Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: network policy update #2647

Merged
merged 4 commits into from
Apr 16, 2024
Merged

fix: network policy update #2647

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
6d4fc14
network rules update
sfc-gh-swinkler Mar 25, 2024
2e0e837
add second item
sfc-gh-swinkler Mar 25, 2024
10dd23a
update
sfc-gh-swinkler Apr 13, 2024
f9b7255
Merge branch 'main' into network-rules
sfc-gh-swinkler Apr 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 32 additions & 4 deletions pkg/sdk/network_policies_def.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,16 @@ var (
ip = g.NewQueryStruct("IP").
Text("IP", g.KeywordOptions().SingleQuotes().Required())

networkPoliciesAddNetworkRule = g.NewQueryStruct("AddNetworkRule").
ListAssignment("ALLOWED_NETWORK_RULE_LIST", "SchemaObjectIdentifier", g.ParameterOptions().Parentheses()).
ListAssignment("BLOCKED_NETWORK_RULE_LIST", "SchemaObjectIdentifier", g.ParameterOptions().Parentheses()).
WithValidation(g.ExactlyOneValueSet, "AllowedNetworkRuleList", "BlockedNetworkRuleList")

networkPoliciesRemoveNetworkRule = g.NewQueryStruct("RemoveNetworkRule").
ListAssignment("ALLOWED_NETWORK_RULE_LIST", "SchemaObjectIdentifier", g.ParameterOptions().Parentheses()).
ListAssignment("BLOCKED_NETWORK_RULE_LIST", "SchemaObjectIdentifier", g.ParameterOptions().Parentheses()).
WithValidation(g.ExactlyOneValueSet, "AllowedNetworkRuleList", "BlockedNetworkRuleList")

NetworkPoliciesDef = g.NewInterface(
"NetworkPolicies",
"NetworkPolicy",
Expand All @@ -20,6 +30,8 @@ var (
OrReplace().
SQL("NETWORK POLICY").
Name().
ListAssignment("ALLOWED_NETWORK_RULE_LIST", "SchemaObjectIdentifier", g.ParameterOptions().Parentheses()).
ListAssignment("BLOCKED_NETWORK_RULE_LIST", "SchemaObjectIdentifier", g.ParameterOptions().Parentheses()).
ListQueryStructField("AllowedIpList", ip, g.ParameterOptions().SQL("ALLOWED_IP_LIST").Parentheses()).
ListQueryStructField("BlockedIpList", ip, g.ParameterOptions().SQL("BLOCKED_IP_LIST").Parentheses()).
OptionalTextAssignment("COMMENT", g.ParameterOptions().SingleQuotes()).
Expand All @@ -35,16 +47,28 @@ var (
OptionalQueryStructField(
"Set",
g.NewQueryStruct("NetworkPolicySet").
ListAssignment("ALLOWED_NETWORK_RULE_LIST", "SchemaObjectIdentifier", g.ParameterOptions().Parentheses()).
ListAssignment("BLOCKED_NETWORK_RULE_LIST", "SchemaObjectIdentifier", g.ParameterOptions().Parentheses()).
ListQueryStructField("AllowedIpList", ip, g.ParameterOptions().SQL("ALLOWED_IP_LIST").Parentheses()).
ListQueryStructField("BlockedIpList", ip, g.ParameterOptions().SQL("BLOCKED_IP_LIST").Parentheses()).
OptionalTextAssignment("COMMENT", g.ParameterOptions().SingleQuotes()).
WithValidation(g.AtLeastOneValueSet, "AllowedIpList", "BlockedIpList", "Comment"),
WithValidation(g.AtLeastOneValueSet, "AllowedIpList", "BlockedIpList", "Comment", "AllowedNetworkRuleList", "BlockedNetworkRuleList"),
g.KeywordOptions().SQL("SET"),
).
OptionalQueryStructField(
"Add",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the docs ADD and REMOVE both take only one network rule and not the list like CREATE/ALTER SET. Is this the error in the docs or in the implementation?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the docs are wrong, it should be a list, i tried one network rule, and it failed.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add it to the doc discuss channel, and then you can close this comment

