diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0e11c2b..5e7eb59 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Changelog
 
+## [0.34.0] - 2024-10-13
+
+- Introduced CLI option `--env-prefix-separator` which allows to choose separator for env prefix from one of three pre-defined variants: `__`, `_`, `$`. Default is `__`.
+- Implemented `AUTHENTICATION_POLICY` object type. It can be referenced from `ACCOUNT_POLICY` and `USER` configs.
+- Reworked `WAREHOUSE` resolver, implemented `resource_constraint` parameter for Snowpark-optimized warehouses.
+
 ## [0.33.0] - 2024-10-11
 
 This is a major update to policies, which introduces some breaking changes. [Read more about it](https://docs.snowddl.com/breaking-changes-log/0.33.0-october-2024).
diff --git a/snowddl/blueprint/ident.py b/snowddl/blueprint/ident.py
index d44922f..7ecbd65 100644
--- a/snowddl/blueprint/ident.py
+++ b/snowddl/blueprint/ident.py
@@ -71,7 +71,9 @@ def _validate_env_prefix(self, val):
                 )
 
         if val and not val.endswith(("__", "_", "$")):
-            raise ValueError(f"Env prefix [{val}] in identifier must end with valid separator like [__] double underscore, [_] single underscore or [$] dollar")
+            raise ValueError(
+                f"Env prefix [{val}] in identifier must end with valid separator like [__] double underscore, [_] single underscore or [$] dollar"
+            )
 
         return val.upper()
 
diff --git a/snowddl/config.py b/snowddl/config.py
index a0a58d4..084a3e7 100644
--- a/snowddl/config.py
+++ b/snowddl/config.py
@@ -136,7 +136,9 @@ def _init_env_prefix(self, env_prefix):
         if env_prefix:
             # Protects from code trying to use Config object and pass env prefix without separator at the end
             if not env_prefix.endswith(("__", "_", "$")):
-                raise ValueError(f"Env prefix [{env_prefix}] in identifier must end with valid separator like [__] double underscore, [_] single underscore or [$] dollar")
+                raise ValueError(
+                    f"Env prefix [{env_prefix}] in identifier must end with valid separator like [__] double underscore, [_] single underscore or [$] dollar"
+                )
 
             return env_prefix
 
diff --git a/snowddl/parser/account_policy.py b/snowddl/parser/account_policy.py
index 952c2d4..e7cf4f4 100644
--- a/snowddl/parser/account_policy.py
+++ b/snowddl/parser/account_policy.py
@@ -5,7 +5,7 @@
     NetworkPolicyBlueprint,
     NetworkPolicyReference,
     ObjectType,
-    SchemaObjectIdent
+    SchemaObjectIdent,
 )
 from snowddl.parser.abc_parser import AbstractParser, ParsedFile
 
diff --git a/snowddl/parser/authentication_policy.py b/snowddl/parser/authentication_policy.py
index aaf663e..433ac27 100644
--- a/snowddl/parser/authentication_policy.py
+++ b/snowddl/parser/authentication_policy.py
@@ -1,8 +1,4 @@
-from snowddl.blueprint import (
-    AuthenticationPolicyBlueprint,
-    Ident,
-    SchemaObjectIdent,
-)
+from snowddl.blueprint import AuthenticationPolicyBlueprint, SchemaObjectIdent
 from snowddl.parser.abc_parser import AbstractParser, ParsedFile
 
 
@@ -52,7 +48,9 @@
 
 class AuthenticationPolicyParser(AbstractParser):
     def load_blueprints(self):
-        self.parse_schema_object_files("authentication_policy", authentication_policy_json_schema, self.process_authentication_policy)
+        self.parse_schema_object_files(
+            "authentication_policy", authentication_policy_json_schema, self.process_authentication_policy
+        )
 
     def process_authentication_policy(self, f: ParsedFile):
         # As of Oct 2024, no easy way around hardcoding defaults
@@ -60,11 +58,17 @@ def process_authentication_policy(self, f: ParsedFile):
         # https://docs.snowflake.com/en/sql-reference/sql/create-authentication-policy
         bp = AuthenticationPolicyBlueprint(
             full_name=SchemaObjectIdent(self.env_prefix, f.database, f.schema, f.name),
-            authentication_methods=self.normalise_params_list(f.params.get("authentication_methods")) if f.params.get("authentication_methods") else ["ALL"],
-            mfa_authentication_methods=self.normalise_params_list(f.params.get("mfa_authentication_methods")) if f.params.get("mfa_authentication_methods") else ["PASSWORD", "SAML"],
+            authentication_methods=self.normalise_params_list(f.params.get("authentication_methods"))
+            if f.params.get("authentication_methods")
+            else ["ALL"],
+            mfa_authentication_methods=self.normalise_params_list(f.params.get("mfa_authentication_methods"))
+            if f.params.get("mfa_authentication_methods")
+            else ["PASSWORD", "SAML"],
             mfa_enrollment=f.params.get("mfa_enrollment").upper() if f.params.get("mfa_enrollment") else "OPTIONAL",
             client_types=self.normalise_params_list(f.params.get("client_types")) if f.params.get("client_types") else ["ALL"],
-            security_integrations=self.normalise_params_list(f.params.get("security_integrations")) if f.params.get("security_integrations") else ["ALL"],
+            security_integrations=self.normalise_params_list(f.params.get("security_integrations"))
+            if f.params.get("security_integrations")
+            else ["ALL"],
             comment=f.params.get("comment"),
         )
 
