Snowflake

Pulumi Official
Package maintained by Pulumi
v0.12.0 published on Wednesday, Jul 20, 2022 by Pulumi

ExternalOauthIntegration

Import

 $ pulumi import snowflake:index/externalOauthIntegration:ExternalOauthIntegration example name

Example Usage

using Pulumi;
using Snowflake = Pulumi.Snowflake;

class MyStack : Stack
{
    public MyStack()
    {
        var azure = new Snowflake.ExternalOauthIntegration("azure", new Snowflake.ExternalOauthIntegrationArgs
        {
            AudienceUrls = 
            {
                "https://analysis.windows.net/powerbi/connector/Snowflake",
            },
            Enabled = true,
            Issuer = "https://sts.windows.net/00000000-0000-0000-0000-000000000000",
            JwsKeysUrls = 
            {
                "https://login.windows.net/common/discovery/keys",
            },
            SnowflakeUserMappingAttribute = "LOGIN_NAME",
            TokenUserMappingClaims = 
            {
                "upn",
            },
            Type = "AZURE",
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-snowflake/sdk/go/snowflake"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := snowflake.NewExternalOauthIntegration(ctx, "azure", &snowflake.ExternalOauthIntegrationArgs{
			AudienceUrls: pulumi.StringArray{
				pulumi.String("https://analysis.windows.net/powerbi/connector/Snowflake"),
			},
			Enabled: pulumi.Bool(true),
			Issuer:  pulumi.String("https://sts.windows.net/00000000-0000-0000-0000-000000000000"),
			JwsKeysUrls: pulumi.StringArray{
				pulumi.String("https://login.windows.net/common/discovery/keys"),
			},
			SnowflakeUserMappingAttribute: pulumi.String("LOGIN_NAME"),
			TokenUserMappingClaims: pulumi.StringArray{
				pulumi.String("upn"),
			},
			Type: pulumi.String("AZURE"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var azure = new ExternalOauthIntegration("azure", ExternalOauthIntegrationArgs.builder()        
            .audienceUrls("https://analysis.windows.net/powerbi/connector/Snowflake")
            .enabled(true)
            .issuer("https://sts.windows.net/00000000-0000-0000-0000-000000000000")
            .jwsKeysUrls("https://login.windows.net/common/discovery/keys")
            .snowflakeUserMappingAttribute("LOGIN_NAME")
            .tokenUserMappingClaims("upn")
            .type("AZURE")
            .build());

    }
}
import pulumi
import pulumi_snowflake as snowflake

azure = snowflake.ExternalOauthIntegration("azure",
    audience_urls=["https://analysis.windows.net/powerbi/connector/Snowflake"],
    enabled=True,
    issuer="https://sts.windows.net/00000000-0000-0000-0000-000000000000",
    jws_keys_urls=["https://login.windows.net/common/discovery/keys"],
    snowflake_user_mapping_attribute="LOGIN_NAME",
    token_user_mapping_claims=["upn"],
    type="AZURE")
import * as pulumi from "@pulumi/pulumi";
import * as snowflake from "@pulumi/snowflake";

const azure = new snowflake.ExternalOauthIntegration("azure", {
    audienceUrls: ["https://analysis.windows.net/powerbi/connector/Snowflake"],
    enabled: true,
    issuer: "https://sts.windows.net/00000000-0000-0000-0000-000000000000",
    jwsKeysUrls: ["https://login.windows.net/common/discovery/keys"],
    snowflakeUserMappingAttribute: "LOGIN_NAME",
    tokenUserMappingClaims: ["upn"],
    type: "AZURE",
});
resources:
  azure:
    type: snowflake:ExternalOauthIntegration
    properties:
      audienceUrls:
        - https://analysis.windows.net/powerbi/connector/Snowflake
      enabled: true
      issuer: https://sts.windows.net/00000000-0000-0000-0000-000000000000
      jwsKeysUrls:
        - https://login.windows.net/common/discovery/keys
      snowflakeUserMappingAttribute: LOGIN_NAME
      tokenUserMappingClaims:
        - upn
      type: AZURE

