v0.1.1 (#10)

Changelog

- New Resources: Added `EXTERNAL ACCESS INTEGRATION`, `NETWORK RULE`, `PASSWORD POLICY`, and `SECRET`
- Bug fixes and test improvements
- Fixes #9 

---------

Co-authored-by: TJ Murphy <[email protected]>

.github/workflows/python-package.yml

@@ -42,7 +42,11 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        environment: [snowflake-aws-enterprise, snowflake-aws-standard]
+        include:
+          - environment: snowflake-aws-standard
+            edition: standard
+          - environment: snowflake-aws-enterprise
+            edition: enterprise
     environment: ${{ matrix.environment }}
     steps:
     - uses: actions/checkout@v3
@@ -61,7 +65,7 @@ jobs:
     - name: Run integration tests
       run: |
         source ./.venv/bin/activate
-        make integration
+        make integration EDITION=${{ matrix.edition }}
       env:
         TEST_SNOWFLAKE_ACCOUNT: ${{ secrets.TEST_SNOWFLAKE_ACCOUNT }}
         TEST_SNOWFLAKE_USER: ${{ secrets.TEST_SNOWFLAKE_USER }}

Makefile

@@ -1,4 +1,5 @@
 .PHONY: install install-dev test integration style check clean
+EDITION ?= standard
 
 install:
 	pip install -e .
@@ -10,7 +11,7 @@ test:
 	python -m pytest
 
 integration:
-	python -m pytest --snowflake
+	python -m pytest --snowflake -m $(EDITION)
 
 style:
 	python -m black .

conftest.py

@@ -1,4 +1,19 @@
 import pytest
+import os
+import uuid
+
+import snowflake.connector
+
+TEST_ROLE = os.environ.get("TEST_SNOWFLAKE_ROLE")
+
+
+def connection_params():
+    return {
+        "account": os.environ["TEST_SNOWFLAKE_ACCOUNT"],
+        "user": os.environ["TEST_SNOWFLAKE_USER"],
+        "password": os.environ["TEST_SNOWFLAKE_PASSWORD"],
+        "role": TEST_ROLE,
+    }
 
 
 def pytest_addoption(parser):
@@ -13,3 +28,43 @@ def pytest_addoption(parser):
 def pytest_runtest_setup(item):
     if "requires_snowflake" in item.keywords and not item.config.getoption("--snowflake"):
         pytest.skip("need --snowflake option to run this test")
+
+
+def pytest_collection_modifyitems(items):
+    for item in items:
+        if not item.get_closest_marker("enterprise"):
+            item.add_marker("standard")
+
+
+@pytest.fixture(scope="session")
+def suffix():
+    return str(uuid.uuid4())[:8]
+
+
+@pytest.fixture(scope="session")
+def test_db(suffix):
+    return f"TEST_DB_RUN_{suffix}"
+
+
+@pytest.fixture(scope="session")
+def marked_for_cleanup() -> list:
+    """List to keep track of resources created during tests."""
+    return []
+
+
+@pytest.fixture(scope="session")
+def cursor(suffix, test_db, marked_for_cleanup):
+    session = snowflake.connector.connect(**connection_params())
+    with session.cursor() as cur:
+        cur.execute(f"ALTER SESSION set query_tag='titan_package:test::{suffix}'")
+        cur.execute(f"CREATE DATABASE {test_db}")
+        cur.execute("CREATE WAREHOUSE IF NOT EXISTS CI WAREHOUSE_SIZE = XSMALL AUTO_SUSPEND = 60 AUTO_RESUME = TRUE")
+        try:
+            cur.execute("USE WAREHOUSE CI")
+            cur.execute(f"USE ROLE {TEST_ROLE}")
+            yield cur
+            cur.execute(f"USE DATABASE {test_db}")
+            for res in marked_for_cleanup:
+                cur.execute(res.drop_sql(if_exists=True))
+        finally:
+            cur.execute(f"DROP DATABASE {test_db}")

pyproject.toml

@@ -18,7 +18,10 @@ line-length = 120
 
 [tool.pytest.ini_options]
 # addopts = "-n 4"
-markers = "requires_snowflake"
+markers = [
+    "requires_snowflake: Mark a test as requiring a Snowflake connection.",
+    "enterprise: Mark a test as an enterprise test."
+]
 filterwarnings = [
     "ignore:.*urllib3.contrib.pyopenssl.*:DeprecationWarning"
 ]

