Merge remote-tracking branch 'origin/main' into fix-scim

.github/workflows/tests.yml

@@ -44,7 +44,7 @@ jobs:
         run: mkdir $HOME/.snowflake && echo "${{ secrets.SNOWFLAKE_CONFIG_FILE }}" > $HOME/.snowflake/config
 
       - run: make test
-        if: steps.create_config.conclusion == 'success'
+        if: ${{ !cancelled() && steps.create_config.conclusion == 'success' }}
         env:
           SNOWFLAKE_BUSINESS_CRITICAL_ACCOUNT: ${{ secrets.SNOWFLAKE_BUSINESS_CRITICAL_ACCOUNT }}
           TEST_SF_TF_AWS_EXTERNAL_BUCKET_URL: ${{ secrets.TEST_SF_TF_AWS_EXTERNAL_BUCKET_URL }}
@@ -57,14 +57,15 @@ jobs:
           TEST_SF_TF_GCS_EXTERNAL_BUCKET_URL: ${{ secrets.TEST_SF_TF_GCS_EXTERNAL_BUCKET_URL }}
 
       - name: Setup Terraform
-        if: steps.create_config.conclusion == 'success'
+        if: ${{ !cancelled() && steps.create_config.conclusion == 'success' }}
         uses: hashicorp/setup-terraform@v3
+        id: setup_terraform
         with:
           terraform_version: 1.7.4
           terraform_wrapper: false
 
       - run: make test-acceptance
-        if: steps.create_config.conclusion == 'success'
+        if: ${{ !cancelled() && steps.setup_terraform.conclusion == 'success' }}
         env:
           SNOWFLAKE_BUSINESS_CRITICAL_ACCOUNT: ${{ secrets.SNOWFLAKE_BUSINESS_CRITICAL_ACCOUNT }}
           TEST_SF_TF_AWS_EXTERNAL_BUCKET_URL: ${{ secrets.TEST_SF_TF_AWS_EXTERNAL_BUCKET_URL }}

MIGRATION_GUIDE.md

@@ -10,6 +10,16 @@ across different versions.
 
 In order to fix issues in v0.93.0, when a resource has Azure scim client, `sync_password` field is now set to `default` value in the state. State will be migrated automatically.
 
+### *(breaking change)* refactored snowflake_schemas datasource
+Changes:
+- `database` is removed and can be specified inside `in` field.
+- `like`, `in`, `starts_with`, and `limit` fields enable filtering.
+- SHOW SCHEMAS output is enclosed in `show_output` field inside `schemas`.
+- Added outputs from **DESC SCHEMA** and **SHOW PARAMETERS IN SCHEMA** (they can be turned off by declaring `with_describe = false` and `with_parameters = false`, **they're turned on by default**).
+  The additional parameters call **DESC SCHEMA** (with `with_describe` turned on) and **SHOW PARAMETERS IN SCHEMA** (with `with_parameters` turned on) **per schema** returned by **SHOW SCHEMAS**.
+  The outputs of both commands are held in `schemas` entry, where **DESC SCHEMA** is saved in the `describe_output` field, and **SHOW PARAMETERS IN SCHEMA** in the `parameters` field.
+  It's important to limit the records and calls to Snowflake to the minimum. That's why we recommend assessing which information you need from the data source and then providing strong filters and turning off additional fields for better plan performance.
+
 ### *(new feature)* new snowflake_account_role resource
 
 Already existing `snowflake_role` was deprecated in favor of the new `snowflake_account_role`. The old resource got upgraded to
@@ -49,10 +59,30 @@ Added a new datasource enabling querying and filtering stremlits. Notes:
 - `like`, `in`, and `limit` fields enable streamlits filtering.
 - SHOW STREAMLITS output is enclosed in `show_output` field inside `streamlits`.
 - Output from **DESC STREAMLIT** (which can be turned off by declaring `with_describe = false`, **it's turned on by default**) is enclosed in `describe_output` field inside `streamlits`.
-  **DESC STREAMLIT** returns different properties based on the integration type. Consult the documentation to check which ones will be filled for which integration.
   The additional parameters call **DESC STREAMLIT** (with `with_describe` turned on) **per streamlit** returned by **SHOW STREAMLITS**.
   It's important to limit the records and calls to Snowflake to the minimum. That's why we recommend assessing which information you need from the data source and then providing strong filters and turning off additional fields for better plan performance.
 
