Docs
PackagesSnowflake v0.55.0 published on Friday, Jun 7, 2024 by Pulumi
snowflake.ExternalOauthIntegration
Explore with Pulumi AI
An External OAuth security integration allows a client to use a third-party authorization server to obtain the access tokens needed to interact with Snowflake.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as snowflake from "@pulumi/snowflake";
const azure = new snowflake.ExternalOauthIntegration("azure", {
name: "AZURE_POWERBI",
type: "AZURE",
enabled: true,
issuer: "https://sts.windows.net/00000000-0000-0000-0000-000000000000",
snowflakeUserMappingAttribute: "LOGIN_NAME",
jwsKeysUrls: ["https://login.windows.net/common/discovery/keys"],
audienceUrls: ["https://analysis.windows.net/powerbi/connector/Snowflake"],
tokenUserMappingClaims: ["upn"],
});
import pulumi
import pulumi_snowflake as snowflake
azure = snowflake.ExternalOauthIntegration("azure",
name="AZURE_POWERBI",
type="AZURE",
enabled=True,
issuer="https://sts.windows.net/00000000-0000-0000-0000-000000000000",
snowflake_user_mapping_attribute="LOGIN_NAME",
jws_keys_urls=["https://login.windows.net/common/discovery/keys"],
audience_urls=["https://analysis.windows.net/powerbi/connector/Snowflake"],
token_user_mapping_claims=["upn"])
package main
import (
"github.com/pulumi/pulumi-snowflake/sdk/go/snowflake"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := snowflake.NewExternalOauthIntegration(ctx, "azure", &snowflake.ExternalOauthIntegrationArgs{
Name: pulumi.String("AZURE_POWERBI"),
Type: pulumi.String("AZURE"),
Enabled: pulumi.Bool(true),
Issuer: pulumi.String("https://sts.windows.net/00000000-0000-0000-0000-000000000000"),
SnowflakeUserMappingAttribute: pulumi.String("LOGIN_NAME"),
JwsKeysUrls: pulumi.StringArray{
pulumi.String("https://login.windows.net/common/discovery/keys"),
},
AudienceUrls: pulumi.StringArray{
pulumi.String("https://analysis.windows.net/powerbi/connector/Snowflake"),
},
TokenUserMappingClaims: pulumi.StringArray{
pulumi.String("upn"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Snowflake = Pulumi.Snowflake;
return await Deployment.RunAsync(() =>
{
var azure = new Snowflake.ExternalOauthIntegration("azure", new()
{
Name = "AZURE_POWERBI",
Type = "AZURE",
Enabled = true,
Issuer = "https://sts.windows.net/00000000-0000-0000-0000-000000000000",
SnowflakeUserMappingAttribute = "LOGIN_NAME",
JwsKeysUrls = new[]
{
"https://login.windows.net/common/discovery/keys",
},
AudienceUrls = new[]
{
"https://analysis.windows.net/powerbi/connector/Snowflake",
},
TokenUserMappingClaims = new[]
{
"upn",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.snowflake.ExternalOauthIntegration;
import com.pulumi.snowflake.ExternalOauthIntegrationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var azure = new ExternalOauthIntegration("azure", ExternalOauthIntegrationArgs.builder()
.name("AZURE_POWERBI")
.type("AZURE")
.enabled(true)
.issuer("https://sts.windows.net/00000000-0000-0000-0000-000000000000")
.snowflakeUserMappingAttribute("LOGIN_NAME")
.jwsKeysUrls("https://login.windows.net/common/discovery/keys")
.audienceUrls("https://analysis.windows.net/powerbi/connector/Snowflake")
.tokenUserMappingClaims("upn")
.build());
}
}
resources:
azure:
type: snowflake:ExternalOauthIntegration
properties:
name: AZURE_POWERBI
type: AZURE
enabled: true
issuer: https://sts.windows.net/00000000-0000-0000-0000-000000000000
snowflakeUserMappingAttribute: LOGIN_NAME
jwsKeysUrls:
- https://login.windows.net/common/discovery/keys
audienceUrls:
- https://analysis.windows.net/powerbi/connector/Snowflake
tokenUserMappingClaims:
- upn
Create ExternalOauthIntegration Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ExternalOauthIntegration(name: string, args: ExternalOauthIntegrationArgs, opts?: CustomResourceOptions);@overload
def ExternalOauthIntegration(resource_name: str,
args: ExternalOauthIntegrationArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ExternalOauthIntegration(resource_name: str,
opts: Optional[ResourceOptions] = None,
enabled: Optional[bool] = None,
type: Optional[str] = None,
token_user_mapping_claims: Optional[Sequence[str]] = None,
snowflake_user_mapping_attribute: Optional[str] = None,
issuer: Optional[str] = None,
name: Optional[str] = None,
comment: Optional[str] = None,
jws_keys_urls: Optional[Sequence[str]] = None,
allowed_roles: Optional[Sequence[str]] = None,
rsa_public_key: Optional[str] = None,
rsa_public_key2: Optional[str] = None,
scope_delimiter: Optional[str] = None,
scope_mapping_attribute: Optional[str] = None,
blocked_roles: Optional[Sequence[str]] = None,
audience_urls: Optional[Sequence[str]] = None,