diff --git a/snowddl/parser/user.py b/snowddl/parser/user.py
index 666ecdd..bb86c1e 100644
--- a/snowddl/parser/user.py
+++ b/snowddl/parser/user.py
@@ -9,7 +9,6 @@
     SchemaObjectIdent,
     build_role_ident,
     build_default_namespace_ident,
-    build_schema_object_ident,
 )
 from snowddl.parser.abc_parser import AbstractParser, ParsedFile
 from snowddl.parser.business_role import business_role_json_schema
diff --git a/snowddl/resolver/authentication_policy.py b/snowddl/resolver/authentication_policy.py
index 920e800..aef4040 100644
--- a/snowddl/resolver/authentication_policy.py
+++ b/snowddl/resolver/authentication_policy.py
@@ -71,35 +71,35 @@ def _create_policy(self, bp: AuthenticationPolicyBlueprint):
             "AUTHENTICATION_METHODS = ({authentication_methods})",
             {
                 "authentication_methods": bp.authentication_methods,
-            }
+            },
         )
 
         query.append_nl(
             "MFA_AUTHENTICATION_METHODS = ({mfa_authentication_methods})",
             {
                 "mfa_authentication_methods": bp.mfa_authentication_methods,
-            }
+            },
         )
 
         query.append_nl(
             "MFA_ENROLLMENT = {mfa_enrollment}",
             {
                 "mfa_enrollment": bp.mfa_enrollment,
-            }
+            },
         )
 
         query.append_nl(
             "CLIENT_TYPES = ({client_types})",
             {
                 "client_types": bp.client_types,
-            }
+            },
         )
 
         query.append_nl(
             "SECURITY_INTEGRATIONS = ({security_integrations})",
             {
                 "security_integrations": bp.security_integrations,
-            }
+            },
         )
 
         query.append_nl(
@@ -246,7 +246,8 @@ def _apply_policy_refs(self, bp: AuthenticationPolicyBlueprint, skip_existing=Fa
                     self.engine.execute_unsafe_ddl(
                         "-- Previous policy must be removed before setting a new policy\n"
                         "ALTER ACCOUNT UNSET AUTHENTICATION POLICY",
-                        condition=self.engine.settings.execute_authentication_policy and self.engine.settings.execute_account_level_policy,
+                        condition=self.engine.settings.execute_authentication_policy
+                        and self.engine.settings.execute_account_level_policy,
                     )
 
                 self.engine.execute_unsafe_ddl(
@@ -254,7 +255,8 @@ def _apply_policy_refs(self, bp: AuthenticationPolicyBlueprint, skip_existing=Fa
                     {
                         "policy_name": bp.full_name,
                     },
-                    condition=self.engine.settings.execute_authentication_policy and self.engine.settings.execute_account_level_policy,
+                    condition=self.engine.settings.execute_authentication_policy
+                    and self.engine.settings.execute_account_level_policy,
                 )
             else:
                 # Apply new policy for USER (and other object types in future?)
@@ -287,7 +289,8 @@ def _apply_policy_refs(self, bp: AuthenticationPolicyBlueprint, skip_existing=Fa
             if existing_ref["object_type"] == ObjectType.ACCOUNT.name:
                 self.engine.execute_unsafe_ddl(
                     "ALTER ACCOUNT UNSET AUTHENTICATION POLICY",
-                    condition=self.engine.settings.execute_authentication_policy and self.engine.settings.execute_account_level_policy,
+                    condition=self.engine.settings.execute_authentication_policy
+                    and self.engine.settings.execute_account_level_policy,
                 )
             else:
                 self.engine.execute_unsafe_ddl(
@@ -310,7 +313,8 @@ def _drop_policy_refs(self, policy_name: SchemaObjectIdent):
             if existing_ref["object_type"] == ObjectType.ACCOUNT.name:
                 self.engine.execute_unsafe_ddl(
                     "ALTER ACCOUNT UNSET AUTHENTICATION POLICY",
-                    condition=self.engine.settings.execute_authentication_policy and self.engine.settings.execute_account_level_policy,
+                    condition=self.engine.settings.execute_authentication_policy
+                    and self.engine.settings.execute_account_level_policy,
                 )
             else:
                 self.engine.execute_unsafe_ddl(
diff --git a/snowddl/version.py b/snowddl/version.py
index 571d8cc..eab0e9c 100644
--- a/snowddl/version.py
+++ b/snowddl/version.py
@@ -1 +1 @@
-__version__ = "0.33.0"
+__version__ = "0.34.0"