Merge branch 'refs/heads/main' into oauth-for-custom-clients-v1

# Conflicts:
#	docs/index.md
#	examples/additional/deprecated_resources.MD
#	pkg/acceptance/helpers/random/certs.go
#	pkg/acceptance/importchecks/import_checks.go
#	pkg/sdk/testint/security_integrations_gen_integration_test.go

MIGRATION_GUIDE.md

@@ -49,7 +49,7 @@ Fields added to the resource:
 New field `enabled` is required. Previously the default value during create in Snowflake was `true`. If you created a resource with Terraform, please add `enabled = true` to have the same value.
 
 #### *(behavior change)* Force new for multiple attributes
-Force new was added for the following attributes (because no usable SQL alter statements for them):
+Force new was added for the following attributes (because there are no usable SQL alter statements for them):
 - `scim_client`
 - `run_as_role`
 

docs/data-sources/databases.md

@@ -5,6 +5,8 @@ description: |-
   Datasource used to get details of filtered databases. Filtering is aligned with the current possibilities for SHOW DATABASES https://docs.snowflake.com/en/sql-reference/sql/show-databases query (like, starts_with, and limit are all supported). The results of SHOW, DESCRIBE, and SHOW PARAMETERS IN are encapsulated in one output collection.
 ---
 
+!> **V1 release candidate** This resource was reworked and is a release candidate for the V1. We do not expect significant changes in it before the V1. We will welcome any feedback and adjust the resource if needed. Any errors reported will be resolved with a higher priority. We encourage checking this resource out before the V1 release. Please follow the [migration guide](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md#v0920--v0930) to use it.
+
 # snowflake_databases (Data Source)
 
 Datasource used to get details of filtered databases. Filtering is aligned with the current possibilities for [SHOW DATABASES](https://docs.snowflake.com/en/sql-reference/sql/show-databases) query (`like`, `starts_with`, and `limit` are all supported). The results of SHOW, DESCRIBE, and SHOW PARAMETERS IN are encapsulated in one output collection.

docs/data-sources/security_integrations.md

@@ -5,6 +5,8 @@ description: |-
   Datasource used to get details of filtered security integrations. Filtering is aligned with the current possibilities for SHOW SECURITY INTEGRATIONS https://docs.snowflake.com/en/sql-reference/sql/show-integrations query (only like is supported). The results of SHOW and DESCRIBE are encapsulated in one output collection security_integrations.
 ---
 
+!> **V1 release candidate** This resource was reworked and is a release candidate for the V1. We do not expect significant changes in it before the V1. We will welcome any feedback and adjust the resource if needed. Any errors reported will be resolved with a higher priority. We encourage checking this resource out before the V1 release. Please follow the [migration guide](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md#v0920--v0930) to use it.
+
 # snowflake_security_integrations (Data Source)
 
 Datasource used to get details of filtered security integrations. Filtering is aligned with the current possibilities for [SHOW SECURITY INTEGRATIONS](https://docs.snowflake.com/en/sql-reference/sql/show-integrations) query (only `like` is supported). The results of SHOW and DESCRIBE are encapsulated in one output collection `security_integrations`.

docs/data-sources/warehouses.md

@@ -5,6 +5,8 @@ description: |-
   Datasource used to get details of filtered warehouses. Filtering is aligned with the current possibilities for SHOW WAREHOUSES https://docs.snowflake.com/en/sql-reference/sql/show-warehouses query (only like is supported). The results of SHOW, DESCRIBE, and SHOW PARAMETERS IN are encapsulated in one output collection.
 ---
 
+!> **V1 release candidate** This resource was reworked and is a release candidate for the V1. We do not expect significant changes in it before the V1. We will welcome any feedback and adjust the resource if needed. Any errors reported will be resolved with a higher priority. We encourage checking this resource out before the V1 release. Please follow the [migration guide](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md#v0920--v0930) to use it.
+
 # snowflake_warehouses (Data Source)
 
 Datasource used to get details of filtered warehouses. Filtering is aligned with the current possibilities for [SHOW WAREHOUSES](https://docs.snowflake.com/en/sql-reference/sql/show-warehouses) query (only `like` is supported). The results of SHOW, DESCRIBE, and SHOW PARAMETERS IN are encapsulated in one output collection.

docs/index.md

@@ -230,7 +230,7 @@ The Snowflake provider will use the following order of precedence when determini
 ## Currently deprecated resources
 
