Databricks v1.71.0, Jun 9 25

Databricks v1.71.0 published on Monday, Jun 9, 2025 by Pulumi

databricks.RecipientFederationPolicy

Explore with Pulumi AI

Databricks v1.71.0 published on Monday, Jun 9, 2025 by Pulumi

pulumi/pulumi-databricks

Import

As of terraform v1.5, resources can be imported through configuration.

hcl

import {

id = name

to = databricks_recipient_federation_policy.this

}

If you are using an older version of terraform, you can import the resource using cli as follows:

$ pulumi import databricks:index/recipientFederationPolicy:RecipientFederationPolicy databricks_recipient_federation_policy name

Create RecipientFederationPolicy Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new RecipientFederationPolicy(name: string, args?: RecipientFederationPolicyArgs, opts?: CustomResourceOptions);

@overload
def RecipientFederationPolicy(resource_name: str,
                              args: Optional[RecipientFederationPolicyArgs] = None,
                              opts: Optional[ResourceOptions] = None)

@overload
def RecipientFederationPolicy(resource_name: str,
                              opts: Optional[ResourceOptions] = None,
                              comment: Optional[str] = None,
                              name: Optional[str] = None,
                              oidc_policy: Optional[RecipientFederationPolicyOidcPolicyArgs] = None)

func NewRecipientFederationPolicy(ctx *Context, name string, args *RecipientFederationPolicyArgs, opts ...ResourceOption) (*RecipientFederationPolicy, error)

public RecipientFederationPolicy(string name, RecipientFederationPolicyArgs? args = null, CustomResourceOptions? opts = null)

public RecipientFederationPolicy(String name, RecipientFederationPolicyArgs args)
public RecipientFederationPolicy(String name, RecipientFederationPolicyArgs args, CustomResourceOptions options)

type: databricks:RecipientFederationPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args RecipientFederationPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args RecipientFederationPolicyArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args RecipientFederationPolicyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args RecipientFederationPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args RecipientFederationPolicyArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var recipientFederationPolicyResource = new Databricks.RecipientFederationPolicy("recipientFederationPolicyResource", new()
{
    Comment = "string",
    Name = "string",
    OidcPolicy = new Databricks.Inputs.RecipientFederationPolicyOidcPolicyArgs
    {
        Issuer = "string",
        Subject = "string",
        SubjectClaim = "string",
        Audiences = new[]
        {
            "string",
        },
    },
});

example, err := databricks.NewRecipientFederationPolicy(ctx, "recipientFederationPolicyResource", &databricks.RecipientFederationPolicyArgs{
	Comment: pulumi.String("string"),
	Name:    pulumi.String("string"),
	OidcPolicy: &databricks.RecipientFederationPolicyOidcPolicyArgs{
		Issuer:       pulumi.String("string"),
		Subject:      pulumi.String("string"),
		SubjectClaim: pulumi.String("string"),
		Audiences: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
})

var recipientFederationPolicyResource = new RecipientFederationPolicy("recipientFederationPolicyResource", RecipientFederationPolicyArgs.builder()
    .comment("string")
    .name("string")
    .oidcPolicy(RecipientFederationPolicyOidcPolicyArgs.builder()
        .issuer("string")
        .subject("string")
        .subjectClaim("string")
        .audiences("string")
        .build())
    .build());

recipient_federation_policy_resource = databricks.RecipientFederationPolicy("recipientFederationPolicyResource",
    comment="string",
    name="string",
    oidc_policy={
        "issuer": "string",
        "subject": "string",
        "subject_claim": "string",
        "audiences": ["string"],
    })

const recipientFederationPolicyResource = new databricks.RecipientFederationPolicy("recipientFederationPolicyResource", {
    comment: "string",
    name: "string",
    oidcPolicy: {
        issuer: "string",
        subject: "string",
        subjectClaim: "string",
        audiences: ["string"],
    },
});

type: databricks:RecipientFederationPolicy
properties:
    comment: string
    name: string
    oidcPolicy:
        audiences:
            - string
        issuer: string
        subject: string
        subjectClaim: string

RecipientFederationPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The RecipientFederationPolicy resource accepts the following input properties:

