Add snowflake integration (#148)

* Add snowflake integration

* add to provider

* Add strongly typed selectors and availabilities for Snowflake

* add to provider

* make gen

* remove dupe

* bump sdk

.changeset/olive-kiwis-complain.md

@@ -0,0 +1,5 @@
+---
+"@common-fate/terraform-provider-commonfate": minor
+---
+
+Add Snowflake integration

docs/resources/snowflake_account_availability.md

@@ -0,0 +1,32 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "commonfate_snowflake_account_availability Resource - commonfate"
+subcategory: ""
+description: |-
+  A specifier to make a single Snowflake Account available for selection under a particular Access Workflow
+---
+
+# commonfate_snowflake_account_availability (Resource)
+
+A specifier to make a single Snowflake Account available for selection under a particular Access Workflow
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `snowflake_account_id` (String) The target to make available. Should be a Snowflake::Account.
+- `snowflake_account_role` (String) The Snowflake Account Role to make available. Should be a Snowflake::AccountRole
+- `workflow_id` (String) The Access Workflow ID
+
+### Optional
+
+- `role_priority` (Number) The priority that governs which role will be suggested to use in the web app when requesting access. The availability spec with the highest priority will have its role suggested first in the UI
+
+### Read-Only
+
+- `id` (String) The internal Common Fate ID
+
+

docs/resources/snowflake_database_availabilities.md

@@ -0,0 +1,32 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "commonfate_snowflake_database_availabilities Resource - commonfate"
+subcategory: ""
+description: |-
+  A specifier to make Snowflake Databases available for selection under a particular Access Workflow
+---
+
+# commonfate_snowflake_database_availabilities (Resource)
+
+A specifier to make Snowflake Databases available for selection under a particular Access Workflow
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `snowflake_database_role` (String) The Snowflake Database Role to make available
+- `snowflake_database_selector_id` (String) The target to make available. Should be a Selector entity.
+- `workflow_id` (String) The Access Workflow ID
+
+### Optional
+
+- `role_priority` (Number) The priority that governs which role will be suggested to use in the web app when requesting access. The availability spec with the highest priority will have its role suggested first in the UI
+
+### Read-Only
+
+- `id` (String) The internal Common Fate ID
+
+

docs/resources/snowflake_database_selector.md

@@ -0,0 +1,28 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "commonfate_snowflake_database_selector Resource - commonfate"
+subcategory: ""
+description: |-
+  A Selector to match Snowflake Databases with a criteria based on the 'when' field.
+---
+
+# commonfate_snowflake_database_selector (Resource)
+
+A Selector to match Snowflake Databases with a criteria based on the 'when' field.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `id` (String) The ID of the selector
+- `snowflake_account_id` (String) The Snowflake Account ID
+- `when` (String) A Cedar expression with the criteria to match resources on, e.g: `resource.tag_keys contains "production"`
+
+### Optional
+
+- `name` (String) The unique name of the selector. Call this something memorable and relevant to the resources being selected. For example: `prod-database-eng`
+
+

docs/resources/snowflake_integration.md

@@ -0,0 +1,30 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "commonfate_snowflake_integration Resource - commonfate"
+subcategory: ""
+description: |-
+  Registers a Snowflake integration
+---
+
+# commonfate_snowflake_integration (Resource)
+
+Registers a Snowflake integration
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `account_id` (String) The Snowflake Account ID
+- `name` (String) The name of the integration: use a short label which is descriptive of the Snowflake instance you're connecting to
+- `password_secret_path` (String) Path to secret for the password Snowflake Admin account
+- `region` (String) The region that the Snowflake instance is hosted in(e.g ap-southeast-2)
+- `username` (String) Username of the Snowflake Admin account
+
+### Read-Only
+
+- `id` (String) The internal Common Fate ID
+
+

