snowflake.ExternalOauthIntegration
Explore with Pulumi AI
An External OAuth security integration allows a client to use a third-party authorization server to obtain the access tokens needed to interact with Snowflake.
Example Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Snowflake = Pulumi.Snowflake;
return await Deployment.RunAsync(() =>
{
var azure = new Snowflake.ExternalOauthIntegration("azure", new()
{
AudienceUrls = new[]
{
"https://analysis.windows.net/powerbi/connector/Snowflake",
},
Enabled = true,
Issuer = "https://sts.windows.net/00000000-0000-0000-0000-000000000000",
JwsKeysUrls = new[]
{
"https://login.windows.net/common/discovery/keys",
},
SnowflakeUserMappingAttribute = "LOGIN_NAME",
TokenUserMappingClaims = new[]
{
"upn",
},
Type = "AZURE",
});
});
package main
import (
"github.com/pulumi/pulumi-snowflake/sdk/go/snowflake"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := snowflake.NewExternalOauthIntegration(ctx, "azure", &snowflake.ExternalOauthIntegrationArgs{
AudienceUrls: pulumi.StringArray{
pulumi.String("https://analysis.windows.net/powerbi/connector/Snowflake"),
},
Enabled: pulumi.Bool(true),
Issuer: pulumi.String("https://sts.windows.net/00000000-0000-0000-0000-000000000000"),
JwsKeysUrls: pulumi.StringArray{
pulumi.String("https://login.windows.net/common/discovery/keys"),
},
SnowflakeUserMappingAttribute: pulumi.String("LOGIN_NAME"),
TokenUserMappingClaims: pulumi.StringArray{
pulumi.String("upn"),
},
Type: pulumi.String("AZURE"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.snowflake.ExternalOauthIntegration;
import com.pulumi.snowflake.ExternalOauthIntegrationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var azure = new ExternalOauthIntegration("azure", ExternalOauthIntegrationArgs.builder()
.audienceUrls("https://analysis.windows.net/powerbi/connector/Snowflake")
.enabled(true)
.issuer("https://sts.windows.net/00000000-0000-0000-0000-000000000000")
.jwsKeysUrls("https://login.windows.net/common/discovery/keys")
.snowflakeUserMappingAttribute("LOGIN_NAME")
.tokenUserMappingClaims("upn")
.type("AZURE")
.build());
}
}
import pulumi
import pulumi_snowflake as snowflake
azure = snowflake.ExternalOauthIntegration("azure",
audience_urls=["https://analysis.windows.net/powerbi/connector/Snowflake"],
enabled=True,
issuer="https://sts.windows.net/00000000-0000-0000-0000-000000000000",
jws_keys_urls=["https://login.windows.net/common/discovery/keys"],
snowflake_user_mapping_attribute="LOGIN_NAME",
token_user_mapping_claims=["upn"],
type="AZURE")
import * as pulumi from "@pulumi/pulumi";
import * as snowflake from "@pulumi/snowflake";
const azure = new snowflake.ExternalOauthIntegration("azure", {
audienceUrls: ["https://analysis.windows.net/powerbi/connector/Snowflake"],
enabled: true,
issuer: "https://sts.windows.net/00000000-0000-0000-0000-000000000000",
jwsKeysUrls: ["https://login.windows.net/common/discovery/keys"],
snowflakeUserMappingAttribute: "LOGIN_NAME",
tokenUserMappingClaims: ["upn"],
type: "AZURE",
});
resources:
azure:
type: snowflake:ExternalOauthIntegration
properties:
audienceUrls:
- https://analysis.windows.net/powerbi/connector/Snowflake
enabled: true
issuer: https://sts.windows.net/00000000-0000-0000-0000-000000000000
jwsKeysUrls:
- https://login.windows.net/common/discovery/keys
snowflakeUserMappingAttribute: LOGIN_NAME
tokenUserMappingClaims:
- upn
type: AZURE
Create ExternalOauthIntegration Resource
new ExternalOauthIntegration(name: string, args: ExternalOauthIntegrationArgs, opts?: CustomResourceOptions);
@overload
def ExternalOauthIntegration(resource_name: str,
opts: Optional[ResourceOptions] = None,
allowed_roles: Optional[Sequence[str]] = None,
any_role_mode: Optional[str] = None,
audience_urls: Optional[Sequence[str]] = None,
blocked_roles: Optional[Sequence[str]] = None,
comment: Optional[str] = None,
enabled: Optional[bool] = None,
issuer: Optional[str] = None,
jws_keys_urls: Optional[Sequence[str]] = None,
name: Optional[str] = None,
rsa_public_key: Optional[str] = None,
rsa_public_key2: Optional[str] = None,
scope_delimiter: Optional[str] = None,
scope_mapping_attribute: Optional[str] = None,
snowflake_user_mapping_attribute: Optional[str] = None,
token_user_mapping_claims: Optional[Sequence[str]] = None,
type: Optional[str] = None)
@overload
def ExternalOauthIntegration(resource_name: str,
args: ExternalOauthIntegrationArgs,
opts: Optional[ResourceOptions] = None)
func NewExternalOauthIntegration(ctx *Context, name string, args ExternalOauthIntegrationArgs, opts ...ResourceOption) (*ExternalOauthIntegration, error)
public ExternalOauthIntegration(string name, ExternalOauthIntegrationArgs args, CustomResourceOptions? opts = null)
public ExternalOauthIntegration(String name, ExternalOauthIntegrationArgs args)
public ExternalOauthIntegration(String name, ExternalOauthIntegrationArgs args, CustomResourceOptions options)
type: snowflake:ExternalOauthIntegration
