Add fully_qualified_name field for remaining resources

Snowflake-Labs · Aug 12, 2024 · 713b060 · 713b060
1 parent d92d1a3
commit 713b060
Show file tree

Hide file tree

Showing 104 changed files with 940 additions and 282 deletions.
diff --git a/MIGRATION_GUIDE.md b/MIGRATION_GUIDE.md
@@ -6,8 +6,8 @@ across different versions.
 
 ## v0.94.x ➞ v0.95.0
 
-### New `fully_qualified_name` field in all resources.
-We added a new `fully_qualified_name` to all resources. This should help with referencing other resources in fields that expect a fully qualified name. For example, instead of
+### New `fully_qualified_name` field in the resources.
+We added a new `fully_qualified_name` to snowflake resources. This should help with referencing other resources in fields that expect a fully qualified name. For example, instead of
 writing
 
 ```object_name = “\”${snowflake_table.database}\”.\”${snowflake_table.schema}\”.\”${snowflake_table.name}\””```
@@ -16,6 +16,27 @@ writing
 
 ```object_name = snowflake_table.fully_qualified_name```
 
+Some of the resources are excluded from this change:
+- deprecated resources
+  - `snowflake_database_old`
+  - `snowflake_oauth_integration`
+  - `snowflake_saml_integration`
+- resources for which fully qualified name is not appropriate
+  - `snowflake_account_parameter`
+  - `snowflake_account_password_policy_attachment`
+  - `snowflake_network_policy_attachment`
+  - `snowflake_session_parameter`
+  - `snowflake_table_constraint`
+  - `snowflake_table_column_masking_policy_application`
+  - `snowflake_tag_masking_policy_association`
+  - `snowflake_tag_association`
+  - `snowflake_user_password_policy_attachment`
+  - `snowflake_user_public_keys`
+  - grant resources
+
+#### *(breaking change)* removed `qualified_name` from `snowflake_masking_policy`, `snowflake_network_rule`, `snowflake_password_policy` and `snowflake_table`
+Because of introducing a new field for all of the resources, `qualified_name` was removed from `snowflake_masking_policy`, `snowflake_network_rule`,  `snowflake_password_policy` and `snowflake_table`. State is automatically migrated.
+
 ### snowflake_user resource changes
 
 #### *(breaking change)* user parameters added to snowflake_user resource

diff --git a/pkg/resources/account.go b/pkg/resources/account.go
@@ -9,7 +9,9 @@ import (
 	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/helpers"
 	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/internal/provider"
 	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/internal/util"
+	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/schemas"
 	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 )
@@ -202,6 +204,7 @@ var accountSchema = map[string]*schema.Schema{
 		Default:     3,
 		Description: "Specifies the number of days to wait before dropping the account. The default is 3 days.",
 	},
+	FullyQualifiedNameAttributeName: schemas.FullyQualifiedNameSchema,
 }
 
 func Account() *schema.Resource {
@@ -212,6 +215,10 @@ func Account() *schema.Resource {
 		Update:      UpdateAccount,
 		Delete:      DeleteAccount,
 
+		CustomizeDiff: customdiff.All(
+			ComputedIfAnyAttributeChanged(FullyQualifiedNameAttributeName, "name"),
+		),
+
 		Schema: accountSchema,
 		Importer: &schema.ResourceImporter{
 			StateContext: schema.ImportStatePassthroughContext,
@@ -324,6 +331,10 @@ func ReadAccount(d *schema.ResourceData, meta interface{}) error {
 		return err
 	}
 
+	if err := d.Set(FullyQualifiedNameAttributeName, id.FullyQualifiedName()); err != nil {
+		return err
+	}
+
 	if err = d.Set("name", acc.AccountName); err != nil {
 		return fmt.Errorf("error setting name: %w", err)
 	}

diff --git a/pkg/resources/account_acceptance_test.go b/pkg/resources/account_acceptance_test.go
@@ -15,7 +15,7 @@ import (
 func TestAcc_Account_complete(t *testing.T) {
 	_ = testenvs.GetOrSkipTest(t, testenvs.TestAccountCreate)
 