networkPoliciesAddNetworkRule,
g.KeywordOptions().SQL("ADD"),
).
OptionalQueryStructField(
"Remove",
networkPoliciesRemoveNetworkRule,
g.KeywordOptions().SQL("REMOVE"),
).
OptionalSQL("UNSET COMMENT").
Identifier("RenameTo", g.KindOfTPointer[AccountObjectIdentifier](), g.IdentifierOptions().SQL("RENAME TO")).
WithValidation(g.ValidIdentifier, "name").
WithValidation(g.ExactlyOneValueSet, "Set", "UnsetComment", "RenameTo").
WithValidation(g.ExactlyOneValueSet, "Set", "UnsetComment", "RenameTo", "Add", "Remove").
WithValidation(g.ValidIdentifierIfSet, "RenameTo"),
).
DropOperation(
Expand All @@ -63,13 +87,17 @@ var (
Field("name", "string").
Field("comment", "string").
Field("entries_in_allowed_ip_list", "int").
Field("entries_in_blocked_ip_list", "int"),
Field("entries_in_blocked_ip_list", "int").
Field("entries_in_allowed_network_rules", "int").
Field("entries_in_blocked_network_rules", "int"),
g.PlainStruct("NetworkPolicy").
Field("CreatedOn", "string").
Field("Name", "string").
Field("Comment", "string").
Field("EntriesInAllowedIpList", "int").
Field("EntriesInBlockedIpList", "int"),
Field("EntriesInBlockedIpList", "int").
Field("EntriesInAllowedNetworkRules", "int").
Field("EntriesInBlockedNetworkRules", "int"),
g.NewQueryStruct("ShowNetworkPolicies").
Show().
SQL("NETWORK POLICIES"),
Expand Down
60 changes: 60 additions & 0 deletions pkg/sdk/network_policies_dto_builders_gen.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

32 changes: 24 additions & 8 deletions pkg/sdk/network_policies_dto_gen.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,13 @@ var (
)

type CreateNetworkPolicyRequest struct {
OrReplace *bool
name AccountObjectIdentifier // required
AllowedIpList []IPRequest
BlockedIpList []IPRequest
Comment *string
OrReplace *bool
name AccountObjectIdentifier // required
AllowedNetworkRuleList []SchemaObjectIdentifier
BlockedNetworkRuleList []SchemaObjectIdentifier
AllowedIpList []IPRequest
BlockedIpList []IPRequest
Comment *string
}

func (r *CreateNetworkPolicyRequest) GetName() AccountObjectIdentifier {
Expand All @@ -30,14 +32,28 @@ type AlterNetworkPolicyRequest struct {
IfExists *bool
name AccountObjectIdentifier // required
Set *NetworkPolicySetRequest
Add *AddNetworkRuleRequest
Remove *RemoveNetworkRuleRequest
UnsetComment *bool
RenameTo *AccountObjectIdentifier
}

type NetworkPolicySetRequest struct {
AllowedIpList []IPRequest
BlockedIpList []IPRequest
Comment *string
AllowedNetworkRuleList []SchemaObjectIdentifier
BlockedNetworkRuleList []SchemaObjectIdentifier
AllowedIpList []IPRequest
BlockedIpList []IPRequest
Comment *string
}

type AddNetworkRuleRequest struct {
AllowedNetworkRuleList []SchemaObjectIdentifier
BlockedNetworkRuleList []SchemaObjectIdentifier
}

type RemoveNetworkRuleRequest struct {
AllowedNetworkRuleList []SchemaObjectIdentifier
BlockedNetworkRuleList []SchemaObjectIdentifier
}

type DropNetworkPolicyRequest struct {
Expand Down
60 changes: 40 additions & 20 deletions pkg/sdk/network_policies_gen.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,15 @@ type NetworkPolicies interface {

// CreateNetworkPolicyOptions is based on https://docs.snowflake.com/en/sql-reference/sql/create-network-policy.
type CreateNetworkPolicyOptions struct {
create bool `ddl:"static" sql:"CREATE"`
OrReplace *bool `ddl:"keyword" sql:"OR REPLACE"`
networkPolicy bool `ddl:"static" sql:"NETWORK POLICY"`
name AccountObjectIdentifier `ddl:"identifier"`
AllowedIpList []IP `ddl:"parameter,parentheses" sql:"ALLOWED_IP_LIST"`
BlockedIpList []IP `ddl:"parameter,parentheses" sql:"BLOCKED_IP_LIST"`
Comment *string `ddl:"parameter,single_quotes" sql:"COMMENT"`
create bool `ddl:"static" sql:"CREATE"`
OrReplace *bool `ddl:"keyword" sql:"OR REPLACE"`
networkPolicy bool `ddl:"static" sql:"NETWORK POLICY"`
name AccountObjectIdentifier `ddl:"identifier"`
AllowedNetworkRuleList []SchemaObjectIdentifier `ddl:"parameter,parentheses" sql:"ALLOWED_NETWORK_RULE_LIST"`
BlockedNetworkRuleList []SchemaObjectIdentifier `ddl:"parameter,parentheses" sql:"BLOCKED_NETWORK_RULE_LIST"`
AllowedIpList []IP `ddl:"parameter,parentheses" sql:"ALLOWED_IP_LIST"`
BlockedIpList []IP `ddl:"parameter,parentheses" sql:"BLOCKED_IP_LIST"`
Comment *string `ddl:"parameter,single_quotes" sql:"COMMENT"`
}