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ExternalOauthIntegrationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ExternalOauthIntegrationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ExternalOauthIntegrationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ExternalOauthIntegrationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ExternalOauthIntegrationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
ExternalOauthIntegration Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The ExternalOauthIntegration resource accepts the following input properties:
- Enabled bool
Specifies whether to initiate operation of the integration or suspend it.
- Issuer string
Specifies the URL to define the OAuth 2.0 authorization server.
- Snowflake
User stringMapping Attribute Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
- Token
User List<string>Mapping Claims Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
- Type string
Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
- Allowed
Roles List<string> Specifies the list of roles that the client can set as the primary role.
- Any
Role stringMode Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
- Audience
Urls List<string> Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- Blocked
Roles List<string> Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
- Comment string
Specifies a comment for the OAuth integration.
- Jws
Keys List<string>Urls Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
- Name string
Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- Rsa
Public stringKey Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
- Rsa
Public stringKey2 Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
- Scope
Delimiter string Specifies the scope delimiter in the authorization token.
- Scope
Mapping stringAttribute Specifies the access token claim to map the access token to an account role.
- Enabled bool
Specifies whether to initiate operation of the integration or suspend it.
- Issuer string
Specifies the URL to define the OAuth 2.0 authorization server.
- Snowflake
User stringMapping Attribute Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
- Token
User []stringMapping Claims Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
- Type string
Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
- Allowed
Roles []string Specifies the list of roles that the client can set as the primary role.
- Any
Role stringMode Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
- Audience
Urls []string Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- Blocked
Roles []string Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
- Comment string
Specifies a comment for the OAuth integration.
- Jws
Keys []stringUrls Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
- Name string
Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- Rsa
Public stringKey Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
- Rsa
Public stringKey2 Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
- Scope
Delimiter string Specifies the scope delimiter in the authorization token.
- Scope
Mapping stringAttribute Specifies the access token claim to map the access token to an account role.
- enabled Boolean
Specifies whether to initiate operation of the integration or suspend it.
- issuer String
Specifies the URL to define the OAuth 2.0 authorization server.
- snowflake
User StringMapping Attribute Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
- token
User List<String>Mapping Claims Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
- type String
Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
- allowed
Roles List<String> Specifies the list of roles that the client can set as the primary role.
- any
Role StringMode Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
- audience
Urls List<String> Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- blocked
Roles List<String> Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
- comment String
Specifies a comment for the OAuth integration.
- jws
Keys List<String>Urls Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
- name String
Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- rsa
Public StringKey Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
- rsa
Public StringKey2 Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
- scope
Delimiter String Specifies the scope delimiter in the authorization token.
- scope
Mapping StringAttribute Specifies the access token claim to map the access token to an account role.
- enabled boolean
Specifies whether to initiate operation of the integration or suspend it.
- issuer string
Specifies the URL to define the OAuth 2.0 authorization server.
- snowflake
User stringMapping Attribute Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
- token
User string[]Mapping Claims Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
- type string
Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
- allowed
Roles string[] Specifies the list of roles that the client can set as the primary role.
- any
Role stringMode Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
- audience
Urls string[] Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- blocked
Roles string[] Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
- comment string
Specifies a comment for the OAuth integration.
