Docs Home
Snowflake v1.2.0 published on Monday, Apr 14, 2025 by Pulumi
snowflake.ExternalOauthIntegration
Explore with Pulumi AI
Import
$ pulumi import snowflake:index/externalOauthIntegration:ExternalOauthIntegration example '"<integration_name>"'
Create ExternalOauthIntegration Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ExternalOauthIntegration(name: string, args: ExternalOauthIntegrationArgs, opts?: CustomResourceOptions);@overload
def ExternalOauthIntegration(resource_name: str,
args: ExternalOauthIntegrationArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ExternalOauthIntegration(resource_name: str,
opts: Optional[ResourceOptions] = None,
external_oauth_issuer: Optional[str] = None,
enabled: Optional[bool] = None,
external_oauth_type: Optional[str] = None,
external_oauth_token_user_mapping_claims: Optional[Sequence[str]] = None,
external_oauth_snowflake_user_mapping_attribute: Optional[str] = None,
external_oauth_audience_lists: Optional[Sequence[str]] = None,
external_oauth_blocked_roles_lists: Optional[Sequence[str]] = None,
external_oauth_jws_keys_urls: Optional[Sequence[str]] = None,
external_oauth_rsa_public_key: Optional[str] = None,
external_oauth_rsa_public_key2: Optional[str] = None,
external_oauth_scope_delimiter: Optional[str] = None,
external_oauth_scope_mapping_attribute: Optional[str] = None,
comment: Optional[str] = None,
external_oauth_any_role_mode: Optional[str] = None,
external_oauth_allowed_roles_lists: Optional[Sequence[str]] = None,
name: Optional[str] = None)func NewExternalOauthIntegration(ctx *Context, name string, args ExternalOauthIntegrationArgs, opts ...ResourceOption) (*ExternalOauthIntegration, error)public ExternalOauthIntegration(string name, ExternalOauthIntegrationArgs args, CustomResourceOptions? opts = null)public ExternalOauthIntegration(String name, ExternalOauthIntegrationArgs args)
public ExternalOauthIntegration(String name, ExternalOauthIntegrationArgs args, CustomResourceOptions options)
type: snowflake:ExternalOauthIntegration
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. ExternalOauthIntegrationArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. ExternalOauthIntegrationArgs - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. ExternalOauthIntegrationArgs - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. ExternalOauthIntegrationArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. ExternalOauthIntegrationArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var externalOauthIntegrationResource = new Snowflake.ExternalOauthIntegration("externalOauthIntegrationResource", new()
{
ExternalOauthIssuer = "string",
Enabled = false,
ExternalOauthType = "string",
ExternalOauthTokenUserMappingClaims = new[]
{
"string",
},
ExternalOauthSnowflakeUserMappingAttribute = "string",
ExternalOauthAudienceLists = new[]
{
"string",
},
ExternalOauthBlockedRolesLists = new[]
{
"string",
},
ExternalOauthJwsKeysUrls = new[]
{
"string",
},
ExternalOauthRsaPublicKey = "string",
ExternalOauthRsaPublicKey2 = "string",
ExternalOauthScopeDelimiter = "string",
ExternalOauthScopeMappingAttribute = "string",
Comment = "string",
ExternalOauthAnyRoleMode = "string",
ExternalOauthAllowedRolesLists = new[]
{
"string",
},
Name = "string",
});
example, err := snowflake.NewExternalOauthIntegration(ctx, "externalOauthIntegrationResource", &snowflake.ExternalOauthIntegrationArgs{
ExternalOauthIssuer: pulumi.String("string"),
Enabled: pulumi.Bool(false),
ExternalOauthType: pulumi.String("string"),
ExternalOauthTokenUserMappingClaims: pulumi.StringArray{
pulumi.String("string"),
},
ExternalOauthSnowflakeUserMappingAttribute: pulumi.String("string"),
ExternalOauthAudienceLists: pulumi.StringArray{
pulumi.String("string"),
},
ExternalOauthBlockedRolesLists: pulumi.StringArray{
pulumi.String("string"),
},
ExternalOauthJwsKeysUrls: pulumi.StringArray{
pulumi.String("string"),
},
ExternalOauthRsaPublicKey: pulumi.String("string"),
ExternalOauthRsaPublicKey2: pulumi.String("string"),
ExternalOauthScopeDelimiter: pulumi.String("string"),
ExternalOauthScopeMappingAttribute: pulumi.String("string"),
Comment: pulumi.String("string"),
ExternalOauthAnyRoleMode: pulumi.String("string"),
ExternalOauthAllowedRolesLists: pulumi.StringArray{
pulumi.String("string"),
},
Name: pulumi.String("string"),
})
var externalOauthIntegrationResource = new ExternalOauthIntegration("externalOauthIntegrationResource", ExternalOauthIntegrationArgs.builder()
.externalOauthIssuer("string")
.enabled(false)
.externalOauthType("string")
.externalOauthTokenUserMappingClaims("string")
.externalOauthSnowflakeUserMappingAttribute("string")
.externalOauthAudienceLists("string")
.externalOauthBlockedRolesLists("string")
.externalOauthJwsKeysUrls("string")
.externalOauthRsaPublicKey("string")
.externalOauthRsaPublicKey2("string")
.externalOauthScopeDelimiter("string")
.externalOauthScopeMappingAttribute("string")
.comment("string")
.externalOauthAnyRoleMode("string")
.externalOauthAllowedRolesLists("string")
.name("string")
.build());
external_oauth_integration_resource = snowflake.ExternalOauthIntegration("externalOauthIntegrationResource",
external_oauth_issuer="string",
enabled=False,
external_oauth_type="string",
external_oauth_token_user_mapping_claims=["string"],
external_oauth_snowflake_user_mapping_attribute="string",
external_oauth_audience_lists=["string"],
external_oauth_blocked_roles_lists=["string"],
external_oauth_jws_keys_urls=["string"],
external_oauth_rsa_public_key="string",
external_oauth_rsa_public_key2="string",
external_oauth_scope_delimiter="string",
external_oauth_scope_mapping_attribute="string",
comment="string",
external_oauth_any_role_mode="string",
external_oauth_allowed_roles_lists=["string"],
name="string")
const externalOauthIntegrationResource = new snowflake.ExternalOauthIntegration("externalOauthIntegrationResource", {
externalOauthIssuer: "string",
enabled: false,
externalOauthType: "string",
externalOauthTokenUserMappingClaims: ["string"],
externalOauthSnowflakeUserMappingAttribute: "string",
externalOauthAudienceLists: ["string"],
externalOauthBlockedRolesLists: ["string"],
externalOauthJwsKeysUrls: ["string"],
externalOauthRsaPublicKey: "string",
externalOauthRsaPublicKey2: "string",
externalOauthScopeDelimiter: "string",
externalOauthScopeMappingAttribute: "string",
comment: "string",
externalOauthAnyRoleMode: "string",
externalOauthAllowedRolesLists: ["string"],
name: "string",
});
type: snowflake:ExternalOauthIntegration
properties:
comment: string
enabled: false
externalOauthAllowedRolesLists:
- string
externalOauthAnyRoleMode: string
externalOauthAudienceLists:
- string
externalOauthBlockedRolesLists:
- string
externalOauthIssuer: string
externalOauthJwsKeysUrls:
- string
externalOauthRsaPublicKey: string
externalOauthRsaPublicKey2: string
externalOauthScopeDelimiter: string
externalOauthScopeMappingAttribute: string
externalOauthSnowflakeUserMappingAttribute: string
externalOauthTokenUserMappingClaims:
- string
externalOauthType: string
name: string
ExternalOauthIntegration Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ExternalOauthIntegration resource accepts the following input properties:
- Enabled
This property is required. bool - Specifies whether to initiate operation of the integration or suspend it.
- External
Oauth Issuer This property is required. string - Specifies the URL to define the OAuth 2.0 authorization server.
- External
Oauth Snowflake User Mapping Attribute This property is required. string - Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record. Valid values are (case-insensitive):
LOGIN_NAME|EMAIL_ADDRESS. - External
Oauth Token User Mapping Claims This property is required. List<string> - Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record. If removed from the config, the resource is recreated.
- External
Oauth Type This property is required. string - Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server. Valid values are (case-insensitive):
OKTA|AZURE|PING_FEDERATE|CUSTOM. - Comment string
- Specifies a comment for the OAuth integration.
- External
Oauth List<string>Allowed Roles Lists - Specifies the list of roles that the client can set as the primary role. For more information about this resource, see docs.