go.mod

@@ -7,7 +7,7 @@ toolchain go1.21.4
 require (
 	connectrpc.com/connect v1.14.0
 	github.com/common-fate/grab v1.1.0
-	github.com/common-fate/sdk v1.68.0
+	github.com/common-fate/sdk v1.70.1
 	github.com/hashicorp/terraform-plugin-docs v0.13.0
 	github.com/hashicorp/terraform-plugin-framework v1.4.2
 	github.com/hashicorp/terraform-plugin-log v0.9.0

go.sum

@@ -42,6 +42,10 @@ github.com/common-fate/grab v1.1.0 h1:HLZPtltdHScYu6qtt/UC78rvwylCTWuyoZoiQXV4QH
 github.com/common-fate/grab v1.1.0/go.mod h1:L0qa03RwqOMZz9PrrWw9eI145i5FQRf+iLtNSJypQvY=
 github.com/common-fate/sdk v1.68.0 h1:Dh4C7oDlmiHRmeDI4TkVkQtM/eAoFqJERo2nKGG/OdA=
 github.com/common-fate/sdk v1.68.0/go.mod h1:OrXhzB2Y1JSrKGHrb4qRmY+6MF2M3MFb+3edBnessXo=
+github.com/common-fate/sdk v1.69.2-0.20241113070817-3ecc2451b18c h1:UZwxZfZQ95cyv9IbYQd7XnDgV1CueX7e56qXt/OiZ+I=
+github.com/common-fate/sdk v1.69.2-0.20241113070817-3ecc2451b18c/go.mod h1:OrXhzB2Y1JSrKGHrb4qRmY+6MF2M3MFb+3edBnessXo=
+github.com/common-fate/sdk v1.70.1 h1:EB4sxv1OrdNA0kZ4vVDom1nGOwbvzVUb6xO4mFYB8oo=
+github.com/common-fate/sdk v1.70.1/go.mod h1:OrXhzB2Y1JSrKGHrb4qRmY+6MF2M3MFb+3edBnessXo=
 github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
 github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
 github.com/danieljoos/wincred v1.1.2 h1:QLdCxFs1/Yl4zduvBdcHB8goaYk9RARS2SgLLRuAyr0=

internal/provider.go

@@ -19,6 +19,7 @@ import (
 	"github.com/common-fate/terraform-provider-commonfate/internal/pagerduty"
 	"github.com/common-fate/terraform-provider-commonfate/internal/proxy"
 	"github.com/common-fate/terraform-provider-commonfate/internal/slack"
+	"github.com/common-fate/terraform-provider-commonfate/internal/snowflake"
 	"github.com/common-fate/terraform-provider-commonfate/internal/webhook"
 	"github.com/hashicorp/terraform-plugin-framework/datasource"
 	"github.com/hashicorp/terraform-plugin-framework/provider"
@@ -183,6 +184,10 @@ func (p *CommonFateProvider) Resources(_ context.Context) []func() resource.Reso
 		NewAWSEKSSelectorResource,
 		NewAWSEKSAvailabilitiesResource,
 		NewAWSEKSAvailabilityResource,
+		NewSnowflakeIntegrationResource,
+		NewSnowflakeAccountAvailabilityResource,
+		NewSnowflakeDatabaseAvailabilitiesResource,
+		NewSnowflakeDatabaseSelectorResource,
 	}
 }
 
@@ -381,3 +386,15 @@ func NewProxyEKSClusterResourceResource() resource.Resource {
 func NewProxyEKSServiceAccountResourceResource() resource.Resource {
 	return &proxy.EKSServiceAccountResource{}
 }
+func NewSnowflakeIntegrationResource() resource.Resource {
+	return &snowflake.SnowflakeIntegrationResource{}
+}
+func NewSnowflakeAccountAvailabilityResource() resource.Resource {
+	return &snowflake.SnowflakeAccountAvailabilityResource{}
+}
+func NewSnowflakeDatabaseAvailabilitiesResource() resource.Resource {
+	return &snowflake.SnowflakeDatabaseAvailabilitiesResource{}
+}
+func NewSnowflakeDatabaseSelectorResource() resource.Resource {
+	return &snowflake.SnowflakeDatabaseSelectorResource{}
+}