- jws
Keys string[]Urls Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
- name string
Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- rsa
Public stringKey Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
- rsa
Public stringKey2 Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
- scope
Delimiter string Specifies the scope delimiter in the authorization token.
- scope
Mapping stringAttribute Specifies the access token claim to map the access token to an account role.
- enabled bool
Specifies whether to initiate operation of the integration or suspend it.
- issuer str
Specifies the URL to define the OAuth 2.0 authorization server.
- snowflake_
user_ strmapping_ attribute Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
- token_
user_ Sequence[str]mapping_ claims Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
- type str
Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
- allowed_
roles Sequence[str] Specifies the list of roles that the client can set as the primary role.
- any_
role_ strmode Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
- audience_
urls Sequence[str] Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- blocked_
roles Sequence[str] Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
- comment str
Specifies a comment for the OAuth integration.
- jws_
keys_ Sequence[str]urls Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
- name str
Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- rsa_
public_ strkey Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
- rsa_
public_ strkey2 Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
- scope_
delimiter str Specifies the scope delimiter in the authorization token.
- scope_
mapping_ strattribute Specifies the access token claim to map the access token to an account role.
- enabled Boolean
Specifies whether to initiate operation of the integration or suspend it.
- issuer String
Specifies the URL to define the OAuth 2.0 authorization server.
- snowflake
User StringMapping Attribute Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
- token
User List<String>Mapping Claims Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
- type String
Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
- allowed
Roles List<String> Specifies the list of roles that the client can set as the primary role.
- any
Role StringMode Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
- audience
Urls List<String> Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- blocked
Roles List<String> Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
- comment String
Specifies a comment for the OAuth integration.
- jws
Keys List<String>Urls Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
- name String
Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- rsa
Public StringKey Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
- rsa
Public StringKey2 Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
- scope
Delimiter String Specifies the scope delimiter in the authorization token.
- scope
Mapping StringAttribute Specifies the access token claim to map the access token to an account role.
Outputs
All input properties are implicitly available as output properties. Additionally, the ExternalOauthIntegration resource produces the following output properties:
- created_
on str Date and time when the External OAUTH integration was created.
- id str
The provider-assigned unique ID for this managed resource.
Look up Existing ExternalOauthIntegration Resource
Get an existing ExternalOauthIntegration resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ExternalOauthIntegrationState, opts?: CustomResourceOptions): ExternalOauthIntegration
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
allowed_roles: Optional[Sequence[str]] = None,
any_role_mode: Optional[str] = None,
audience_urls: Optional[Sequence[str]] = None,
blocked_roles: Optional[Sequence[str]] = None,
comment: Optional[str] = None,
created_on: Optional[str] = None,
enabled: Optional[bool] = None,
issuer: Optional[str] = None,
jws_keys_urls: Optional[Sequence[str]] = None,
name: Optional[str] = None,
rsa_public_key: Optional[str] = None,
rsa_public_key2: Optional[str] = None,
scope_delimiter: Optional[str] = None,
scope_mapping_attribute: Optional[str] = None,
snowflake_user_mapping_attribute: Optional[str] = None,
token_user_mapping_claims: Optional[Sequence[str]] = None,
type: Optional[str] = None) -> ExternalOauthIntegration
func GetExternalOauthIntegration(ctx *Context, name string, id IDInput, state *ExternalOauthIntegrationState, opts ...ResourceOption) (*ExternalOauthIntegration, error)
public static ExternalOauthIntegration Get(string name, Input<string> id, ExternalOauthIntegrationState? state, CustomResourceOptions? opts = null)
public static ExternalOauthIntegration get(String name, Output<String> id, ExternalOauthIntegrationState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Allowed
Roles List<string> Specifies the list of roles that the client can set as the primary role.
- Any
Role stringMode Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
- Audience
Urls List<string> Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- Blocked
Roles List<string> Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
- Comment string
Specifies a comment for the OAuth integration.
- Created
On string Date and time when the External OAUTH integration was created.
- Enabled bool
Specifies whether to initiate operation of the integration or suspend it.
- Issuer string
Specifies the URL to define the OAuth 2.0 authorization server.
- Jws
Keys List<string>Urls Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
- Name string
Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- Rsa
Public stringKey Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
- Rsa
Public stringKey2 Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
- Scope
Delimiter string Specifies the scope delimiter in the authorization token.
- Scope
Mapping stringAttribute Specifies the access token claim to map the access token to an account role.
- Snowflake
User stringMapping Attribute Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
- Token
User List<string>Mapping Claims Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
- Type string
Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
- Allowed
Roles []string Specifies the list of roles that the client can set as the primary role.