-	accountName := acc.TestClient().Ids.Alpha()
+	id := acc.TestClient().Ids.RandomAccountObjectIdentifier()
 	password := acc.TestClient().Ids.AlphaContaining("123ABC")
 
 	resource.Test(t, resource.TestCase{
@@ -29,9 +29,10 @@ func TestAcc_Account_complete(t *testing.T) {
 		// unless we change the resource to return nil on destroy then this is unavoidable
 		Steps: []resource.TestStep{
 			{
-				Config: accountConfig(accountName, password, "Terraform acceptance test", 3),
+				Config: accountConfig(id.Name(), password, "Terraform acceptance test", 3),
 				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr("snowflake_account.test", "name", accountName),
+					resource.TestCheckResourceAttr("snowflake_account.test", "name", id.Name()),
+					resource.TestCheckResourceAttr("snowflake_account.test", "fully_qualified_name", id.FullyQualifiedName()),
 					resource.TestCheckResourceAttr("snowflake_account.test", "admin_name", "someadmin"),
 					resource.TestCheckResourceAttr("snowflake_account.test", "first_name", "Ad"),
 					resource.TestCheckResourceAttr("snowflake_account.test", "last_name", "Min"),
@@ -45,7 +46,7 @@ func TestAcc_Account_complete(t *testing.T) {
 			},
 			// Change Grace Period In Days
 			{
-				Config: accountConfig(accountName, password, "Terraform acceptance test", 4),
+				Config: accountConfig(id.Name(), password, "Terraform acceptance test", 4),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr("snowflake_account.test", "grace_period_in_days", "4"),
 				),

diff --git a/pkg/resources/account_role.go b/pkg/resources/account_role.go
@@ -11,6 +11,7 @@ import (
 	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/helpers"
 	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
 
@@ -33,6 +34,7 @@ var accountRoleSchema = map[string]*schema.Schema{
 			Schema: schemas.ShowRoleSchema,
 		},
 	},
+	FullyQualifiedNameAttributeName: schemas.FullyQualifiedNameSchema,
 }
 
 func AccountRole() *schema.Resource {
@@ -45,7 +47,10 @@ func AccountRole() *schema.Resource {
 		UpdateContext: UpdateAccountRole,
 		Description:   "The resource is used for role management, where roles can be assigned privileges and, in turn, granted to users and other roles. When granted to roles they can create hierarchies of privilege structures. For more details, refer to the [official documentation](https://docs.snowflake.com/en/user-guide/security-access-control-overview).",
 
-		CustomizeDiff: ComputedIfAnyAttributeChanged(ShowOutputAttributeName, "name", "comment"),
+		CustomizeDiff: customdiff.All(
+			ComputedIfAnyAttributeChanged(ShowOutputAttributeName, "name", "comment"),
+			ComputedIfAnyAttributeChanged(FullyQualifiedNameAttributeName, "name"),
+		),
 
 		Importer: &schema.ResourceImporter{
 			StateContext: schema.ImportStatePassthroughContext,
@@ -104,6 +109,10 @@ func ReadAccountRole(ctx context.Context, d *schema.ResourceData, meta any) diag
 		}
 	}
 
+	if err := d.Set(FullyQualifiedNameAttributeName, id.FullyQualifiedName()); err != nil {
+		return diag.FromErr(err)
+	}
+
 	if err := d.Set("name", sdk.NewAccountObjectIdentifier(accountRole.Name).Name()); err != nil {
 		return diag.Diagnostics{
 			diag.Diagnostic{

diff --git a/pkg/resources/account_role_acceptance_test.go b/pkg/resources/account_role_acceptance_test.go
@@ -148,6 +148,7 @@ func TestAcc_AccountRole_Complete(t *testing.T) {
 				Config: accountRoleBasicConfig(id.Name(), comment),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					resource.TestCheckResourceAttr("snowflake_account_role.role", "name", id.Name()),
+					resource.TestCheckResourceAttr("snowflake_account_role.role", "fully_qualified_name", id.FullyQualifiedName()),
 					resource.TestCheckResourceAttr("snowflake_account_role.role", "comment", comment),
 