Comment string: Description of the policy. This is a user-provided description
Name string: Name of the federation policy. A recipient can have multiple policies with different names. The name must contain only lowercase alphanumeric characters, numbers, and hyphens
OidcPolicy RecipientFederationPolicyOidcPolicy: Specifies the policy to use for validating OIDC claims in the federated tokens

Comment string: Description of the policy. This is a user-provided description
Name string: Name of the federation policy. A recipient can have multiple policies with different names. The name must contain only lowercase alphanumeric characters, numbers, and hyphens
OidcPolicy RecipientFederationPolicyOidcPolicyArgs: Specifies the policy to use for validating OIDC claims in the federated tokens

comment String: Description of the policy. This is a user-provided description
name String: Name of the federation policy. A recipient can have multiple policies with different names. The name must contain only lowercase alphanumeric characters, numbers, and hyphens
oidcPolicy RecipientFederationPolicyOidcPolicy: Specifies the policy to use for validating OIDC claims in the federated tokens

comment string: Description of the policy. This is a user-provided description
name string: Name of the federation policy. A recipient can have multiple policies with different names. The name must contain only lowercase alphanumeric characters, numbers, and hyphens
oidcPolicy RecipientFederationPolicyOidcPolicy: Specifies the policy to use for validating OIDC claims in the federated tokens

comment str: Description of the policy. This is a user-provided description
name str: Name of the federation policy. A recipient can have multiple policies with different names. The name must contain only lowercase alphanumeric characters, numbers, and hyphens
oidc_policy RecipientFederationPolicyOidcPolicyArgs: Specifies the policy to use for validating OIDC claims in the federated tokens

comment String: Description of the policy. This is a user-provided description
name String: Name of the federation policy. A recipient can have multiple policies with different names. The name must contain only lowercase alphanumeric characters, numbers, and hyphens
oidcPolicy Property Map: Specifies the policy to use for validating OIDC claims in the federated tokens

Outputs

All input properties are implicitly available as output properties. Additionally, the RecipientFederationPolicy resource produces the following output properties:

CreateTime string: (string) - System-generated timestamp indicating when the policy was created
Id string: The provider-assigned unique ID for this managed resource.
UpdateTime string: (string) - System-generated timestamp indicating when the policy was last updated

CreateTime string: (string) - System-generated timestamp indicating when the policy was created
Id string: The provider-assigned unique ID for this managed resource.
UpdateTime string: (string) - System-generated timestamp indicating when the policy was last updated

createTime String: (string) - System-generated timestamp indicating when the policy was created
id String: The provider-assigned unique ID for this managed resource.
updateTime String: (string) - System-generated timestamp indicating when the policy was last updated

createTime string: (string) - System-generated timestamp indicating when the policy was created
id string: The provider-assigned unique ID for this managed resource.
updateTime string: (string) - System-generated timestamp indicating when the policy was last updated

create_time str: (string) - System-generated timestamp indicating when the policy was created
id str: The provider-assigned unique ID for this managed resource.
update_time str: (string) - System-generated timestamp indicating when the policy was last updated

createTime String: (string) - System-generated timestamp indicating when the policy was created
id String: The provider-assigned unique ID for this managed resource.
updateTime String: (string) - System-generated timestamp indicating when the policy was last updated

Look up Existing RecipientFederationPolicy Resource

Get an existing RecipientFederationPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: RecipientFederationPolicyState, opts?: CustomResourceOptions): RecipientFederationPolicy

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        comment: Optional[str] = None,
        create_time: Optional[str] = None,
        name: Optional[str] = None,
        oidc_policy: Optional[RecipientFederationPolicyOidcPolicyArgs] = None,
        update_time: Optional[str] = None) -> RecipientFederationPolicy

func GetRecipientFederationPolicy(ctx *Context, name string, id IDInput, state *RecipientFederationPolicyState, opts ...ResourceOption) (*RecipientFederationPolicy, error)

public static RecipientFederationPolicy Get(string name, Input<string> id, RecipientFederationPolicyState? state, CustomResourceOptions? opts = null)

public static RecipientFederationPolicy get(String name, Output<String> id, RecipientFederationPolicyState state, CustomResourceOptions options)

resources:  _:    type: databricks:RecipientFederationPolicy    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Comment string: Description of the policy. This is a user-provided description
CreateTime string: (string) - System-generated timestamp indicating when the policy was created
Name string: Name of the federation policy. A recipient can have multiple policies with different names. The name must contain only lowercase alphanumeric characters, numbers, and hyphens
OidcPolicy RecipientFederationPolicyOidcPolicy: Specifies the policy to use for validating OIDC claims in the federated tokens
UpdateTime string: (string) - System-generated timestamp indicating when the policy was last updated

