Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add External Oauth security integration to sdk #2835

Merged
merged 6 commits into from
May 28, 2024
Merged

feat: Add External Oauth security integration to sdk #2835

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
8335a32
Add external oauth to sdk
sfc-gh-jmichalak May 24, 2024
742ec89
Rename tests
sfc-gh-jmichalak May 24, 2024
ada8109
Fix tests and validation
sfc-gh-jmichalak May 24, 2024
b1c6898
Fixes
sfc-gh-jmichalak May 27, 2024
1762d72
Merge remote-tracking branch 'origin/main' into jmichalak-ext-oauth
sfc-gh-jmichalak May 27, 2024
c44dc90
Fix tests
sfc-gh-jmichalak May 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions pkg/acceptance/helpers/random/url.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
package random

import (
"fmt"
"testing"
)

// GenerateURL generates a random valid URL
func GenerateURL(t *testing.T) string {
sfc-gh-jcieslak marked this conversation as resolved.
Show resolved Hide resolved
t.Helper()
return fmt.Sprintf("https://%s.com", AlphaN(6))
}
128 changes: 128 additions & 0 deletions pkg/sdk/security_integrations_def.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,30 @@ import g "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk/poc/gen

//go:generate go run ./poc/main.go

type ExternalOauthSecurityIntegrationTypeOption string

const (
ExternalOauthSecurityIntegrationTypeOkta ExternalOauthSecurityIntegrationTypeOption = "OKTA"
ExternalOauthSecurityIntegrationTypeAzure ExternalOauthSecurityIntegrationTypeOption = "AZURE"
ExternalOauthSecurityIntegrationTypePingFederate ExternalOauthSecurityIntegrationTypeOption = "PING_FEDERATE"
ExternalOauthSecurityIntegrationTypeCustom ExternalOauthSecurityIntegrationTypeOption = "CUSTOM"
)

type ExternalOauthSecurityIntegrationSnowflakeUserMappingAttributeOption string

const (
ExternalOauthSecurityIntegrationSnowflakeUserMappingAttributeLoginName ExternalOauthSecurityIntegrationSnowflakeUserMappingAttributeOption = "LOGIN_NAME"
ExternalOauthSecurityIntegrationSnowflakeUserMappingAttributeEmailAddress ExternalOauthSecurityIntegrationSnowflakeUserMappingAttributeOption = "EMAIL_ADDRESS"
)

type ExternalOauthSecurityIntegrationAnyRoleModeOption string

const (
ExternalOauthSecurityIntegrationAnyRoleModeDisable ExternalOauthSecurityIntegrationAnyRoleModeOption = "DISABLE"
ExternalOauthSecurityIntegrationAnyRoleModeEnable ExternalOauthSecurityIntegrationAnyRoleModeOption = "ENABLE"
ExternalOauthSecurityIntegrationAnyRoleModeEnableForPrivilege ExternalOauthSecurityIntegrationAnyRoleModeOption = "ENABLE_FOR_PRIVILEGE"
)

type OauthSecurityIntegrationUseSecondaryRolesOption string

const (
Expand Down Expand Up @@ -49,6 +73,13 @@ var (
List("PreAuthorizedRolesList", "AccountObjectIdentifier", g.ListOptions().MustParentheses())
blockedRolesListDef = g.NewQueryStruct("BlockedRolesList").
List("BlockedRolesList", "AccountObjectIdentifier", g.ListOptions().MustParentheses())
allowedRolesListDef = g.NewQueryStruct("AllowedRolesList").
sfc-gh-jcieslak marked this conversation as resolved.
Show resolved Hide resolved
List("AllowedRolesList", "AccountObjectIdentifier", g.ListOptions().MustParentheses())
jwsKeysUrlDef = g.NewQueryStruct("JwsKeysUrl").Text("JwsKeyUrl", g.KeywordOptions().SingleQuotes().Required())
audienceListItemDef = g.NewQueryStruct("AudienceListItem").Text("Item", g.KeywordOptions().SingleQuotes().Required())
audienceListDef = g.NewQueryStruct("AudienceList").
List("AudienceList", "AudienceListItem", g.ListOptions().MustParentheses())
tokenUserMappingClaimDef = g.NewQueryStruct("TokenUserMappingClaim").Text("Claim", g.KeywordOptions().SingleQuotes().Required())
)

func createSecurityIntegrationOperation(structName string, opts func(qs *g.QueryStruct) *g.QueryStruct) *g.QueryStruct {
Expand Down Expand Up @@ -78,6 +109,45 @@ func alterSecurityIntegrationOperation(structName string, opts func(qs *g.QueryS
return qs
}