 					resource.TestCheckResourceAttr("snowflake_account_role.role", "show_output.#", "1"),
@@ -169,6 +170,7 @@ func TestAcc_AccountRole_Complete(t *testing.T) {
 				ImportState:  true,
 				ImportStateCheck: importchecks.ComposeAggregateImportStateCheck(
 					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "name", id.Name()),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "fully_qualified_name", id.FullyQualifiedName()),
 					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "comment", comment),
 				),
 			},
@@ -177,6 +179,7 @@ func TestAcc_AccountRole_Complete(t *testing.T) {
 				Config: accountRoleBasicConfig(newId.Name(), newComment),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					resource.TestCheckResourceAttr("snowflake_account_role.role", "name", newId.Name()),
+					resource.TestCheckResourceAttr("snowflake_account_role.role", "fully_qualified_name", newId.FullyQualifiedName()),
 					resource.TestCheckResourceAttr("snowflake_account_role.role", "comment", newComment),
 
 					resource.TestCheckResourceAttr("snowflake_account_role.role", "show_output.#", "1"),

diff --git a/pkg/resources/alert.go b/pkg/resources/alert.go
@@ -11,6 +11,7 @@ import (
 	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/helpers"
 	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/internal/provider"
 	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/internal/util"
+	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/schemas"
 	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
@@ -103,6 +104,7 @@ var alertSchema = map[string]*schema.Schema{
 		Default:     false,
 		Description: "Specifies if an alert should be 'started' (enabled) after creation or should remain 'suspended' (default).",
 	},
+	FullyQualifiedNameAttributeName: schemas.FullyQualifiedNameSchema,
 }
 
 // Alert returns a pointer to the resource representing an alert.
@@ -123,9 +125,9 @@ func Alert() *schema.Resource {
 // ReadAlert implements schema.ReadContextFunc.
 func ReadAlert(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	client := meta.(*provider.Context).Client
-	objectIdentifier := helpers.DecodeSnowflakeID(d.Id()).(sdk.SchemaObjectIdentifier)
+	id := helpers.DecodeSnowflakeID(d.Id()).(sdk.SchemaObjectIdentifier)
 
-	alert, err := client.Alerts.ShowByID(ctx, objectIdentifier)
+	alert, err := client.Alerts.ShowByID(ctx, id)
 	if err != nil {
 		// If not found, mark resource to be removed from state file during apply or refresh
 		log.Printf("[DEBUG] alert (%s) not found", d.Id())
@@ -137,6 +139,10 @@ func ReadAlert(ctx context.Context, d *schema.ResourceData, meta interface{}) di
 		return diag.FromErr(err)
 	}
 
+	if err := d.Set(FullyQualifiedNameAttributeName, id.FullyQualifiedName()); err != nil {
+		return diag.FromErr(err)
+	}
+
 	if err := d.Set("name", alert.Name); err != nil {
 		return diag.FromErr(err)
 	}

diff --git a/pkg/resources/alert_acceptance_test.go b/pkg/resources/alert_acceptance_test.go
@@ -33,13 +33,13 @@ type (
 )
 
 var (
-	alertName = acc.TestClient().Ids.Alpha()
+	id = acc.TestClient().Ids.RandomSchemaObjectIdentifier()
 
