Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Add authentication policies to SDK #2937

Merged

Conversation

cmonty-paypal
Copy link
Contributor

Adds Authentication Policy methods to the SDK.

Test Plan

  • unit tests
  • integration tests

References

Comment on lines 11 to 17
const (
AuthenticationMethodsAll AuthenticationMethodsOption = "ALL"
AuthenticationMethodsSaml AuthenticationMethodsOption = "SAML"
AuthenticationMethodsPassword AuthenticationMethodsOption = "PASSWORD"
AuthenticationMethodsOauth AuthenticationMethodsOption = "OAUTH"
AuthenticationMethodsKeyPair AuthenticationMethodsOption = "KEYPAIR"
)
Copy link
Contributor Author

@cmonty-paypal cmonty-paypal Jul 12, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wasn't sure how to get a list of an "enum" to work with QueryStruct and I couldn't find an existing pattern. If you have one let me know and I'll use these vs strings. Otherwise, I'll remove these sections.

Copy link
Collaborator

@sfc-gh-jcieslak sfc-gh-jcieslak Jul 30, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can look at network_rule_def.go (it's for single attribute enums, but a list with specified type should be similar). But I'm guess instead of g.KindOfT you would use g.KindOfTSlice (not sure, but strings are also fine, so you can leave it this way if the approach from network rules wouldn't apply here).

@cmonty-paypal cmonty-paypal force-pushed the add_authentication_policies branch from 35dc61b to 2cb8ee3 Compare July 12, 2024 21:32
@cmonty-paypal
Copy link
Contributor Author

Also, is there a way to configure the integration test client with a keypair? If not, I'll create a disposable account and use a password.

Comment on lines 209 to +217
t.Run("with unsetting a policy", func(t *testing.T) {
sessionPolicy := "SESSION_POLICY1"
opts := &AlterUserOptions{
name: id,
Set: &UserSet{
SessionPolicy: String(sessionPolicy),
Unset: &UserUnset{
SessionPolicy: Bool(true),
},
}
assertOptsValidAndSQLEquals(t, opts, "ALTER USER %s UNSET SESSION POLICY", id.FullyQualifiedName())
})
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This test was incorrect, it was setting a policy instead of unsetting one.

@sfc-gh-asawicki
Copy link
Collaborator

Hey @cmonty-paypal. Thanks for the contribution!

We will do the review on Monday at the latest (we have a smaller team this week, sorry for the delay.)

@cmonty-paypal
Copy link
Contributor Author

Hey @cmonty-paypal. Thanks for the contribution!

We will do the review on Monday at the latest (we have a smaller team this week, sorry for the delay.)

No worries. I still had some work to take care of in this PR.

@cmonty-paypal cmonty-paypal marked this pull request as ready for review July 17, 2024 03:57
@cmonty-paypal cmonty-paypal force-pushed the add_authentication_policies branch from 401e8b6 to 379089f Compare July 17, 2024 03:57
@cmonty-paypal cmonty-paypal force-pushed the add_authentication_policies branch from 15d19dd to 2b966a3 Compare July 17, 2024 15:23
pkg/sdk/authentication_policies_def.go Show resolved Hide resolved
Comment on lines 11 to 17
const (
AuthenticationMethodsAll AuthenticationMethodsOption = "ALL"
AuthenticationMethodsSaml AuthenticationMethodsOption = "SAML"
AuthenticationMethodsPassword AuthenticationMethodsOption = "PASSWORD"
AuthenticationMethodsOauth AuthenticationMethodsOption = "OAUTH"
AuthenticationMethodsKeyPair AuthenticationMethodsOption = "KEYPAIR"
)
Copy link
Collaborator

@sfc-gh-jcieslak sfc-gh-jcieslak Jul 30, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can look at network_rule_def.go (it's for single attribute enums, but a list with specified type should be similar). But I'm guess instead of g.KindOfT you would use g.KindOfTSlice (not sure, but strings are also fine, so you can leave it this way if the approach from network rules wouldn't apply here).

Copy link
Collaborator

@sfc-gh-jcieslak sfc-gh-jcieslak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey 👋
Thanks for the contribution! I left some comments, but overall the change is very good. After the changes I'll run the CI.

pkg/sdk/authentication_policies_def.go Show resolved Hide resolved
pkg/sdk/authentication_policies_def.go Show resolved Hide resolved
pkg/sdk/authentication_policies_gen_test.go Show resolved Hide resolved
pkg/sdk/authentication_policies_impl_gen.go Show resolved Hide resolved
pkg/sdk/users.go Show resolved Hide resolved
pkg/sdk/testint/users_integration_test.go Show resolved Hide resolved
@sfc-gh-jcieslak
Copy link
Collaborator

Hey @cmonty-paypal 👋
Don't you mind if we take care of this, apply the needed changes, and merge it? There are many new changes incoming with new conventions that need to be applied here. The PR is already in very good shape, and we wanted to push this through a bit faster. We could take it this or next week.

@cmonty-paypal
Copy link
Contributor Author

cmonty-paypal commented Aug 8, 2024

Hey @cmonty-paypal 👋 Don't you mind if we take care of this, apply the needed changes, and merge it? There are many new changes incoming with new conventions that need to be applied here. The PR is already in very good shape, and we wanted to push this through a bit faster. We could take it this or next week.