var externalOauthIntegrationSetDef = g.NewQueryStruct("ExternalOauthIntegrationSet").
OptionalBooleanAssignment("ENABLED", g.ParameterOptions()).
OptionalAssignment(
"EXTERNAL_OAUTH_TYPE",
g.KindOfT[ExternalOauthSecurityIntegrationTypeOption](),
g.ParameterOptions(),
).
OptionalTextAssignment("EXTERNAL_OAUTH_ISSUER", g.ParameterOptions().SingleQuotes()).
ListAssignment("EXTERNAL_OAUTH_TOKEN_USER_MAPPING_CLAIM", "TokenUserMappingClaim", g.ParameterOptions().Parentheses()).
OptionalAssignment(
"EXTERNAL_OAUTH_SNOWFLAKE_USER_MAPPING_ATTRIBUTE",
g.KindOfT[ExternalOauthSecurityIntegrationSnowflakeUserMappingAttributeOption](),
g.ParameterOptions().SingleQuotes(),
).
ListAssignment("EXTERNAL_OAUTH_JWS_KEYS_URL", "JwsKeysUrl", g.ParameterOptions().Parentheses()).
OptionalQueryStructField("ExternalOauthBlockedRolesList", blockedRolesListDef, g.ParameterOptions().SQL("EXTERNAL_OAUTH_BLOCKED_ROLES_LIST").Parentheses()).
OptionalQueryStructField("ExternalOauthAllowedRolesList", allowedRolesListDef, g.ParameterOptions().SQL("EXTERNAL_OAUTH_ALLOWED_ROLES_LIST").Parentheses()).
OptionalTextAssignment("EXTERNAL_OAUTH_RSA_PUBLIC_KEY", g.ParameterOptions().SingleQuotes()).
OptionalTextAssignment("EXTERNAL_OAUTH_RSA_PUBLIC_KEY_2", g.ParameterOptions().SingleQuotes()).
OptionalQueryStructField("ExternalOauthAudienceList", audienceListDef, g.ParameterOptions().SQL("EXTERNAL_OAUTH_AUDIENCE_LIST").Parentheses()).
OptionalAssignment(
"EXTERNAL_OAUTH_ANY_ROLE_MODE",
g.KindOfT[ExternalOauthSecurityIntegrationAnyRoleModeOption](),
g.ParameterOptions(),
).
OptionalTextAssignment("EXTERNAL_OAUTH_SCOPE_DELIMITER", g.ParameterOptions().SingleQuotes()).
OptionalComment().
WithValidation(g.ConflictingFields, "ExternalOauthBlockedRolesList", "ExternalOauthAllowedRolesList").
WithValidation(g.ConflictingFields, "ExternalOauthJwsKeysUrl", "ExternalOauthRsaPublicKey").
WithValidation(g.ConflictingFields, "ExternalOauthJwsKeysUrl", "ExternalOauthRsaPublicKey2").
WithValidation(g.AtLeastOneValueSet, "Enabled", "ExternalOauthType", "ExternalOauthIssuer", "ExternalOauthTokenUserMappingClaim", "ExternalOauthSnowflakeUserMappingAttribute",
"ExternalOauthJwsKeysUrl", "ExternalOauthBlockedRolesList", "ExternalOauthAllowedRolesList", "ExternalOauthRsaPublicKey", "ExternalOauthRsaPublicKey2",
"ExternalOauthAudienceList", "ExternalOauthAnyRoleMode", "ExternalOauthScopeDelimiter", "Comment")

var externalOauthIntegrationUnsetDef = g.NewQueryStruct("ExternalOauthIntegrationUnset").
OptionalSQL("ENABLED").
OptionalSQL("EXTERNAL_OAUTH_AUDIENCE_LIST").
WithValidation(g.AtLeastOneValueSet, "Enabled", "ExternalOauthAudienceList")
sfc-gh-jcieslak marked this conversation as resolved.
Show resolved Hide resolved