 	alertInitialState = &AccAlertTestSettings{ //nolint
 		WarehouseName: acc.TestWarehouseName,
 		DatabaseName:  acc.TestDatabaseName,
 		Alert: &AlertSettings{
-			Name:      alertName,
+			Name:      id.Name(),
 			Condition: "select 0 as c",
 			Action:    "select 0 as c",
 			Schema:    acc.TestSchemaName,
@@ -54,7 +54,7 @@ var (
 		WarehouseName: acc.TestWarehouseName,
 		DatabaseName:  acc.TestDatabaseName,
 		Alert: &AlertSettings{
-			Name:      alertName,
+			Name:      id.Name(),
 			Condition: "select 1 as c",
 			Action:    "select 1 as c",
 			Schema:    acc.TestSchemaName,
@@ -69,7 +69,7 @@ var (
 		WarehouseName: acc.TestWarehouseName,
 		DatabaseName:  acc.TestDatabaseName,
 		Alert: &AlertSettings{
-			Name:      alertName,
+			Name:      id.Name(),
 			Condition: "select 2 as c",
 			Action:    "select 2 as c",
 			Schema:    acc.TestSchemaName,
@@ -84,7 +84,7 @@ var (
 		WarehouseName: acc.TestWarehouseName,
 		DatabaseName:  acc.TestDatabaseName,
 		Alert: &AlertSettings{
-			Name:      alertName,
+			Name:      id.Name(),
 			Condition: "select 2 as c",
 			Action:    "select 2 as c",
 			Schema:    acc.TestSchemaName,
@@ -107,7 +107,8 @@ func TestAcc_Alert(t *testing.T) {
 				Config: alertConfig(alertInitialState),
 				Check: resource.ComposeTestCheckFunc(
 					checkBool("snowflake_alert.test_alert", "enabled", alertInitialState.Alert.Enabled),
-					resource.TestCheckResourceAttr("snowflake_alert.test_alert", "name", alertName),
+					resource.TestCheckResourceAttr("snowflake_alert.test_alert", "name", id.Name()),
+					resource.TestCheckResourceAttr("snowflake_alert.test_alert", "fully_qualified_name", id.FullyQualifiedName()),
 					resource.TestCheckResourceAttr("snowflake_alert.test_alert", "database", acc.TestDatabaseName),
 					resource.TestCheckResourceAttr("snowflake_alert.test_alert", "schema", acc.TestSchemaName),
 					resource.TestCheckResourceAttr("snowflake_alert.test_alert", "condition", alertInitialState.Alert.Condition),
@@ -120,7 +121,8 @@ func TestAcc_Alert(t *testing.T) {
 				Config: alertConfig(alertStepOne),
 				Check: resource.ComposeTestCheckFunc(
 					checkBool("snowflake_alert.test_alert", "enabled", alertStepOne.Alert.Enabled),
-					resource.TestCheckResourceAttr("snowflake_alert.test_alert", "name", alertName),
+					resource.TestCheckResourceAttr("snowflake_alert.test_alert", "name", id.Name()),
+					resource.TestCheckResourceAttr("snowflake_alert.test_alert", "fully_qualified_name", id.FullyQualifiedName()),
 					resource.TestCheckResourceAttr("snowflake_alert.test_alert", "database", acc.TestDatabaseName),
 					resource.TestCheckResourceAttr("snowflake_alert.test_alert", "schema", acc.TestSchemaName),
 					resource.TestCheckResourceAttr("snowflake_alert.test_alert", "condition", alertStepOne.Alert.Condition),
@@ -133,7 +135,8 @@ func TestAcc_Alert(t *testing.T) {
 				Config: alertConfig(alertStepTwo),
 				Check: resource.ComposeTestCheckFunc(
 					checkBool("snowflake_alert.test_alert", "enabled", alertStepTwo.Alert.Enabled),
-					resource.TestCheckResourceAttr("snowflake_alert.test_alert", "name", alertName),
+					resource.TestCheckResourceAttr("snowflake_alert.test_alert", "name", id.Name()),
+					resource.TestCheckResourceAttr("snowflake_alert.test_alert", "fully_qualified_name", id.FullyQualifiedName()),
 					resource.TestCheckResourceAttr("snowflake_alert.test_alert", "database", acc.TestDatabaseName),
 					resource.TestCheckResourceAttr("snowflake_alert.test_alert", "schema", acc.TestSchemaName),
 					resource.TestCheckResourceAttr("snowflake_alert.test_alert", "condition", alertStepTwo.Alert.Condition),
@@ -146,7 +149,8 @@ func TestAcc_Alert(t *testing.T) {
 				Config: alertConfig(alertStepThree),
 				Check: resource.ComposeTestCheckFunc(
 					checkBool("snowflake_alert.test_alert", "enabled", alertStepThree.Alert.Enabled),
-					resource.TestCheckResourceAttr("snowflake_alert.test_alert", "name", alertName),
+					resource.TestCheckResourceAttr("snowflake_alert.test_alert", "name", id.Name()),
+					resource.TestCheckResourceAttr("snowflake_alert.test_alert", "fully_qualified_name", id.FullyQualifiedName()),
 					resource.TestCheckResourceAttr("snowflake_alert.test_alert", "database", acc.TestDatabaseName),
 					resource.TestCheckResourceAttr("snowflake_alert.test_alert", "schema", acc.TestSchemaName),
 					resource.TestCheckResourceAttr("snowflake_alert.test_alert", "condition", alertStepThree.Alert.Condition),
@@ -159,7 +163,8 @@ func TestAcc_Alert(t *testing.T) {
 				Config: alertConfig(alertInitialState),
 				Check: resource.ComposeTestCheckFunc(
 					checkBool("snowflake_alert.test_alert", "enabled", alertInitialState.Alert.Enabled),
-					resource.TestCheckResourceAttr("snowflake_alert.test_alert", "name", alertName),
+					resource.TestCheckResourceAttr("snowflake_alert.test_alert", "name", id.Name()),
+					resource.TestCheckResourceAttr("snowflake_alert.test_alert", "fully_qualified_name", id.FullyQualifiedName()),
 					resource.TestCheckResourceAttr("snowflake_alert.test_alert", "database", acc.TestDatabaseName),
 					resource.TestCheckResourceAttr("snowflake_alert.test_alert", "schema", acc.TestSchemaName),
 					resource.TestCheckResourceAttr("snowflake_alert.test_alert", "condition", alertInitialState.Alert.Condition),