@sfc-gh-jcieslak Yes, please do! Sorry I had a bit of travel last week and I'm gonna be out of office next week. I was hoping to get to this tomorrow but if you want to take over, I'm all for it.

@sfc-gh-jcieslak
Copy link
Collaborator

No worries, Thank You! We still have to finish some other topics, but we'll get to it as soon as possible.

@@ -122,6 +122,16 @@ func TestAccountAlter(t *testing.T) {
assertOptsValidAndSQLEquals(t, opts, `ALTER ACCOUNT SET SESSION POLICY %s`, id.FullyQualifiedName())
})

t.Run("with set authentication policy", func(t *testing.T) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the validation tests are missing (validations were updated but no test failed here)

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed in #3068

import (
"context"

"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk/internal/collections"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this was moved to pkg/internal/collections

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Resolved in the follow-up pr

@@ -44,6 +44,7 @@ var definitionMapping = map[string]*generator.Interface{
"cortex_search_services_def.go": sdk.CortexSearchServiceDef,
"data_metric_function_references_def.go": sdk.DataMetricFunctionReferenceDef,
"external_volumes_def.go": sdk.ExternalVolumesDef,
"authentication_policies_def.go": sdk.AuthenticationPoliciesDef,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

formatting?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Resolved in the follow-up pr

@@ -267,6 +267,27 @@ func TestInt_AccountAlter(t *testing.T) {
require.NoError(t, err)
})

t.Run("set and unset authentication policy", func(t *testing.T) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

skip this test for now @sfc-gh-jcieslak - can you have multiple authentication policies on the account? if not, it messes with our account setup

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed in this pr, can be resolved right away


assertAuthenticationPolicy := func(t *testing.T, authenticationPolicy *sdk.AuthenticationPolicy, id sdk.SchemaObjectIdentifier, expectedComment string) {
t.Helper()
assert.NotEmpty(t, authenticationPolicy.CreatedOn)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please generate assertion in the following change @sfc-gh-jcieslak

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed in #3068

assert.Contains(t, desc, sdk.AuthenticationPolicyDescription{Property: "MFA_ENROLLMENT", Value: "REQUIRED"})
})

t.Run("Alter - set comment", func(t *testing.T) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sfc-gh-jcieslak do we need such granular tests here?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed in #3068 I merged those tests into one set and unset

pkg/sdk/testint/users_integration_test.go Show resolved Hide resolved
@sfc-gh-jcieslak sfc-gh-jcieslak changed the title [Feature] Add authentication policies to SDK feat: Add authentication policies to SDK Sep 10, 2024
@sfc-gh-jcieslak sfc-gh-jcieslak merged commit 7b49685 into Snowflake-Labs:main Sep 10, 2024
6 of 8 checks passed
sfc-gh-jcieslak added a commit that referenced this pull request Sep 17, 2024
## Changes
* Addressed comments from
#2937
* Fixed failing tests caused by this change
* Changed and added multiple tests connected to auth policies
* Adjusted a few parts of the SDK implementation (using enums where
possible, added a few missing parts, etc.)

## TODO
* Mention in
#2880
that the SDK for Auth Policies is ready
sfc-gh-fbudzynski pushed a commit that referenced this pull request Sep 19, 2024
## Changes
* Addressed comments from
#2937
* Fixed failing tests caused by this change
* Changed and added multiple tests connected to auth policies
* Adjusted a few parts of the SDK implementation (using enums where
possible, added a few missing parts, etc.)

## TODO
* Mention in
#2880
that the SDK for Auth Policies is ready
sfc-gh-jmichalak pushed a commit that referenced this pull request Sep 19, 2024
🤖 I have created a release *beep* *boop*
---


##
[0.96.0](v0.95.0...v0.96.0)
(2024-09-18)

Essential GA object readiness for V1:
[link](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/v1-preparations/ESSENTIAL_GA_OBJECTS.MD)
([Roadmap
reference](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/ROADMAP.md#preparing-essential-ga-objects-for-the-provider-v1)).

:exclamation: Migration guide: [v0.95.0 ->
v0.96.0](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md#v0950--v0960)

### 🎉 **What's new:**

* V1 redesign of resources and data sources
* Row access policy
([#3066](#3066))
([#3063](#3063))
* Resource monitor
([#3052](#3052))
([#3064](#3064))
* Masking policy
([#3078](#3078))
([#3083](#3083))
* SDK upgrades
* External volume
([#3033](#3033))
* Authentication policy
([#2937](#2937))
([#3068](#3068))
([#3061](#3061))


### 🔧 **Misc**

* Clean up old test object helpers
([#3049](#3049))
* Add example of granting role to multiple objects
([#3047](#3047))
* Update readme and objects rework state
([#3046](#3046))

### 🐛 **Bug fixes:**

* Fix model grants
([#3070](#3070))
* Fix database show by and resource logic
([#3055](#3055))
* Fix default secondary roles option import
([#3041](#3041))
* Fix sweepers for warehouse and database
([#3057](#3057))
* Fix views permadiff
([#3079](#3079))
* Update v0.95.0 migration guide
([#3062](#3062))

Co-authored-by: snowflake-release-please[bot] <105954990+snowflake-release-please[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants