feat: Password policy resource #1702
Conversation
sfc-gh-ngaberel
force-pushed
the
ngaberel-snow-770935-password-policy
branch
from
5f86cbf to
a04f274
Compare
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
sfc-gh-ngaberel
changed the title
|
Integration tests failure for 5f86cbf8e2b9c6325c750af6b11f90e3ff79e5b2 |
|
Integration tests failure for a04f2741706a16397623e9b87aa9af5ba67605ea |
|
Integration tests success for ce5cb24749cf2a64acb2c0335073d95aacd3b696 |
pkg/snowflake/builder.go
Outdated
| return ok | ||
| } | ||
|
|
||
| func getFieldValue(props Props, fieldName string) (*reflect.Value, error) { |
There was a problem hiding this comment.
some of this reflection stuff is fairly complex. can we have tests for all these helper functions?
pkg/snowflake/builder.go
Outdated
| } | ||
|
|
||
| type NewBuilder struct { | ||
| entityType string |
There was a problem hiding this comment.
this should really be an Enum, since there is a fixed quantity of entityTypes. Also entity isnt really the correct word, its actually "object" We have account level, database level, schema level objects.
|
|
||
| func (m *PasswordPolicyManager) Update(x *PasswordPolicyUpdateInput) (string, error) { | ||
| return m.genericBuilder.Alter(x) | ||
| } |
There was a problem hiding this comment.
🚫 [golangci] reported by reviewdog 🐶
File is not gofumpt-ed (gofumpt)
There was a problem hiding this comment.
is there a way to automatically run gofumpt whenever a PR is made? this is a really annoying error message
There was a problem hiding this comment.
Yes, I'll add that with the vscode config changes.
|
Integration tests failure for 6dbd13d41b226730010aec3ab55da4693bf7d4cc |
sfc-gh-ngaberel
force-pushed
the
ngaberel-snow-770935-password-policy
branch
from
8112108 to
918ef60
Compare
sfc-gh-ngaberel
force-pushed
the
ngaberel-snow-770935-password-policy
branch
from
918ef60 to
7edc7c7
Compare
|
Integration tests failure for 81121084487a082aecf6d6db412fcd62200428a4 |
|
Integration tests success for 918ef6056cf8cf47b4d5ba168637a349245fb11e |
|
Integration tests success for 7edc7c7caf36e8d24a7cb85186d768fd822fa9bd |
|
|
||
| // CreatePasswordPolicy implements schema.CreateFunc. | ||
| func CreatePasswordPolicy(d *schema.ResourceData, meta interface{}) error { | ||
| manager, err := snowflake.NewPasswordPolicyManager() |
There was a problem hiding this comment.
the word "manager" is not very descriptiive or useful. What i was thinking is that we could have a Client struct that has references to each object API. e.g.
type Client struct {
conn *sql.DB
Users Users
Roles Roles
Warehouses Warehouses
Databases Databases
Schemas Schemas
Tables Tables
NetworkPolicies NetworkPolicies
}
where Roles for example would be:
// Roles describes all the roles related methods that the
// Snowflake API supports.
type Roles interface {
// List all the roles by pattern.
List(ctx context.Context, options RoleListOptions) ([]*Role, error)
// Create a new role with the given options.
Create(ctx context.Context, options RoleCreateOptions) (*Role, error)
// Read an role by its name.
Read(ctx context.Context, role string) (*Role, error)
// Update attributes of an existing role.
Update(ctx context.Context, role string, options RoleUpdateOptions) (*Role, error)
// Delete a role by its name.
Delete(ctx context.Context, role string) error
// Rename a role name.
Rename(ctx context.Context, old string, new string) error
}
then you could reference password policeis as: client.PasswordPolicies.Create(<CreatePasswordPolicyInput>)
I also think addtion a validation method to the input would be useful. Example:
// RoleCreateOptions represents the options for creating a role.
type RoleCreateOptions struct {
*RoleProperties
// Required: Identifier for the role; must be unique for your account.
Name string
}
func (o RoleCreateOptions) validate() error {
if o.Name == "" {
return errors.New("name must not be empty")
}
return nil
}
then you could validate input before doing generic request as so:
func (r *roles) List(ctx context.Context, options RoleListOptions) ([]*Role, error) {
if err := options.validate(); err != nil {
return nil, fmt.Errorf("validate list options: %w", err)
}
...
| } | ||
|
|
||
| db := meta.(*sql.DB) | ||
| _, err = db.Exec(stmt) |
There was a problem hiding this comment.
still not fond of having this db.Exec right here. Would be better to put this logic in the client struct (see earlier comment)
| return fmt.Errorf("error executing create statement: %w", err) | ||
| } | ||
|
|
||
| d.SetId(PasswordPolicyID(&input.PasswordPolicy)) |
There was a problem hiding this comment.
a lot of resources share the same kind of ID format. This could probably be abstracted. Also i am not sure it needs to accept the whole PasswordPolicy reference, it really just needs the schema object identifier.
|
|
||
| func (m *PasswordPolicyManager) Update(x *PasswordPolicyUpdateInput) (string, error) { | ||
| return m.genericBuilder.Alter(x) | ||
| } |
There was a problem hiding this comment.
is there a way to automatically run gofumpt whenever a PR is made? this is a really annoying error message
Co-authored-by: Scott Winkler <scott.winkler@snowflake.com>
|
Integration tests success for 906a067f31363477bd3c22421a811676d2b813ac |
|
Integration tests success for f8ea30aa45ef179a82503452d2ff4e88fe18c30d |
| reflect.TypeOf(PasswordPolicyCreateInput{}), | ||
| reflect.TypeOf(PasswordPolicyUpdateInput{}), | ||
| reflect.TypeOf(PasswordPolicyUpdateInput{}), | ||
| reflect.TypeOf(PasswordPolicyDeleteInput{}), |
There was a problem hiding this comment.
i really don't like this way of registering functions with the password policy manager. i am sure there is a better way to do this.
Add support for the Password policy resource.
Fixes #1581
Test Plan