- External
Oauth stringAny Role Mode - Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token. Valid values are (case-insensitive):
DISABLE|ENABLE|ENABLE_FOR_PRIVILEGE. - External
Oauth List<string>Audience Lists - Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- External
Oauth List<string>Blocked Roles Lists - Specifies the list of roles that a client cannot set as the primary role. By default, this list includes the ACCOUNTADMIN, ORGADMIN and SECURITYADMIN roles. To remove these privileged roles from the list, use the ALTER ACCOUNT command to set the EXTERNALOAUTHADDPRIVILEGEDROLESTOBLOCKED*LIST account parameter to FALSE. For more information about this resource, see docs.
- External
Oauth List<string>Jws Keys Urls - Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3. If removed from the config, the resource is recreated.
- External
Oauth stringRsa Public Key - Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. If removed from the config, the resource is recreated.
- External
Oauth stringRsa Public Key2 - Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation. If removed from the config, the resource is recreated.
- External
Oauth stringScope Delimiter - Specifies the scope delimiter in the authorization token.
- External
Oauth stringScope Mapping Attribute - Specifies the access token claim to map the access token to an account role. If removed from the config, the resource is recreated.
- Name
Changes to this property will trigger replacement. - Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. Due to technical limitations (read more here), avoid using the following characters:
|,.,".
- Enabled
This property is required. bool - Specifies whether to initiate operation of the integration or suspend it.
- External
Oauth Issuer This property is required. string - Specifies the URL to define the OAuth 2.0 authorization server.
- External
Oauth Snowflake User Mapping Attribute This property is required. string - Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record. Valid values are (case-insensitive):
LOGIN_NAME|EMAIL_ADDRESS. - External
Oauth Token User Mapping Claims This property is required. []string - Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record. If removed from the config, the resource is recreated.
- External
Oauth Type This property is required. string - Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server. Valid values are (case-insensitive):
OKTA|AZURE|PING_FEDERATE|CUSTOM. - Comment string
- Specifies a comment for the OAuth integration.
- External
Oauth []stringAllowed Roles Lists - Specifies the list of roles that the client can set as the primary role. For more information about this resource, see docs.
- External
Oauth stringAny Role Mode - Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token. Valid values are (case-insensitive):
DISABLE|ENABLE|ENABLE_FOR_PRIVILEGE. - External
Oauth []stringAudience Lists - Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- External
Oauth []stringBlocked Roles Lists - Specifies the list of roles that a client cannot set as the primary role. By default, this list includes the ACCOUNTADMIN, ORGADMIN and SECURITYADMIN roles. To remove these privileged roles from the list, use the ALTER ACCOUNT command to set the EXTERNALOAUTHADDPRIVILEGEDROLESTOBLOCKED*LIST account parameter to FALSE. For more information about this resource, see docs.
- External
Oauth []stringJws Keys Urls - Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3. If removed from the config, the resource is recreated.
- External
Oauth stringRsa Public Key - Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. If removed from the config, the resource is recreated.
- External
Oauth stringRsa Public Key2 - Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation. If removed from the config, the resource is recreated.
- External
Oauth stringScope Delimiter - Specifies the scope delimiter in the authorization token.
- External
Oauth stringScope Mapping Attribute - Specifies the access token claim to map the access token to an account role. If removed from the config, the resource is recreated.
- Name
- Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. Due to technical limitations (read more here), avoid using the following characters:
|,.,".
- enabled
This property is required. Boolean - Specifies whether to initiate operation of the integration or suspend it.
- external
Oauth Issuer This property is required. String - Specifies the URL to define the OAuth 2.0 authorization server.
- external
Oauth Snowflake User Mapping Attribute This property is required. String - Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record. Valid values are (case-insensitive):
LOGIN_NAME|EMAIL_ADDRESS. - external
Oauth Token User Mapping Claims This property is required. List<String> - Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record. If removed from the config, the resource is recreated.
- external
Oauth Type This property is required. String - Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server. Valid values are (case-insensitive):
OKTA|AZURE|PING_FEDERATE|CUSTOM. - comment String
- Specifies a comment for the OAuth integration.
- external
Oauth List<String>Allowed Roles Lists - Specifies the list of roles that the client can set as the primary role. For more information about this resource, see docs.
- external
Oauth StringAny Role Mode - Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token. Valid values are (case-insensitive):
DISABLE|ENABLE|ENABLE_FOR_PRIVILEGE. - external
Oauth List<String>Audience Lists - Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- external
Oauth List<String>Blocked Roles Lists - Specifies the list of roles that a client cannot set as the primary role. By default, this list includes the ACCOUNTADMIN, ORGADMIN and SECURITYADMIN roles. To remove these privileged roles from the list, use the ALTER ACCOUNT command to set the EXTERNALOAUTHADDPRIVILEGEDROLESTOBLOCKED*LIST account parameter to FALSE. For more information about this resource, see docs.