any_role_mode: Optional[str] = None)func NewExternalOauthIntegration(ctx *Context, name string, args ExternalOauthIntegrationArgs, opts ...ResourceOption) (*ExternalOauthIntegration, error)public ExternalOauthIntegration(string name, ExternalOauthIntegrationArgs args, CustomResourceOptions? opts = null)
public ExternalOauthIntegration(String name, ExternalOauthIntegrationArgs args)
public ExternalOauthIntegration(String name, ExternalOauthIntegrationArgs args, CustomResourceOptions options)
type: snowflake:ExternalOauthIntegration
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ExternalOauthIntegrationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ExternalOauthIntegrationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ExternalOauthIntegrationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ExternalOauthIntegrationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ExternalOauthIntegrationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var externalOauthIntegrationResource = new Snowflake.ExternalOauthIntegration("externalOauthIntegrationResource", new()
{
Enabled = false,
Type = "string",
TokenUserMappingClaims = new[]
{
"string",
},
SnowflakeUserMappingAttribute = "string",
Issuer = "string",
Name = "string",
Comment = "string",
JwsKeysUrls = new[]
{
"string",
},
AllowedRoles = new[]
{
"string",
},
RsaPublicKey = "string",
RsaPublicKey2 = "string",
ScopeDelimiter = "string",
ScopeMappingAttribute = "string",
BlockedRoles = new[]
{
"string",
},
AudienceUrls = new[]
{
"string",
},
AnyRoleMode = "string",
});
example, err := snowflake.NewExternalOauthIntegration(ctx, "externalOauthIntegrationResource", &snowflake.ExternalOauthIntegrationArgs{
Enabled: pulumi.Bool(false),
Type: pulumi.String("string"),
TokenUserMappingClaims: pulumi.StringArray{
pulumi.String("string"),
},
SnowflakeUserMappingAttribute: pulumi.String("string"),
Issuer: pulumi.String("string"),
Name: pulumi.String("string"),
Comment: pulumi.String("string"),
JwsKeysUrls: pulumi.StringArray{
pulumi.String("string"),
},
AllowedRoles: pulumi.StringArray{
pulumi.String("string"),
},
RsaPublicKey: pulumi.String("string"),
RsaPublicKey2: pulumi.String("string"),
ScopeDelimiter: pulumi.String("string"),
ScopeMappingAttribute: pulumi.String("string"),
BlockedRoles: pulumi.StringArray{
pulumi.String("string"),
},
AudienceUrls: pulumi.StringArray{
pulumi.String("string"),
},
AnyRoleMode: pulumi.String("string"),
})
var externalOauthIntegrationResource = new ExternalOauthIntegration("externalOauthIntegrationResource", ExternalOauthIntegrationArgs.builder()
.enabled(false)
.type("string")
.tokenUserMappingClaims("string")
.snowflakeUserMappingAttribute("string")
.issuer("string")
.name("string")
.comment("string")
.jwsKeysUrls("string")
.allowedRoles("string")
.rsaPublicKey("string")
.rsaPublicKey2("string")
.scopeDelimiter("string")
.scopeMappingAttribute("string")
.blockedRoles("string")
.audienceUrls("string")
.anyRoleMode("string")
.build());
external_oauth_integration_resource = snowflake.ExternalOauthIntegration("externalOauthIntegrationResource",
enabled=False,
type="string",
token_user_mapping_claims=["string"],
snowflake_user_mapping_attribute="string",
issuer="string",
name="string",
comment="string",
jws_keys_urls=["string"],
allowed_roles=["string"],
rsa_public_key="string",
rsa_public_key2="string",
scope_delimiter="string",
scope_mapping_attribute="string",
blocked_roles=["string"],
audience_urls=["string"],
any_role_mode="string")
const externalOauthIntegrationResource = new snowflake.ExternalOauthIntegration("externalOauthIntegrationResource", {
enabled: false,
type: "string",
tokenUserMappingClaims: ["string"],
snowflakeUserMappingAttribute: "string",
issuer: "string",
name: "string",
comment: "string",
jwsKeysUrls: ["string"],
allowedRoles: ["string"],
rsaPublicKey: "string",
rsaPublicKey2: "string",
scopeDelimiter: "string",
scopeMappingAttribute: "string",
blockedRoles: ["string"],
audienceUrls: ["string"],
anyRoleMode: "string",
});
type: snowflake:ExternalOauthIntegration
properties:
allowedRoles:
- string
anyRoleMode: string
audienceUrls:
- string
blockedRoles:
- string
comment: string
enabled: false
issuer: string
jwsKeysUrls:
- string
name: string
rsaPublicKey: string
rsaPublicKey2: string
scopeDelimiter: string
scopeMappingAttribute: string
snowflakeUserMappingAttribute: string
tokenUserMappingClaims:
- string
type: string
ExternalOauthIntegration Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The ExternalOauthIntegration resource accepts the following input properties:
- Enabled bool
- Specifies whether to initiate operation of the integration or suspend it.
