Docs Home
Databricks v1.75.0 published on Thursday, Sep 11, 2025 by Pulumi
databricks.getServicePrincipalFederationPolicies
Explore with Pulumi AI
This data source can be used to fetch the list of federation policies for a service principal.
Note This data source can only be used with an account-level provider!
Example Usage
Getting a list of all service principal federation policies:
import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";
const all = databricks.getServicePrincipalFederationPolicies({
servicePrincipalId: 1234,
});
import pulumi
import pulumi_databricks as databricks
all = databricks.get_service_principal_federation_policies(service_principal_id=1234)
package main
import (
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := databricks.GetServicePrincipalFederationPolicies(ctx, &databricks.GetServicePrincipalFederationPoliciesArgs{
ServicePrincipalId: 1234,
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;
return await Deployment.RunAsync(() =>
{
var all = Databricks.GetServicePrincipalFederationPolicies.Invoke(new()
{
ServicePrincipalId = 1234,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.DatabricksFunctions;
import com.pulumi.databricks.inputs.GetServicePrincipalFederationPoliciesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var all = DatabricksFunctions.getServicePrincipalFederationPolicies(GetServicePrincipalFederationPoliciesArgs.builder()
.servicePrincipalId(1234)
.build());
}
}
variables:
all:
fn::invoke:
function: databricks:getServicePrincipalFederationPolicies
arguments:
servicePrincipalId: 1234
Using getServicePrincipalFederationPolicies
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getServicePrincipalFederationPolicies(args: GetServicePrincipalFederationPoliciesArgs, opts?: InvokeOptions): Promise<GetServicePrincipalFederationPoliciesResult>
function getServicePrincipalFederationPoliciesOutput(args: GetServicePrincipalFederationPoliciesOutputArgs, opts?: InvokeOptions): Output<GetServicePrincipalFederationPoliciesResult>def get_service_principal_federation_policies(service_principal_id: Optional[int] = None,
opts: Optional[InvokeOptions] = None) -> GetServicePrincipalFederationPoliciesResult
def get_service_principal_federation_policies_output(service_principal_id: Optional[pulumi.Input[int]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetServicePrincipalFederationPoliciesResult]func GetServicePrincipalFederationPolicies(ctx *Context, args *GetServicePrincipalFederationPoliciesArgs, opts ...InvokeOption) (*GetServicePrincipalFederationPoliciesResult, error)
func GetServicePrincipalFederationPoliciesOutput(ctx *Context, args *GetServicePrincipalFederationPoliciesOutputArgs, opts ...InvokeOption) GetServicePrincipalFederationPoliciesResultOutput> Note: This function is named GetServicePrincipalFederationPolicies in the Go SDK.
public static class GetServicePrincipalFederationPolicies
{
public static Task<GetServicePrincipalFederationPoliciesResult> InvokeAsync(GetServicePrincipalFederationPoliciesArgs args, InvokeOptions? opts = null)
public static Output<GetServicePrincipalFederationPoliciesResult> Invoke(GetServicePrincipalFederationPoliciesInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetServicePrincipalFederationPoliciesResult> getServicePrincipalFederationPolicies(GetServicePrincipalFederationPoliciesArgs args, InvokeOptions options)
public static Output<GetServicePrincipalFederationPoliciesResult> getServicePrincipalFederationPolicies(GetServicePrincipalFederationPoliciesArgs args, InvokeOptions options)
fn::invoke:
function: databricks:index/getServicePrincipalFederationPolicies:getServicePrincipalFederationPolicies
arguments:
# arguments dictionaryThe following arguments are supported:
- Service
Principal intId - The service principal id for the federation policy
- Service
Principal intId - The service principal id for the federation policy
- service
Principal IntegerId - The service principal id for the federation policy
- service
Principal numberId - The service principal id for the federation policy
- service_
principal_ intid - The service principal id for the federation policy
- service
Principal NumberId - The service principal id for the federation policy
getServicePrincipalFederationPolicies Result
The following output properties are available:
- Id string
- The provider-assigned unique ID for this managed resource.
- Policies
List<Get
Service Principal Federation Policies Policy> - Service
Principal intId - (integer) - The service principal ID that this federation policy applies to. Only set for service principal federation policies
- Id string
- The provider-assigned unique ID for this managed resource.
- Policies
[]Get
Service Principal Federation Policies Policy - Service
Principal intId - (integer) - The service principal ID that this federation policy applies to. Only set for service principal federation policies
- id String
- The provider-assigned unique ID for this managed resource.
- policies
List<Get
Service Principal Federation Policies Policy> - service
Principal IntegerId - (integer) - The service principal ID that this federation policy applies to. Only set for service principal federation policies
- id string
- The provider-assigned unique ID for this managed resource.