- external
Oauth List<String>Jws Keys Urls - Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3. If removed from the config, the resource is recreated.
- external
Oauth StringRsa Public Key - Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. If removed from the config, the resource is recreated.
- external
Oauth StringRsa Public Key2 - Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation. If removed from the config, the resource is recreated.
- external
Oauth StringScope Delimiter - Specifies the scope delimiter in the authorization token.
- external
Oauth StringScope Mapping Attribute - Specifies the access token claim to map the access token to an account role. If removed from the config, the resource is recreated.
- name
- Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. Due to technical limitations (read more here), avoid using the following characters:
|,.,".
- enabled
This property is required. boolean - Specifies whether to initiate operation of the integration or suspend it.
- external
Oauth Issuer This property is required. string - Specifies the URL to define the OAuth 2.0 authorization server.
- external
Oauth Snowflake User Mapping Attribute This property is required. string - Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record. Valid values are (case-insensitive):
LOGIN_NAME|EMAIL_ADDRESS. - external
Oauth Token User Mapping Claims This property is required. string[] - Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record. If removed from the config, the resource is recreated.
- external
Oauth Type This property is required. string - Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server. Valid values are (case-insensitive):
OKTA|AZURE|PING_FEDERATE|CUSTOM. - comment string
- Specifies a comment for the OAuth integration.
- external
Oauth string[]Allowed Roles Lists - Specifies the list of roles that the client can set as the primary role. For more information about this resource, see docs.
- external
Oauth stringAny Role Mode - Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token. Valid values are (case-insensitive):
DISABLE|ENABLE|ENABLE_FOR_PRIVILEGE. - external
Oauth string[]Audience Lists - Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- external
Oauth string[]Blocked Roles Lists - Specifies the list of roles that a client cannot set as the primary role. By default, this list includes the ACCOUNTADMIN, ORGADMIN and SECURITYADMIN roles. To remove these privileged roles from the list, use the ALTER ACCOUNT command to set the EXTERNALOAUTHADDPRIVILEGEDROLESTOBLOCKED*LIST account parameter to FALSE. For more information about this resource, see docs.
- external
Oauth string[]Jws Keys Urls - Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3. If removed from the config, the resource is recreated.
- external
Oauth stringRsa Public Key - Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. If removed from the config, the resource is recreated.
- external
Oauth stringRsa Public Key2 - Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation. If removed from the config, the resource is recreated.
- external
Oauth stringScope Delimiter - Specifies the scope delimiter in the authorization token.
- external
Oauth stringScope Mapping Attribute - Specifies the access token claim to map the access token to an account role. If removed from the config, the resource is recreated.
- name
- Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. Due to technical limitations (read more here), avoid using the following characters:
|,.,".
- enabled
This property is required. bool - Specifies whether to initiate operation of the integration or suspend it.
- external_
oauth_ issuer This property is required. str - Specifies the URL to define the OAuth 2.0 authorization server.
- external_
oauth_ snowflake_ user_ mapping_ attribute This property is required. str - Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record. Valid values are (case-insensitive):
LOGIN_NAME|EMAIL_ADDRESS. - external_
oauth_ token_ user_ mapping_ claims This property is required. Sequence[str] - Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record. If removed from the config, the resource is recreated.
- external_
oauth_ type This property is required. str - Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server. Valid values are (case-insensitive):
OKTA|AZURE|PING_FEDERATE|CUSTOM. - comment str
- Specifies a comment for the OAuth integration.
- external_
oauth_ Sequence[str]allowed_ roles_ lists - Specifies the list of roles that the client can set as the primary role. For more information about this resource, see docs.
- external_
oauth_ strany_ role_ mode - Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token. Valid values are (case-insensitive):
DISABLE|ENABLE|ENABLE_FOR_PRIVILEGE. - external_
oauth_ Sequence[str]audience_ lists - Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- external_
oauth_ Sequence[str]blocked_ roles_ lists - Specifies the list of roles that a client cannot set as the primary role. By default, this list includes the ACCOUNTADMIN, ORGADMIN and SECURITYADMIN roles. To remove these privileged roles from the list, use the ALTER ACCOUNT command to set the EXTERNALOAUTHADDPRIVILEGEDROLESTOBLOCKED*LIST account parameter to FALSE. For more information about this resource, see docs.