Comment string: Description of the policy. This is a user-provided description
CreateTime string: (string) - System-generated timestamp indicating when the policy was created
Name string: Name of the federation policy. A recipient can have multiple policies with different names. The name must contain only lowercase alphanumeric characters, numbers, and hyphens
OidcPolicy RecipientFederationPolicyOidcPolicyArgs: Specifies the policy to use for validating OIDC claims in the federated tokens
UpdateTime string: (string) - System-generated timestamp indicating when the policy was last updated

comment String: Description of the policy. This is a user-provided description
createTime String: (string) - System-generated timestamp indicating when the policy was created
name String: Name of the federation policy. A recipient can have multiple policies with different names. The name must contain only lowercase alphanumeric characters, numbers, and hyphens
oidcPolicy RecipientFederationPolicyOidcPolicy: Specifies the policy to use for validating OIDC claims in the federated tokens
updateTime String: (string) - System-generated timestamp indicating when the policy was last updated

comment string: Description of the policy. This is a user-provided description
createTime string: (string) - System-generated timestamp indicating when the policy was created
name string: Name of the federation policy. A recipient can have multiple policies with different names. The name must contain only lowercase alphanumeric characters, numbers, and hyphens
oidcPolicy RecipientFederationPolicyOidcPolicy: Specifies the policy to use for validating OIDC claims in the federated tokens
updateTime string: (string) - System-generated timestamp indicating when the policy was last updated

comment str: Description of the policy. This is a user-provided description
create_time str: (string) - System-generated timestamp indicating when the policy was created
name str: Name of the federation policy. A recipient can have multiple policies with different names. The name must contain only lowercase alphanumeric characters, numbers, and hyphens
oidc_policy RecipientFederationPolicyOidcPolicyArgs: Specifies the policy to use for validating OIDC claims in the federated tokens
update_time str: (string) - System-generated timestamp indicating when the policy was last updated

comment String: Description of the policy. This is a user-provided description
createTime String: (string) - System-generated timestamp indicating when the policy was created
name String: Name of the federation policy. A recipient can have multiple policies with different names. The name must contain only lowercase alphanumeric characters, numbers, and hyphens
oidcPolicy Property Map: Specifies the policy to use for validating OIDC claims in the federated tokens
updateTime String: (string) - System-generated timestamp indicating when the policy was last updated

Supporting Types

RecipientFederationPolicyOidcPolicy, RecipientFederationPolicyOidcPolicyArgs

Issuer string

The required token issuer, as specified in the 'iss' claim of federated tokens

Subject string

The required token subject, as specified in the subject claim of federated tokens. The subject claim identifies the identity of the user or machine accessing the resource. Examples for Entra ID (AAD):

U2M flow (group access): If the subject claim is groups, this must be the Object ID of the group in Entra ID.
U2M flow (user access): If the subject claim is oid, this must be the Object ID of the user in Entra ID.
M2M flow (OAuth App access): If the subject claim is azp, this must be the client ID of the OAuth app registered in Entra ID

SubjectClaim string

The claim that contains the subject of the token. Depending on the identity provider and the use case (U2M or M2M), this can vary:

For Entra ID (AAD):

U2M flow (group access): Use groups.
U2M flow (user access): Use oid.
M2M flow (OAuth App access): Use azp.

For other IdPs, refer to the specific IdP documentation.

Supported subject_claim values are:

Audiences List<string>

The allowed token audiences, as specified in the 'aud' claim of federated tokens. The audience identifier is intended to represent the recipient of the token. Can be any non-empty string value. As long as the audience in the token matches at least one audience in the policy,

Issuer string

The required token issuer, as specified in the 'iss' claim of federated tokens

Subject string

U2M flow (group access): If the subject claim is groups, this must be the Object ID of the group in Entra ID.
U2M flow (user access): If the subject claim is oid, this must be the Object ID of the user in Entra ID.
M2M flow (OAuth App access): If the subject claim is azp, this must be the client ID of the OAuth app registered in Entra ID

SubjectClaim string

The claim that contains the subject of the token. Depending on the identity provider and the use case (U2M or M2M), this can vary:

For Entra ID (AAD):

U2M flow (group access): Use groups.
U2M flow (user access): Use oid.
M2M flow (OAuth App access): Use azp.

