feat: Add secret to sdk (#3091)

## Changes - Changed name of Secret struct in common_types.go due to naming clash - Added Secret Object to SDK - Generated validators for Secret - Unit and integration tests ## References * [CREATE SECRET](https://docs.snowflake.com/en/sql-reference/sql/create-secret)
Snowflake-Labs · Oct 1, 2024 · 7430aee · 7430aee
1 parent ad5fa11
commit 7430aee
Show file tree

Hide file tree

Showing 28 changed files with 2,520 additions and 21 deletions.
diff --git a/pkg/acceptance/bettertestspoc/assert/objectassert/gen/sdk_object_def.go b/pkg/acceptance/bettertestspoc/assert/objectassert/gen/sdk_object_def.go
@@ -62,6 +62,11 @@ var allStructs = []SdkObjectDef{
 		ObjectType:   sdk.ObjectTypeTask,
 		ObjectStruct: sdk.Task{},
 	},
+	{
+		IdType:       "sdk.SchemaObjectIdentifier",
+		ObjectType:   sdk.ObjectTypeSecret,
+		ObjectStruct: sdk.Secret{},
+	},
 	{
 		IdType:       "sdk.SchemaObjectIdentifier",
 		ObjectType:   sdk.ObjectTypeStream,

diff --git a/pkg/acceptance/bettertestspoc/assert/objectassert/secret_snowflake_gen.go b/pkg/acceptance/bettertestspoc/assert/objectassert/secret_snowflake_gen.go
diff --git a/pkg/acceptance/helpers/secret_client.go b/pkg/acceptance/helpers/secret_client.go
@@ -0,0 +1,100 @@
+package helpers
+
+import (
+	"context"
+	"testing"
+
+	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+type SecretClient struct {
+	context *TestClientContext
+	ids     *IdsGenerator
+}
+
+func NewSecretClient(context *TestClientContext, idsGenerator *IdsGenerator) *SecretClient {
+	return &SecretClient{
+		context: context,
+		ids:     idsGenerator,
+	}
+}
+
+func (c *SecretClient) client() sdk.Secrets {
+	return c.context.client.Secrets
+}
+
+func (c *SecretClient) CreateWithOAuthClientCredentialsFlow(t *testing.T, id sdk.SchemaObjectIdentifier, apiIntegration sdk.AccountObjectIdentifier, oauthScopes []sdk.ApiIntegrationScope) (*sdk.Secret, func()) {
+	t.Helper()
+	ctx := context.Background()
+	request := sdk.NewCreateWithOAuthClientCredentialsFlowSecretRequest(id, apiIntegration).
+		WithOauthScopes(sdk.OauthScopesListRequest{OauthScopesList: oauthScopes})
+
+	err := c.client().CreateWithOAuthClientCredentialsFlow(ctx, request)
+	require.NoError(t, err)
+
+	secret, err := c.client().ShowByID(ctx, id)
+	require.NoError(t, err)
+
+	return secret, c.DropFunc(t, id)
+}
+
+func (c *SecretClient) CreateWithOAuthAuthorizationCodeFlow(t *testing.T, id sdk.SchemaObjectIdentifier, apiIntegration sdk.AccountObjectIdentifier, refreshToken, refreshTokenExpiryTime string) (*sdk.Secret, func()) {
+	t.Helper()
+	ctx := context.Background()
+	request := sdk.NewCreateWithOAuthAuthorizationCodeFlowSecretRequest(id, refreshToken, refreshTokenExpiryTime, apiIntegration)
+
+	err := c.client().CreateWithOAuthAuthorizationCodeFlow(ctx, request)
+	require.NoError(t, err)
+
+	secret, err := c.client().ShowByID(ctx, id)
+	require.NoError(t, err)
+
+	return secret, c.DropFunc(t, id)
+}
+
+func (c *SecretClient) CreateWithBasicAuthenticationFlow(t *testing.T, id sdk.SchemaObjectIdentifier, username, password string) (*sdk.Secret, func()) {
+	t.Helper()
+	ctx := context.Background()
+	request := sdk.NewCreateWithBasicAuthenticationSecretRequest(id, username, password)
+
+	err := c.client().CreateWithBasicAuthentication(ctx, request)
+	require.NoError(t, err)
+
+	secret, err := c.client().ShowByID(ctx, id)
+	require.NoError(t, err)
+
+	return secret, c.DropFunc(t, id)
+}
+
+func (c *SecretClient) CreateWithGenericString(t *testing.T, id sdk.SchemaObjectIdentifier, secretString string) (*sdk.Secret, func()) {
+	t.Helper()
+	ctx := context.Background()
+	request := sdk.NewCreateWithGenericStringSecretRequest(id, secretString)
+
+	err := c.client().CreateWithGenericString(ctx, request)
+	require.NoError(t, err)
+
+	secret, err := c.client().ShowByID(ctx, id)
+	require.NoError(t, err)
+
+	return secret, c.DropFunc(t, id)
+}
+
+func (c *SecretClient) DropFunc(t *testing.T, id sdk.SchemaObjectIdentifier) func() {
+	t.Helper()
+	ctx := context.Background()
+
+	return func() {
+		err := c.client().Drop(ctx, sdk.NewDropSecretRequest(id).WithIfExists(true))
+		assert.NoError(t, err)
+	}
+}
+
+func (c *SecretClient) Show(t *testing.T, id sdk.SchemaObjectIdentifier) (*sdk.Secret, error) {
+	t.Helper()
+	ctx := context.Background()
+
+	return c.client().ShowByID(ctx, id)
+}
diff --git a/pkg/acceptance/helpers/security_integration_client.go b/pkg/acceptance/helpers/security_integration_client.go
@@ -56,6 +56,19 @@ func (c *SecurityIntegrationClient) CreateScim(t *testing.T) (*sdk.SecurityInteg
 	return c.CreateScimWithRequest(t, sdk.NewCreateScimSecurityIntegrationRequest(c.ids.RandomAccountObjectIdentifier(), sdk.ScimSecurityIntegrationScimClientGeneric, sdk.ScimSecurityIntegrationRunAsRoleGenericScimProvisioner))
 }
 
