saml2Integration/invalid/variables.tf b/pkg/resources/testdata/TestAcc_Saml2Integration/invalid/variables.tf
@@ -1,3 +1,18 @@
 variable "name" {
   type = string
 }
+variable "saml2_issuer" {
+  type = string
+}
+variable "saml2_provider" {
+  type = string
+}
+variable "saml2_sso_url" {
+  type = string
+}
+variable "saml2_x509_cert" {
+  type = string
+}
+variable "saml2_requested_nameid_format" {
+  type = string
+}