diff --git a/pkg/resources/api_authentication_integration_common.go b/pkg/resources/api_authentication_integration_common.go
@@ -81,6 +81,7 @@ var apiAuthCommonSchema = map[string]*schema.Schema{
 			Schema: schemas.DescribeApiAuthSecurityIntegrationSchema,
 		},
 	},
+	FullyQualifiedNameAttributeName: schemas.FullyQualifiedNameSchema,
 }
 
 type commonApiAuthSet struct {
@@ -268,11 +269,15 @@ func handleApiAuthImport(d *schema.ResourceData, integration *sdk.SecurityIntegr
 }
 
 func handleApiAuthRead(d *schema.ResourceData,
+	id sdk.AccountObjectIdentifier,
 	integration *sdk.SecurityIntegration,
 	properties []sdk.SecurityIntegrationProperty,
 	withExternalChangesMarking bool,
 	extraFieldsDescribeMappings []describeMapping,
 ) error {
+	if err := d.Set(FullyQualifiedNameAttributeName, id.FullyQualifiedName()); err != nil {
+		return err
+	}
 	if err := d.Set("name", integration.Name); err != nil {
 		return err
 	}

diff --git a/pkg/resources/api_authentication_integration_with_authorization_code_grant.go b/pkg/resources/api_authentication_integration_with_authorization_code_grant.go
@@ -169,7 +169,7 @@ func ReadContextApiAuthenticationIntegrationWithAuthorizationCodeGrant(withExter
 			return diag.FromErr(err)
 		}
 
