forked from Snowflake-Labs/terraform-provider-snowflake
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add SCIM access token Datasource (Snowflake-Labs#557)
- Loading branch information
1 parent
6cf9452
commit d385425
Showing
9 changed files
with
208 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
--- | ||
# generated by https://github.com/hashicorp/terraform-plugin-docs | ||
page_title: "snowflake_system_generate_scim_access_token Data Source - terraform-provider-snowflake" | ||
subcategory: "" | ||
description: |- | ||
--- | ||
|
||
# snowflake_system_generate_scim_access_token (Data Source) | ||
|
||
|
||
|
||
## Example Usage | ||
|
||
```terraform | ||
data "snowflake_system_generate_scim_access_token" "scim" { | ||
integration_name = "AAD_PROVISIONING" | ||
} | ||
``` | ||
|
||
<!-- schema generated by tfplugindocs --> | ||
## Schema | ||
|
||
### Required | ||
|
||
- **integration_name** (String) SCIM Integration Name | ||
|
||
### Optional | ||
|
||
- **id** (String) The ID of this resource. | ||
|
||
### Read-Only | ||
|
||
- **access_token** (String) SCIM Access Token | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
3 changes: 3 additions & 0 deletions
3
examples/data-sources/snowflake_system_generate_scim_access_token/data-source.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
data "snowflake_system_generate_scim_access_token" "scim" { | ||
integration_name = "AAD_PROVISIONING" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
package datasources | ||
|
||
import ( | ||
"database/sql" | ||
"log" | ||
|
||
"github.com/chanzuckerberg/terraform-provider-snowflake/pkg/snowflake" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" | ||
) | ||
|
||
var systemGenerateSCIMAccesstokenSchema = map[string]*schema.Schema{ | ||
"integration_name": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
Description: "SCIM Integration Name", | ||
}, | ||
"access_token": { | ||
Type: schema.TypeString, | ||
Computed: true, | ||
Description: "SCIM Access Token", | ||
}, | ||
} | ||
|
||
func SystemGenerateSCIMAccessToken() *schema.Resource { | ||
return &schema.Resource{ | ||
Read: ReadSystemGenerateSCIMAccessToken, | ||
Schema: systemGenerateSCIMAccesstokenSchema, | ||
} | ||
} | ||
|
||
// ReadSystemGetAWSSNSIAMPolicy implements schema.ReadFunc | ||
func ReadSystemGenerateSCIMAccessToken(d *schema.ResourceData, meta interface{}) error { | ||
db := meta.(*sql.DB) | ||
integrationName := d.Get("integration_name").(string) | ||
|
||
sel := snowflake.SystemGenerateSCIMAccessToken(integrationName).Select() | ||
row := snowflake.QueryRow(db, sel) | ||
accessToken, err := snowflake.ScanSCIMAccessToken(row) | ||
if err == sql.ErrNoRows { | ||
// If not found, mark resource to be removed from statefile during apply or refresh | ||
log.Printf("[DEBUG] system_generate_scim_access_token (%s) not found", d.Id()) | ||
d.SetId("") | ||
return nil | ||
} | ||
|
||
if err != nil { | ||
log.Printf("[DEBUG] system_generate_scim_access_token (%s) failed to generate (%q)", d.Id(), err.Error()) | ||
d.SetId("") | ||
return nil | ||
} | ||
|
||
d.SetId(integrationName) | ||
return d.Set("access_token", accessToken.Token) | ||
} |
63 changes: 63 additions & 0 deletions
63
pkg/datasources/system_generate_scim_access_token_acceptance_test.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
package datasources_test | ||
|
||
import ( | ||
"fmt" | ||
"strings" | ||
"testing" | ||
|
