fix tests

docs/resources/api_authentication_integration_with_authorization_code_grant.md

@@ -50,7 +50,7 @@ resource "snowflake_api_authentication_integration_with_authorization_code_grant
 - `oauth_access_token_validity` (Number) Specifies the default lifetime of the OAuth access token (in seconds) issued by an OAuth server.
 - `oauth_allowed_scopes` (Set of String) Specifies a list of scopes to use when making a request from the OAuth by a role with USAGE on the integration during the OAuth client credentials flow.
 - `oauth_authorization_endpoint` (String) Specifies the URL for authenticating to the external service.
-- `oauth_client_auth_method` (String) Specifies the client ID for the OAuth application in the external service. Valid options are: [CLIENT_SECRET_POST]
+- `oauth_client_auth_method` (String) Specifies that POST is used as the authentication method to the external service. Valid options are: [CLIENT_SECRET_POST]
 - `oauth_grant` (String) Specifies the type of OAuth flow.
 - `oauth_refresh_token_validity` (Number) Specifies the default lifetime of the OAuth access token (in seconds) issued by an OAuth server.
 - `oauth_token_endpoint` (String) Specifies the token endpoint used by the client to obtain an access token by presenting its authorization grant or refresh token. The token endpoint is used with every authorization grant except for the implicit grant type (since an access token is issued directly).

docs/resources/api_authentication_integration_with_client_credentials.md

@@ -48,7 +48,7 @@ resource "snowflake_api_authentication_integration_with_client_credentials" "tes
 - `comment` (String) Specifies a comment for the integration.
 - `oauth_access_token_validity` (Number) Specifies the default lifetime of the OAuth access token (in seconds) issued by an OAuth server.
 - `oauth_allowed_scopes` (Set of String) Specifies a list of scopes to use when making a request from the OAuth by a role with USAGE on the integration during the OAuth client credentials flow.
-- `oauth_client_auth_method` (String) Specifies the client ID for the OAuth application in the external service. Valid options are: [CLIENT_SECRET_POST]
+- `oauth_client_auth_method` (String) Specifies that POST is used as the authentication method to the external service. Valid options are: [CLIENT_SECRET_POST]
 - `oauth_grant` (String) Specifies the type of OAuth flow.
 - `oauth_refresh_token_validity` (Number) Specifies the default lifetime of the OAuth access token (in seconds) issued by an OAuth server.
 - `oauth_token_endpoint` (String) Specifies the token endpoint used by the client to obtain an access token by presenting its authorization grant or refresh token. The token endpoint is used with every authorization grant except for the implicit grant type (since an access token is issued directly).

docs/resources/api_authentication_integration_with_jwt_bearer.md

@@ -14,10 +14,11 @@ description: |-
 ```terraform
 # basic resource
 resource "snowflake_api_authentication_integration_with_jwt_bearer" "test" {
-  enabled             = true
-  name                = "foo"
-  oauth_client_id     = "foo"
-  oauth_client_secret = "foo"
+  enabled                = true
+  name                   = "foo"
+  oauth_client_id        = "foo"
+  oauth_client_secret    = "foo"
+  oauth_assertion_issuer = "foo"
 }
 # resource with all fields set
 resource "snowflake_api_authentication_integration_with_jwt_bearer" "test" {
@@ -31,6 +32,7 @@ resource "snowflake_api_authentication_integration_with_jwt_bearer" "test" {
   oauth_client_secret          = "foo"
   oauth_refresh_token_validity = 42
   oauth_token_endpoint         = "https://example.com"
+  oauth_assertion_issuer       = "foo"
 }
 ```
 
@@ -50,7 +52,7 @@ resource "snowflake_api_authentication_integration_with_jwt_bearer" "test" {
 - `comment` (String) Specifies a comment for the integration.
 - `oauth_access_token_validity` (Number) Specifies the default lifetime of the OAuth access token (in seconds) issued by an OAuth server.
 - `oauth_authorization_endpoint` (String) Specifies the URL for authenticating to the external service.
-- `oauth_client_auth_method` (String) Specifies the client ID for the OAuth application in the external service. Valid options are: [CLIENT_SECRET_POST]
+- `oauth_client_auth_method` (String) Specifies that POST is used as the authentication method to the external service. Valid options are: [CLIENT_SECRET_POST]
 - `oauth_grant` (String) Specifies the type of OAuth flow.
 - `oauth_refresh_token_validity` (Number) Specifies the default lifetime of the OAuth access token (in seconds) issued by an OAuth server.
 - `oauth_token_endpoint` (String) Specifies the token endpoint used by the client to obtain an access token by presenting its authorization grant or refresh token. The token endpoint is used with every authorization grant except for the implicit grant type (since an access token is issued directly).