- external_
oauth_ Sequence[str]jws_ keys_ urls - Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3. If removed from the config, the resource is recreated.
- external_
oauth_ strrsa_ public_ key - Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. If removed from the config, the resource is recreated.
- external_
oauth_ strrsa_ public_ key2 - Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation. If removed from the config, the resource is recreated.
- external_
oauth_ strscope_ delimiter - Specifies the scope delimiter in the authorization token.
- external_
oauth_ strscope_ mapping_ attribute - Specifies the access token claim to map the access token to an account role. If removed from the config, the resource is recreated.
- name
- Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. Due to technical limitations (read more here), avoid using the following characters:
|,.,".
- enabled
This property is required. Boolean - Specifies whether to initiate operation of the integration or suspend it.
- external
Oauth Issuer This property is required. String - Specifies the URL to define the OAuth 2.0 authorization server.
- external
Oauth Snowflake User Mapping Attribute This property is required. String - Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record. Valid values are (case-insensitive):
LOGIN_NAME|EMAIL_ADDRESS. - external
Oauth Token User Mapping Claims This property is required. List<String> - Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record. If removed from the config, the resource is recreated.
- external
Oauth Type This property is required. String - Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server. Valid values are (case-insensitive):
OKTA|AZURE|PING_FEDERATE|CUSTOM. - comment String
- Specifies a comment for the OAuth integration.
- external
Oauth List<String>Allowed Roles Lists - Specifies the list of roles that the client can set as the primary role. For more information about this resource, see docs.
- external
Oauth StringAny Role Mode - Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token. Valid values are (case-insensitive):
DISABLE|ENABLE|ENABLE_FOR_PRIVILEGE. - external
Oauth List<String>Audience Lists - Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- external
Oauth List<String>Blocked Roles Lists - Specifies the list of roles that a client cannot set as the primary role. By default, this list includes the ACCOUNTADMIN, ORGADMIN and SECURITYADMIN roles. To remove these privileged roles from the list, use the ALTER ACCOUNT command to set the EXTERNALOAUTHADDPRIVILEGEDROLESTOBLOCKED*LIST account parameter to FALSE. For more information about this resource, see docs.
- external
Oauth List<String>Jws Keys Urls - Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3. If removed from the config, the resource is recreated.
- external
Oauth StringRsa Public Key - Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. If removed from the config, the resource is recreated.
- external
Oauth StringRsa Public Key2 - Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation. If removed from the config, the resource is recreated.
- external
Oauth StringScope Delimiter - Specifies the scope delimiter in the authorization token.
- external
Oauth StringScope Mapping Attribute - Specifies the access token claim to map the access token to an account role. If removed from the config, the resource is recreated.
- name
- Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. Due to technical limitations (read more here), avoid using the following characters:
|,.,".
Outputs
All input properties are implicitly available as output properties. Additionally, the ExternalOauthIntegration resource produces the following output properties:
- Describe
Outputs List<ExternalOauth Integration Describe Output> - Outputs the result of
DESCRIBE SECURITY INTEGRATIONSfor the given security integration. - Fully
Qualified stringName - Fully qualified name of the resource. For more information, see object name resolution.
- Id string
- The provider-assigned unique ID for this managed resource.
-
List<External
Oauth Integration Related Parameter> - Parameters related to this security integration.
- Show
Outputs List<ExternalOauth Integration Show Output> - Outputs the result of
SHOW SECURITY INTEGRATIONSfor the given security integration.
- Describe
Outputs []ExternalOauth Integration Describe Output - Outputs the result of
DESCRIBE SECURITY INTEGRATIONSfor the given security integration. - Fully
Qualified stringName - Fully qualified name of the resource. For more information, see object name resolution.
- Id string
- The provider-assigned unique ID for this managed resource.
-
[]External
Oauth Integration Related Parameter - Parameters related to this security integration.
- Show
Outputs []ExternalOauth Integration Show Output - Outputs the result of
SHOW SECURITY INTEGRATIONSfor the given security integration.
- describe
Outputs List<ExternalOauth Integration Describe Output> - Outputs the result of
DESCRIBE SECURITY INTEGRATIONSfor the given security integration. - fully
Qualified StringName - Fully qualified name of the resource. For more information, see object name resolution.
