From b74b22e20665c8f341210117baffb10489f9685d Mon Sep 17 00:00:00 2001 From: Kevin Neville Date: Mon, 31 Oct 2022 12:47:28 +0100 Subject: [PATCH 1/4] fix: format empty oauth md file Signed-off-by: Kevin Neville --- docs/resources/oauth_integration.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/resources/oauth_integration.md b/docs/resources/oauth_integration.md index 870d594dcd..5bd667e9d2 100644 --- a/docs/resources/oauth_integration.md +++ b/docs/resources/oauth_integration.md @@ -8,8 +8,6 @@ description: |- # snowflake_oauth_integration (Resource) - - ## Example Usage ```terraform From a096ad1fb9f68589d02e0ade381897fde09a46a5 Mon Sep 17 00:00:00 2001 From: Kevin Neville Date: Mon, 31 Oct 2022 14:09:46 +0100 Subject: [PATCH 2/4] fix: add oauth_client_type to snowflake_oauth_integration resource Signed-off-by: Kevin Neville --- docs/resources/oauth_integration.md | 3 +++ pkg/resources/oauth_integration.go | 21 +++++++++++++++++++-- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/docs/resources/oauth_integration.md b/docs/resources/oauth_integration.md index 5bd667e9d2..5a7b8f2ed2 100644 --- a/docs/resources/oauth_integration.md +++ b/docs/resources/oauth_integration.md @@ -8,6 +8,8 @@ description: |- # snowflake_oauth_integration (Resource) + + ## Example Usage ```terraform @@ -34,6 +36,7 @@ resource "snowflake_oauth_integration" "tableau_desktop" { - `blocked_roles_list` (Set of String) List of roles that a user cannot explicitly consent to using after authenticating. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates. - `comment` (String) Specifies a comment for the OAuth integration. - `enabled` (Boolean) Specifies whether this OAuth integration is enabled or disabled. +- `oauth_client_type` (String) Specifies the type of client being registered. Snowflake supports both confidential and public clients. - `oauth_issue_refresh_tokens` (Boolean) Specifies whether to allow the client to exchange a refresh token for an access token when the current access token has expired. - `oauth_redirect_uri` (String) Specifies the client URI. After a user is authenticated, the web browser is redirected to this URI. - `oauth_refresh_token_validity` (Number) Specifies how long refresh tokens should be valid (in seconds). OAUTH_ISSUE_REFRESH_TOKENS must be set to TRUE. diff --git a/pkg/resources/oauth_integration.go b/pkg/resources/oauth_integration.go index a751a7f586..32422a3a59 100644 --- a/pkg/resources/oauth_integration.go +++ b/pkg/resources/oauth_integration.go @@ -33,6 +33,14 @@ var oauthIntegrationSchema = map[string]*schema.Schema{ Optional: true, Description: "Specifies the client URI. After a user is authenticated, the web browser is redirected to this URI.", }, + "oauth_client_type": { + Type: schema.TypeString, + Optional: true, + Description: "Specifies the type of client being registered. Snowflake supports both confidential and public clients.", + ValidateFunc: validation.StringInSlice([]string{ + "CONFIDENTIAL", "PUBLIC", + }, false), + }, "oauth_issue_refresh_tokens": { Type: schema.TypeBool, Optional: true, @@ -104,7 +112,9 @@ func CreateOAuthIntegration(d *schema.ResourceData, meta interface{}) error { if _, ok := d.GetOk("oauth_redirect_uri"); ok { stmt.SetString(`OAUTH_REDIRECT_URI`, d.Get("oauth_redirect_uri").(string)) } - + if _, ok := d.GetOk("oauth_client_type"); ok { + stmt.SetString(`OAUTH_CLIENT_TYPE`, d.Get("oauth_client_type").(string)) + } if _, ok := d.GetOk("oauth_issue_refresh_tokens"); ok { stmt.SetBool(`OAUTH_ISSUE_REFRESH_TOKENS`, d.Get("oauth_issue_refresh_tokens").(bool)) } @@ -233,7 +243,9 @@ func ReadOAuthIntegration(d *schema.ResourceData, meta interface{}) error { return errors.Wrap(err, "unable to set OAuth redirect URI for security integration") } case "OAUTH_CLIENT_TYPE": - // Only used for custom OAuth clients (not supported yet) + if err = d.Set("oauth_client_type", v.(string)); err != nil { + return errors.Wrap(err, "unable to set OAuth client type for security integration") + } case "OAUTH_ENFORCE_PKCE": // Only used for custom OAuth clients (not supported yet) case "OAUTH_AUTHORIZATION_ENDPOINT": @@ -274,6 +286,11 @@ func UpdateOAuthIntegration(d *schema.ResourceData, meta interface{}) error { stmt.SetString(`OAUTH_REDIRECT_URI`, d.Get("oauth_redirect_uri").(string)) } + if d.HasChange("oauth_client_type") { + runSetStatement = true + stmt.SetString(`OAUTH_CLIENT_TYPE`, d.Get("oauth_client_type").(string)) + } + if d.HasChange("oauth_issue_refresh_tokens") { runSetStatement = true stmt.SetBool(`OAUTH_ISSUE_REFRESH_TOKENS`, d.Get("oauth_issue_refresh_tokens").(bool)) From 42eee9944f6cda1e23cb147ae6a41ed62e0d61e2 Mon Sep 17 00:00:00 2001 From: Kevin Neville Date: Wed, 2 Nov 2022 11:16:38 +0100 Subject: [PATCH 3/4] chore: run go fmt ./... Signed-off-by: Kevin Neville --- pkg/resources/task.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/resources/task.go b/pkg/resources/task.go index 924db3c460..61ef5f6d5c 100644 --- a/pkg/resources/task.go +++ b/pkg/resources/task.go @@ -16,7 +16,7 @@ import ( ) const ( - taskIDDelimiter = '|' + taskIDDelimiter = '|' ) var taskSchema = map[string]*schema.Schema{ From e58b8fcf2c5f5cf40f453344df965d57f17aeec2 Mon Sep 17 00:00:00 2001 From: Kevin Neville Date: Thu, 3 Nov 2022 10:50:44 +0100 Subject: [PATCH 4/4] fix: add oauth_client_type to snowflake_oauth_integration test Signed-off-by: Kevin Neville --- pkg/resources/oauth_integration_acceptance_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/resources/oauth_integration_acceptance_test.go b/pkg/resources/oauth_integration_acceptance_test.go index 50843704f7..d6e5f354d6 100644 --- a/pkg/resources/oauth_integration_acceptance_test.go +++ b/pkg/resources/oauth_integration_acceptance_test.go @@ -42,6 +42,7 @@ func oauthIntegrationConfig(name string, integrationType string) string { resource "snowflake_oauth_integration" "test" { name = "%s" oauth_client = "%s" + oauth_client_type = "PUBLIC" enabled = true oauth_issue_refresh_tokens = true oauth_refresh_token_validity = 3600