-
Notifications
You must be signed in to change notification settings - Fork 448
feat: Implement rotating pats #3843
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from 37 commits
Commits
Show all changes
41 commits
Select commit
Hold shift + click to select a range
933886c
Add managing PATs to SDK
sfc-gh-jmichalak 315e697
Merge remote-tracking branch 'origin/dev' into 06-27-add_managing_pat…
sfc-gh-jmichalak 0fe0778
Review suggestions
sfc-gh-jmichalak 1600962
Deref functions
sfc-gh-jmichalak eacd4d0
Merge remote-tracking branch 'origin/dev' into 06-27-add_managing_pat…
sfc-gh-jmichalak 74aae0f
Add PAT integration tests
sfc-gh-jmichalak 420b229
Impl
sfc-gh-jmichalak 4469c34
Add managing PATs to SDK
sfc-gh-jmichalak 7515251
Review suggestions
sfc-gh-jmichalak a3c7354
Deref functions
sfc-gh-jmichalak f9ec8eb
Add PAT integration tests
sfc-gh-jmichalak 98641e3
Merge remote-tracking branch 'origin/add-pat-integration-tests' into …
sfc-gh-jmichalak a8b45bd
Implement User Programmatic Access Tokens data source
sfc-gh-jmichalak 964de07
Implement rotating PATs
sfc-gh-jmichalak c416df3
Merge remote-tracking branch 'origin/dev' into add-pat-resource
sfc-gh-jmichalak e21eeda
Cleanup
sfc-gh-jmichalak 8b88f60
Merge remote-tracking branch 'origin/add-pat-resource' into add-pat-ds
sfc-gh-jmichalak 1eebc5a
Merge remote-tracking branch 'origin/dev' into add-pat-resource
sfc-gh-jmichalak 84bb8b9
Review suggestions
sfc-gh-jmichalak aa7301a
Merge remote-tracking branch 'origin/add-pat-resource' into add-pat-ds
sfc-gh-jmichalak 72cb45d
Review suggestions
sfc-gh-jmichalak 7c5a266
Update poc schema
sfc-gh-jmichalak d4e5cee
Merge remote-tracking branch 'origin/dev' into add-pat-resource
sfc-gh-jmichalak a015a80
Merge remote-tracking branch 'origin/add-pat-resource' into add-pat-ds
sfc-gh-jmichalak c189c52
Merge remote-tracking branch 'origin/add-pat-ds' into implement-rotat…
sfc-gh-jmichalak 5fc8194
Update docs
sfc-gh-jmichalak 7c57253
Cleanup
sfc-gh-jmichalak 7889ea9
Merge remote-tracking branch 'origin/dev' into add-pat-ds
sfc-gh-jmichalak 5415e10
Adjust tests
sfc-gh-jmichalak 9ea1611
Update poc schema
sfc-gh-jmichalak 9d94ace
Merge remote-tracking branch 'origin/add-pat-ds' into implement-rotat…
sfc-gh-jmichalak 7b016e9
Add labels
sfc-gh-jmichalak 86d0285
Cleanup
sfc-gh-jmichalak 26fb62f
Merge remote-tracking branch 'origin/dev' into add-pat-ds
sfc-gh-jmichalak 31a14f5
Review suggestions
sfc-gh-jmichalak f99e307
Merge remote-tracking branch 'origin/add-pat-ds' into implement-rotat…
sfc-gh-jmichalak 8a6e3fd
Review suggestions
sfc-gh-jmichalak feb3998
Review suggestions
sfc-gh-jmichalak e772b93
Merge remote-tracking branch 'origin/dev' into implement-rotating-pats
sfc-gh-jmichalak a34a12a
Fix an assert
sfc-gh-jmichalak a13e3c8
Cleanups
sfc-gh-jmichalak File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
--- | ||
page_title: "snowflake_user_programmatic_access_tokens Data Source - terraform-provider-snowflake" | ||
subcategory: "Preview" | ||
description: |- | ||
Data source used to get details of filtered user programmatic access tokens. Filtering is aligned with the current possibilities for SHOW USER PROGRAMMATIC ACCESS TOKENS https://docs.snowflake.com/en/sql-reference/sql/show-user-programmatic-access-tokens query. The results of SHOW are encapsulated in one output collection user_programmatic_access_tokens. | ||
--- | ||
|
||
!> **Caution: Preview Feature** This feature is considered a preview feature in the provider, regardless of the state of the resource in Snowflake. We do not guarantee its stability. It will be reworked and marked as a stable feature in future releases. Breaking changes are expected, even without bumping the major version. To use this feature, add the relevant feature name to `preview_features_enabled` field in the [provider configuration](https://registry.terraform.io/providers/snowflakedb/snowflake/latest/docs#schema). Please always refer to the [Getting Help](https://github.com/snowflakedb/terraform-provider-snowflake?tab=readme-ov-file#getting-help) section in our Github repo to best determine how to get help for your questions. | ||
|
||
# snowflake_user_programmatic_access_tokens (Data Source) | ||
|
||
Data source used to get details of filtered user programmatic access tokens. Filtering is aligned with the current possibilities for [SHOW USER PROGRAMMATIC ACCESS TOKENS](https://docs.snowflake.com/en/sql-reference/sql/show-user-programmatic-access-tokens) query. The results of SHOW are encapsulated in one output collection `user_programmatic_access_tokens`. | ||
|
||
## Example Usage | ||
|
||
```terraform | ||
# Simple usage | ||
data "snowflake_user_programmatic_access_tokens" "simple" { | ||
for_user = "<user_name>" | ||
} | ||
|
||
output "simple_output" { | ||
value = data.snowflake_user_programmatic_access_tokens.simple.user_programmatic_access_tokens | ||
} | ||
|
||
# Ensure the number of user programmatic access tokens is equal to at least one element (with the use of postcondition) | ||
data "snowflake_user_programmatic_access_tokens" "assert_with_postcondition" { | ||
for_user = "<user_name>" | ||
lifecycle { | ||
postcondition { | ||
condition = length(self.user_programmatic_access_tokens) > 0 | ||
error_message = "there should be at least one user programmatic access token" | ||
} | ||
} | ||
} | ||
|
||
# Ensure the number of user programmatic access tokens is equal to exactly one element (with the use of check block) | ||
check "user_programmatic_access_token_check" { | ||
data "snowflake_user_programmatic_access_tokens" "assert_with_check_block" { | ||
for_user = "<user_name>" | ||
} | ||
|
||
assert { | ||
condition = length(data.snowflake_user_programmatic_access_tokens.assert_with_check_block.user_programmatic_access_tokens) == 1 | ||
error_message = "user programmatic access tokens filtered by '${data.snowflake_user_programmatic_access_tokens.assert_with_check_block.for_user}' returned ${length(data.snowflake_user_programmatic_access_tokens.assert_with_check_block.user_programmatic_access_tokens)} user programmatic access tokens where one was expected" | ||
} | ||
} | ||
``` | ||
|
||
-> **Note** If a field has a default value, it is shown next to the type in the schema. | ||
|
||
<!-- schema generated by tfplugindocs --> | ||
## Schema | ||
|
||
### Required | ||
|
||
- `for_user` (String) Returns programmatic access tokens for the specified user. | ||
|
||
### Read-Only | ||
|
||
- `id` (String) The ID of this resource. | ||
- `user_programmatic_access_tokens` (List of Object) Holds the aggregated output of all user programmatic access tokens details queries. (see [below for nested schema](#nestedatt--user_programmatic_access_tokens)) | ||
|
||
<a id="nestedatt--user_programmatic_access_tokens"></a> | ||
### Nested Schema for `user_programmatic_access_tokens` | ||
|
||
Read-Only: | ||
|
||
- `show_output` (List of Object) (see [below for nested schema](#nestedobjatt--user_programmatic_access_tokens--show_output)) | ||
|
||
<a id="nestedobjatt--user_programmatic_access_tokens--show_output"></a> | ||
### Nested Schema for `user_programmatic_access_tokens.show_output` | ||
|
||
Read-Only: | ||
|
||
- `comment` (String) | ||
- `created_by` (String) | ||
- `created_on` (String) | ||
- `expires_at` (String) | ||
- `mins_to_bypass_network_policy_requirement` (Number) | ||
- `name` (String) | ||
- `role_restriction` (String) | ||
- `rotated_to` (String) | ||
- `status` (String) | ||
- `user_name` (String) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.