Merge pull request #20 from artie-labs/dana/sensitive-values

Add sensitive fields

docs/resources/deployment.md

@@ -65,6 +65,7 @@ Required:
 
 - `database` (String)
 - `host` (String)
+- `password` (String, Sensitive)
 - `port` (Number)
 - `user` (String)
 

docs/resources/destination.md

@@ -38,11 +38,15 @@ Optional:
 
 - `aws_access_key_id` (String)
 - `aws_region` (String)
+- `aws_secret_access_key` (String, Sensitive)
 - `endpoint` (String)
+- `gcp_credentials_data` (String, Sensitive)
 - `gcp_location` (String)
 - `gcp_project_id` (String)
 - `host` (String)
+- `password` (String, Sensitive)
 - `port` (Number)
 - `snowflake_account_url` (String)
+- `snowflake_private_key` (String, Sensitive)
 - `snowflake_virtual_dwh` (String)
 - `username` (String)

examples/deployments/main.tf

@@ -11,78 +11,103 @@ provider "artie" {
 }
 
 import {
-  to = artie_destination.bigquery
-  id = "fa7d4efc-3957-41e5-b29c-66e2d49bffde"
+  to = artie_destination.snowflake
+  id = "51b180a0-fbb9-49a2-ab45-cb46d913416d"
 }
 
-resource "artie_destination" "bigquery" {
-  name  = "BigQuery"
-  label = "BigQuery"
-  config = {
-    gcp_location   = "us"
-    gcp_project_id = "artie-labs"
-  }
+import {
+  to = artie_deployment.dev_postgres_to_snowflake
+  id = "c3dfa503-b6ae-48f3-a6b1-8491a506126d"
 }
 
-import {
-  to = artie_deployment.example
-  id = "38d5d2db-870a-4a38-a76c-9891b0e5122d"
+variable "snowflake_password" {
+  type      = string
+  sensitive = true
+}
+variable "postgres_password" {
+  type      = string
+  sensitive = true
 }
 
-resource "artie_deployment" "example" {
-  name = "MongoDB ➡️ BigQuery"
+resource "artie_destination" "snowflake" {
+  name  = "Snowflake"
+  label = "Snowflake (Partner Account)"
+  config = {
+    snowflake_account_url = "https://znb46775.snowflakecomputing.com"
+    username              = "tang8330"
+    password              = var.snowflake_password
+    snowflake_virtual_dwh = "compute_wh"
+  }
+}
+
+resource "artie_deployment" "dev_postgres_to_snowflake" {
+  name = "Dev PostgreSQL > Snowflake"
   source = {
-    name = "MongoDB"
+    name = "PostgreSQL"
     config = {
-      database = "myFirstDatabase"
-      host     = "mongodb+srv://cluster0.szddg49.mongodb.net/"
-      port     = 0
-      user     = "artie"
+      host     = "db-postgresql-sfo3-03243-do-user-13261354-0.c.db.ondigitalocean.com"
+      port     = 25060
+      database = "prod_dump_july_2024_4cvzb"
+      user     = "doadmin"
+      password = var.postgres_password
       dynamodb = {}
     }
     tables = [
       {
-        name   = "customers"
-        schema = ""
-        advanced_settings = {
-          skip_delete = false
-        }
-      },
-      {
-        name              = "stock"
-        schema            = ""
+        name              = "invite"
+        schema            = "public"
         advanced_settings = {}
       }
     ]
   }
-  destination_uuid = artie_destination.bigquery.uuid
+  destination_uuid = artie_destination.snowflake.uuid
   destination_config = {
-    dataset = "customers"
-  }
-  advanced_settings = {
-    enable_soft_delete     = true
-    flush_interval_seconds = 60
+    database = "DEV_TEST"
+    schema   = "PUBLIC"
   }
+  advanced_settings = {}
 }
 
-# resource "artie_destination" "bigquery2" {
+# import {
+#   to = artie_destination.bigquery
+#   id = "fa7d4efc-3957-41e5-b29c-66e2d49bffde"
+# }
+
+# variable "mongodb_password" {
+#   type      = string
+#   sensitive = true
+# }
+
+# variable "gcp_creds" {
+#   type      = string
+#   sensitive = true
+# }
+
+# resource "artie_destination" "bigquery" {
 #   name  = "BigQuery"
-#   label = "BigQuery2 (to delete)"
+#   label = "BigQuery"
 #   config = {
-#     gcp_location   = "us"
-#     gcp_project_id = "artie-labs"
+#     gcp_location         = "us"
+#     gcp_project_id       = "artie-labs"
+#     gcp_credentials_data = var.gcp_creds
 #   }
 # }
 