 - [snowflake_database_old](./docs/resources/database_old)
-- [snowflake_oauth_integration](./docs/resources/oauth_integration)
+- [snowflake_saml_integration](./docs/resources/saml_integration) - use [snowflake_saml2_integration](./docs/resources/saml2_integration) instead
 - [snowflake_unsafe_execute](./docs/resources/unsafe_execute)
 
 ## Currently deprecated datasources

docs/resources/database.md

@@ -5,6 +5,8 @@ description: |-
   Represents a standard database. If replication configuration is specified, the database is promoted to serve as a primary database for replication.
 ---
 
+!> **V1 release candidate** This resource was reworked and is a release candidate for the V1. We do not expect significant changes in it before the V1. We will welcome any feedback and adjust the resource if needed. Any errors reported will be resolved with a higher priority. We encourage checking this resource out before the V1 release. Please follow the [migration guide](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md#v0920--v0930) to use it.
+
 # snowflake_database (Resource)
 
 Represents a standard database. If replication configuration is specified, the database is promoted to serve as a primary database for replication.

docs/resources/saml2_integration.md

@@ -0,0 +1,332 @@
+---
+page_title: "snowflake_saml2_integration Resource - terraform-provider-snowflake"
+subcategory: ""
+description: |-
+  
+---
+
+# snowflake_saml2_integration (Resource)
+
+
+
+## Example Usage
+
+```terraform
+# basic resource
+# each pem file contains a base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers.
+resource "snowflake_saml2_integration" "saml_integration" {
+  name            = "saml_integration"
+  saml2_provider  = "CUSTOM"
+  saml2_issuer    = "test_issuer"
+  saml2_sso_url   = "https://example.com"
+  saml2_x509_cert = file("cert.pem")
+}
+# resource with all fields set
+resource "snowflake_saml2_integration" "test" {
+  allowed_email_patterns              = ["^(.+dev)@example.com$"]
+  allowed_user_domains                = ["example.com"]
+  comment                             = "foo"
+  enabled                             = true
+  name                                = "saml_integration"
+  saml2_enable_sp_initiated           = true
+  saml2_force_authn                   = true
+  saml2_issuer                        = "foo"
+  saml2_post_logout_redirect_url      = "https://example.com"
+  saml2_provider                      = "CUSTOM"
+  saml2_requested_nameid_format       = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+  saml2_sign_request                  = true
+  saml2_snowflake_acs_url             = "example.snowflakecomputing.com/fed/login"
+  saml2_snowflake_issuer_url          = "example.snowflakecomputing.com/fed/login"
+  saml2_snowflake_x509_cert           = file("snowflake_cert.pem")
+  saml2_sp_initiated_login_page_label = "foo"
+  saml2_sso_url                       = "https://example.com"
+  saml2_x509_cert                     = file("cert.pem")
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
+- `saml2_issuer` (String) The string containing the IdP EntityID / Issuer.
+- `saml2_provider` (String) The string describing the IdP. Valid options are: [OKTA ADFS CUSTOM].
+- `saml2_sso_url` (String) The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message.
+- `saml2_x509_cert` (String) The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers.
+
+### Optional
+
+- `allowed_email_patterns` (Set of String) A list of regular expressions that email addresses are matched against to authenticate with a SAML2 security integration. If this field changes value from non-empty to empty, the whole resource is recreated because of Snowflake limitations.
+- `allowed_user_domains` (Set of String) A list of email domains that can authenticate with a SAML2 security integration. If this field changes value from non-empty to empty, the whole resource is recreated because of Snowflake limitations.
+- `comment` (String) Specifies a comment for the integration.
+- `enabled` (String) Specifies whether this security integration is enabled or disabled. Available options are: `true` or `false`. When the value is not set in the configuration the provider will put `unknown` there which means to use the Snowflake default for this value.
+- `saml2_enable_sp_initiated` (String) The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in With button on the login page. FALSE: does not display the Log in With button on the login page. Available options are: `true` or `false`. When the value is not set in the configuration the provider will put `unknown` there which means to use the Snowflake default for this value.
+- `saml2_force_authn` (String) The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake. Available options are: `true` or `false`. When the value is not set in the configuration the provider will put `unknown` there which means to use the Snowflake default for this value.
+- `saml2_post_logout_redirect_url` (String) The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.
+- `saml2_requested_nameid_format` (String) The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. Valid options are: [urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos urn:oasis:names:tc:SAML:2.0:nameid-format:persistent urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
+- `saml2_sign_request` (String) The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed. Available options are: `true` or `false`. When the value is not set in the configuration the provider will put `unknown` there which means to use the Snowflake default for this value.
+- `saml2_snowflake_acs_url` (String) The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
+- `saml2_snowflake_issuer_url` (String) The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
