1. Packages
  2. Snowflake
  3. API Docs
  4. ExternalOauthIntegration
Snowflake v0.50.2 published on Friday, Mar 8, 2024 by Pulumi

snowflake.ExternalOauthIntegration

Explore with Pulumi AI

snowflake logo
Snowflake v0.50.2 published on Friday, Mar 8, 2024 by Pulumi

    An External OAuth security integration allows a client to use a third-party authorization server to obtain the access tokens needed to interact with Snowflake.

    Example Usage

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Snowflake = Pulumi.Snowflake;
    
    return await Deployment.RunAsync(() => 
    {
        var azure = new Snowflake.ExternalOauthIntegration("azure", new()
        {
            AudienceUrls = new[]
            {
                "https://analysis.windows.net/powerbi/connector/Snowflake",
            },
            Enabled = true,
            Issuer = "https://sts.windows.net/00000000-0000-0000-0000-000000000000",
            JwsKeysUrls = new[]
            {
                "https://login.windows.net/common/discovery/keys",
            },
            SnowflakeUserMappingAttribute = "LOGIN_NAME",
            TokenUserMappingClaims = new[]
            {
                "upn",
            },
            Type = "AZURE",
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-snowflake/sdk/go/snowflake"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := snowflake.NewExternalOauthIntegration(ctx, "azure", &snowflake.ExternalOauthIntegrationArgs{
    			AudienceUrls: pulumi.StringArray{
    				pulumi.String("https://analysis.windows.net/powerbi/connector/Snowflake"),
    			},
    			Enabled: pulumi.Bool(true),
    			Issuer:  pulumi.String("https://sts.windows.net/00000000-0000-0000-0000-000000000000"),
    			JwsKeysUrls: pulumi.StringArray{
    				pulumi.String("https://login.windows.net/common/discovery/keys"),
    			},
    			SnowflakeUserMappingAttribute: pulumi.String("LOGIN_NAME"),
    			TokenUserMappingClaims: pulumi.StringArray{
    				pulumi.String("upn"),
    			},
    			Type: pulumi.String("AZURE"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.snowflake.ExternalOauthIntegration;
    import com.pulumi.snowflake.ExternalOauthIntegrationArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var azure = new ExternalOauthIntegration("azure", ExternalOauthIntegrationArgs.builder()        
                .audienceUrls("https://analysis.windows.net/powerbi/connector/Snowflake")
                .enabled(true)
                .issuer("https://sts.windows.net/00000000-0000-0000-0000-000000000000")
                .jwsKeysUrls("https://login.windows.net/common/discovery/keys")
                .snowflakeUserMappingAttribute("LOGIN_NAME")
                .tokenUserMappingClaims("upn")
                .type("AZURE")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_snowflake as snowflake
    
    azure = snowflake.ExternalOauthIntegration("azure",
        audience_urls=["https://analysis.windows.net/powerbi/connector/Snowflake"],
        enabled=True,
        issuer="https://sts.windows.net/00000000-0000-0000-0000-000000000000",
        jws_keys_urls=["https://login.windows.net/common/discovery/keys"],
        snowflake_user_mapping_attribute="LOGIN_NAME",
        token_user_mapping_claims=["upn"],
        type="AZURE")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as snowflake from "@pulumi/snowflake";
    
    const azure = new snowflake.ExternalOauthIntegration("azure", {
        audienceUrls: ["https://analysis.windows.net/powerbi/connector/Snowflake"],
        enabled: true,
        issuer: "https://sts.windows.net/00000000-0000-0000-0000-000000000000",
        jwsKeysUrls: ["https://login.windows.net/common/discovery/keys"],
        snowflakeUserMappingAttribute: "LOGIN_NAME",
        tokenUserMappingClaims: ["upn"],
        type: "AZURE",
    });
    
    resources:
      azure:
        type: snowflake:ExternalOauthIntegration
        properties:
          audienceUrls:
            - https://analysis.windows.net/powerbi/connector/Snowflake
          enabled: true
          issuer: https://sts.windows.net/00000000-0000-0000-0000-000000000000
          jwsKeysUrls:
            - https://login.windows.net/common/discovery/keys
          snowflakeUserMappingAttribute: LOGIN_NAME
          tokenUserMappingClaims:
            - upn
          type: AZURE
    