Create a ExternalOauthIntegration Resource

new ExternalOauthIntegration(name: string, args: ExternalOauthIntegrationArgs, opts?: CustomResourceOptions);
@overload
def ExternalOauthIntegration(resource_name: str,
                             opts: Optional[ResourceOptions] = None,
                             allowed_roles: Optional[Sequence[str]] = None,
                             any_role_mode: Optional[str] = None,
                             audience_urls: Optional[Sequence[str]] = None,
                             blocked_roles: Optional[Sequence[str]] = None,
                             comment: Optional[str] = None,
                             enabled: Optional[bool] = None,
                             issuer: Optional[str] = None,
                             jws_keys_urls: Optional[Sequence[str]] = None,
                             name: Optional[str] = None,
                             rsa_public_key: Optional[str] = None,
                             rsa_public_key2: Optional[str] = None,
                             scope_delimiter: Optional[str] = None,
                             snowflake_user_mapping_attribute: Optional[str] = None,
                             token_user_mapping_claims: Optional[Sequence[str]] = None,
                             type: Optional[str] = None)
@overload
def ExternalOauthIntegration(resource_name: str,
                             args: ExternalOauthIntegrationArgs,
                             opts: Optional[ResourceOptions] = None)
func NewExternalOauthIntegration(ctx *Context, name string, args ExternalOauthIntegrationArgs, opts ...ResourceOption) (*ExternalOauthIntegration, error)
public ExternalOauthIntegration(string name, ExternalOauthIntegrationArgs args, CustomResourceOptions? opts = null)
public ExternalOauthIntegration(String name, ExternalOauthIntegrationArgs args)
public ExternalOauthIntegration(String name, ExternalOauthIntegrationArgs args, CustomResourceOptions options)
type: snowflake:ExternalOauthIntegration
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args ExternalOauthIntegrationArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args ExternalOauthIntegrationArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args ExternalOauthIntegrationArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args ExternalOauthIntegrationArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args ExternalOauthIntegrationArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

ExternalOauthIntegration Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The ExternalOauthIntegration resource accepts the following input properties:

Enabled bool

Specifies whether to initiate operation of the integration or suspend it.

Issuer string

Specifies the URL to define the OAuth 2.0 authorization server.

SnowflakeUserMappingAttribute string

Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.

TokenUserMappingClaims List<string>

Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.

Type string

Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.

AllowedRoles List<string>

Specifies the list of roles that the client can set as the primary role.

AnyRoleMode string

Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.

AudienceUrls List<string>

Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL

BlockedRoles List<string>

Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.

Comment string

Specifies a comment for the OAuth integration.

JwsKeysUrls List<string>

Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.

Name string

Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.

RsaPublicKey string

Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.

RsaPublicKey2 string

Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.

ScopeDelimiter string

Specifies the scope delimiter in the authorization token.

Enabled bool

Specifies whether to initiate operation of the integration or suspend it.

Issuer string

Specifies the URL to define the OAuth 2.0 authorization server.

SnowflakeUserMappingAttribute string

Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.

TokenUserMappingClaims []string

Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.

Type string

Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.

AllowedRoles []string

Specifies the list of roles that the client can set as the primary role.

AnyRoleMode string

Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.

AudienceUrls []string

Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL

BlockedRoles []string

Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.

Comment string

Specifies a comment for the OAuth integration.

JwsKeysUrls []string

Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.

Name string

Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.

RsaPublicKey string

Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.

RsaPublicKey2 string

Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.

ScopeDelimiter string

Specifies the scope delimiter in the authorization token.

enabled Boolean

Specifies whether to initiate operation of the integration or suspend it.

issuer String

Specifies the URL to define the OAuth 2.0 authorization server.

snowflakeUserMappingAttribute String

Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.

tokenUserMappingClaims List<String>

Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.

type String

Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.

allowedRoles List<String>

Specifies the list of roles that the client can set as the primary role.

anyRoleMode String

Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.

audienceUrls List<String>

Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL

blockedRoles List<String>

Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.

comment String

Specifies a comment for the OAuth integration.

jwsKeysUrls List<String>

Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.

name String

Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.

rsaPublicKey String

Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.

rsaPublicKey2 String

Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.

scopeDelimiter String

Specifies the scope delimiter in the authorization token.

enabled boolean

Specifies whether to initiate operation of the integration or suspend it.

issuer string

Specifies the URL to define the OAuth 2.0 authorization server.

snowflakeUserMappingAttribute string

Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.

tokenUserMappingClaims string[]

Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.

type string

Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.

allowedRoles string[]

Specifies the list of roles that the client can set as the primary role.

anyRoleMode string

Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.

audienceUrls string[]

Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL

blockedRoles string[]

Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.