-# resource "artie_deployment" "newdeployment" {
-#   name = "New deployment from tf"
+# import {
+#   to = artie_deployment.example
+#   id = "38d5d2db-870a-4a38-a76c-9891b0e5122d"
+# }
+
+# resource "artie_deployment" "example" {
+#   name = "MongoDB ➡️ BigQuery"
 #   source = {
 #     name = "MongoDB"
 #     config = {
 #       database = "myFirstDatabase"
 #       host     = "mongodb+srv://cluster0.szddg49.mongodb.net/"
 #       port     = 0
 #       user     = "artie"
+#       password = var.mongodb_password
 #       dynamodb = {}
 #     }
 #     tables = [
@@ -93,11 +118,19 @@ resource "artie_deployment" "example" {
 #           skip_delete = false
 #         }
 #       },
+#       {
+#         name              = "stock"
+#         schema            = ""
+#         advanced_settings = {}
+#       }
 #     ]
 #   }
-#   destination_uuid = artie_destination.bigquery2.uuid
+#   destination_uuid = artie_destination.bigquery.uuid
 #   destination_config = {
 #     dataset = "customers"
 #   }
-#   advanced_settings = {}
+#   advanced_settings = {
+#     enable_soft_delete     = true
+#     flush_interval_seconds = 60
+#   }
 # }

internal/provider/deployment_resource.go

@@ -60,6 +60,7 @@ func (r *DeploymentResource) Schema(ctx context.Context, req resource.SchemaRequ
 							"snapshot_host": schema.StringAttribute{Optional: true, Computed: true, Default: stringdefault.StaticString("")},
 							"port":          schema.Int64Attribute{Required: true},
 							"user":          schema.StringAttribute{Required: true},
+							"password":      schema.StringAttribute{Required: true, Sensitive: true},
 							"database":      schema.StringAttribute{Required: true},
 							"dynamodb": schema.SingleNestedAttribute{
 								Optional: true,
@@ -71,7 +72,6 @@ func (r *DeploymentResource) Schema(ctx context.Context, req resource.SchemaRequ
 									"aws_secret_access_key": schema.StringAttribute{Optional: true, Computed: true, Default: stringdefault.StaticString("")},
 								},
 							},
-							// TODO Password
 						},
 					},
 					"tables": schema.ListNestedAttribute{

internal/provider/destination_resource.go

@@ -54,12 +54,16 @@ func (r *DestinationResource) Schema(ctx context.Context, req resource.SchemaReq
 					"port":                  schema.Int64Attribute{Optional: true, Computed: true, Default: int64default.StaticInt64(0)},
 					"endpoint":              schema.StringAttribute{Optional: true, Computed: true, Default: stringdefault.StaticString("")},
 					"username":              schema.StringAttribute{Optional: true, Computed: true, Default: stringdefault.StaticString("")},
+					"password":              schema.StringAttribute{Optional: true, Computed: true, Sensitive: true, Default: stringdefault.StaticString("")},
 					"gcp_project_id":        schema.StringAttribute{Optional: true, Computed: true, Default: stringdefault.StaticString("")},
 					"gcp_location":          schema.StringAttribute{Optional: true, Computed: true, Default: stringdefault.StaticString("")},
+					"gcp_credentials_data":  schema.StringAttribute{Optional: true, Computed: true, Sensitive: true, Default: stringdefault.StaticString("")},
 					"aws_access_key_id":     schema.StringAttribute{Optional: true, Computed: true, Default: stringdefault.StaticString("")},
+					"aws_secret_access_key": schema.StringAttribute{Optional: true, Computed: true, Sensitive: true, Default: stringdefault.StaticString("")},
 					"aws_region":            schema.StringAttribute{Optional: true, Computed: true, Default: stringdefault.StaticString("")},
 					"snowflake_account_url": schema.StringAttribute{Optional: true, Computed: true, Default: stringdefault.StaticString("")},
 					"snowflake_virtual_dwh": schema.StringAttribute{Optional: true, Computed: true, Default: stringdefault.StaticString("")},
+					"snowflake_private_key": schema.StringAttribute{Optional: true, Computed: true, Sensitive: true, Default: stringdefault.StaticString("")},
 				},
 			},
 		},

internal/provider/models/deployment_api_model.go

@@ -28,9 +28,9 @@ type SourceConfigAPIModel struct {
 	SnapshotHost string                 `json:"snapshotHost"`
 	Port         int64                  `json:"port"`
 	User         string                 `json:"user"`
+	Password     string                 `json:"password"`
 	Database     string                 `json:"database"`
 	DynamoDB     DynamoDBConfigAPIModel `json:"dynamodb"`
-	// TODO Password
 }
 