    Create ExternalOauthIntegration Resource

    new ExternalOauthIntegration(name: string, args: ExternalOauthIntegrationArgs, opts?: CustomResourceOptions);
    @overload
    def ExternalOauthIntegration(resource_name: str,
                                 opts: Optional[ResourceOptions] = None,
                                 allowed_roles: Optional[Sequence[str]] = None,
                                 any_role_mode: Optional[str] = None,
                                 audience_urls: Optional[Sequence[str]] = None,
                                 blocked_roles: Optional[Sequence[str]] = None,
                                 comment: Optional[str] = None,
                                 enabled: Optional[bool] = None,
                                 issuer: Optional[str] = None,
                                 jws_keys_urls: Optional[Sequence[str]] = None,
                                 name: Optional[str] = None,
                                 rsa_public_key: Optional[str] = None,
                                 rsa_public_key2: Optional[str] = None,
                                 scope_delimiter: Optional[str] = None,
                                 scope_mapping_attribute: Optional[str] = None,
                                 snowflake_user_mapping_attribute: Optional[str] = None,
                                 token_user_mapping_claims: Optional[Sequence[str]] = None,
                                 type: Optional[str] = None)
    @overload
    def ExternalOauthIntegration(resource_name: str,
                                 args: ExternalOauthIntegrationArgs,
                                 opts: Optional[ResourceOptions] = None)
    func NewExternalOauthIntegration(ctx *Context, name string, args ExternalOauthIntegrationArgs, opts ...ResourceOption) (*ExternalOauthIntegration, error)
    public ExternalOauthIntegration(string name, ExternalOauthIntegrationArgs args, CustomResourceOptions? opts = null)
    public ExternalOauthIntegration(String name, ExternalOauthIntegrationArgs args)
    public ExternalOauthIntegration(String name, ExternalOauthIntegrationArgs args, CustomResourceOptions options)
    
    type: snowflake:ExternalOauthIntegration
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args ExternalOauthIntegrationArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ExternalOauthIntegrationArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ExternalOauthIntegrationArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ExternalOauthIntegrationArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ExternalOauthIntegrationArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    ExternalOauthIntegration Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The ExternalOauthIntegration resource accepts the following input properties:

    Enabled bool
    Specifies whether to initiate operation of the integration or suspend it.
    Issuer string
    Specifies the URL to define the OAuth 2.0 authorization server.
    SnowflakeUserMappingAttribute string
    Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
    TokenUserMappingClaims List<string>
    Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
    Type string
    Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
    AllowedRoles List<string>
    Specifies the list of roles that the client can set as the primary role.
    AnyRoleMode string
    Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
    AudienceUrls List<string>
    Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
    BlockedRoles List<string>
    Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
    Comment string
    Specifies a comment for the OAuth integration.
    JwsKeysUrls List<string>
    Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
    Name string
    Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
    RsaPublicKey string
    Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
    RsaPublicKey2 string
    Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
    ScopeDelimiter string
    Specifies the scope delimiter in the authorization token.
    ScopeMappingAttribute string
    Specifies the access token claim to map the access token to an account role.
    Enabled bool
    Specifies whether to initiate operation of the integration or suspend it.
    Issuer string
    Specifies the URL to define the OAuth 2.0 authorization server.
    SnowflakeUserMappingAttribute string
    Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
    TokenUserMappingClaims []string
    Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
    Type string
    Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
    AllowedRoles []string
    Specifies the list of roles that the client can set as the primary role.
    AnyRoleMode string
    Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
    AudienceUrls []string
    Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
    BlockedRoles []string
    Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
    Comment string
    Specifies a comment for the OAuth integration.
    JwsKeysUrls []string
    Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
    Name string
    Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
    RsaPublicKey string
    Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
    RsaPublicKey2 string
    Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
    ScopeDelimiter string
    Specifies the scope delimiter in the authorization token.
    ScopeMappingAttribute string
    Specifies the access token claim to map the access token to an account role.
    enabled Boolean
    Specifies whether to initiate operation of the integration or suspend it.
    issuer String
    Specifies the URL to define the OAuth 2.0 authorization server.
    snowflakeUserMappingAttribute String
    Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
    tokenUserMappingClaims List<String>
    Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
    type String
    Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
    allowedRoles List<String>
    Specifies the list of roles that the client can set as the primary role.
    anyRoleMode String
    Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
    audienceUrls List<String>
    Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
    blockedRoles List<String>
    Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
    comment String
    Specifies a comment for the OAuth integration.
    jwsKeysUrls List<String>
    Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
    name String
    Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
    rsaPublicKey String
    Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
    rsaPublicKey2 String
    Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
    scopeDelimiter String
    Specifies the scope delimiter in the authorization token.
    scopeMappingAttribute String
    Specifies the access token claim to map the access token to an account role.
    enabled boolean
    Specifies whether to initiate operation of the integration or suspend it.
    issuer string
    Specifies the URL to define the OAuth 2.0 authorization server.
    snowflakeUserMappingAttribute string
    Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
    tokenUserMappingClaims string[]
    Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
    type string
    Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
    allowedRoles string[]
    Specifies the list of roles that the client can set as the primary role.
    anyRoleMode string
    Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
    audienceUrls string[]
    Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
    blockedRoles string[]
    Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
    comment string
    Specifies a comment for the OAuth integration.
    jwsKeysUrls string[]
    Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
    name string
    Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
    rsaPublicKey string
    Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
    rsaPublicKey2 string
    Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
    scopeDelimiter string
    Specifies the scope delimiter in the authorization token.
    scopeMappingAttribute string
    Specifies the access token claim to map the access token to an account role.
    enabled bool
    Specifies whether to initiate operation of the integration or suspend it.
    issuer str
    Specifies the URL to define the OAuth 2.0 authorization server.
    snowflake_user_mapping_attribute str
    Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
    token_user_mapping_claims Sequence[str]
    Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
    type str
    Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
    allowed_roles Sequence[str]
    Specifies the list of roles that the client can set as the primary role.
    any_role_mode str
    Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
    audience_urls Sequence[str]
    Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
    blocked_roles Sequence[str]
    Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
    comment str
    Specifies a comment for the OAuth integration.
    jws_keys_urls Sequence[str]
    Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
    name str
    Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
    rsa_public_key str
    Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
    rsa_public_key2 str
    Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
    scope_delimiter str
    Specifies the scope delimiter in the authorization token.
    scope_mapping_attribute str
    Specifies the access token claim to map the access token to an account role.
    enabled Boolean
    Specifies whether to initiate operation of the integration or suspend it.
    issuer String
    Specifies the URL to define the OAuth 2.0 authorization server.
    snowflakeUserMappingAttribute String
    Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
    tokenUserMappingClaims List<String>
    Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
    type String
    Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
    allowedRoles List<String>
    Specifies the list of roles that the client can set as the primary role.
    anyRoleMode String
    Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
    audienceUrls List<String>
    Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
    blockedRoles List<String>
    Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
    comment String
    Specifies a comment for the OAuth integration.
    jwsKeysUrls List<String>
    Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
    name String
    Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
    rsaPublicKey String
    Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
    rsaPublicKey2 String
    Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
    scopeDelimiter String
    Specifies the scope delimiter in the authorization token.
    scopeMappingAttribute String
    Specifies the access token claim to map the access token to an account role.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ExternalOauthIntegration resource produces the following output properties:

