[Bug]: Case Sensitive Network Policy with snowflake_oauth_integration_for_custom_clients

[jdoldis]

Terraform CLI Version

1.9.8

Terraform Provider Version

0.98

Company Name

No response

Use Cases or Problem Statement

The provider quotes network policies using double quotes in the snowflake_oauth_integration_for_custom_clients resource. For example, ALTER SECURITY INTEGRATION "<integration>" SET NETWORK_POLICY = "<policy>". However, this does not account for the casing of the network policy name. We use lower case names, and are getting failures with this syntax as double quotes results in Snowflake trying to upper case the name.

Snowflake recommended quoting network policy names with '" (a single followed by a double quote), which works. For example ALTER SECURITY INTEGRATION "<integration>" SET NETWORK_POLICY = '"<policy>"';. The same applies to create statements.

This could apply to many cases, but the specific parts of the code this issue references would be:

• https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/pkg/sdk/security_integrations_gen.go#L185
• https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/pkg/sdk/security_integrations_gen.go#L404

I suspect this may been a change on Snowflake side, as I've never had to mix single and double quotes until this point. Is your team aware of the change, and if so is there a plan to support this quoting style?

Terraform Configuration

An example configuration with a network policy that contains lower case characters:

resource "snowflake_oauth_integration_for_custom_clients" "test" {
  name               = <name>
  oauth_redirect_uri = <oauth_redirect_uri>
  oauth_client_type  = <oauth_client_type>
  blocked_roles_list = <blocked_roles_list>
  network_policy     = “<Network policy name including lower case characters>”
}

Category

category:resource

Object type(s)

No response

Expected Behavior

snowflake_oauth_integration_for_custom_clients resource respects the case of the network policy name.

Actual Behavior

snowflake_oauth_integration_for_custom_clients resource does not respect the case of the network policy name.

Steps to Reproduce

1. Create a network policy with a name that includes lower case characters.
2. Configure snowflake_oauth_integration_for_custom_clients with this network policy name. Application should fail due to the network policy not existing. This can also be tested in Snowflake directly by creating a security integration with the lower case network policy name, quoted with double quotes.

How much impact is this issue causing?

Low

Logs

No response

Additional Information

No response

Would you like to implement a fix?

• Yeah, I'll take it 😎

[sfc-gh-jmichalak]

Hi @jdoldis 👋

We believe this is a bug in Snowflake. Assigning a network policy with lowercase letters to an integration policy does not work in Snowsight. I think I saw a similar issue in streamlits. For now, please use network policies with uppercase letters only or use unsafe_execute with an additional ', as you suggested.

We will push it internally. We experimented with mixing ' and " for multiple resources but it always had some quirks, so we would prefer it to work with double quotes, like in other objects.