littleK0i
diff --git a/‎CHANGELOG.md‎
Lines changed: 9 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎snowddl/blueprint/blueprint.py‎
Lines changed: 8 additions & 5 deletions b/‎snowddl/blueprint/blueprint.py‎
Lines changed: 8 additions & 5 deletions
diff --git a/‎snowddl/parser/authentication_policy.py‎
Lines changed: 21 additions & 10 deletions b/‎snowddl/parser/authentication_policy.py‎
Lines changed: 21 additions & 10 deletions
@@ -1,5 +1,14 @@
 # Changelog
 
+## [0.59.0] - 2025-10-24
+
+- All `AUTHENTICATION_POLICY` parameters are now optional.
+- Added parameters `mfa_policy`, `pat_policy`, `workload_identity_policy` for `AUTHENTICATION POLICY`.
+- Switched `AUTHENTICATION_POLICY` to short-hash approach instead of comparing each individual parameter.
+- Switched `AUTHENTICATION_POLICY` to `CREATE OR ALTER` approach instead of `ALTER`.
+- Switched `AUTHENTICATION_POLICY` new references to `FORCE` mode instead of explicitly finding and dropping currently existing references.
+- Fixed `STAGE_FILE` path delimiter issue for existing files on Windows.
+
 ## [0.58.2] - 2025-10-16
 
 - Excluded all non-standard `DATABASE` objects while processing `SHOW DATABASES` for "schema cache". It includes personal databases, inbound shares and application databases.
 
@@ -84,11 +84,14 @@ class AlertBlueprint(SchemaObjectBlueprint):
 
 
 class AuthenticationPolicyBlueprint(SchemaObjectBlueprint):
-    authentication_methods: List[str]
-    mfa_authentication_methods: List[str]
-    mfa_enrollment: str
-    client_types: List[str]
-    security_integrations: List[str]
+    authentication_methods: Optional[List[str]] = None
+    mfa_authentication_methods: Optional[List[str]] = None
+    mfa_enrollment: Optional[str] = None
+    mfa_policy: Optional[Dict[str, Union[bool, float, int, str, list]]] = None
+    client_types: Optional[List[str]] = None
+    security_integrations: Optional[List[str]] = None
+    pat_policy: Optional[Dict[str, Union[bool, float, int, str, list]]] = None
+    workload_identity_policy: Optional[Dict[str, Union[bool, float, int, str, list]]] = None
     references: List[AuthenticationPolicyReference] = []
 
 
 
@@ -23,6 +23,12 @@
         "mfa_enrollment": {
             "type": "string"
         },
+        "mfa_policy": {
+            "type": "object",
+            "additionalProperties": {
+                "type": ["array", "boolean", "number", "string"]
+            }
+        },
         "client_types": {
             "type": "array",
             "items": {
@@ -37,18 +43,23 @@
             },
             "minItems": 1
         },
+        "pat_policy": {
+            "type": "object",
+            "additionalProperties": {
+                "type": ["array", "boolean", "number", "string"]
+            }
+        },
+        "workload_identity_policy": {
+            "type": "object",
+            "additionalProperties": {
+                "type": ["array", "boolean", "number", "string"]
+            }
+        },
         "comment": {
             "type": "string"
         }
     },
     "additionalProperties": False,
-    "required": [
-        "authentication_methods",
-        "mfa_authentication_methods",
-        "mfa_enrollment",
-        "client_types",
-        "security_integrations",
-    ],
 }
 # fmt: on
 
@@ -60,16 +71,16 @@ def load_blueprints(self):
         )
 
     def process_authentication_policy(self, f: ParsedFile):
-        # All parameters are required, since Snowflake keeps changing defaults liberally
-        # We cannot trust defaults on this object type
-        # https://docs.snowflake.com/en/sql-reference/sql/create-authentication-policy
         bp = AuthenticationPolicyBlueprint(
             full_name=SchemaObjectIdent(self.env_prefix, f.database, f.schema, f.name),
             authentication_methods=self.normalise_params_list(f.params.get("authentication_methods")),
             mfa_authentication_methods=self.normalise_params_list(f.params.get("mfa_authentication_methods")),
             mfa_enrollment=f.params.get("mfa_enrollment").upper(),
+            mfa_policy=self.normalise_params_dict(f.params.get("mfa_policy")),
             client_types=self.normalise_params_list(f.params.get("client_types")),
             security_integrations=self.normalise_params_list(f.params.get("security_integrations")),
+            pat_policy=self.normalise_params_dict(f.params.get("pat_policy")),
+            workload_identity_policy=self.normalise_params_dict(f.params.get("workload_identity_policy")),
             comment=f.params.get("comment"),
         )