+- `saml2_sp_initiated_login_page_label` (String) The string containing the label to display after the Log In With button on the login page. If this field changes value from non-empty to empty, the whole resource is recreated because of Snowflake limitations.
+
+### Read-Only
+
+- `describe_output` (List of Object) Outputs the result of `DESCRIBE SECURITY INTEGRATION` for the given integration. (see [below for nested schema](#nestedatt--describe_output))
+- `id` (String) The ID of this resource.
+- `show_output` (List of Object) Outputs the result of `SHOW SECURITY INTEGRATION` for the given integration. (see [below for nested schema](#nestedatt--show_output))
+
+<a id="nestedatt--describe_output"></a>
+### Nested Schema for `describe_output`
+
+Read-Only:
+
+- `allowed_email_patterns` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--allowed_email_patterns))
+- `allowed_user_domains` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--allowed_user_domains))
+- `comment` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--comment))
+- `saml2_digest_methods_used` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--saml2_digest_methods_used))
+- `saml2_enable_sp_initiated` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--saml2_enable_sp_initiated))
+- `saml2_force_authn` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--saml2_force_authn))
+- `saml2_issuer` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--saml2_issuer))
+- `saml2_post_logout_redirect_url` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--saml2_post_logout_redirect_url))
+- `saml2_provider` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--saml2_provider))
+- `saml2_requested_nameid_format` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--saml2_requested_nameid_format))
+- `saml2_sign_request` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--saml2_sign_request))
+- `saml2_signature_methods_used` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--saml2_signature_methods_used))
+- `saml2_snowflake_acs_url` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--saml2_snowflake_acs_url))
+- `saml2_snowflake_issuer_url` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--saml2_snowflake_issuer_url))
+- `saml2_snowflake_metadata` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--saml2_snowflake_metadata))
+- `saml2_snowflake_x509_cert` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--saml2_snowflake_x509_cert))
+- `saml2_sp_initiated_login_page_label` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--saml2_sp_initiated_login_page_label))
+- `saml2_sso_url` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--saml2_sso_url))
+- `saml2_x509_cert` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--saml2_x509_cert))
+
+<a id="nestedobjatt--describe_output--allowed_email_patterns"></a>
+### Nested Schema for `describe_output.allowed_email_patterns`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--allowed_user_domains"></a>
+### Nested Schema for `describe_output.allowed_user_domains`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--comment"></a>
+### Nested Schema for `describe_output.comment`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--saml2_digest_methods_used"></a>
+### Nested Schema for `describe_output.saml2_digest_methods_used`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--saml2_enable_sp_initiated"></a>
+### Nested Schema for `describe_output.saml2_enable_sp_initiated`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--saml2_force_authn"></a>
+### Nested Schema for `describe_output.saml2_force_authn`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--saml2_issuer"></a>
+### Nested Schema for `describe_output.saml2_issuer`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--saml2_post_logout_redirect_url"></a>
+### Nested Schema for `describe_output.saml2_post_logout_redirect_url`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--saml2_provider"></a>
+### Nested Schema for `describe_output.saml2_provider`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--saml2_requested_nameid_format"></a>
+### Nested Schema for `describe_output.saml2_requested_nameid_format`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--saml2_sign_request"></a>
+### Nested Schema for `describe_output.saml2_sign_request`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--saml2_signature_methods_used"></a>
+### Nested Schema for `describe_output.saml2_signature_methods_used`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--saml2_snowflake_acs_url"></a>
+### Nested Schema for `describe_output.saml2_snowflake_acs_url`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--saml2_snowflake_issuer_url"></a>
+### Nested Schema for `describe_output.saml2_snowflake_issuer_url`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--saml2_snowflake_metadata"></a>
+### Nested Schema for `describe_output.saml2_snowflake_metadata`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--saml2_snowflake_x509_cert"></a>
+### Nested Schema for `describe_output.saml2_snowflake_x509_cert`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--saml2_sp_initiated_login_page_label"></a>
+### Nested Schema for `describe_output.saml2_sp_initiated_login_page_label`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--saml2_sso_url"></a>
+### Nested Schema for `describe_output.saml2_sso_url`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--saml2_x509_cert"></a>
+### Nested Schema for `describe_output.saml2_x509_cert`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+
+<a id="nestedatt--show_output"></a>
+### Nested Schema for `show_output`
+
+Read-Only:
+
+- `category` (String)
+- `comment` (String)
+- `created_on` (String)
+- `enabled` (Boolean)
+- `integration_type` (String)
+- `name` (String)
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import snowflake_saml2_integration.example "name"
+```