Skip to content

snowflake: networkPolicy.NetworkPolicy failed to add allowedNetworkRuleList #3944

New issue
New issue
Open
Open
snowflake: networkPolicy.NetworkPolicy failed to add allowedNetworkRuleList#3944
Labels
bugSomething isn't workingnewUn-triaged issue
@gsy0911

Description

@gsy0911
gsy0911
opened on Nov 26, 2025

Expected Behavior

Deploying code below, I want to add SNOWFLAKE.NETWORK_SECURITY.GITHUBACTIONS_GLOBAL to CUSTOM_NETWORK_POLICY by cdktf.

import { Construct } from "constructs";
import { App, TerraformStack } from "cdktf";
import {
  provider,
  networkPolicy,
  accountRole,
  serviceUser,
  grantAccountRole,
  grantPrivilegesToAccountRole,
} from "@cdktf/provider-snowflake";
import { S3Backend } from "cdktf";


class NetworkPolicyStack extends TerraformStack {
  constructor(scope: Construct, id: string) {
    super(scope, id);

    new S3Backend(this, {
      bucket,
      key: "tf-snowflake-network-policy/terraform.tfstate",
      region: "ap-northeast-1",
      encrypt: true,
    });

    new provider.SnowflakeProvider(this, "Snowflake", {
      organizationName: process.env.SNOWFLAKE_ORGANIZATION,
      accountName: process.env.SNOWFLAKE_ACCOUNT,
      user: "SERVICE_USER_NAME",
      role: "SERVICE_ROLE_NAME",
      authenticator: "SNOWFLAKE_JWT",
      privateKey: (process.env.SNOWFLAKE_PRIVATE_KEY || "").replace(/\\n/g, "\n"),
      privateKeyPassphrase: process.env.SNOWFLAKE_PRIVATE_KEY_PASSPHRASE,
    });

    new networkPolicy.NetworkPolicy(this, "NetworkPolicy", {
      name: "CUSTOM_NETWORK_POLICY",
      comment: "network",
      allowedIpList: [],
      blockedIpList: [],
      allowedNetworkRuleList: ["SNOWFLAKE.NETWORK_SECURITY.GITHUBACTIONS_GLOBAL"],
    });
  }
}

When I add SNOWFLAKE.NETWORK_SECURITY.GITHUBACTIONS_GLOBAL to CUSTOM_NETWORK_POLICY on snowflake query console, it works successfully

ALTER NETWORK POLICY CUSTOM_NETWORK_POLICY ADD ALLOWED_NETWORK_RULE_LIST = (
  'SNOWFLAKE.NETWORK_SECURITY.GITHUBACTIONS_GLOBAL'
);

Actual Behavior

When I deploy code above, an error occurred.

tf-snowflake-network-policy  snowflake_network_policy.NetworkPolicy: Modifying... [id=CUSTOM_NETWORK_POLICY]
tf-snowflake-network-policy  ╷
                             │ Error: [errors.go:23] object does not exist or not authorized
                             │
                             │   with snowflake_network_policy.NetworkPolicy (NetworkPolicy),
                             │   on cdk.tf.json line 43, in resource.snowflake_network_policy.NetworkPolicy (NetworkPolicy):
                             │   43:       }
                             │
                             ╵

[errors.go:23] object does not exist or not authorized

according to the error message, I've checked

  • CUSTOM_NETWORK_POLICY exists
  • cdktf-deploying-role owns CUSTOM_NETWORK_POLICY

Steps to Reproduce

$ npx cdktf synth
$ npx cdktf deploy `stack-name` --auto-approve

Versions

language: typescript
cdktf-cli: 0.21.0
node: v24.11.1
cdktf: 0.21.0
constructs: 10.4.3
jsii: null
terraform: 1.14.0
arch: arm64
os: darwin 25.1.0
providers
@cdktf/provider-snowflake (PREBUILT)
terraform provider version: 2.11.0
prebuilt provider version: 15.9.0
cdktf version: ^0.21.0

Providers

┌───────────────────────┬──────────────────┬─────────┬────────────┬───────────────────────────┬─────────────────┐
│ Provider Name │ Provider Version │ CDKTF │ Constraint │ Package Name │ Package Version │
├───────────────────────┼──────────────────┼─────────┼────────────┼───────────────────────────┼─────────────────┤
│ snowflakedb/snowflake │ 2.11.0 │ ^0.21.0 │ │ @cdktf/provider-snowflake │ 15.9.0 │
└───────────────────────┴──────────────────┴─────────┴────────────┴───────────────────────────┴─────────────────┘

Gist

No response

Possible Solutions

No response

Workarounds

No, I couldn't find anything.

Anything Else?

No response

References

I haven't found related issues.

Help Wanted

  • I'm interested in contributing a fix myself

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingnewUn-triaged issue

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions