Snowflake v0.35.0, Sep 27 23

Snowflake v0.35.0 published on Wednesday, Sep 27, 2023 by Pulumi

snowflake.ExternalOauthIntegration

Explore with Pulumi AI

Snowflake v0.35.0 published on Wednesday, Sep 27, 2023 by Pulumi

Example Usage

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Snowflake = Pulumi.Snowflake;

return await Deployment.RunAsync(() => 
{
    var azure = new Snowflake.ExternalOauthIntegration("azure", new()
    {
        AudienceUrls = new[]
        {
            "https://analysis.windows.net/powerbi/connector/Snowflake",
        },
        Enabled = true,
        Issuer = "https://sts.windows.net/00000000-0000-0000-0000-000000000000",
        JwsKeysUrls = new[]
        {
            "https://login.windows.net/common/discovery/keys",
        },
        SnowflakeUserMappingAttribute = "LOGIN_NAME",
        TokenUserMappingClaims = new[]
        {
            "upn",
        },
        Type = "AZURE",
    });

});

package main

import (
	"github.com/pulumi/pulumi-snowflake/sdk/go/snowflake"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := snowflake.NewExternalOauthIntegration(ctx, "azure", &snowflake.ExternalOauthIntegrationArgs{
			AudienceUrls: pulumi.StringArray{
				pulumi.String("https://analysis.windows.net/powerbi/connector/Snowflake"),
			},
			Enabled: pulumi.Bool(true),
			Issuer:  pulumi.String("https://sts.windows.net/00000000-0000-0000-0000-000000000000"),
			JwsKeysUrls: pulumi.StringArray{
				pulumi.String("https://login.windows.net/common/discovery/keys"),
			},
			SnowflakeUserMappingAttribute: pulumi.String("LOGIN_NAME"),
			TokenUserMappingClaims: pulumi.StringArray{
				pulumi.String("upn"),
			},
			Type: pulumi.String("AZURE"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.snowflake.ExternalOauthIntegration;
import com.pulumi.snowflake.ExternalOauthIntegrationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var azure = new ExternalOauthIntegration("azure", ExternalOauthIntegrationArgs.builder()        
            .audienceUrls("https://analysis.windows.net/powerbi/connector/Snowflake")
            .enabled(true)
            .issuer("https://sts.windows.net/00000000-0000-0000-0000-000000000000")
            .jwsKeysUrls("https://login.windows.net/common/discovery/keys")
            .snowflakeUserMappingAttribute("LOGIN_NAME")
            .tokenUserMappingClaims("upn")
            .type("AZURE")
            .build());

    }
}

import pulumi
import pulumi_snowflake as snowflake

azure = snowflake.ExternalOauthIntegration("azure",
    audience_urls=["https://analysis.windows.net/powerbi/connector/Snowflake"],
    enabled=True,
    issuer="https://sts.windows.net/00000000-0000-0000-0000-000000000000",
    jws_keys_urls=["https://login.windows.net/common/discovery/keys"],
    snowflake_user_mapping_attribute="LOGIN_NAME",
    token_user_mapping_claims=["upn"],
    type="AZURE")

import * as pulumi from "@pulumi/pulumi";
import * as snowflake from "@pulumi/snowflake";

const azure = new snowflake.ExternalOauthIntegration("azure", {
    audienceUrls: ["https://analysis.windows.net/powerbi/connector/Snowflake"],
    enabled: true,
    issuer: "https://sts.windows.net/00000000-0000-0000-0000-000000000000",
    jwsKeysUrls: ["https://login.windows.net/common/discovery/keys"],
    snowflakeUserMappingAttribute: "LOGIN_NAME",
    tokenUserMappingClaims: ["upn"],
    type: "AZURE",
});

resources:
  azure:
    type: snowflake:ExternalOauthIntegration
    properties:
      audienceUrls:
        - https://analysis.windows.net/powerbi/connector/Snowflake
      enabled: true
      issuer: https://sts.windows.net/00000000-0000-0000-0000-000000000000
      jwsKeysUrls:
        - https://login.windows.net/common/discovery/keys
      snowflakeUserMappingAttribute: LOGIN_NAME
      tokenUserMappingClaims:
        - upn
      type: AZURE

Create ExternalOauthIntegration Resource

new ExternalOauthIntegration(name: string, args: ExternalOauthIntegrationArgs, opts?: CustomResourceOptions);

@overload
def ExternalOauthIntegration(resource_name: str,
                             opts: Optional[ResourceOptions] = None,
                             allowed_roles: Optional[Sequence[str]] = None,
                             any_role_mode: Optional[str] = None,
                             audience_urls: Optional[Sequence[str]] = None,
                             blocked_roles: Optional[Sequence[str]] = None,
                             comment: Optional[str] = None,
                             enabled: Optional[bool] = None,
                             issuer: Optional[str] = None,
                             jws_keys_urls: Optional[Sequence[str]] = None,
                             name: Optional[str] = None,
                             rsa_public_key: Optional[str] = None,
                             rsa_public_key2: Optional[str] = None,
                             scope_delimiter: Optional[str] = None,
                             scope_mapping_attribute: Optional[str] = None,
                             snowflake_user_mapping_attribute: Optional[str] = None,
                             token_user_mapping_claims: Optional[Sequence[str]] = None,
                             type: Optional[str] = None)
@overload
def ExternalOauthIntegration(resource_name: str,
                             args: ExternalOauthIntegrationArgs,
                             opts: Optional[ResourceOptions] = None)

func NewExternalOauthIntegration(ctx *Context, name string, args ExternalOauthIntegrationArgs, opts ...ResourceOption) (*ExternalOauthIntegration, error)

public ExternalOauthIntegration(string name, ExternalOauthIntegrationArgs args, CustomResourceOptions? opts = null)

public ExternalOauthIntegration(String name, ExternalOauthIntegrationArgs args)
public ExternalOauthIntegration(String name, ExternalOauthIntegrationArgs args, CustomResourceOptions options)

type: snowflake:ExternalOauthIntegration
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ExternalOauthIntegrationArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args ExternalOauthIntegrationArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ExternalOauthIntegrationArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ExternalOauthIntegrationArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args ExternalOauthIntegrationArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

ExternalOauthIntegration Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The ExternalOauthIntegration resource accepts the following input properties:

Enabled bool: Specifies whether to initiate operation of the integration or suspend it.
Issuer string: Specifies the URL to define the OAuth 2.0 authorization server.
SnowflakeUserMappingAttribute string: Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
TokenUserMappingClaims List<string>: Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
Type string: Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
AllowedRoles List<string>: Specifies the list of roles that the client can set as the primary role.
AnyRoleMode string: Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
AudienceUrls List<string>: Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
BlockedRoles List<string>: Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
Comment string: Specifies a comment for the OAuth integration.
JwsKeysUrls List<string>: Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
Name string: Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
RsaPublicKey string: Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
RsaPublicKey2 string: Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
ScopeDelimiter string: Specifies the scope delimiter in the authorization token.
ScopeMappingAttribute string: Specifies the access token claim to map the access token to an account role.

Enabled bool: Specifies whether to initiate operation of the integration or suspend it.
Issuer string: Specifies the URL to define the OAuth 2.0 authorization server.
SnowflakeUserMappingAttribute string: Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
TokenUserMappingClaims []string: Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
Type string: Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
AllowedRoles []string: Specifies the list of roles that the client can set as the primary role.
AnyRoleMode string: Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
AudienceUrls []string: Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
BlockedRoles []string: Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
Comment string: Specifies a comment for the OAuth integration.
JwsKeysUrls []string: Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
Name string: Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
RsaPublicKey string: Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
RsaPublicKey2 string: Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
ScopeDelimiter string: Specifies the scope delimiter in the authorization token.
ScopeMappingAttribute string: Specifies the access token claim to map the access token to an account role.

enabled Boolean: Specifies whether to initiate operation of the integration or suspend it.
issuer String: Specifies the URL to define the OAuth 2.0 authorization server.
snowflakeUserMappingAttribute String: Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
tokenUserMappingClaims List<String>: Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
type String: Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
allowedRoles List<String>: Specifies the list of roles that the client can set as the primary role.
anyRoleMode String: Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
audienceUrls List<String>: Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
blockedRoles List<String>: Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
comment String: Specifies a comment for the OAuth integration.
jwsKeysUrls List<String>: Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
name String: Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
rsaPublicKey String: Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
rsaPublicKey2 String: Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
scopeDelimiter String: Specifies the scope delimiter in the authorization token.
scopeMappingAttribute String: Specifies the access token claim to map the access token to an account role.

enabled boolean: Specifies whether to initiate operation of the integration or suspend it.
issuer string: Specifies the URL to define the OAuth 2.0 authorization server.
snowflakeUserMappingAttribute string: Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
tokenUserMappingClaims string[]: Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
type string: Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
allowedRoles string[]: Specifies the list of roles that the client can set as the primary role.
anyRoleMode string: Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
audienceUrls string[]: Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
blockedRoles string[]: Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
comment string: Specifies a comment for the OAuth integration.
jwsKeysUrls string[]: Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
name string: Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
rsaPublicKey string: Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
rsaPublicKey2 string: Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
scopeDelimiter string: Specifies the scope delimiter in the authorization token.
scopeMappingAttribute string: Specifies the access token claim to map the access token to an account role.

enabled bool: Specifies whether to initiate operation of the integration or suspend it.
issuer str: Specifies the URL to define the OAuth 2.0 authorization server.
snowflake_user_mapping_attribute str: Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
token_user_mapping_claims Sequence[str]: Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
type str: Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
allowed_roles Sequence[str]: Specifies the list of roles that the client can set as the primary role.
any_role_mode str: Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
audience_urls Sequence[str]: Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
blocked_roles Sequence[str]: Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
comment str: Specifies a comment for the OAuth integration.
jws_keys_urls Sequence[str]: Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
name str: Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
rsa_public_key str: Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
rsa_public_key2 str: Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
scope_delimiter str: Specifies the scope delimiter in the authorization token.
scope_mapping_attribute str: Specifies the access token claim to map the access token to an account role.

enabled Boolean: Specifies whether to initiate operation of the integration or suspend it.
issuer String: Specifies the URL to define the OAuth 2.0 authorization server.
snowflakeUserMappingAttribute String: Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
tokenUserMappingClaims List<String>: Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
type String: Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
allowedRoles List<String>: Specifies the list of roles that the client can set as the primary role.
anyRoleMode String: Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
audienceUrls List<String>: Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
blockedRoles List<String>: Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
comment String: Specifies a comment for the OAuth integration.
jwsKeysUrls List<String>: Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
name String: Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
rsaPublicKey String: Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
rsaPublicKey2 String: Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
scopeDelimiter String: Specifies the scope delimiter in the authorization token.
scopeMappingAttribute String: Specifies the access token claim to map the access token to an account role.

Outputs

All input properties are implicitly available as output properties. Additionally, the ExternalOauthIntegration resource produces the following output properties:

CreatedOn string: Date and time when the External OAUTH integration was created.
Id string: The provider-assigned unique ID for this managed resource.

CreatedOn string: Date and time when the External OAUTH integration was created.
Id string: The provider-assigned unique ID for this managed resource.

createdOn String: Date and time when the External OAUTH integration was created.
id String: The provider-assigned unique ID for this managed resource.

createdOn string: Date and time when the External OAUTH integration was created.
id string: The provider-assigned unique ID for this managed resource.

created_on str: Date and time when the External OAUTH integration was created.
id str: The provider-assigned unique ID for this managed resource.

createdOn String: Date and time when the External OAUTH integration was created.
id String: The provider-assigned unique ID for this managed resource.

Look up Existing ExternalOauthIntegration Resource

Get an existing ExternalOauthIntegration resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ExternalOauthIntegrationState, opts?: CustomResourceOptions): ExternalOauthIntegration

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        allowed_roles: Optional[Sequence[str]] = None,
        any_role_mode: Optional[str] = None,
        audience_urls: Optional[Sequence[str]] = None,
        blocked_roles: Optional[Sequence[str]] = None,
        comment: Optional[str] = None,
        created_on: Optional[str] = None,
        enabled: Optional[bool] = None,
        issuer: Optional[str] = None,
        jws_keys_urls: Optional[Sequence[str]] = None,
        name: Optional[str] = None,
        rsa_public_key: Optional[str] = None,
        rsa_public_key2: Optional[str] = None,
        scope_delimiter: Optional[str] = None,
        scope_mapping_attribute: Optional[str] = None,
        snowflake_user_mapping_attribute: Optional[str] = None,
        token_user_mapping_claims: Optional[Sequence[str]] = None,
        type: Optional[str] = None) -> ExternalOauthIntegration

func GetExternalOauthIntegration(ctx *Context, name string, id IDInput, state *ExternalOauthIntegrationState, opts ...ResourceOption) (*ExternalOauthIntegration, error)

public static ExternalOauthIntegration Get(string name, Input<string> id, ExternalOauthIntegrationState? state, CustomResourceOptions? opts = null)

public static ExternalOauthIntegration get(String name, Output<String> id, ExternalOauthIntegrationState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AllowedRoles List<string>: Specifies the list of roles that the client can set as the primary role.
AnyRoleMode string: Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
AudienceUrls List<string>: Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
BlockedRoles List<string>: Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
Comment string: Specifies a comment for the OAuth integration.
CreatedOn string: Date and time when the External OAUTH integration was created.
Enabled bool: Specifies whether to initiate operation of the integration or suspend it.
Issuer string: Specifies the URL to define the OAuth 2.0 authorization server.
JwsKeysUrls List<string>: Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
Name string: Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
RsaPublicKey string: Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
RsaPublicKey2 string: Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
ScopeDelimiter string: Specifies the scope delimiter in the authorization token.
ScopeMappingAttribute string: Specifies the access token claim to map the access token to an account role.
SnowflakeUserMappingAttribute string: Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
TokenUserMappingClaims List<string>: Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
Type string: Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.