+func (c *SecurityIntegrationClient) CreateApiAuthenticationClientCredentialsWithRequest(t *testing.T, request *sdk.CreateApiAuthenticationWithClientCredentialsFlowSecurityIntegrationRequest) (*sdk.SecurityIntegration, func()) {
+	t.Helper()
+	ctx := context.Background()
+
+	err := c.client().CreateApiAuthenticationWithClientCredentialsFlow(ctx, request)
+	require.NoError(t, err)
+
+	si, err := c.client().ShowByID(ctx, request.GetName())
+	require.NoError(t, err)
+
+	return si, c.DropSecurityIntegrationFunc(t, request.GetName())
+}
+
 func (c *SecurityIntegrationClient) UpdateSaml2(t *testing.T, request *sdk.AlterSaml2SecurityIntegrationRequest) {
 	t.Helper()
 	ctx := context.Background()

diff --git a/pkg/acceptance/helpers/test_client.go b/pkg/acceptance/helpers/test_client.go
@@ -47,6 +47,7 @@ type TestClient struct {
 	Role                         *RoleClient
 	RowAccessPolicy              *RowAccessPolicyClient
 	Schema                       *SchemaClient
+	Secret                       *SecretClient
 	SecurityIntegration          *SecurityIntegrationClient
 	SessionPolicy                *SessionPolicyClient
 	Share                        *ShareClient
@@ -113,6 +114,7 @@ func NewTestClient(c *sdk.Client, database string, schema string, warehouse stri
 		Role:                         NewRoleClient(context, idsGenerator),
 		RowAccessPolicy:              NewRowAccessPolicyClient(context, idsGenerator),
 		Schema:                       NewSchemaClient(context, idsGenerator),
+		Secret:                       NewSecretClient(context, idsGenerator),
 		SecurityIntegration:          NewSecurityIntegrationClient(context, idsGenerator),
 		SessionPolicy:                NewSessionPolicyClient(context, idsGenerator),
 		Share:                        NewShareClient(context, idsGenerator),

diff --git a/pkg/sdk/client.go b/pkg/sdk/client.go
@@ -75,6 +75,7 @@ type Client struct {
 	Roles                        Roles
 	RowAccessPolicies            RowAccessPolicies
 	Schemas                      Schemas
+	Secrets                      Secrets
 	SecurityIntegrations         SecurityIntegrations
 	Sequences                    Sequences
 	SessionPolicies              SessionPolicies
@@ -235,6 +236,7 @@ func (c *Client) initialize() {
 	c.Roles = &roles{client: c}
 	c.RowAccessPolicies = &rowAccessPolicies{client: c}
 	c.Schemas = &schemas{client: c}
+	c.Secrets = &secrets{client: c}
 	c.SecurityIntegrations = &securityIntegrations{client: c}
 	c.Sequences = &sequences{client: c}
 	c.SessionPolicies = &sessionPolicies{client: c}

diff --git a/pkg/sdk/common_types.go b/pkg/sdk/common_types.go
@@ -257,7 +257,7 @@ func ReturnNullValuesPointer(v ReturnNullValues) *ReturnNullValues {
 	return &v
 }
 