- policies
Get
Service Principal Federation Policies Policy[] - service
Principal numberId - (integer) - The service principal ID that this federation policy applies to. Only set for service principal federation policies
- id str
- The provider-assigned unique ID for this managed resource.
- policies
Sequence[Get
Service Principal Federation Policies Policy] - service_
principal_ intid - (integer) - The service principal ID that this federation policy applies to. Only set for service principal federation policies
- id String
- The provider-assigned unique ID for this managed resource.
- policies List<Property Map>
- service
Principal NumberId - (integer) - The service principal ID that this federation policy applies to. Only set for service principal federation policies
Supporting Types
GetServicePrincipalFederationPoliciesPolicy
- Create
Time string - (string) - Creation time of the federation policy
- Name string
- (string) - Resource name for the federation policy. Example values include
accounts/<account-id>/federationPolicies/my-federation-policyfor Account Federation Policies, andaccounts/<account-id>/servicePrincipals/<service-principal-id>/federationPolicies/my-federation-policyfor Service Principal Federation Policies. Typically an output parameter, which does not need to be specified in create or update requests. If specified in a request, must match the value in the request URL - Policy
Id string - (string) - The ID of the federation policy
- Service
Principal intId - The service principal id for the federation policy
- Uid string
- (string) - Unique, immutable id of the federation policy
- Update
Time string - (string) - Last update time of the federation policy
- Description string
- (string) - Description of the federation policy
- Oidc
Policy GetService Principal Federation Policies Policy Oidc Policy - (OidcFederationPolicy)
- Create
Time string - (string) - Creation time of the federation policy
- Name string
- (string) - Resource name for the federation policy. Example values include
accounts/<account-id>/federationPolicies/my-federation-policyfor Account Federation Policies, andaccounts/<account-id>/servicePrincipals/<service-principal-id>/federationPolicies/my-federation-policyfor Service Principal Federation Policies. Typically an output parameter, which does not need to be specified in create or update requests. If specified in a request, must match the value in the request URL - Policy
Id string - (string) - The ID of the federation policy
- Service
Principal intId - The service principal id for the federation policy
- Uid string
- (string) - Unique, immutable id of the federation policy
- Update
Time string - (string) - Last update time of the federation policy
- Description string
- (string) - Description of the federation policy
- Oidc
Policy GetService Principal Federation Policies Policy Oidc Policy - (OidcFederationPolicy)
- create
Time String - (string) - Creation time of the federation policy
- name String
- (string) - Resource name for the federation policy. Example values include
accounts/<account-id>/federationPolicies/my-federation-policyfor Account Federation Policies, andaccounts/<account-id>/servicePrincipals/<service-principal-id>/federationPolicies/my-federation-policyfor Service Principal Federation Policies. Typically an output parameter, which does not need to be specified in create or update requests. If specified in a request, must match the value in the request URL - policy
Id String - (string) - The ID of the federation policy
- service
Principal IntegerId - The service principal id for the federation policy
- uid String
- (string) - Unique, immutable id of the federation policy
- update
Time String - (string) - Last update time of the federation policy
- description String
- (string) - Description of the federation policy
- oidc
Policy GetService Principal Federation Policies Policy Oidc Policy - (OidcFederationPolicy)
- create
Time string - (string) - Creation time of the federation policy
- name string
- (string) - Resource name for the federation policy. Example values include
accounts/<account-id>/federationPolicies/my-federation-policyfor Account Federation Policies, andaccounts/<account-id>/servicePrincipals/<service-principal-id>/federationPolicies/my-federation-policyfor Service Principal Federation Policies. Typically an output parameter, which does not need to be specified in create or update requests. If specified in a request, must match the value in the request URL - policy
Id string - (string) - The ID of the federation policy
- service
Principal numberId - The service principal id for the federation policy
- uid string
- (string) - Unique, immutable id of the federation policy
- update
Time string - (string) - Last update time of the federation policy
- description string
- (string) - Description of the federation policy
- oidc
Policy GetService Principal Federation Policies Policy Oidc Policy - (OidcFederationPolicy)
- create_
time str - (string) - Creation time of the federation policy
- name str
- (string) - Resource name for the federation policy. Example values include
accounts/<account-id>/federationPolicies/my-federation-policyfor Account Federation Policies, andaccounts/<account-id>/servicePrincipals/<service-principal-id>/federationPolicies/my-federation-policyfor Service Principal Federation Policies. Typically an output parameter, which does not need to be specified in create or update requests. If specified in a request, must match the value in the request URL - policy_
id str - (string) - The ID of the federation policy
- service_
principal_ intid - The service principal id for the federation policy
- uid str
- (string) - Unique, immutable id of the federation policy
- update_
time str - (string) - Last update time of the federation policy
- description str
- (string) - Description of the federation policy