+### *(new feature)* refactored snowflake_network_policy resource
+
+No migration required.
+
+New behavior:
+- `name` is no longer marked as ForceNew parameter. When changed, now it will perform ALTER RENAME operation, instead of re-creating with the new name.
+- Additional validation was added to `blocked_ip_list` to inform about specifying `0.0.0.0/0` ip. More details in the [official documentation](https://docs.snowflake.com/en/sql-reference/sql/create-network-policy#usage-notes).
+
+New fields:
+- `show_output` and `describe_output` added to hold the results returned by `SHOW` and `DESCRIBE` commands. Those fields will only be recomputed when specified fields change
+
+### *(new feature)* snowflake_network_policies datasource
+
+Added a new datasource enabling querying and filtering network policies. Notes:
+- all results are stored in `network_policies` field.
+- `like` field enables filtering.
+- SHOW NETWORK POLICIES output is enclosed in `show_output` field inside `network_policies`.
+- Output from **DESC NETWORK POLICY** (which can be turned off by declaring `with_describe = false`, **it's turned on by default**) is enclosed in `describe_output` field inside `network_policies`.
+  The additional parameters call **DESC NETWORK POLICY** (with `with_describe` turned on) **per network policy** returned by **SHOW NETWORK POLICIES**.
+  It's important to limit the records and calls to Snowflake to the minimum. That's why we recommend assessing which information you need from the data source and then providing strong filters and turning off additional fields for better plan performance.
+
 ## v0.92.0 ➞ v0.93.0
 
 ### general changes

Makefile

@@ -123,4 +123,44 @@ generate-show-output-schemas: ## Generate show output schemas with mappers
 clean-show-output-schemas: ## Clean generated show output schemas
 	rm -f ./pkg/schemas/*_gen.go
 
+generate-snowflake-object-assertions: ## Generate snowflake object assertions
+	go generate ./pkg/acceptance/bettertestspoc/assert/objectassert/generate.go
+
+clean-snowflake-object-assertions: ## Clean snowflake object assertions
+	rm -f ./pkg/acceptance/bettertestspoc/assert/objectassert/*_gen.go
+
+generate-snowflake-object-parameters-assertions: ## Generate snowflake object parameters assertions
+	go generate ./pkg/acceptance/bettertestspoc/assert/objectparametersassert/generate.go
+
+clean-snowflake-object-parameters-assertions: ## Clean snowflake object parameters assertions
+	rm -f ./pkg/acceptance/bettertestspoc/assert/objectparametersassert/*_gen.go
+
+generate-resource-assertions: ## Generate resource assertions
+	go generate ./pkg/acceptance/bettertestspoc/assert/resourceassert/generate.go
+
+clean-resource-assertions: ## Clean resource assertions
+	rm -f ./pkg/acceptance/bettertestspoc/assert/resourceassert/*_gen.go
+
+generate-resource-parameters-assertions: ## Generate resource parameters assertions
+	go generate ./pkg/acceptance/bettertestspoc/assert/resourceparametersassert/generate.go
+
+clean-resource-parameters-assertions: ## Clean resource parameters assertions
+	rm -f ./pkg/acceptance/bettertestspoc/assert/resourceparametersassert/*_gen.go
+
+generate-resource-show-output-assertions: ## Generate resource parameters assertions
+	go generate ./pkg/acceptance/bettertestspoc/assert/resourceshowoutputassert/generate.go
+
+clean-resource-show-output-assertions: ## Clean resource parameters assertions
+	rm -f ./pkg/acceptance/bettertestspoc/assert/resourceshowoutputassert/*_gen.go
+
+generate-resource-model-builders: ## Generate resource model builders
+	go generate ./pkg/acceptance/bettertestspoc/config/model/generate.go
+
+clean-resource-model-builder: ## Clean resource model builders
+	rm -f ./pkg/acceptance/bettertestspoc/config/model/*_gen.go
+
+clean-all-assertions-and-config-models: clean-snowflake-object-assertions clean-snowflake-object-parameters-assertions clean-resource-assertions clean-resource-parameters-assertions clean-resource-show-output-assertions clean-resource-model-builder ## clean all generated assertions and config models
+
+generate-all-assertions-and-config-models: generate-snowflake-object-assertions generate-snowflake-object-parameters-assertions generate-resource-assertions generate-resource-parameters-assertions generate-resource-show-output-assertions generate-resource-model-builders ## generate all assertions and config models
+
 .PHONY: build-local clean-generator-poc dev-setup dev-cleanup docs docs-check fmt fmt-check fumpt help install lint lint-fix mod mod-check pre-push pre-push-check sweep test test-acceptance uninstall-tf