- Issuer string
- Specifies the URL to define the OAuth 2.0 authorization server.
- Snowflake
User stringMapping Attribute - Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
- Token
User List<string>Mapping Claims - Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
- Type string
- Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
- Allowed
Roles List<string> - Specifies the list of roles that the client can set as the primary role.
- Any
Role stringMode - Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
- Audience
Urls List<string> - Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- Blocked
Roles List<string> - Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
- Comment string
- Specifies a comment for the OAuth integration.
- Jws
Keys List<string>Urls - Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
- Name string
- Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- Rsa
Public stringKey - Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
- Rsa
Public stringKey2 - Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
- Scope
Delimiter string - Specifies the scope delimiter in the authorization token.
- Scope
Mapping stringAttribute - Specifies the access token claim to map the access token to an account role.
- Enabled bool
- Specifies whether to initiate operation of the integration or suspend it.
- Issuer string
- Specifies the URL to define the OAuth 2.0 authorization server.
- Snowflake
User stringMapping Attribute - Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
- Token
User []stringMapping Claims - Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
- Type string
- Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
- Allowed
Roles []string - Specifies the list of roles that the client can set as the primary role.
- Any
Role stringMode - Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
- Audience
Urls []string - Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- Blocked
Roles []string - Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
- Comment string
- Specifies a comment for the OAuth integration.
- Jws
Keys []stringUrls - Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
- Name string
- Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- Rsa
Public stringKey - Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
- Rsa
Public stringKey2 - Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
- Scope
Delimiter string - Specifies the scope delimiter in the authorization token.
- Scope
Mapping stringAttribute - Specifies the access token claim to map the access token to an account role.
- enabled Boolean
- Specifies whether to initiate operation of the integration or suspend it.
- issuer String
- Specifies the URL to define the OAuth 2.0 authorization server.
- snowflake
User StringMapping Attribute - Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
- token
User List<String>Mapping Claims - Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
- type String
- Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
- allowed
Roles List<String> - Specifies the list of roles that the client can set as the primary role.
- any
Role StringMode - Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
- audience
Urls List<String> - Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- blocked
Roles List<String> - Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
- comment String
- Specifies a comment for the OAuth integration.
- jws
Keys List<String>Urls - Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
- name String
- Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- rsa
Public StringKey - Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
- rsa
Public StringKey2 - Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
- scope
Delimiter String - Specifies the scope delimiter in the authorization token.
- scope
Mapping StringAttribute - Specifies the access token claim to map the access token to an account role.
- enabled boolean
- Specifies whether to initiate operation of the integration or suspend it.
- issuer string
- Specifies the URL to define the OAuth 2.0 authorization server.
- snowflake
User stringMapping Attribute - Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
- token
User string[]Mapping Claims - Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
- type string
- Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
- allowed
Roles string[] - Specifies the list of roles that the client can set as the primary role.
- any
Role stringMode - Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
- audience
Urls string[] - Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- blocked
Roles string[] - Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
- comment string
- Specifies a comment for the OAuth integration.
- jws
Keys string[]Urls - Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
- name string
- Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- rsa
Public stringKey - Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
- rsa
Public stringKey2 - Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
- scope
Delimiter string - Specifies the scope delimiter in the authorization token.
- scope
Mapping stringAttribute - Specifies the access token claim to map the access token to an account role.