- oidc_
policy GetService Principal Federation Policies Policy Oidc Policy - (OidcFederationPolicy)
- create
Time String - (string) - Creation time of the federation policy
- name String
- (string) - Resource name for the federation policy. Example values include
accounts/<account-id>/federationPolicies/my-federation-policyfor Account Federation Policies, andaccounts/<account-id>/servicePrincipals/<service-principal-id>/federationPolicies/my-federation-policyfor Service Principal Federation Policies. Typically an output parameter, which does not need to be specified in create or update requests. If specified in a request, must match the value in the request URL - policy
Id String - (string) - The ID of the federation policy
- service
Principal NumberId - The service principal id for the federation policy
- uid String
- (string) - Unique, immutable id of the federation policy
- update
Time String - (string) - Last update time of the federation policy
- description String
- (string) - Description of the federation policy
- oidc
Policy Property Map - (OidcFederationPolicy)
GetServicePrincipalFederationPoliciesPolicyOidcPolicy
- Audiences List<string>
- (list of string) - The allowed token audiences, as specified in the 'aud' claim of federated tokens. The audience identifier is intended to represent the recipient of the token. Can be any non-empty string value. As long as the audience in the token matches at least one audience in the policy, the token is considered a match. If audiences is unspecified, defaults to your Databricks account id
- Issuer string
- (string) - The required token issuer, as specified in the 'iss' claim of federated tokens
- Jwks
Json string - (string) - The public keys used to validate the signature of federated tokens, in JWKS format. Most use cases should not need to specify this field. If jwks_uri and jwks_json are both unspecified (recommended), Databricks automatically fetches the public keys from your issuer’s well known endpoint. Databricks strongly recommends relying on your issuer’s well known endpoint for discovering public keys
- Jwks
Uri string - (string) - URL of the public keys used to validate the signature of federated tokens, in JWKS format. Most use cases should not need to specify this field. If jwks_uri and jwks_json are both unspecified (recommended), Databricks automatically fetches the public keys from your issuer’s well known endpoint. Databricks strongly recommends relying on your issuer’s well known endpoint for discovering public keys
- Subject string
- (string) - The required token subject, as specified in the subject claim of federated tokens. Must be specified for service principal federation policies. Must not be specified for account federation policies
- Subject
Claim string - (string) - The claim that contains the subject of the token. If unspecified, the default value is 'sub'
- Audiences []string
- (list of string) - The allowed token audiences, as specified in the 'aud' claim of federated tokens. The audience identifier is intended to represent the recipient of the token. Can be any non-empty string value. As long as the audience in the token matches at least one audience in the policy, the token is considered a match. If audiences is unspecified, defaults to your Databricks account id
- Issuer string
- (string) - The required token issuer, as specified in the 'iss' claim of federated tokens
- Jwks
Json string - (string) - The public keys used to validate the signature of federated tokens, in JWKS format. Most use cases should not need to specify this field. If jwks_uri and jwks_json are both unspecified (recommended), Databricks automatically fetches the public keys from your issuer’s well known endpoint. Databricks strongly recommends relying on your issuer’s well known endpoint for discovering public keys
- Jwks
Uri string - (string) - URL of the public keys used to validate the signature of federated tokens, in JWKS format. Most use cases should not need to specify this field. If jwks_uri and jwks_json are both unspecified (recommended), Databricks automatically fetches the public keys from your issuer’s well known endpoint. Databricks strongly recommends relying on your issuer’s well known endpoint for discovering public keys
- Subject string
- (string) - The required token subject, as specified in the subject claim of federated tokens. Must be specified for service principal federation policies. Must not be specified for account federation policies
- Subject
Claim string - (string) - The claim that contains the subject of the token. If unspecified, the default value is 'sub'
- audiences List<String>
- (list of string) - The allowed token audiences, as specified in the 'aud' claim of federated tokens. The audience identifier is intended to represent the recipient of the token. Can be any non-empty string value. As long as the audience in the token matches at least one audience in the policy, the token is considered a match. If audiences is unspecified, defaults to your Databricks account id
- issuer String
- (string) - The required token issuer, as specified in the 'iss' claim of federated tokens
- jwks
Json String - (string) - The public keys used to validate the signature of federated tokens, in JWKS format. Most use cases should not need to specify this field. If jwks_uri and jwks_json are both unspecified (recommended), Databricks automatically fetches the public keys from your issuer’s well known endpoint. Databricks strongly recommends relying on your issuer’s well known endpoint for discovering public keys
- jwks
Uri String - (string) - URL of the public keys used to validate the signature of federated tokens, in JWKS format. Most use cases should not need to specify this field. If jwks_uri and jwks_json are both unspecified (recommended), Databricks automatically fetches the public keys from your issuer’s well known endpoint. Databricks strongly recommends relying on your issuer’s well known endpoint for discovering public keys