comment string

Specifies a comment for the OAuth integration.

jwsKeysUrls string[]

Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.

name string

Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.

rsaPublicKey string

Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.

rsaPublicKey2 string

Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.

scopeDelimiter string

Specifies the scope delimiter in the authorization token.

enabled bool

Specifies whether to initiate operation of the integration or suspend it.

issuer str

Specifies the URL to define the OAuth 2.0 authorization server.

snowflake_user_mapping_attribute str

Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.

token_user_mapping_claims Sequence[str]

Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.

type str

Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.

allowed_roles Sequence[str]

Specifies the list of roles that the client can set as the primary role.

any_role_mode str

Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.

audience_urls Sequence[str]

Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL

blocked_roles Sequence[str]

Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.

comment str

Specifies a comment for the OAuth integration.

jws_keys_urls Sequence[str]

Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.

name str

Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.

rsa_public_key str

Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.

rsa_public_key2 str

Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.

scope_delimiter str

Specifies the scope delimiter in the authorization token.

enabled Boolean

Specifies whether to initiate operation of the integration or suspend it.

issuer String

Specifies the URL to define the OAuth 2.0 authorization server.

snowflakeUserMappingAttribute String

Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.

tokenUserMappingClaims List<String>

Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.

type String

Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.

allowedRoles List<String>

Specifies the list of roles that the client can set as the primary role.

anyRoleMode String

Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.

audienceUrls List<String>

Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL

blockedRoles List<String>

Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.

comment String

Specifies a comment for the OAuth integration.

jwsKeysUrls List<String>

Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.

name String

Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.

rsaPublicKey String

Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.

rsaPublicKey2 String

Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.

scopeDelimiter String

Specifies the scope delimiter in the authorization token.

Outputs

All input properties are implicitly available as output properties. Additionally, the ExternalOauthIntegration resource produces the following output properties:

CreatedOn string

Date and time when the External OAUTH integration was created.

Id string

The provider-assigned unique ID for this managed resource.

CreatedOn string

Date and time when the External OAUTH integration was created.

Id string

The provider-assigned unique ID for this managed resource.

createdOn String

Date and time when the External OAUTH integration was created.

id String

The provider-assigned unique ID for this managed resource.

createdOn string

Date and time when the External OAUTH integration was created.

id string

The provider-assigned unique ID for this managed resource.

created_on str

Date and time when the External OAUTH integration was created.

id str

The provider-assigned unique ID for this managed resource.

createdOn String

Date and time when the External OAUTH integration was created.

id String

The provider-assigned unique ID for this managed resource.

Look up an Existing ExternalOauthIntegration Resource

Get an existing ExternalOauthIntegration resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ExternalOauthIntegrationState, opts?: CustomResourceOptions): ExternalOauthIntegration
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        allowed_roles: Optional[Sequence[str]] = None,
        any_role_mode: Optional[str] = None,
        audience_urls: Optional[Sequence[str]] = None,
        blocked_roles: Optional[Sequence[str]] = None,
        comment: Optional[str] = None,
        created_on: Optional[str] = None,
        enabled: Optional[bool] = None,
        issuer: Optional[str] = None,
        jws_keys_urls: Optional[Sequence[str]] = None,
        name: Optional[str] = None,
        rsa_public_key: Optional[str] = None,
        rsa_public_key2: Optional[str] = None,
        scope_delimiter: Optional[str] = None,
        snowflake_user_mapping_attribute: Optional[str] = None,
        token_user_mapping_claims: Optional[Sequence[str]] = None,
        type: Optional[str] = None) -> ExternalOauthIntegration
func GetExternalOauthIntegration(ctx *Context, name string, id IDInput, state *ExternalOauthIntegrationState, opts ...ResourceOption) (*ExternalOauthIntegration, error)
public static ExternalOauthIntegration Get(string name, Input<string> id, ExternalOauthIntegrationState? state, CustomResourceOptions? opts = null)
public static ExternalOauthIntegration get(String name, Output<String> id, ExternalOauthIntegrationState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AllowedRoles List<string>

Specifies the list of roles that the client can set as the primary role.

AnyRoleMode string

Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.

AudienceUrls List<string>

Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL

BlockedRoles List<string>

Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.

Comment string

Specifies a comment for the OAuth integration.

CreatedOn string

Date and time when the External OAUTH integration was created.

Enabled bool

Specifies whether to initiate operation of the integration or suspend it.