docs/data-sources/network_policies.md

@@ -0,0 +1,111 @@
+---
+page_title: "snowflake_network_policies Data Source - terraform-provider-snowflake"
+subcategory: ""
+description: |-
+  Datasource used to get details of filtered network policies. Filtering is aligned with the current possibilities for SHOW NETWORK POLICIES https://docs.snowflake.com/en/sql-reference/sql/show-network-policies query (like is supported). The results of SHOW and DESCRIBE are encapsulated in one output collection.
+---
+
+!> **V1 release candidate** This resource was reworked and is a release candidate for the V1. We do not expect significant changes in it before the V1. We will welcome any feedback and adjust the resource if needed. Any errors reported will be resolved with a higher priority. We encourage checking this resource out before the V1 release. Please follow the [migration guide](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md#v0920--v0930) to use it.
+
+# snowflake_network_policies (Data Source)
+
+Datasource used to get details of filtered network policies. Filtering is aligned with the current possibilities for [SHOW NETWORK POLICIES](https://docs.snowflake.com/en/sql-reference/sql/show-network-policies) query (`like` is supported). The results of SHOW and DESCRIBE are encapsulated in one output collection.
+
+## Example Usage
+
+```terraform
+# Simple usage
+data "snowflake_network_policies" "simple" {
+}
+
+output "simple_output" {
+  value = data.snowflake_network_policies.simple.network_policies
+}
+
+# Filtering (like)
+data "snowflake_network_policies" "like" {
+  like = "network-policy-name"
+}
+
+output "like_output" {
+  value = data.snowflake_network_policies.like.network_policies
+}
+
+# Without additional data (to limit the number of calls make for every found network policy)
+data "snowflake_network_policies" "only_show" {
+  # with_describe is turned on by default and it calls DESCRIBE NETWORK POLICY for every network policy found and attaches its output to network_policies.*.describe_output field
+  with_describe = false
+}
+
+output "only_show_output" {
+  value = data.snowflake_network_policies.only_show.network_policies
+}
+
+# Ensure the number of network policies is equal to at least one element (with the use of postcondition)
+data "snowflake_network_policies" "assert_with_postcondition" {
+  starts_with = "network-policy-name"
+  lifecycle {
+    postcondition {
+      condition     = length(self.network_policies) > 0
+      error_message = "there should be at least one network policy"
+    }
+  }
+}
+
+# Ensure the number of network policies is equal to at exactly one element (with the use of check block)
+check "network_policy_check" {
+  data "snowflake_network_policies" "assert_with_check_block" {
+    like = "network-policy-name"
+  }
+
+  assert {
+    condition     = length(data.snowflake_network_policies.assert_with_check_block.network_policies) == 1
+    error_message = "Network policies filtered by '${data.snowflake_network_policies.assert_with_check_block.like}' returned ${length(data.snowflake_network_policies.assert_with_check_block.network_policies)} network policies where one was expected"
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `like` (String) Filters the output with **case-insensitive** pattern, with support for SQL wildcard characters (`%` and `_`).
+- `with_describe` (Boolean) Runs DESC NETWORK POLICY for each network policy returned by SHOW NETWORK POLICIES. The output of describe is saved to the description field. By default this value is set to true.
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+- `network_policies` (List of Object) Holds the aggregated output of all network policies details queries. (see [below for nested schema](#nestedatt--network_policies))
+
+<a id="nestedatt--network_policies"></a>
+### Nested Schema for `network_policies`
+
+Read-Only:
+
+- `describe_output` (List of Object) (see [below for nested schema](#nestedobjatt--network_policies--describe_output))
+- `show_output` (List of Object) (see [below for nested schema](#nestedobjatt--network_policies--show_output))
+
+<a id="nestedobjatt--network_policies--describe_output"></a>
+### Nested Schema for `network_policies.describe_output`
+
+Read-Only:
+
+- `allowed_ip_list` (String)
+- `allowed_network_rule_list` (String)
+- `blocked_ip_list` (String)
+- `blocked_network_rule_list` (String)
+
+
+<a id="nestedobjatt--network_policies--show_output"></a>
+### Nested Schema for `network_policies.show_output`
+
+Read-Only:
+
+- `comment` (String)
+- `created_on` (String)
+- `entries_in_allowed_ip_list` (Number)
+- `entries_in_allowed_network_rules` (Number)
+- `entries_in_blocked_ip_list` (Number)
+- `entries_in_blocked_network_rules` (Number)
+- `name` (String)