- subject String
- (string) - The required token subject, as specified in the subject claim of federated tokens. Must be specified for service principal federation policies. Must not be specified for account federation policies
- subject
Claim String - (string) - The claim that contains the subject of the token. If unspecified, the default value is 'sub'
- audiences string[]
- (list of string) - The allowed token audiences, as specified in the 'aud' claim of federated tokens. The audience identifier is intended to represent the recipient of the token. Can be any non-empty string value. As long as the audience in the token matches at least one audience in the policy, the token is considered a match. If audiences is unspecified, defaults to your Databricks account id
- issuer string
- (string) - The required token issuer, as specified in the 'iss' claim of federated tokens
- jwks
Json string - (string) - The public keys used to validate the signature of federated tokens, in JWKS format. Most use cases should not need to specify this field. If jwks_uri and jwks_json are both unspecified (recommended), Databricks automatically fetches the public keys from your issuer’s well known endpoint. Databricks strongly recommends relying on your issuer’s well known endpoint for discovering public keys
- jwks
Uri string - (string) - URL of the public keys used to validate the signature of federated tokens, in JWKS format. Most use cases should not need to specify this field. If jwks_uri and jwks_json are both unspecified (recommended), Databricks automatically fetches the public keys from your issuer’s well known endpoint. Databricks strongly recommends relying on your issuer’s well known endpoint for discovering public keys
- subject string
- (string) - The required token subject, as specified in the subject claim of federated tokens. Must be specified for service principal federation policies. Must not be specified for account federation policies
- subject
Claim string - (string) - The claim that contains the subject of the token. If unspecified, the default value is 'sub'
- audiences Sequence[str]
- (list of string) - The allowed token audiences, as specified in the 'aud' claim of federated tokens. The audience identifier is intended to represent the recipient of the token. Can be any non-empty string value. As long as the audience in the token matches at least one audience in the policy, the token is considered a match. If audiences is unspecified, defaults to your Databricks account id
- issuer str
- (string) - The required token issuer, as specified in the 'iss' claim of federated tokens
- jwks_
json str - (string) - The public keys used to validate the signature of federated tokens, in JWKS format. Most use cases should not need to specify this field. If jwks_uri and jwks_json are both unspecified (recommended), Databricks automatically fetches the public keys from your issuer’s well known endpoint. Databricks strongly recommends relying on your issuer’s well known endpoint for discovering public keys
- jwks_
uri str - (string) - URL of the public keys used to validate the signature of federated tokens, in JWKS format. Most use cases should not need to specify this field. If jwks_uri and jwks_json are both unspecified (recommended), Databricks automatically fetches the public keys from your issuer’s well known endpoint. Databricks strongly recommends relying on your issuer’s well known endpoint for discovering public keys
- subject str
- (string) - The required token subject, as specified in the subject claim of federated tokens. Must be specified for service principal federation policies. Must not be specified for account federation policies
- subject_
claim str - (string) - The claim that contains the subject of the token. If unspecified, the default value is 'sub'
- audiences List<String>
- (list of string) - The allowed token audiences, as specified in the 'aud' claim of federated tokens. The audience identifier is intended to represent the recipient of the token. Can be any non-empty string value. As long as the audience in the token matches at least one audience in the policy, the token is considered a match. If audiences is unspecified, defaults to your Databricks account id
- issuer String
- (string) - The required token issuer, as specified in the 'iss' claim of federated tokens
- jwks
Json String - (string) - The public keys used to validate the signature of federated tokens, in JWKS format. Most use cases should not need to specify this field. If jwks_uri and jwks_json are both unspecified (recommended), Databricks automatically fetches the public keys from your issuer’s well known endpoint. Databricks strongly recommends relying on your issuer’s well known endpoint for discovering public keys
- jwks
Uri String - (string) - URL of the public keys used to validate the signature of federated tokens, in JWKS format. Most use cases should not need to specify this field. If jwks_uri and jwks_json are both unspecified (recommended), Databricks automatically fetches the public keys from your issuer’s well known endpoint. Databricks strongly recommends relying on your issuer’s well known endpoint for discovering public keys
- subject String
- (string) - The required token subject, as specified in the subject claim of federated tokens. Must be specified for service principal federation policies. Must not be specified for account federation policies
- subject
Claim String - (string) - The claim that contains the subject of the token. If unspecified, the default value is 'sub'
Package Details
- Repository
- databricks pulumi/pulumi-databricks
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
databricksTerraform Provider.