-		if err := handleApiAuthRead(d, integration, properties, withExternalChangesMarking, []describeMapping{
+		if err := handleApiAuthRead(d, id, integration, properties, withExternalChangesMarking, []describeMapping{
 			{"oauth_authorization_endpoint", "oauth_authorization_endpoint", oauthAuthorizationEndpoint.Value, oauthAuthorizationEndpoint.Value, nil},
 			{"oauth_allowed_scopes", "oauth_allowed_scopes", oauthAllowedScopes.Value, sdk.ParseCommaSeparatedStringArray(oauthAllowedScopes.Value, false), nil},
 		}); err != nil {

diff --git a/...resources/api_authentication_integration_with_authorization_code_grant_acceptance_test.go b/...resources/api_authentication_integration_with_authorization_code_grant_acceptance_test.go
@@ -205,6 +205,7 @@ func TestAcc_ApiAuthenticationIntegrationWithAuthorizationCodeGrant_complete(t *
 					resource.TestCheckResourceAttr("snowflake_api_authentication_integration_with_authorization_code_grant.test", "comment", "foo"),
 					resource.TestCheckResourceAttr("snowflake_api_authentication_integration_with_authorization_code_grant.test", "enabled", "true"),
 					resource.TestCheckResourceAttr("snowflake_api_authentication_integration_with_authorization_code_grant.test", "name", id.Name()),
+					resource.TestCheckResourceAttr("snowflake_api_authentication_integration_with_authorization_code_grant.test", "fully_qualified_name", id.FullyQualifiedName()),
 					resource.TestCheckResourceAttr("snowflake_api_authentication_integration_with_authorization_code_grant.test", "oauth_access_token_validity", "42"),
 					resource.TestCheckResourceAttr("snowflake_api_authentication_integration_with_authorization_code_grant.test", "oauth_authorization_endpoint", "https://example.com"),
 					resource.TestCheckResourceAttr("snowflake_api_authentication_integration_with_authorization_code_grant.test", "oauth_client_auth_method", string(sdk.ApiAuthenticationSecurityIntegrationOauthClientAuthMethodClientSecretPost)),

diff --git a/pkg/resources/api_authentication_integration_with_client_credentials.go b/pkg/resources/api_authentication_integration_with_client_credentials.go
@@ -141,7 +141,7 @@ func ReadContextApiAuthenticationIntegrationWithClientCredentials(withExternalCh
 			return diag.FromErr(err)
 		}
 
-		if err := handleApiAuthRead(d, integration, properties, withExternalChangesMarking, []describeMapping{
+		if err := handleApiAuthRead(d, id, integration, properties, withExternalChangesMarking, []describeMapping{
 			{"oauth_allowed_scopes", "oauth_allowed_scopes", oauthAllowedScopes.Value, sdk.ParseCommaSeparatedStringArray(oauthAllowedScopes.Value, false), nil},
 		}); err != nil {
 			return diag.FromErr(err)

diff --git a/pkg/resources/api_authentication_integration_with_client_credentials_acceptance_test.go b/pkg/resources/api_authentication_integration_with_client_credentials_acceptance_test.go
@@ -199,6 +199,7 @@ func TestAcc_ApiAuthenticationIntegrationWithClientCredentials_complete(t *testi
 					resource.TestCheckResourceAttr("snowflake_api_authentication_integration_with_client_credentials.test", "comment", "foo"),
 					resource.TestCheckResourceAttr("snowflake_api_authentication_integration_with_client_credentials.test", "enabled", "true"),
 					resource.TestCheckResourceAttr("snowflake_api_authentication_integration_with_client_credentials.test", "name", id.Name()),
+					resource.TestCheckResourceAttr("snowflake_api_authentication_integration_with_client_credentials.test", "fully_qualified_name", id.FullyQualifiedName()),
 					resource.TestCheckResourceAttr("snowflake_api_authentication_integration_with_client_credentials.test", "oauth_access_token_validity", "42"),
 					resource.TestCheckResourceAttr("snowflake_api_authentication_integration_with_client_credentials.test", "oauth_client_auth_method", string(sdk.ApiAuthenticationSecurityIntegrationOauthClientAuthMethodClientSecretPost)),
 					resource.TestCheckResourceAttr("snowflake_api_authentication_integration_with_client_credentials.test", "oauth_client_id", "foo"),