type IP struct {
Expand All @@ -33,14 +35,28 @@ type AlterNetworkPolicyOptions struct {
IfExists *bool `ddl:"keyword" sql:"IF EXISTS"`
name AccountObjectIdentifier `ddl:"identifier"`
Set *NetworkPolicySet `ddl:"keyword" sql:"SET"`
Add *AddNetworkRule `ddl:"keyword" sql:"ADD"`
Remove *RemoveNetworkRule `ddl:"keyword" sql:"REMOVE"`
UnsetComment *bool `ddl:"keyword" sql:"UNSET COMMENT"`
RenameTo *AccountObjectIdentifier `ddl:"identifier" sql:"RENAME TO"`
}

type NetworkPolicySet struct {
AllowedIpList []IP `ddl:"parameter,parentheses" sql:"ALLOWED_IP_LIST"`
BlockedIpList []IP `ddl:"parameter,parentheses" sql:"BLOCKED_IP_LIST"`
Comment *string `ddl:"parameter,single_quotes" sql:"COMMENT"`
AllowedNetworkRuleList []SchemaObjectIdentifier `ddl:"parameter,parentheses" sql:"ALLOWED_NETWORK_RULE_LIST"`
BlockedNetworkRuleList []SchemaObjectIdentifier `ddl:"parameter,parentheses" sql:"BLOCKED_NETWORK_RULE_LIST"`
AllowedIpList []IP `ddl:"parameter,parentheses" sql:"ALLOWED_IP_LIST"`
BlockedIpList []IP `ddl:"parameter,parentheses" sql:"BLOCKED_IP_LIST"`
Comment *string `ddl:"parameter,single_quotes" sql:"COMMENT"`
}

type AddNetworkRule struct {
AllowedNetworkRuleList []SchemaObjectIdentifier `ddl:"parameter,parentheses" sql:"ALLOWED_NETWORK_RULE_LIST"`
BlockedNetworkRuleList []SchemaObjectIdentifier `ddl:"parameter,parentheses" sql:"BLOCKED_NETWORK_RULE_LIST"`
}

type RemoveNetworkRule struct {
AllowedNetworkRuleList []SchemaObjectIdentifier `ddl:"parameter,parentheses" sql:"ALLOWED_NETWORK_RULE_LIST"`
BlockedNetworkRuleList []SchemaObjectIdentifier `ddl:"parameter,parentheses" sql:"BLOCKED_NETWORK_RULE_LIST"`
}

// DropNetworkPolicyOptions is based on https://docs.snowflake.com/en/sql-reference/sql/drop-network-policy.
Expand All @@ -58,19 +74,23 @@ type ShowNetworkPolicyOptions struct {
}

type showNetworkPolicyDBRow struct {
CreatedOn string `db:"created_on"`
Name string `db:"name"`
Comment string `db:"comment"`
EntriesInAllowedIpList int `db:"entries_in_allowed_ip_list"`
EntriesInBlockedIpList int `db:"entries_in_blocked_ip_list"`
CreatedOn string `db:"created_on"`
Name string `db:"name"`
Comment string `db:"comment"`
EntriesInAllowedIpList int `db:"entries_in_allowed_ip_list"`
EntriesInBlockedIpList int `db:"entries_in_blocked_ip_list"`
EntriesInAllowedNetworkRules int `db:"entries_in_allowed_network_rules"`
EntriesInBlockedNetworkRules int `db:"entries_in_blocked_network_rules"`
}

type NetworkPolicy struct {
CreatedOn string
Name string
Comment string
EntriesInAllowedIpList int
EntriesInBlockedIpList int
CreatedOn string
Name string
Comment string
EntriesInAllowedIpList int
EntriesInBlockedIpList int
EntriesInAllowedNetworkRules int
EntriesInBlockedNetworkRules int
}

// DescribeNetworkPolicyOptions is based on https://docs.snowflake.com/en/sql-reference/sql/desc-network-policy.
Expand Down
Loading
Loading