var oauthForPartnerApplicationsIntegrationSetDef = g.NewQueryStruct("OauthForPartnerApplicationsIntegrationSet").
OptionalBooleanAssignment("ENABLED", g.ParameterOptions()).
OptionalBooleanAssignment("OAUTH_ISSUE_REFRESH_TOKENS", g.ParameterOptions()).
Expand Down Expand Up @@ -176,6 +246,49 @@ var SecurityIntegrationsDef = g.NewInterface(
"SecurityIntegration",
g.KindOfT[AccountObjectIdentifier](),
).
CustomOperation(
"CreateExternalOauth",
"https://docs.snowflake.com/en/sql-reference/sql/create-security-integration-oauth-external",
createSecurityIntegrationOperation("CreateExternalOauth", func(qs *g.QueryStruct) *g.QueryStruct {
return qs.
PredefinedQueryStructField("integrationType", "string", g.StaticOptions().SQL("TYPE = EXTERNAL_OAUTH")).
BooleanAssignment("ENABLED", g.ParameterOptions().Required()).
Assignment(
"EXTERNAL_OAUTH_TYPE",
g.KindOfT[ExternalOauthSecurityIntegrationTypeOption](),
g.ParameterOptions().Required(),
).
TextAssignment("EXTERNAL_OAUTH_ISSUER", g.ParameterOptions().Required().SingleQuotes()).
ListAssignment("EXTERNAL_OAUTH_TOKEN_USER_MAPPING_CLAIM", "TokenUserMappingClaim", g.ParameterOptions().Required().Parentheses()).
Assignment(
"EXTERNAL_OAUTH_SNOWFLAKE_USER_MAPPING_ATTRIBUTE",
g.KindOfT[ExternalOauthSecurityIntegrationSnowflakeUserMappingAttributeOption](),
g.ParameterOptions().SingleQuotes().Required(),
).
ListAssignment("EXTERNAL_OAUTH_JWS_KEYS_URL", "JwsKeysUrl", g.ParameterOptions().Parentheses()).
OptionalQueryStructField("ExternalOauthBlockedRolesList", blockedRolesListDef, g.ParameterOptions().SQL("EXTERNAL_OAUTH_BLOCKED_ROLES_LIST").Parentheses()).
OptionalQueryStructField("ExternalOauthAllowedRolesList", allowedRolesListDef, g.ParameterOptions().SQL("EXTERNAL_OAUTH_ALLOWED_ROLES_LIST").Parentheses()).
OptionalTextAssignment("EXTERNAL_OAUTH_RSA_PUBLIC_KEY", g.ParameterOptions().SingleQuotes()).
OptionalTextAssignment("EXTERNAL_OAUTH_RSA_PUBLIC_KEY_2", g.ParameterOptions().SingleQuotes()).
OptionalQueryStructField("ExternalOauthAudienceList", audienceListDef, g.ParameterOptions().SQL("EXTERNAL_OAUTH_AUDIENCE_LIST").Parentheses()).
OptionalAssignment(
"EXTERNAL_OAUTH_ANY_ROLE_MODE",
g.KindOfT[ExternalOauthSecurityIntegrationAnyRoleModeOption](),
g.ParameterOptions(),
).
OptionalTextAssignment("EXTERNAL_OAUTH_SCOPE_DELIMITER", g.ParameterOptions().SingleQuotes()).
OptionalTextAssignment("EXTERNAL_OAUTH_SCOPE_MAPPING_ATTRIBUTE", g.ParameterOptions().SingleQuotes()).
WithValidation(g.ConflictingFields, "ExternalOauthBlockedRolesList", "ExternalOauthAllowedRolesList").
WithValidation(g.ExactlyOneValueSet, "ExternalOauthJwsKeysUrl", "ExternalOauthRsaPublicKey").
sfc-gh-asawicki marked this conversation as resolved.
Show resolved Hide resolved
WithValidation(g.ConflictingFields, "ExternalOauthJwsKeysUrl", "ExternalOauthRsaPublicKey2")
}),
allowedRolesListDef,
blockedRolesListDef,
jwsKeysUrlDef,
audienceListDef,
audienceListItemDef,
tokenUserMappingClaimDef,
).
CustomOperation(
"CreateOauthForPartnerApplications",
"https://docs.snowflake.com/en/sql-reference/sql/create-security-integration-oauth-snowflake",
Expand Down Expand Up @@ -278,6 +391,21 @@ var SecurityIntegrationsDef = g.NewInterface(
OptionalBooleanAssignment("SYNC_PASSWORD", g.ParameterOptions())
}),
).
CustomOperation(
"AlterExternalOauth",
"https://docs.snowflake.com/en/sql-reference/sql/alter-security-integration-oauth-external",
alterSecurityIntegrationOperation("AlterExternalOauth", func(qs *g.QueryStruct) *g.QueryStruct {
return qs.OptionalQueryStructField(
"Set",
externalOauthIntegrationSetDef,
g.ListOptions().NoParentheses().SQL("SET"),
).OptionalQueryStructField(
"Unset",
externalOauthIntegrationUnsetDef,
g.ListOptions().NoParentheses().SQL("UNSET"),
).WithValidation(g.ExactlyOneValueSet, "Set", "Unset", "SetTags", "UnsetTags")
}),
).
CustomOperation(
"AlterOauthForPartnerApplications",
"https://docs.snowflake.com/en/sql-reference/sql/alter-security-integration-oauth-snowflake",
Expand Down
Loading
Loading