scripts/install

@@ -3,7 +3,7 @@ RETURNS OBJECT NOT NULL
 LANGUAGE PYTHON
 RUNTIME_VERSION = '3.9'
 PACKAGES = ('snowflake-snowpark-python', 'inflection', 'pyparsing')
-IMPORTS = ('@titan_aws/releases/titan-0.1.0.zip')
+IMPORTS = ('@titan_aws/releases/titan-0.1.1.zip')
 HANDLER = 'titan.spi.install'
 EXECUTE AS CALLER
 CALL install()

setup.py

@@ -2,7 +2,7 @@
 
 setup(
     name="titan",
-    version="0.1.0",
+    version="0.1.1",
     description="Snowflake infrastructure as code",
     long_description=open("README.md").read(),
     long_description_content_type="text/markdown",

tests/fixtures/json/alert.json

@@ -0,0 +1,10 @@
+{
+    "name": "TEST_ALERT",
+    "warehouse": "static_warehouse",
+    "schedule": "5 minutes",
+    "condition": "SELECT 1",
+    "then": "SELECT 2",
+    "owner": "SYSADMIN",
+    "comment": "This is a test alert",
+    "tags": null
+}

tests/fixtures/json/api_integration.json

@@ -0,0 +1,15 @@
+{
+    "name": "SOMEINT",
+    "owner": "ACCOUNTADMIN",
+    "api_provider": "AWS_API_GATEWAY",
+    "api_key": "api-987654321",
+    "api_aws_role_arn": "arn:aws:iam::123456789012:role/my_cloud_account_role",
+    "api_allowed_prefixes": [
+        "https://xyz.execute-api.us-west-2.amazonaws.com/production"
+    ],
+    "api_blocked_prefixes": [
+        "https://xyz.execute-api.us-west-2.amazonaws.com/development"
+    ],
+    "enabled": true,
+    "comment": "This is a test integration"
+}

tests/fixtures/json/database.json

@@ -0,0 +1,10 @@
+{
+    "name": "TEST_DATABASE",
+    "transient": false,
+    "owner": "SYSADMIN",
+    "data_retention_time_in_days": 1,
+    "max_data_extension_time_in_days": 14,
+    "default_ddl_collation": null,
+    "comment": "This is a test database",
+    "tags": null
+}

tests/fixtures/json/database_role.json

@@ -0,0 +1,6 @@
+{
+    "name": "SOMEDBROLE",
+    "comment": null,
+    "owner": "SYSADMIN",
+    "tags": null
+}

tests/fixtures/json/password_policy.json

@@ -0,0 +1,16 @@
+{
+    "name": "SOMEPOLICY",
+    "owner": "SYSADMIN",
+    "password_min_length": 12,
+    "password_max_length": 24,
+    "password_min_upper_case_chars": 2,
+    "password_min_lower_case_chars": 2,
+    "password_min_numeric_chars": 2,
+    "password_min_special_chars": 2,
+    "password_min_age_days": 1,
+    "password_max_age_days": 30,
+    "password_max_retries": 3,
+    "password_lockout_time_mins": 30,
+    "password_history": 5,
+    "comment": "production account password policy"
+}

tests/fixtures/json/python_udf.json

@@ -0,0 +1,22 @@
+{
+    "name": "MY_PYTHON_UDF",
+    "owner": "SYSADMIN",
+    "args": [],
+    "returns": "NUMBER(38,0)",
+    "runtime_version": "3.8",
+    "packages": [
+        "snowflake-snowpark-python",
+        "pyparsing"
+    ],
+    "handler": "main",
+    "as_": "def main(): return 42",
+    "language": "PYTHON",
+    "comment": null,
+    "copy_grants": false,
+    "external_access_integrations": null,
+    "imports": null,
+    "null_handling": null,
+    "secrets": null,
+    "secure": null,
+    "volatility": null
+}

tests/fixtures/json/role.json

@@ -0,0 +1,6 @@
+{
+    "name": "TEST_ROLE",
+    "owner": "SYSADMIN",
+    "tags": null,
+    "comment": null
+}

tests/fixtures/json/role_grant.json

@@ -0,0 +1,5 @@
+{
+    "role": "STATIC_ROLE",
+    "to_role": "SYSADMIN",
+    "to_user": null
+}

tests/fixtures/json/s3_storage_integration.json

@@ -0,0 +1,15 @@
+{
+    "name": "S3_INT",
+    "type": "EXTERNAL_STAGE",
+    "storage_provider": "S3",
+    "storage_aws_role_arn": "arn:aws:iam::001234567890:role/myrole",
+    "enabled": true,
+    "storage_allowed_locations": [
+        "s3://mybucket1/path1/",
+        "s3://mybucket2/path2/"
+    ],
+    "storage_blocked_locations": null,
+    "comment": null,
+    "owner": "ACCOUNTADMIN",
+    "storage_aws_object_acl": "bucket-owner-full-control"
+}