For other IdPs, refer to the specific IdP documentation.

Supported subject_claim values are:

Audiences []string

issuer String

The required token issuer, as specified in the 'iss' claim of federated tokens

subject String

U2M flow (group access): If the subject claim is groups, this must be the Object ID of the group in Entra ID.
U2M flow (user access): If the subject claim is oid, this must be the Object ID of the user in Entra ID.
M2M flow (OAuth App access): If the subject claim is azp, this must be the client ID of the OAuth app registered in Entra ID

subjectClaim String

The claim that contains the subject of the token. Depending on the identity provider and the use case (U2M or M2M), this can vary:

For Entra ID (AAD):

U2M flow (group access): Use groups.
U2M flow (user access): Use oid.
M2M flow (OAuth App access): Use azp.

For other IdPs, refer to the specific IdP documentation.

Supported subject_claim values are:

audiences List<String>

issuer string

The required token issuer, as specified in the 'iss' claim of federated tokens

subject string

U2M flow (group access): If the subject claim is groups, this must be the Object ID of the group in Entra ID.
U2M flow (user access): If the subject claim is oid, this must be the Object ID of the user in Entra ID.
M2M flow (OAuth App access): If the subject claim is azp, this must be the client ID of the OAuth app registered in Entra ID

subjectClaim string

The claim that contains the subject of the token. Depending on the identity provider and the use case (U2M or M2M), this can vary:

For Entra ID (AAD):

U2M flow (group access): Use groups.
U2M flow (user access): Use oid.
M2M flow (OAuth App access): Use azp.

For other IdPs, refer to the specific IdP documentation.

Supported subject_claim values are:

audiences string[]

issuer str

The required token issuer, as specified in the 'iss' claim of federated tokens

subject str

U2M flow (group access): If the subject claim is groups, this must be the Object ID of the group in Entra ID.
U2M flow (user access): If the subject claim is oid, this must be the Object ID of the user in Entra ID.
M2M flow (OAuth App access): If the subject claim is azp, this must be the client ID of the OAuth app registered in Entra ID

subject_claim str

The claim that contains the subject of the token. Depending on the identity provider and the use case (U2M or M2M), this can vary:

For Entra ID (AAD):

U2M flow (group access): Use groups.
U2M flow (user access): Use oid.
M2M flow (OAuth App access): Use azp.

For other IdPs, refer to the specific IdP documentation.

Supported subject_claim values are:

audiences Sequence[str]

issuer String

The required token issuer, as specified in the 'iss' claim of federated tokens

subject String

U2M flow (group access): If the subject claim is groups, this must be the Object ID of the group in Entra ID.
U2M flow (user access): If the subject claim is oid, this must be the Object ID of the user in Entra ID.
M2M flow (OAuth App access): If the subject claim is azp, this must be the client ID of the OAuth app registered in Entra ID

subjectClaim String

The claim that contains the subject of the token. Depending on the identity provider and the use case (U2M or M2M), this can vary:

For Entra ID (AAD):

U2M flow (group access): Use groups.
U2M flow (user access): Use oid.
M2M flow (OAuth App access): Use azp.

For other IdPs, refer to the specific IdP documentation.

Supported subject_claim values are:

audiences List<String>

Package Details

Repository: databricks pulumi/pulumi-databricks
License: Apache-2.0
Notes: This Pulumi package is based on the databricks Terraform Provider.

Databricks v1.71.0 published on Monday, Jun 9, 2025 by Pulumi

pulumi/pulumi-databricks

databricks.RecipientFederationPolicy

On this page

On this page

Import

Create RecipientFederationPolicy Resource

Constructor syntax

Parameters

Constructor example

RecipientFederationPolicy Resource Properties

Inputs

Outputs

Look up Existing RecipientFederationPolicy Resource

Supporting Types

RecipientFederationPolicyOidcPolicy, RecipientFederationPolicyOidcPolicyArgs

Package Details

On this page

On this page