Issuer string

Specifies the URL to define the OAuth 2.0 authorization server.

JwsKeysUrls List<string>

Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.

Name string

Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.

RsaPublicKey string

Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.

RsaPublicKey2 string

Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.

ScopeDelimiter string

Specifies the scope delimiter in the authorization token.

SnowflakeUserMappingAttribute string

Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.

TokenUserMappingClaims List<string>

Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.

Type string

Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.

AllowedRoles []string

Specifies the list of roles that the client can set as the primary role.

AnyRoleMode string

Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.

AudienceUrls []string

Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL

BlockedRoles []string

Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.

Comment string

Specifies a comment for the OAuth integration.

CreatedOn string

Date and time when the External OAUTH integration was created.

Enabled bool

Specifies whether to initiate operation of the integration or suspend it.

Issuer string

Specifies the URL to define the OAuth 2.0 authorization server.

JwsKeysUrls []string

Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.

Name string

Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.

RsaPublicKey string

Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.

RsaPublicKey2 string

Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.

ScopeDelimiter string

Specifies the scope delimiter in the authorization token.

SnowflakeUserMappingAttribute string

Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.

TokenUserMappingClaims []string

Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.

Type string

Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.

allowedRoles List<String>

Specifies the list of roles that the client can set as the primary role.

anyRoleMode String

Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.

audienceUrls List<String>

Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL

blockedRoles List<String>

Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.

comment String

Specifies a comment for the OAuth integration.

createdOn String

Date and time when the External OAUTH integration was created.

enabled Boolean

Specifies whether to initiate operation of the integration or suspend it.

issuer String

Specifies the URL to define the OAuth 2.0 authorization server.

jwsKeysUrls List<String>

Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.

name String

Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.

rsaPublicKey String

Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.

rsaPublicKey2 String

Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.

scopeDelimiter String

Specifies the scope delimiter in the authorization token.

snowflakeUserMappingAttribute String

Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.

tokenUserMappingClaims List<String>

Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.

type String

Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.

allowedRoles string[]

Specifies the list of roles that the client can set as the primary role.

anyRoleMode string

Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.

audienceUrls string[]

Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL

blockedRoles string[]

Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.

comment string

Specifies a comment for the OAuth integration.

createdOn string

Date and time when the External OAUTH integration was created.

enabled boolean

Specifies whether to initiate operation of the integration or suspend it.

issuer string

Specifies the URL to define the OAuth 2.0 authorization server.

jwsKeysUrls string[]

Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.

name string

Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.

rsaPublicKey string

Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.

rsaPublicKey2 string

Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.

scopeDelimiter string

Specifies the scope delimiter in the authorization token.

snowflakeUserMappingAttribute string

Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.

tokenUserMappingClaims string[]

Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.

type string

Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.

allowed_roles Sequence[str]

Specifies the list of roles that the client can set as the primary role.

any_role_mode str

Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.

audience_urls Sequence[str]

Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL

blocked_roles Sequence[str]

Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.

comment str

Specifies a comment for the OAuth integration.

created_on str

Date and time when the External OAUTH integration was created.

enabled bool

Specifies whether to initiate operation of the integration or suspend it.

issuer str

Specifies the URL to define the OAuth 2.0 authorization server.

jws_keys_urls Sequence[str]

Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.

name str

Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.

rsa_public_key str

Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.

rsa_public_key2 str

Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.

scope_delimiter str

Specifies the scope delimiter in the authorization token.

snowflake_user_mapping_attribute str

Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.

token_user_mapping_claims Sequence[str]

Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.

type str

Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.

allowedRoles List<String>

Specifies the list of roles that the client can set as the primary role.

anyRoleMode String

Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.

audienceUrls List<String>

Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL

blockedRoles List<String>

Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.

comment String

Specifies a comment for the OAuth integration.

createdOn String

Date and time when the External OAUTH integration was created.

enabled Boolean

Specifies whether to initiate operation of the integration or suspend it.

issuer String

Specifies the URL to define the OAuth 2.0 authorization server.

jwsKeysUrls List<String>

Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.

name String

Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.

rsaPublicKey String

Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.

rsaPublicKey2 String

Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.

scopeDelimiter String

Specifies the scope delimiter in the authorization token.

snowflakeUserMappingAttribute String

Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.

tokenUserMappingClaims List<String>

Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.

type String

Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.

Package Details

Repository
https://github.com/pulumi/pulumi-snowflake
License
Apache-2.0
Notes

This Pulumi package is based on the snowflake Terraform Provider.