- enabled bool
- Specifies whether to initiate operation of the integration or suspend it.
- issuer str
- Specifies the URL to define the OAuth 2.0 authorization server.
- snowflake_
user_ strmapping_ attribute - Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
- token_
user_ Sequence[str]mapping_ claims - Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
- type str
- Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
- allowed_
roles Sequence[str] - Specifies the list of roles that the client can set as the primary role.
- any_
role_ strmode - Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
- audience_
urls Sequence[str] - Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- blocked_
roles Sequence[str] - Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
- comment str
- Specifies a comment for the OAuth integration.
- jws_
keys_ Sequence[str]urls - Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
- name str
- Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- rsa_
public_ strkey - Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
- rsa_
public_ strkey2 - Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
- scope_
delimiter str - Specifies the scope delimiter in the authorization token.
- scope_
mapping_ strattribute - Specifies the access token claim to map the access token to an account role.
- enabled Boolean
- Specifies whether to initiate operation of the integration or suspend it.
- issuer String
- Specifies the URL to define the OAuth 2.0 authorization server.
- snowflake
User StringMapping Attribute - Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
- token
User List<String>Mapping Claims - Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
- type String
- Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
- allowed
Roles List<String> - Specifies the list of roles that the client can set as the primary role.
- any
Role StringMode - Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
- audience
Urls List<String> - Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- blocked
Roles List<String> - Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
- comment String
- Specifies a comment for the OAuth integration.
- jws
Keys List<String>Urls - Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
- name String
- Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- rsa
Public StringKey - Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
- rsa
Public StringKey2 - Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
- scope
Delimiter String - Specifies the scope delimiter in the authorization token.
- scope
Mapping StringAttribute - Specifies the access token claim to map the access token to an account role.
Outputs
All input properties are implicitly available as output properties. Additionally, the ExternalOauthIntegration resource produces the following output properties:
- created_
on str - Date and time when the External OAUTH integration was created.
- id str
- The provider-assigned unique ID for this managed resource.
Look up Existing ExternalOauthIntegration Resource
Get an existing ExternalOauthIntegration resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ExternalOauthIntegrationState, opts?: CustomResourceOptions): ExternalOauthIntegration@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
allowed_roles: Optional[Sequence[str]] = None,
any_role_mode: Optional[str] = None,
audience_urls: Optional[Sequence[str]] = None,
blocked_roles: Optional[Sequence[str]] = None,
comment: Optional[str] = None,
created_on: Optional[str] = None,
enabled: Optional[bool] = None,
issuer: Optional[str] = None,
jws_keys_urls: Optional[Sequence[str]] = None,
name: Optional[str] = None,
rsa_public_key: Optional[str] = None,
rsa_public_key2: Optional[str] = None,
scope_delimiter: Optional[str] = None,
scope_mapping_attribute: Optional[str] = None,
snowflake_user_mapping_attribute: Optional[str] = None,
token_user_mapping_claims: Optional[Sequence[str]] = None,
type: Optional[str] = None) -> ExternalOauthIntegrationfunc GetExternalOauthIntegration(ctx *Context, name string, id IDInput, state *ExternalOauthIntegrationState, opts ...ResourceOption) (*ExternalOauthIntegration, error)public static ExternalOauthIntegration Get(string name, Input<string> id, ExternalOauthIntegrationState? state, CustomResourceOptions? opts = null)public static ExternalOauthIntegration get(String name, Output<String> id, ExternalOauthIntegrationState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Allowed
Roles List<string> - Specifies the list of roles that the client can set as the primary role.
- Any
Role stringMode - Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
- Audience
Urls List<string> - Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- Blocked
Roles List<string> - Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
- Comment string
- Specifies a comment for the OAuth integration.
- Created
On string - Date and time when the External OAUTH integration was created.
- Enabled bool
- Specifies whether to initiate operation of the integration or suspend it.
- Issuer string
- Specifies the URL to define the OAuth 2.0 authorization server.
- Jws
Keys List<string>Urls - Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
- Name string
- Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- Rsa
Public stringKey - Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
- Rsa
Public stringKey2 - Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
- Scope
Delimiter string - Specifies the scope delimiter in the authorization token.
- Scope
Mapping stringAttribute - Specifies the access token claim to map the access token to an account role.
- Snowflake
User stringMapping Attribute - Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
- Token
User List<string>Mapping Claims - Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
- Type string
- Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
- Allowed
Roles []string - Specifies the list of roles that the client can set as the primary role.