pkg/acceptance/helpers/security_integration_client.go

@@ -27,7 +27,7 @@ func (c *SecurityIntegrationClient) client() sdk.SecurityIntegrations {
 
 func (c *SecurityIntegrationClient) CreateSaml2(t *testing.T, id sdk.AccountObjectIdentifier) (*sdk.SecurityIntegration, func()) {
 	t.Helper()
-	return c.CreateSaml2WithRequest(t, sdk.NewCreateSaml2SecurityIntegrationRequest(id, c.ids.Alpha(), "https://example.com", "Custom", random.GenerateX509(t)))
+	return c.CreateSaml2WithRequest(t, sdk.NewCreateSaml2SecurityIntegrationRequest(id, false, c.ids.Alpha(), "https://example.com", "Custom", random.GenerateX509(t)))
 }
 
 func (c *SecurityIntegrationClient) CreateSaml2WithRequest(t *testing.T, request *sdk.CreateSaml2SecurityIntegrationRequest) (*sdk.SecurityIntegration, func()) {

pkg/sdk/security_integrations_dto_gen.go

@@ -121,6 +121,10 @@ type CreateOauthForPartnerApplicationsSecurityIntegrationRequest struct {
 	Comment                   *string
 }
 
+func (r *CreateOauthForPartnerApplicationsSecurityIntegrationRequest) GetName() AccountObjectIdentifier {
+	return r.name
+}
+
 type CreateOauthForCustomClientsSecurityIntegrationRequest struct {
 	OrReplace                   *bool
 	IfNotExists                 *bool
@@ -141,6 +145,10 @@ type CreateOauthForCustomClientsSecurityIntegrationRequest struct {
 	Comment                     *string
 }
 
+func (r *CreateOauthForCustomClientsSecurityIntegrationRequest) GetName() AccountObjectIdentifier {
+	return r.name
+}
+
 type PreAuthorizedRolesListRequest struct {
 	PreAuthorizedRolesList []AccountObjectIdentifier
 }
@@ -168,6 +176,10 @@ type CreateSaml2SecurityIntegrationRequest struct {
 	Comment                        *string
 }
 
+func (r *CreateSaml2SecurityIntegrationRequest) GetName() AccountObjectIdentifier {
+	return r.name
+}
+
 type CreateScimSecurityIntegrationRequest struct {
 	OrReplace     *bool
 	IfNotExists   *bool
@@ -180,6 +192,10 @@ type CreateScimSecurityIntegrationRequest struct {
 	Comment       *string
 }
 
+func (r *CreateScimSecurityIntegrationRequest) GetName() AccountObjectIdentifier {
+	return r.name
+}
+
 type AlterApiAuthenticationWithClientCredentialsFlowSecurityIntegrationRequest struct {
 	IfExists  *bool
 	name      AccountObjectIdentifier // required

pkg/sdk/security_integrations_gen.go

@@ -501,6 +501,14 @@ type SecurityIntegrationProperty struct {
 	Default string
 }
 
+func (s SecurityIntegrationProperty) GetName() string {
+	return s.Name
+}
+
+func (s SecurityIntegrationProperty) GetDefault() string {
+	return s.Default
+}
+
 // ShowSecurityIntegrationOptions is based on https://docs.snowflake.com/en/sql-reference/sql/show-integrations.
 type ShowSecurityIntegrationOptions struct {
 	show                 bool  `ddl:"static" sql:"SHOW"`

pkg/sdk/security_integrations_gen_test.go

@@ -95,10 +95,11 @@ func TestSecurityIntegrations_CreateApiAuthenticationWithAuthorizationCodeGrantF
 		opts.OauthGrantAuthorizationCode = Pointer(true)
 		opts.OauthAccessTokenValidity = Pointer(42)
 		opts.OauthRefreshTokenValidity = Pointer(42)
+		opts.OauthAllowedScopes = []AllowedScope{{Scope: "bar"}}
 		opts.Comment = Pointer("foo")
 		assertOptsValidAndSQLEquals(t, opts, "CREATE SECURITY INTEGRATION IF NOT EXISTS %s TYPE = API_AUTHENTICATION AUTH_TYPE = OAUTH2 ENABLED = true OAUTH_AUTHORIZATION_ENDPOINT = 'foo'"+
 			" OAUTH_TOKEN_ENDPOINT = 'foo' OAUTH_CLIENT_AUTH_METHOD = CLIENT_SECRET_POST OAUTH_CLIENT_ID = 'foo' OAUTH_CLIENT_SECRET = 'bar' OAUTH_GRANT = AUTHORIZATION_CODE"+
-			" OAUTH_ACCESS_TOKEN_VALIDITY = 42 OAUTH_REFRESH_TOKEN_VALIDITY = 42 COMMENT = 'foo'", id.FullyQualifiedName())
+			" OAUTH_ACCESS_TOKEN_VALIDITY = 42 OAUTH_REFRESH_TOKEN_VALIDITY = 42 OAUTH_ALLOWED_SCOPES = ('bar') COMMENT = 'foo'", id.FullyQualifiedName())
 	})
 }
 