 type DynamoDBConfigAPIModel struct {

internal/provider/models/deployment_resource_model.go

@@ -28,7 +28,7 @@ type SourceConfigModel struct {
 	User         types.String         `tfsdk:"user"`
 	Database     types.String         `tfsdk:"database"`
 	DynamoDB     *DynamoDBConfigModel `tfsdk:"dynamodb"`
-	// TODO Password
+	Password     types.String         `tfsdk:"password"`
 }
 
 type DynamoDBConfigModel struct {

internal/provider/models/destination_api_model.go

@@ -15,15 +15,14 @@ type DestinationSharedConfigAPIModel struct {
 	Port                int64  `json:"port"`
 	Endpoint            string `json:"endpoint"`
 	Username            string `json:"username"`
+	Password            string `json:"password"`
 	GCPProjectID        string `json:"projectID"`
 	GCPLocation         string `json:"location"`
+	GCPCredentialsData  string `json:"credentialsData"`
 	AWSAccessKeyID      string `json:"awsAccessKeyID"`
+	AWSSecretAccessKey  string `json:"awsSecretAccessKey"`
 	AWSRegion           string `json:"awsRegion"`
 	SnowflakeAccountURL string `json:"accountURL"`
 	SnowflakeVirtualDWH string `json:"virtualDWH"`
-	// TODO sensitive fields
-	// Password           string `json:"password"`
-	// GCPCredentialsData string `json:"credentialsData"`
-	// AWSSecretAccessKey string `json:"awsSecretAccessKey"`
-	// SnowflakePrivateKey string `json:"privateKey"`
+	SnowflakePrivateKey string `json:"privateKey"`
 }

internal/provider/models/destination_resource_model.go

@@ -17,15 +17,14 @@ type DestinationSharedConfigModel struct {
 	Port                types.Int64  `tfsdk:"port"`
 	Endpoint            types.String `tfsdk:"endpoint"`
 	Username            types.String `tfsdk:"username"`
+	Password            types.String `tfsdk:"password"`
 	GCPProjectID        types.String `tfsdk:"gcp_project_id"`
 	GCPLocation         types.String `tfsdk:"gcp_location"`
+	GCPCredentialsData  types.String `tfsdk:"gcp_credentials_data"`
 	AWSAccessKeyID      types.String `tfsdk:"aws_access_key_id"`
+	AWSSecretAccessKey  types.String `tfsdk:"aws_secret_access_key"`
 	AWSRegion           types.String `tfsdk:"aws_region"`
 	SnowflakeAccountURL types.String `tfsdk:"snowflake_account_url"`
 	SnowflakeVirtualDWH types.String `tfsdk:"snowflake_virtual_dwh"`
-	// TODO sensitive fields
-	// Password           types.String `tfsdk:"password"`
-	// GCPCredentialsData types.String `tfsdk:"gcp_credentials_data"`
-	// AWSSecretAccessKey types.String `tfsdk:"aws_secret_access_key"`
-	// SnowflakePrivateKey types.String `tfsdk:"snowflake_private_key"`
+	SnowflakePrivateKey types.String `tfsdk:"snowflake_private_key"`
 }

internal/provider/models/translate_deployment.go

@@ -44,6 +44,7 @@ func DeploymentAPIToResourceModel(apiModel DeploymentAPIModel, resourceModel *De
 			SnapshotHost: types.StringValue(apiModel.Source.Config.SnapshotHost),
 			Port:         types.Int64Value(apiModel.Source.Config.Port),
 			User:         types.StringValue(apiModel.Source.Config.User),
+			Password:     types.StringValue(apiModel.Source.Config.Password),
 			Database:     types.StringValue(apiModel.Source.Config.Database),
 			DynamoDB: &DynamoDBConfigModel{
 				Region:             types.StringValue(apiModel.Source.Config.DynamoDB.Region),
@@ -52,7 +53,6 @@ func DeploymentAPIToResourceModel(apiModel DeploymentAPIModel, resourceModel *De
 				AwsAccessKeyID:     types.StringValue(apiModel.Source.Config.DynamoDB.AwsAccessKeyID),
 				AwsSecretAccessKey: types.StringValue(apiModel.Source.Config.DynamoDB.AwsSecretAccessKey),
 			},
-			// TODO Password
 		},
 		Tables: tables,
 	}
@@ -126,6 +126,7 @@ func DeploymentResourceToAPIModel(resourceModel DeploymentResourceModel) Deploym
 				SnapshotHost: resourceModel.Source.Config.SnapshotHost.ValueString(),
 				Port:         resourceModel.Source.Config.Port.ValueInt64(),
 				User:         resourceModel.Source.Config.User.ValueString(),
+				Password:     resourceModel.Source.Config.Password.ValueString(),
 				Database:     resourceModel.Source.Config.Database.ValueString(),
 				DynamoDB: DynamoDBConfigAPIModel{
 					Region:             resourceModel.Source.Config.DynamoDB.Region.ValueString(),
@@ -134,7 +135,6 @@ func DeploymentResourceToAPIModel(resourceModel DeploymentResourceModel) Deploym
 					AwsAccessKeyID:     resourceModel.Source.Config.DynamoDB.AwsAccessKeyID.ValueString(),
 					AwsSecretAccessKey: resourceModel.Source.Config.DynamoDB.AwsSecretAccessKey.ValueString(),
 				},
-				// TODO Password
 			},
 			Tables: tables,
 		},

