feat: provider config support insecureMode (#1703)

* provider-config

* make docs

* go fmt

* Update pkg/provider/provider.go

Co-authored-by: Nathan Gaberel <nathan.gaberel@snowflake.com>

* rerun make docs

---------

Co-authored-by: Nathan Gaberel <nathan.gaberel@snowflake.com>

docs/data-sources/shares.md

@@ -0,0 +1,38 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "snowflake_shares Data Source - terraform-provider-snowflake"
+subcategory: ""
+description: |-
+  
+---
+
+# snowflake_shares (Data Source)
+
+
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `pattern` (String) Filters the command output by object name.
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+- `shares` (List of Object) List of all the shares available in the system. (see [below for nested schema](#nestedatt--shares))
+
+<a id="nestedatt--shares"></a>
+### Nested Schema for `shares`
+
+Read-Only:
+
+- `comment` (String)
+- `kind` (String)
+- `name` (String)
+- `owner` (String)
+- `to` (String)
+
+

docs/index.md

@@ -53,6 +53,7 @@ provider "snowflake" {
 
 - `browser_auth` (Boolean) Required when `oauth_refresh_token` is used. Can be sourced from `SNOWFLAKE_USE_BROWSER_AUTH` environment variable.
 - `host` (String) Supports passing in a custom host value to the snowflake go driver for use with privatelink.
+- `insecure_mode` (Boolean) If true, bypass the Online Certificate Status Protocol (OCSP) certificate revocation check. IMPORTANT: Change the default value for testing or emergency situations only.
 - `oauth_access_token` (String, Sensitive) Token for use with OAuth. Generating the token is left to other tools. Cannot be used with `browser_auth`, `private_key_path`, `oauth_refresh_token` or `password`. Can be sourced from `SNOWFLAKE_OAUTH_ACCESS_TOKEN` environment variable.
 - `oauth_client_id` (String, Sensitive) Required when `oauth_refresh_token` is used. Can be sourced from `SNOWFLAKE_OAUTH_CLIENT_ID` environment variable.
 - `oauth_client_secret` (String, Sensitive) Required when `oauth_refresh_token` is used. Can be sourced from `SNOWFLAKE_OAUTH_CLIENT_SECRET` environment variable.

pkg/provider/provider.go

@@ -164,6 +164,12 @@ func Provider() *schema.Provider {
 				Optional:    true,
 				DefaultFunc: schema.EnvDefaultFunc("SNOWFLAKE_PROTOCOL", "https"),
 			},
+			"insecure_mode": {
+				Type:        schema.TypeBool,
+				Description: "If true, bypass the Online Certificate Status Protocol (OCSP) certificate revocation check. IMPORTANT: Change the default value for testing or emergency situations only.",
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("SNOWFLAKE_INSECURE_MODE", false),
+			},
 			"warehouse": {
 				Type:        schema.TypeString,
 				Description: "Sets the default warehouse. Optional. Can be sourced from SNOWFLAKE_WAREHOUSE environment variable.",
@@ -324,6 +330,7 @@ func ConfigureProvider(s *schema.ResourceData) (interface{}, error) {
 	protocol := s.Get("protocol").(string)
 	port := s.Get("port").(int)
 	warehouse := s.Get("warehouse").(string)
+	insecureMode := s.Get("insecure_mode").(bool)
 
 	if oauthRefreshToken != "" {
 		accessToken, err := GetOauthAccessToken(oauthEndpoint, oauthClientID, oauthClientSecret, GetOauthData(oauthRefreshToken, oauthRedirectURL))
@@ -348,6 +355,7 @@ func ConfigureProvider(s *schema.ResourceData) (interface{}, error) {
 		protocol,
 		port,
 		warehouse,
+		insecureMode,
 	)
 	if err != nil {
 		return nil, fmt.Errorf("could not build dsn for snowflake connection err = %w", err)
@@ -376,6 +384,7 @@ func DSN(
 	protocol string,
 	port int,
 	warehouse string,
+	insecureMode bool,
 ) (string, error) {
 	// us-west-2 is Snowflake's default region, but if you actually specify that it won't trigger the default code
 	//  https://github.com/snowflakedb/gosnowflake/blob/52137ce8c32eaf93b0bd22fc5c7297beff339812/dsn.go#L61
@@ -384,13 +393,14 @@ func DSN(
 	}
 
 	config := gosnowflake.Config{
-		Account:     account,
-		User:        user,
-		Region:      region,
-		Role:        role,
-		Application: "terraform-provider-snowflake",
-		Port:        port,
-		Protocol:    protocol,
+		Account:      account,
+		User:         user,
+		Region:       region,
+		Role:         role,
+		Application:  "terraform-provider-snowflake",
+		Port:         port,
+		Protocol:     protocol,
+		InsecureMode: insecureMode,
 	}
 
 	// If host is set trust it and do not use the region value
@@ -573,6 +583,7 @@ func GetDatabaseHandleFromEnv() (db *sql.DB, err error) {
 		protocol,
 		port,
 		warehouse,
+		false,
 	)
 	if err != nil {
 		return nil, err

pkg/provider/provider_test.go

@@ -64,7 +64,7 @@ func TestDSN(t *testing.T) {
 	for _, tt := range tests {
 		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
-			got, err := provider.DSN(tt.args.account, tt.args.user, tt.args.password, tt.args.browserAuth, "", "", "", "", tt.args.region, tt.args.role, tt.args.host, tt.args.protocol, tt.args.port, "")
+			got, err := provider.DSN(tt.args.account, tt.args.user, tt.args.password, tt.args.browserAuth, "", "", "", "", tt.args.region, tt.args.role, tt.args.host, tt.args.protocol, tt.args.port, "", false)
 			if (err != nil) != tt.wantErr {
 				t.Errorf("DSN() error = %v, wantErr %v", err, tt.wantErr)
 				return
@@ -114,7 +114,7 @@ func TestOAuthDSN(t *testing.T) {
 	for _, tt := range tests {
 		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
-			got, err := provider.DSN(tt.args.account, tt.args.user, "", false, "", "", "", tt.args.oauthAccessToken, tt.args.region, tt.args.role, tt.args.host, tt.args.protocol, tt.args.port, "")
+			got, err := provider.DSN(tt.args.account, tt.args.user, "", false, "", "", "", tt.args.oauthAccessToken, tt.args.region, tt.args.role, tt.args.host, tt.args.protocol, tt.args.port, "", false)
 
 			if (err != nil) != tt.wantErr {
 				t.Errorf("DSN() error = %v, dsn = %v, wantErr %v", err, got, tt.wantErr)