@@ -597,11 +598,12 @@ func TestSecurityIntegrations_AlterApiAuthenticationWithAuthorizationCodeFlow(t
 			OauthGrantAuthorizationCode: Pointer(true),
 			OauthAccessTokenValidity:    Pointer(42),
 			OauthRefreshTokenValidity:   Pointer(42),
+			OauthAllowedScopes:          []AllowedScope{{Scope: "bar"}},
 			Comment:                     Pointer("foo"),
 		}
 		assertOptsValidAndSQLEquals(t, opts, "ALTER SECURITY INTEGRATION %s SET ENABLED = true, OAUTH_TOKEN_ENDPOINT = 'foo', OAUTH_CLIENT_AUTH_METHOD = CLIENT_SECRET_POST,"+
 			" OAUTH_CLIENT_ID = 'foo', OAUTH_CLIENT_SECRET = 'foo', OAUTH_GRANT = AUTHORIZATION_CODE, OAUTH_ACCESS_TOKEN_VALIDITY = 42,"+
-			" OAUTH_REFRESH_TOKEN_VALIDITY = 42, COMMENT = 'foo'", id.FullyQualifiedName())
+			" OAUTH_REFRESH_TOKEN_VALIDITY = 42, OAUTH_ALLOWED_SCOPES = ('bar'), COMMENT = 'foo'", id.FullyQualifiedName())
 	})
 
 	t.Run("all options - unset", func(t *testing.T) {

pkg/sdk/security_integrations_impl_gen.go

@@ -438,7 +438,6 @@ func (r *AlterExternalOauthSecurityIntegrationRequest) toOpts() *AlterExternalOa
 	}
 
 	if r.Set != nil {
-
 		opts.Set = &ExternalOauthIntegrationSet{
 			Enabled:                            r.Set.Enabled,
 			ExternalOauthType:                  r.Set.ExternalOauthType,
@@ -472,7 +471,6 @@ func (r *AlterExternalOauthSecurityIntegrationRequest) toOpts() *AlterExternalOa
 				AudienceList: r.Set.ExternalOauthAudienceList.AudienceList,
 			}
 		}
-
 	}
 
 	if r.Unset != nil {
@@ -494,7 +492,6 @@ func (r *AlterOauthForPartnerApplicationsSecurityIntegrationRequest) toOpts() *A
 	}
 
 	if r.Set != nil {
-
 		opts.Set = &OauthForPartnerApplicationsIntegrationSet{
 			Enabled:                   r.Set.Enabled,
 			OauthIssueRefreshTokens:   r.Set.OauthIssueRefreshTokens,
@@ -510,7 +507,6 @@ func (r *AlterOauthForPartnerApplicationsSecurityIntegrationRequest) toOpts() *A
 				BlockedRolesList: r.Set.BlockedRolesList.BlockedRolesList,
 			}
 		}
-
 	}
 
 	if r.Unset != nil {
@@ -532,7 +528,6 @@ func (r *AlterOauthForCustomClientsSecurityIntegrationRequest) toOpts() *AlterOa
 	}
 
 	if r.Set != nil {
-
 		opts.Set = &OauthForCustomClientsIntegrationSet{
 			Enabled:                     r.Set.Enabled,
 			OauthRedirectUri:            r.Set.OauthRedirectUri,
@@ -559,7 +554,6 @@ func (r *AlterOauthForCustomClientsSecurityIntegrationRequest) toOpts() *AlterOa
 				BlockedRolesList: r.Set.BlockedRolesList.BlockedRolesList,
 			}
 		}
-
 	}
 
 	if r.Unset != nil {

pkg/sdk/testint/security_integrations_gen_integration_test.go

@@ -96,7 +96,7 @@ func TestInt_SecurityIntegrations(t *testing.T) {
 	createOauthCustom := func(t *testing.T, with func(*sdk.CreateOauthForCustomClientsSecurityIntegrationRequest)) (*sdk.SecurityIntegration, sdk.AccountObjectIdentifier) {
 		t.Helper()
 		id := testClientHelper().Ids.RandomAccountObjectIdentifier()
-		req := sdk.NewCreateOauthForCustomClientsSecurityIntegrationRequest(id, sdk.OauthSecurityIntegrationClientTypePublic)
+		req := sdk.NewCreateOauthForCustomClientsSecurityIntegrationRequest(id, sdk.OauthSecurityIntegrationClientTypePublic, "https://example.com")
 		if with != nil {
 			with(req)
 		}
@@ -129,7 +129,7 @@ func TestInt_SecurityIntegrations(t *testing.T) {
 		t.Helper()
 		id := testClientHelper().Ids.RandomAccountObjectIdentifier()
 		issuer := testClientHelper().Ids.Alpha()
-		saml2Req := sdk.NewCreateSaml2SecurityIntegrationRequest(id, issuer, "https://example.com", "Custom", cert)
+		saml2Req := sdk.NewCreateSaml2SecurityIntegrationRequest(id, false, issuer, "https://example.com", "Custom", cert)
 		if with != nil {
 			with(saml2Req)
 		}