    CreatedOn string
    Date and time when the External OAUTH integration was created.
    Id string
    The provider-assigned unique ID for this managed resource.
    CreatedOn string
    Date and time when the External OAUTH integration was created.
    Id string
    The provider-assigned unique ID for this managed resource.
    createdOn String
    Date and time when the External OAUTH integration was created.
    id String
    The provider-assigned unique ID for this managed resource.
    createdOn string
    Date and time when the External OAUTH integration was created.
    id string
    The provider-assigned unique ID for this managed resource.
    created_on str
    Date and time when the External OAUTH integration was created.
    id str
    The provider-assigned unique ID for this managed resource.
    createdOn String
    Date and time when the External OAUTH integration was created.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing ExternalOauthIntegration Resource

    Get an existing ExternalOauthIntegration resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ExternalOauthIntegrationState, opts?: CustomResourceOptions): ExternalOauthIntegration
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            allowed_roles: Optional[Sequence[str]] = None,
            any_role_mode: Optional[str] = None,
            audience_urls: Optional[Sequence[str]] = None,
            blocked_roles: Optional[Sequence[str]] = None,
            comment: Optional[str] = None,
            created_on: Optional[str] = None,
            enabled: Optional[bool] = None,
            issuer: Optional[str] = None,
            jws_keys_urls: Optional[Sequence[str]] = None,
            name: Optional[str] = None,
            rsa_public_key: Optional[str] = None,
            rsa_public_key2: Optional[str] = None,
            scope_delimiter: Optional[str] = None,
            scope_mapping_attribute: Optional[str] = None,
            snowflake_user_mapping_attribute: Optional[str] = None,
            token_user_mapping_claims: Optional[Sequence[str]] = None,
            type: Optional[str] = None) -> ExternalOauthIntegration
    func GetExternalOauthIntegration(ctx *Context, name string, id IDInput, state *ExternalOauthIntegrationState, opts ...ResourceOption) (*ExternalOauthIntegration, error)
    public static ExternalOauthIntegration Get(string name, Input<string> id, ExternalOauthIntegrationState? state, CustomResourceOptions? opts = null)
    public static ExternalOauthIntegration get(String name, Output<String> id, ExternalOauthIntegrationState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AllowedRoles List<string>
    Specifies the list of roles that the client can set as the primary role.
    AnyRoleMode string
    Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
    AudienceUrls List<string>
    Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
    BlockedRoles List<string>
    Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
    Comment string
    Specifies a comment for the OAuth integration.
    CreatedOn string
    Date and time when the External OAUTH integration was created.
    Enabled bool
    Specifies whether to initiate operation of the integration or suspend it.
    Issuer string
    Specifies the URL to define the OAuth 2.0 authorization server.
    JwsKeysUrls List<string>
    Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
    Name string
    Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
    RsaPublicKey string
    Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
    RsaPublicKey2 string
    Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
    ScopeDelimiter string
    Specifies the scope delimiter in the authorization token.
    ScopeMappingAttribute string
    Specifies the access token claim to map the access token to an account role.
    SnowflakeUserMappingAttribute string
    Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
    TokenUserMappingClaims List<string>
    Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
    Type string
    Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
    AllowedRoles []string
    Specifies the list of roles that the client can set as the primary role.
    AnyRoleMode string
    Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
    AudienceUrls []string
    Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
    BlockedRoles []string
    Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
    Comment string
    Specifies a comment for the OAuth integration.
    CreatedOn string
    Date and time when the External OAUTH integration was created.
    Enabled bool
    Specifies whether to initiate operation of the integration or suspend it.
    Issuer string
    Specifies the URL to define the OAuth 2.0 authorization server.
    JwsKeysUrls []string
    Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
    Name string
    Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
    RsaPublicKey string
    Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
    RsaPublicKey2 string
    Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
    ScopeDelimiter string
    Specifies the scope delimiter in the authorization token.
    ScopeMappingAttribute string
    Specifies the access token claim to map the access token to an account role.
    SnowflakeUserMappingAttribute string
    Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
    TokenUserMappingClaims []string
    Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
    Type string
    Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
    allowedRoles List<String>
    Specifies the list of roles that the client can set as the primary role.
    anyRoleMode String
    Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
    audienceUrls List<String>
    Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
    blockedRoles List<String>
    Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
