fix: oauth integration

docs/resources/oauth_integration.md

@@ -36,6 +36,7 @@ resource "snowflake_oauth_integration" "tableau_desktop" {
 - `blocked_roles_list` (Set of String) List of roles that a user cannot explicitly consent to using after authenticating. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
 - `comment` (String) Specifies a comment for the OAuth integration.
 - `enabled` (Boolean) Specifies whether this OAuth integration is enabled or disabled.
+- `oauth_client_type` (String) Specifies the type of client being registered. Snowflake supports both confidential and public clients.
 - `oauth_issue_refresh_tokens` (Boolean) Specifies whether to allow the client to exchange a refresh token for an access token when the current access token has expired.
 - `oauth_redirect_uri` (String) Specifies the client URI. After a user is authenticated, the web browser is redirected to this URI.
 - `oauth_refresh_token_validity` (Number) Specifies how long refresh tokens should be valid (in seconds). OAUTH_ISSUE_REFRESH_TOKENS must be set to TRUE.

pkg/resources/oauth_integration.go

@@ -33,6 +33,14 @@ var oauthIntegrationSchema = map[string]*schema.Schema{
 		Optional:    true,
 		Description: "Specifies the client URI. After a user is authenticated, the web browser is redirected to this URI.",
 	},
+	"oauth_client_type": {
+		Type:        schema.TypeString,
+		Optional:    true,
+		Description: "Specifies the type of client being registered. Snowflake supports both confidential and public clients.",
+		ValidateFunc: validation.StringInSlice([]string{
+			"CONFIDENTIAL", "PUBLIC",
+		}, false),
+	},
 	"oauth_issue_refresh_tokens": {
 		Type:        schema.TypeBool,
 		Optional:    true,
@@ -104,7 +112,9 @@ func CreateOAuthIntegration(d *schema.ResourceData, meta interface{}) error {
 	if _, ok := d.GetOk("oauth_redirect_uri"); ok {
 		stmt.SetString(`OAUTH_REDIRECT_URI`, d.Get("oauth_redirect_uri").(string))
 	}
-
+	if _, ok := d.GetOk("oauth_client_type"); ok {
+		stmt.SetString(`OAUTH_CLIENT_TYPE`, d.Get("oauth_client_type").(string))
+	}
 	if _, ok := d.GetOk("oauth_issue_refresh_tokens"); ok {
 		stmt.SetBool(`OAUTH_ISSUE_REFRESH_TOKENS`, d.Get("oauth_issue_refresh_tokens").(bool))
 	}
@@ -233,7 +243,9 @@ func ReadOAuthIntegration(d *schema.ResourceData, meta interface{}) error {
 				return errors.Wrap(err, "unable to set OAuth redirect URI for security integration")
 			}
 		case "OAUTH_CLIENT_TYPE":
-			// Only used for custom OAuth clients (not supported yet)
+			if err = d.Set("oauth_client_type", v.(string)); err != nil {
+				return errors.Wrap(err, "unable to set OAuth client type for security integration")
+			}
 		case "OAUTH_ENFORCE_PKCE":
 			// Only used for custom OAuth clients (not supported yet)
 		case "OAUTH_AUTHORIZATION_ENDPOINT":
@@ -274,6 +286,11 @@ func UpdateOAuthIntegration(d *schema.ResourceData, meta interface{}) error {
 		stmt.SetString(`OAUTH_REDIRECT_URI`, d.Get("oauth_redirect_uri").(string))
 	}
 
+	if d.HasChange("oauth_client_type") {
+		runSetStatement = true
+		stmt.SetString(`OAUTH_CLIENT_TYPE`, d.Get("oauth_client_type").(string))
+	}
+
 	if d.HasChange("oauth_issue_refresh_tokens") {
 		runSetStatement = true
 		stmt.SetBool(`OAUTH_ISSUE_REFRESH_TOKENS`, d.Get("oauth_issue_refresh_tokens").(bool))

pkg/resources/oauth_integration_acceptance_test.go

@@ -42,6 +42,7 @@ func oauthIntegrationConfig(name string, integrationType string) string {
 	resource "snowflake_oauth_integration" "test" {
 		name                         = "%s"
 		oauth_client                 = "%s"
+		oauth_client_type            = "PUBLIC"
 		enabled                      = true
   		oauth_issue_refresh_tokens   = true
   		oauth_refresh_token_validity = 3600

pkg/resources/task.go

@@ -16,7 +16,7 @@ import (
 )
 
 const (
-	taskIDDelimiter           = '|'
+	taskIDDelimiter = '|'
 )
 
 var taskSchema = map[string]*schema.Schema{