- Any
Role stringMode Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
- Audience
Urls []string Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- Blocked
Roles []string Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
- Comment string
Specifies a comment for the OAuth integration.
- Created
On string Date and time when the External OAUTH integration was created.
- Enabled bool
Specifies whether to initiate operation of the integration or suspend it.
- Issuer string
Specifies the URL to define the OAuth 2.0 authorization server.
- Jws
Keys []stringUrls Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
- Name string
Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- Rsa
Public stringKey Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
- Rsa
Public stringKey2 Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
- Scope
Delimiter string Specifies the scope delimiter in the authorization token.
- Scope
Mapping stringAttribute Specifies the access token claim to map the access token to an account role.
- Snowflake
User stringMapping Attribute Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
- Token
User []stringMapping Claims Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
- Type string
Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
- allowed
Roles List<String> Specifies the list of roles that the client can set as the primary role.
- any
Role StringMode Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
- audience
Urls List<String> Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- blocked
Roles List<String> Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
- comment String
Specifies a comment for the OAuth integration.
- created
On String Date and time when the External OAUTH integration was created.
- enabled Boolean
Specifies whether to initiate operation of the integration or suspend it.
- issuer String
Specifies the URL to define the OAuth 2.0 authorization server.
- jws
Keys List<String>Urls Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
- name String
Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- rsa
Public StringKey Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
- rsa
Public StringKey2 Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
- scope
Delimiter String Specifies the scope delimiter in the authorization token.
- scope
Mapping StringAttribute Specifies the access token claim to map the access token to an account role.
- snowflake
User StringMapping Attribute Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
- token
User List<String>Mapping Claims Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
- type String
Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
- allowed
Roles string[] Specifies the list of roles that the client can set as the primary role.
- any
Role stringMode Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
- audience
Urls string[] Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- blocked
Roles string[] Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
- comment string
Specifies a comment for the OAuth integration.
- created
On string Date and time when the External OAUTH integration was created.
- enabled boolean
Specifies whether to initiate operation of the integration or suspend it.
- issuer string
Specifies the URL to define the OAuth 2.0 authorization server.
- jws
Keys string[]Urls Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
- name string
Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- rsa
Public stringKey Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
- rsa
Public stringKey2 Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
- scope
Delimiter string Specifies the scope delimiter in the authorization token.
- scope
Mapping stringAttribute Specifies the access token claim to map the access token to an account role.
- snowflake
User stringMapping Attribute Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
- token
User string[]Mapping Claims Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
- type string
Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
- allowed_
roles Sequence[str] Specifies the list of roles that the client can set as the primary role.
- any_
role_ strmode Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
- audience_
urls Sequence[str] Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- blocked_
roles Sequence[str] Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
- comment str
Specifies a comment for the OAuth integration.
- created_
on str Date and time when the External OAUTH integration was created.
- enabled bool
Specifies whether to initiate operation of the integration or suspend it.
- issuer str
Specifies the URL to define the OAuth 2.0 authorization server.
- jws_
keys_ Sequence[str]urls Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
- name str
Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- rsa_
public_ strkey Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
- rsa_
public_ strkey2 Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
- scope_
delimiter str Specifies the scope delimiter in the authorization token.
- scope_
mapping_ strattribute Specifies the access token claim to map the access token to an account role.
- snowflake_
user_ strmapping_ attribute Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
- token_
user_ Sequence[str]mapping_ claims Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
- type str
Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
- allowed
Roles List<String> Specifies the list of roles that the client can set as the primary role.
- any
Role StringMode Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
- audience
Urls List<String> Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- blocked
Roles List<String> Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
- comment String
Specifies a comment for the OAuth integration.
- created
On String Date and time when the External OAUTH integration was created.
- enabled Boolean
Specifies whether to initiate operation of the integration or suspend it.
- issuer String
Specifies the URL to define the OAuth 2.0 authorization server.
- jws
Keys List<String>Urls Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
- name String
Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- rsa
Public StringKey Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
- rsa
Public StringKey2 Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
- scope
Delimiter String Specifies the scope delimiter in the authorization token.
- scope
Mapping StringAttribute Specifies the access token claim to map the access token to an account role.
- snowflake
User StringMapping Attribute Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
- token
User List<String>Mapping Claims Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
- type String
Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
Import
$ pulumi import snowflake:index/externalOauthIntegration:ExternalOauthIntegration example name
Package Details
- Repository
- Snowflake pulumi/pulumi-snowflake
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
snowflake
Terraform Provider.