-type Secret struct {
+type SecretReference struct {
 	VariableName string `ddl:"keyword,single_quotes"`
 	Name         string `ddl:"parameter,no_quotes"`
 }

diff --git a/pkg/sdk/functions_def.go b/pkg/sdk/functions_def.go
@@ -79,7 +79,7 @@ var FunctionsDef = g.NewInterface(
 		).
 		TextAssignment("HANDLER", g.ParameterOptions().SingleQuotes().Required()).
 		ListAssignment("EXTERNAL_ACCESS_INTEGRATIONS", "AccountObjectIdentifier", g.ParameterOptions().Parentheses()).
-		ListAssignment("SECRETS", "Secret", g.ParameterOptions().Parentheses()).
+		ListAssignment("SECRETS", "SecretReference", g.ParameterOptions().Parentheses()).
 		OptionalTextAssignment("TARGET_PATH", g.ParameterOptions().SingleQuotes()).
 		PredefinedQueryStructField("FunctionDefinition", "*string", g.ParameterOptions().NoEquals().SingleQuotes().SQL("AS")).
 		WithValidation(g.ValidIdentifier, "name").
@@ -152,7 +152,7 @@ var FunctionsDef = g.NewInterface(
 		).
 		TextAssignment("HANDLER", g.ParameterOptions().SingleQuotes().Required()).
 		ListAssignment("EXTERNAL_ACCESS_INTEGRATIONS", "AccountObjectIdentifier", g.ParameterOptions().Parentheses()).
-		ListAssignment("SECRETS", "Secret", g.ParameterOptions().Parentheses()).
+		ListAssignment("SECRETS", "SecretReference", g.ParameterOptions().Parentheses()).
 		PredefinedQueryStructField("FunctionDefinition", "*string", g.ParameterOptions().NoEquals().SingleQuotes().SQL("AS")).
 		WithValidation(g.ValidIdentifier, "name").
 		WithValidation(g.ValidateValueSet, "RuntimeVersion").

diff --git a/pkg/sdk/functions_dto_builders_gen.go b/pkg/sdk/functions_dto_builders_gen.go
diff --git a/pkg/sdk/functions_dto_gen.go b/pkg/sdk/functions_dto_gen.go
@@ -32,7 +32,7 @@ type CreateForJavaFunctionRequest struct {
 	Packages                   []FunctionPackageRequest
 	Handler                    string // required
 	ExternalAccessIntegrations []AccountObjectIdentifier
-	Secrets                    []Secret
+	Secrets                    []SecretReference
 	TargetPath                 *string
 	FunctionDefinition         *string
 }
@@ -102,7 +102,7 @@ type CreateForPythonFunctionRequest struct {
 	Packages                   []FunctionPackageRequest
 	Handler                    string // required
 	ExternalAccessIntegrations []AccountObjectIdentifier
-	Secrets                    []Secret
+	Secrets                    []SecretReference
 	FunctionDefinition         *string
 }
 

diff --git a/pkg/sdk/functions_gen.go b/pkg/sdk/functions_gen.go
@@ -40,7 +40,7 @@ type CreateForJavaFunctionOptions struct {
 	Packages                   []FunctionPackage         `ddl:"parameter,parentheses" sql:"PACKAGES"`
 	Handler                    string                    `ddl:"parameter,single_quotes" sql:"HANDLER"`
 	ExternalAccessIntegrations []AccountObjectIdentifier `ddl:"parameter,parentheses" sql:"EXTERNAL_ACCESS_INTEGRATIONS"`
-	Secrets                    []Secret                  `ddl:"parameter,parentheses" sql:"SECRETS"`
+	Secrets                    []SecretReference         `ddl:"parameter,parentheses" sql:"SECRETS"`
 	TargetPath                 *string                   `ddl:"parameter,single_quotes" sql:"TARGET_PATH"`
 	FunctionDefinition         *string                   `ddl:"parameter,single_quotes,no_equals" sql:"AS"`
 }
@@ -118,7 +118,7 @@ type CreateForPythonFunctionOptions struct {
 	Packages                   []FunctionPackage         `ddl:"parameter,parentheses" sql:"PACKAGES"`
 	Handler                    string                    `ddl:"parameter,single_quotes" sql:"HANDLER"`
 	ExternalAccessIntegrations []AccountObjectIdentifier `ddl:"parameter,parentheses" sql:"EXTERNAL_ACCESS_INTEGRATIONS"`
-	Secrets                    []Secret                  `ddl:"parameter,parentheses" sql:"SECRETS"`
+	Secrets                    []SecretReference         `ddl:"parameter,parentheses" sql:"SECRETS"`
 	FunctionDefinition         *string                   `ddl:"parameter,single_quotes,no_equals" sql:"AS"`
 }
 

diff --git a/pkg/sdk/functions_gen_test.go b/pkg/sdk/functions_gen_test.go
@@ -103,7 +103,7 @@ func TestFunctions_CreateForJava(t *testing.T) {
 		opts.ExternalAccessIntegrations = []AccountObjectIdentifier{
 			NewAccountObjectIdentifier("ext_integration"),
 		}
-		opts.Secrets = []Secret{
+		opts.Secrets = []SecretReference{
 			{
 				VariableName: "variable1",
 				Name:         "name1",
@@ -272,7 +272,7 @@ func TestFunctions_CreateForPython(t *testing.T) {
 		opts.ExternalAccessIntegrations = []AccountObjectIdentifier{
 			NewAccountObjectIdentifier("ext_integration"),
 		}
-		opts.Secrets = []Secret{
+		opts.Secrets = []SecretReference{
 			{
 				VariableName: "variable1",
 				Name:         "name1",