internal/provider/models/translate_destination.go

@@ -18,17 +18,16 @@ func DestinationAPIToResourceModel(apiModel DestinationAPIModel, resourceModel *
 		Port:                types.Int64Value(apiModel.Config.Port),
 		Endpoint:            types.StringValue(apiModel.Config.Endpoint),
 		Username:            types.StringValue(apiModel.Config.Username),
+		Password:            types.StringValue(apiModel.Config.Password),
 		GCPProjectID:        types.StringValue(apiModel.Config.GCPProjectID),
 		GCPLocation:         types.StringValue(apiModel.Config.GCPLocation),
+		GCPCredentialsData:  types.StringValue(apiModel.Config.GCPCredentialsData),
 		AWSAccessKeyID:      types.StringValue(apiModel.Config.AWSAccessKeyID),
+		AWSSecretAccessKey:  types.StringValue(apiModel.Config.AWSSecretAccessKey),
 		AWSRegion:           types.StringValue(apiModel.Config.AWSRegion),
 		SnowflakeAccountURL: types.StringValue(apiModel.Config.SnowflakeAccountURL),
 		SnowflakeVirtualDWH: types.StringValue(apiModel.Config.SnowflakeVirtualDWH),
-		// TODO sensitive fields
-		// Password:            types.StringValue(apiModel.Config.Password),
-		// GCPCredentialsData:  types.StringValue(apiModel.Config.GCPCredentialsData),
-		// AWSSecretAccessKey:  types.StringValue(apiModel.Config.AWSSecretAccessKey),
-		// SnowflakePrivateKey: types.StringValue(apiModel.Config.SnowflakePrivateKey),
+		SnowflakePrivateKey: types.StringValue(apiModel.Config.SnowflakePrivateKey),
 	}
 }
 
@@ -49,17 +48,16 @@ func DestinationResourceToAPIModel(resourceModel DestinationResourceModel) Desti
 			Port:                resourceModel.Config.Port.ValueInt64(),
 			Endpoint:            resourceModel.Config.Endpoint.ValueString(),
 			Username:            resourceModel.Config.Username.ValueString(),
+			Password:            resourceModel.Config.Password.ValueString(),
 			GCPProjectID:        resourceModel.Config.GCPProjectID.ValueString(),
 			GCPLocation:         resourceModel.Config.GCPLocation.ValueString(),
+			GCPCredentialsData:  resourceModel.Config.GCPCredentialsData.ValueString(),
 			AWSAccessKeyID:      resourceModel.Config.AWSAccessKeyID.ValueString(),
+			AWSSecretAccessKey:  resourceModel.Config.AWSSecretAccessKey.ValueString(),
 			AWSRegion:           resourceModel.Config.AWSRegion.ValueString(),
 			SnowflakeAccountURL: resourceModel.Config.SnowflakeAccountURL.ValueString(),
 			SnowflakeVirtualDWH: resourceModel.Config.SnowflakeVirtualDWH.ValueString(),
-			// TODO sensitive fields
-			// Password:            resourceModel.Config.Password.ValueString(),
-			// GCPCredentialsData:  resourceModel.Config.GCPCredentialsData.ValueString(),
-			// AWSSecretAccessKey:  resourceModel.Config.AWSSecretAccessKey.ValueString(),
-			// SnowflakePrivateKey: resourceModel.Config.SnowflakePrivateKey.ValueString(),
+			SnowflakePrivateKey: resourceModel.Config.SnowflakePrivateKey.ValueString(),
 		},
 	}
 }