tests/fixtures/json/schema.json

@@ -0,0 +1,11 @@
+{
+    "name": "TEST_SCHEMA",
+    "transient": false,
+    "managed_access": false,
+    "data_retention_time_in_days": null,
+    "max_data_extension_time_in_days": 14,
+    "default_ddl_collation": null,
+    "tags": null,
+    "owner": "SYSADMIN",
+    "comment": "This is a schema for testing purposes"
+}

tests/fixtures/json/sequence.json

@@ -0,0 +1,7 @@
+{
+    "name": "SOMESEQ",
+    "owner": "SYSADMIN",
+    "start": 1,
+    "increment": 2,
+    "comment": "+3"
+}

tests/fixtures/json/table.json

@@ -0,0 +1,27 @@
+{
+    "name": "MYTABLE",
+    "columns": [
+        {
+            "name": "id",
+            "data_type": "INT"
+        },
+        {
+            "name": "amount",
+            "data_type": "NUMBER"
+        }
+    ],
+    "constraints": null,
+    "volatile": false,
+    "transient": false,
+    "cluster_by": null,
+    "enable_schema_evolution": false,
+    "data_retention_time_in_days": null,
+    "max_data_extension_time_in_days": null,
+    "change_tracking": false,
+    "default_ddl_collation": null,
+    "copy_grants": false,
+    "row_access_policy": null,
+    "tags": null,
+    "owner": "SYSADMIN",
+    "comment": null
+}

tests/fixtures/json/user.json

@@ -0,0 +1,25 @@
+{
+    "name": "JILL",
+    "owner": "USERADMIN",
+    "password": "p4ssw0rd",
+    "login_name": "jill",
+    "display_name": "jill",
+    "first_name": null,
+    "middle_name": null,
+    "last_name": null,
+    "email": null,
+    "must_change_password": false,
+    "disabled": false,
+    "days_to_expiry": null,
+    "mins_to_unlock": null,
+    "default_warehouse": "XSMALL_WH",
+    "default_namespace": null,
+    "default_role": "PUBLIC",
+    "default_secondary_roles": null,
+    "mins_to_bypass_mfa": null,
+    "rsa_public_key": null,
+    "rsa_public_key_2": null,
+    "comment": null,
+    "network_policy": null,
+    "tags": null
+}

tests/fixtures/json/view.json

@@ -0,0 +1,17 @@
+{
+    "name": "MY_VIEW",
+    "owner": "SYSADMIN",
+    "volatile": true,
+    "as_": "SELECT id FROM STATIC_TABLE",
+    "change_tracking": null,
+    "columns": [
+        {
+            "name": "id"
+        }
+    ],
+    "comment": "This is a view",
+    "copy_grants": null,
+    "recursive": null,
+    "secure": null,
+    "tags": null
+}

tests/fixtures/json/warehouse.json

@@ -0,0 +1,20 @@
+{
+    "name": "XSMALL_WH",
+    "owner": "SYSADMIN",
+    "warehouse_type": "STANDARD",
+    "warehouse_size": "XSMALL",
+    "max_cluster_count": null,
+    "min_cluster_count": null,
+    "scaling_policy": null,
+    "auto_suspend": 60,
+    "auto_resume": false,
+    "initially_suspended": true,
+    "resource_monitor": null,
+    "comment": "My XSMALL warehouse",
+    "enable_query_acceleration": null,
+    "query_acceleration_max_scale_factor": null,
+    "max_concurrency_level": 8,
+    "statement_queued_timeout_in_seconds": 0,
+    "statement_timeout_in_seconds": 172800,
+    "tags": null
+}

tests/fixtures/sql/network_rule.sql

@@ -0,0 +1,15 @@
+CREATE NETWORK RULE corporate_network
+  TYPE = AWSVPCEID
+  VALUE_LIST = ('vpce-123abc3420c1931')
+  MODE = INTERNAL_STAGE
+  COMMENT = 'corporate privatelink endpoint';
+
+CREATE NETWORK RULE cloud_network
+  TYPE = IPV4
+  VALUE_LIST = ('47.88.25.32/27')
+  COMMENT ='cloud egress ip range';
+
+CREATE NETWORK RULE external_access_rule
+  TYPE = HOST_PORT
+  MODE = EGRESS
+  VALUE_LIST = ('example.com', 'company.com:443');