||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" | ||
) | ||
|
||
func TestAcc_SystemGenerateSCIMAccessToken(t *testing.T) { | ||
scimIntName := strings.ToUpper(acctest.RandStringFromCharSet(10, acctest.CharSetAlpha)) | ||
resource.ParallelTest(t, resource.TestCase{ | ||
Providers: providers(), | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: generateAccessTokenConfig(scimIntName), | ||
Check: resource.ComposeTestCheckFunc( | ||
resource.TestCheckResourceAttr("data.snowflake_system_generate_scim_access_token.p", "integration_name", scimIntName), | ||
resource.TestCheckResourceAttrSet("data.snowflake_system_generate_scim_access_token.p", "access_token"), | ||
), | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
func generateAccessTokenConfig(name string) string { | ||
return fmt.Sprintf(` | ||
resource "snowflake_role" "azured" { | ||
name = "AAD_PROVISIONER" | ||
comment = "test comment" | ||
} | ||
resource "snowflake_account_grant" "azurecud" { | ||
roles = [snowflake_role.azured.name] | ||
privilege = "CREATE USER" | ||
} | ||
resource "snowflake_account_grant" "azurecrd" { | ||
roles = [snowflake_role.azured.name] | ||
privilege = "CREATE ROLE" | ||
} | ||
resource "snowflake_role_grants" "azured" { | ||
role_name = snowflake_role.azured.name | ||
roles = ["ACCOUNTADMIN"] | ||
} | ||
resource "snowflake_scim_integration" "azured" { | ||
name = "%s" | ||
scim_client = "AZURE" | ||
provisioner_role = snowflake_role.azured.name | ||
depends_on = [ | ||
snowflake_account_grant.azurecud, | ||
snowflake_account_grant.azurecrd, | ||
snowflake_role_grants.azured | ||
] | ||
} | ||
data snowflake_system_generate_scim_access_token p { | ||
integration_name = snowflake_scim_integration.azured.name | ||
} | ||
`, name) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
package snowflake | ||
|
||
import ( | ||
"fmt" | ||
|
||
"github.com/jmoiron/sqlx" | ||
) | ||
|
||
// SystemGenerateSCIMAccessTokenBuilder abstracts calling the SYSTEM$GENERATE_SCIM_ACCESS_TOKEN system function | ||
type SystemGenerateSCIMAccessTokenBuilder struct { | ||
integrationName string | ||
} | ||
|
||
// SystemGenerateSCIMAccessToken returns a pointer to a builder that abstracts calling the the SYSTEM$GENERATE_SCIM_ACCESS_TOKEN system function | ||
func SystemGenerateSCIMAccessToken(integrationName string) *SystemGenerateSCIMAccessTokenBuilder { | ||
return &SystemGenerateSCIMAccessTokenBuilder{ | ||
integrationName: integrationName, | ||
} | ||
} | ||
|
||
// Select generates the select statement for obtaining the scim access token | ||
func (pb *SystemGenerateSCIMAccessTokenBuilder) Select() string { | ||
return fmt.Sprintf(`SELECT SYSTEM$GENERATE_SCIM_ACCESS_TOKEN('%v') AS "token"`, pb.integrationName) | ||
} | ||
|
||
type scimAccessToken struct { | ||
Token string `db:"token"` | ||
} | ||
|
||
// ScanSCIMAccessToken convert a result into a | ||
func ScanSCIMAccessToken(row *sqlx.Row) (*scimAccessToken, error) { | ||
p := &scimAccessToken{} | ||
e := row.StructScan(p) | ||
return p, e | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
package snowflake | ||
|
||
import ( | ||
"testing" | ||
|
||
"github.com/stretchr/testify/require" | ||
) | ||
|
||
func TestSystemGenerateSCIMAccessToken(t *testing.T) { | ||
r := require.New(t) | ||
sb := SystemGenerateSCIMAccessToken("AAD_PROVISIONING") | ||
|
||
r.Equal(sb.Select(), `SELECT SYSTEM$GENERATE_SCIM_ACCESS_TOKEN('AAD_PROVISIONING') AS "token"`) | ||
} |