AllowedRoles []string: Specifies the list of roles that the client can set as the primary role.
AnyRoleMode string: Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
AudienceUrls []string: Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
BlockedRoles []string: Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
Comment string: Specifies a comment for the OAuth integration.
CreatedOn string: Date and time when the External OAUTH integration was created.
Enabled bool: Specifies whether to initiate operation of the integration or suspend it.
Issuer string: Specifies the URL to define the OAuth 2.0 authorization server.
JwsKeysUrls []string: Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
Name string: Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
RsaPublicKey string: Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
RsaPublicKey2 string: Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
ScopeDelimiter string: Specifies the scope delimiter in the authorization token.
ScopeMappingAttribute string: Specifies the access token claim to map the access token to an account role.
SnowflakeUserMappingAttribute string: Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
TokenUserMappingClaims []string: Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
Type string: Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.

allowedRoles List<String>: Specifies the list of roles that the client can set as the primary role.
anyRoleMode String: Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
audienceUrls List<String>: Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
blockedRoles List<String>: Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
comment String: Specifies a comment for the OAuth integration.
createdOn String: Date and time when the External OAUTH integration was created.
enabled Boolean: Specifies whether to initiate operation of the integration or suspend it.
issuer String: Specifies the URL to define the OAuth 2.0 authorization server.
jwsKeysUrls List<String>: Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
name String: Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
rsaPublicKey String: Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
rsaPublicKey2 String: Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
scopeDelimiter String: Specifies the scope delimiter in the authorization token.
scopeMappingAttribute String: Specifies the access token claim to map the access token to an account role.
snowflakeUserMappingAttribute String: Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
tokenUserMappingClaims List<String>: Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
type String: Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.

allowedRoles string[]: Specifies the list of roles that the client can set as the primary role.
anyRoleMode string: Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
audienceUrls string[]: Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
blockedRoles string[]: Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
comment string: Specifies a comment for the OAuth integration.
createdOn string: Date and time when the External OAUTH integration was created.
enabled boolean: Specifies whether to initiate operation of the integration or suspend it.
issuer string: Specifies the URL to define the OAuth 2.0 authorization server.
jwsKeysUrls string[]: Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
name string: Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
rsaPublicKey string: Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
rsaPublicKey2 string: Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
scopeDelimiter string: Specifies the scope delimiter in the authorization token.
scopeMappingAttribute string: Specifies the access token claim to map the access token to an account role.
snowflakeUserMappingAttribute string: Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
tokenUserMappingClaims string[]: Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
type string: Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.

allowed_roles Sequence[str]: Specifies the list of roles that the client can set as the primary role.
any_role_mode str: Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
audience_urls Sequence[str]: Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
blocked_roles Sequence[str]: Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
comment str: Specifies a comment for the OAuth integration.
created_on str: Date and time when the External OAUTH integration was created.
enabled bool: Specifies whether to initiate operation of the integration or suspend it.
issuer str: Specifies the URL to define the OAuth 2.0 authorization server.
jws_keys_urls Sequence[str]: Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
name str: Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
rsa_public_key str: Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
rsa_public_key2 str: Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
scope_delimiter str: Specifies the scope delimiter in the authorization token.
scope_mapping_attribute str: Specifies the access token claim to map the access token to an account role.
snowflake_user_mapping_attribute str: Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
token_user_mapping_claims Sequence[str]: Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
type str: Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.

allowedRoles List<String>: Specifies the list of roles that the client can set as the primary role.
anyRoleMode String: Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
audienceUrls List<String>: Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
blockedRoles List<String>: Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
comment String: Specifies a comment for the OAuth integration.
createdOn String: Date and time when the External OAUTH integration was created.
enabled Boolean: Specifies whether to initiate operation of the integration or suspend it.
issuer String: Specifies the URL to define the OAuth 2.0 authorization server.
jwsKeysUrls List<String>: Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
name String: Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
rsaPublicKey String: Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
rsaPublicKey2 String: Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
scopeDelimiter String: Specifies the scope delimiter in the authorization token.
scopeMappingAttribute String: Specifies the access token claim to map the access token to an account role.
snowflakeUserMappingAttribute String: Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
tokenUserMappingClaims List<String>: Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
type String: Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.

Import

 $ pulumi import snowflake:index/externalOauthIntegration:ExternalOauthIntegration example name

Package Details

Repository: Snowflake pulumi/pulumi-snowflake
License: Apache-2.0
Notes: This Pulumi package is based on the snowflake Terraform Provider.

Snowflake v0.35.0 published on Wednesday, Sep 27, 2023 by Pulumi

pulumi/pulumi-snowflake

snowflake.ExternalOauthIntegration

On this page

On this page

Example Usage

Create ExternalOauthIntegration Resource

ExternalOauthIntegration Resource Properties

Inputs

Outputs

Look up Existing ExternalOauthIntegration Resource

Import

Package Details

On this page

On this page