- Any
Role stringMode - Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
- Audience
Urls []string - Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- Blocked
Roles []string - Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
- Comment string
- Specifies a comment for the OAuth integration.
- Created
On string - Date and time when the External OAUTH integration was created.
- Enabled bool
- Specifies whether to initiate operation of the integration or suspend it.
- Issuer string
- Specifies the URL to define the OAuth 2.0 authorization server.
- Jws
Keys []stringUrls - Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
- Name string
- Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- Rsa
Public stringKey - Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
- Rsa
Public stringKey2 - Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
- Scope
Delimiter string - Specifies the scope delimiter in the authorization token.
- Scope
Mapping stringAttribute - Specifies the access token claim to map the access token to an account role.
- Snowflake
User stringMapping Attribute - Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
- Token
User []stringMapping Claims - Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
- Type string
- Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
- allowed
Roles List<String> - Specifies the list of roles that the client can set as the primary role.
- any
Role StringMode - Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
- audience
Urls List<String> - Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- blocked
Roles List<String> - Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
- comment String
- Specifies a comment for the OAuth integration.
- created
On String - Date and time when the External OAUTH integration was created.
- enabled Boolean
- Specifies whether to initiate operation of the integration or suspend it.
- issuer String
- Specifies the URL to define the OAuth 2.0 authorization server.
- jws
Keys List<String>Urls - Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
- name String
- Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- rsa
Public StringKey - Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
- rsa
Public StringKey2 - Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
- scope
Delimiter String - Specifies the scope delimiter in the authorization token.
- scope
Mapping StringAttribute - Specifies the access token claim to map the access token to an account role.
- snowflake
User StringMapping Attribute - Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
- token
User List<String>Mapping Claims - Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
- type String
- Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
- allowed
Roles string[] - Specifies the list of roles that the client can set as the primary role.
- any
Role stringMode - Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
- audience
Urls string[] - Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- blocked
Roles string[] - Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
- comment string
- Specifies a comment for the OAuth integration.
- created
On string - Date and time when the External OAUTH integration was created.
- enabled boolean
- Specifies whether to initiate operation of the integration or suspend it.
- issuer string
- Specifies the URL to define the OAuth 2.0 authorization server.
- jws
Keys string[]Urls - Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
- name string
- Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- rsa
Public stringKey - Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
- rsa
Public stringKey2 - Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
- scope
Delimiter string - Specifies the scope delimiter in the authorization token.
- scope
Mapping stringAttribute - Specifies the access token claim to map the access token to an account role.
- snowflake
User stringMapping Attribute - Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
- token
User string[]Mapping Claims - Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
- type string
- Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
- allowed_
roles Sequence[str] - Specifies the list of roles that the client can set as the primary role.
- any_
role_ strmode - Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
- audience_
urls Sequence[str] - Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- blocked_
roles Sequence[str] - Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
- comment str
- Specifies a comment for the OAuth integration.
- created_
on str - Date and time when the External OAUTH integration was created.
- enabled bool
- Specifies whether to initiate operation of the integration or suspend it.
- issuer str
- Specifies the URL to define the OAuth 2.0 authorization server.
- jws_
keys_ Sequence[str]urls - Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
- name str
- Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- rsa_
public_ strkey - Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
- rsa_
public_ strkey2 - Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
- scope_
delimiter str - Specifies the scope delimiter in the authorization token.
- scope_
mapping_ strattribute - Specifies the access token claim to map the access token to an account role.
- snowflake_
user_ strmapping_ attribute - Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
- token_
user_ Sequence[str]mapping_ claims - Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
- type str
- Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
- allowed
Roles List<String> - Specifies the list of roles that the client can set as the primary role.
- any
Role StringMode - Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
- audience
Urls List<String> - Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- blocked
Roles List<String> - Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
- comment String
- Specifies a comment for the OAuth integration.
- created
On String - Date and time when the External OAUTH integration was created.
- enabled Boolean
- Specifies whether to initiate operation of the integration or suspend it.
- issuer String
- Specifies the URL to define the OAuth 2.0 authorization server.
- jws
Keys List<String>Urls - Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
- name String
- Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- rsa
Public StringKey - Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
- rsa
Public StringKey2 - Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
- scope
Delimiter String - Specifies the scope delimiter in the authorization token.
- scope
Mapping StringAttribute - Specifies the access token claim to map the access token to an account role.
- snowflake
User StringMapping Attribute - Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
- token
User List<String>Mapping Claims - Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
- type String
- Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
Import
$ pulumi import snowflake:index/externalOauthIntegration:ExternalOauthIntegration example name
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Snowflake pulumi/pulumi-snowflake
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
snowflakeTerraform Provider.