    comment String
    Specifies a comment for the OAuth integration.
    createdOn String
    Date and time when the External OAUTH integration was created.
    enabled Boolean
    Specifies whether to initiate operation of the integration or suspend it.
    issuer String
    Specifies the URL to define the OAuth 2.0 authorization server.
    jwsKeysUrls List<String>
    Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
    name String
    Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
    rsaPublicKey String
    Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
    rsaPublicKey2 String
    Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
    scopeDelimiter String
    Specifies the scope delimiter in the authorization token.
    scopeMappingAttribute String
    Specifies the access token claim to map the access token to an account role.
    snowflakeUserMappingAttribute String
    Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
    tokenUserMappingClaims List<String>
    Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
    type String
    Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
    allowedRoles string[]
    Specifies the list of roles that the client can set as the primary role.
    anyRoleMode string
    Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
    audienceUrls string[]
    Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
    blockedRoles string[]
    Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
    comment string
    Specifies a comment for the OAuth integration.
    createdOn string
    Date and time when the External OAUTH integration was created.
    enabled boolean
    Specifies whether to initiate operation of the integration or suspend it.
    issuer string
    Specifies the URL to define the OAuth 2.0 authorization server.
    jwsKeysUrls string[]
    Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
    name string
    Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
    rsaPublicKey string
    Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
    rsaPublicKey2 string
    Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
    scopeDelimiter string
    Specifies the scope delimiter in the authorization token.
    scopeMappingAttribute string
    Specifies the access token claim to map the access token to an account role.
    snowflakeUserMappingAttribute string
    Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
    tokenUserMappingClaims string[]
    Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
    type string
    Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
    allowed_roles Sequence[str]
    Specifies the list of roles that the client can set as the primary role.
    any_role_mode str
    Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
    audience_urls Sequence[str]
    Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
    blocked_roles Sequence[str]
    Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
    comment str
    Specifies a comment for the OAuth integration.
    created_on str
    Date and time when the External OAUTH integration was created.
    enabled bool
    Specifies whether to initiate operation of the integration or suspend it.
    issuer str
    Specifies the URL to define the OAuth 2.0 authorization server.
    jws_keys_urls Sequence[str]
    Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
    name str
    Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
    rsa_public_key str
    Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
    rsa_public_key2 str
    Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
    scope_delimiter str
    Specifies the scope delimiter in the authorization token.
    scope_mapping_attribute str
    Specifies the access token claim to map the access token to an account role.
    snowflake_user_mapping_attribute str
    Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
    token_user_mapping_claims Sequence[str]
    Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
    type str
    Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
    allowedRoles List<String>
    Specifies the list of roles that the client can set as the primary role.
    anyRoleMode String
    Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
    audienceUrls List<String>
    Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
    blockedRoles List<String>
    Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
    comment String
    Specifies a comment for the OAuth integration.
    createdOn String
    Date and time when the External OAUTH integration was created.
    enabled Boolean
    Specifies whether to initiate operation of the integration or suspend it.
    issuer String
    Specifies the URL to define the OAuth 2.0 authorization server.
    jwsKeysUrls List<String>
    Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
    name String
    Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
    rsaPublicKey String
    Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
    rsaPublicKey2 String
    Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
    scopeDelimiter String
    Specifies the scope delimiter in the authorization token.
    scopeMappingAttribute String
    Specifies the access token claim to map the access token to an account role.
    snowflakeUserMappingAttribute String
    Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
    tokenUserMappingClaims List<String>
    Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
    type String
    Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.

    Import

     $ pulumi import snowflake:index/externalOauthIntegration:ExternalOauthIntegration example name
    

    Package Details

    Repository
    Snowflake pulumi/pulumi-snowflake
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the snowflake Terraform Provider.
    snowflake logo
    Snowflake v0.50.2 published on Friday, Mar 8, 2024 by Pulumi