- id String
- The provider-assigned unique ID for this managed resource.
-
List<External
Oauth Integration Related Parameter> - Parameters related to this security integration.
- show
Outputs List<ExternalOauth Integration Show Output> - Outputs the result of
SHOW SECURITY INTEGRATIONSfor the given security integration.
- describe
Outputs ExternalOauth Integration Describe Output[] - Outputs the result of
DESCRIBE SECURITY INTEGRATIONSfor the given security integration. - fully
Qualified stringName - Fully qualified name of the resource. For more information, see object name resolution.
- id string
- The provider-assigned unique ID for this managed resource.
-
External
Oauth Integration Related Parameter[] - Parameters related to this security integration.
- show
Outputs ExternalOauth Integration Show Output[] - Outputs the result of
SHOW SECURITY INTEGRATIONSfor the given security integration.
- describe_
outputs Sequence[ExternalOauth Integration Describe Output] - Outputs the result of
DESCRIBE SECURITY INTEGRATIONSfor the given security integration. - fully_
qualified_ strname - Fully qualified name of the resource. For more information, see object name resolution.
- id str
- The provider-assigned unique ID for this managed resource.
-
Sequence[External
Oauth Integration Related Parameter] - Parameters related to this security integration.
- show_
outputs Sequence[ExternalOauth Integration Show Output] - Outputs the result of
SHOW SECURITY INTEGRATIONSfor the given security integration.
- describe
Outputs List<Property Map> - Outputs the result of
DESCRIBE SECURITY INTEGRATIONSfor the given security integration. - fully
Qualified StringName - Fully qualified name of the resource. For more information, see object name resolution.
- id String
- The provider-assigned unique ID for this managed resource.
- List<Property Map>
- Parameters related to this security integration.
- show
Outputs List<Property Map> - Outputs the result of
SHOW SECURITY INTEGRATIONSfor the given security integration.
Look up Existing ExternalOauthIntegration Resource
Get an existing ExternalOauthIntegration resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ExternalOauthIntegrationState, opts?: CustomResourceOptions): ExternalOauthIntegration@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
comment: Optional[str] = None,
describe_outputs: Optional[Sequence[ExternalOauthIntegrationDescribeOutputArgs]] = None,
enabled: Optional[bool] = None,
external_oauth_allowed_roles_lists: Optional[Sequence[str]] = None,
external_oauth_any_role_mode: Optional[str] = None,
external_oauth_audience_lists: Optional[Sequence[str]] = None,
external_oauth_blocked_roles_lists: Optional[Sequence[str]] = None,
external_oauth_issuer: Optional[str] = None,
external_oauth_jws_keys_urls: Optional[Sequence[str]] = None,
external_oauth_rsa_public_key: Optional[str] = None,
external_oauth_rsa_public_key2: Optional[str] = None,
external_oauth_scope_delimiter: Optional[str] = None,
external_oauth_scope_mapping_attribute: Optional[str] = None,
external_oauth_snowflake_user_mapping_attribute: Optional[str] = None,
external_oauth_token_user_mapping_claims: Optional[Sequence[str]] = None,
external_oauth_type: Optional[str] = None,
fully_qualified_name: Optional[str] = None,
name: Optional[str] = None,
related_parameters: Optional[Sequence[ExternalOauthIntegrationRelatedParameterArgs]] = None,
show_outputs: Optional[Sequence[ExternalOauthIntegrationShowOutputArgs]] = None) -> ExternalOauthIntegrationfunc GetExternalOauthIntegration(ctx *Context, name string, id IDInput, state *ExternalOauthIntegrationState, opts ...ResourceOption) (*ExternalOauthIntegration, error)public static ExternalOauthIntegration Get(string name, Input<string> id, ExternalOauthIntegrationState? state, CustomResourceOptions? opts = null)public static ExternalOauthIntegration get(String name, Output<String> id, ExternalOauthIntegrationState state, CustomResourceOptions options)resources: _: type: snowflake:ExternalOauthIntegration get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Comment string
- Specifies a comment for the OAuth integration.
- Describe
Outputs List<ExternalOauth Integration Describe Output> - Outputs the result of
DESCRIBE SECURITY INTEGRATIONSfor the given security integration. - Enabled bool
- Specifies whether to initiate operation of the integration or suspend it.
- External
Oauth List<string>Allowed Roles Lists - Specifies the list of roles that the client can set as the primary role. For more information about this resource, see docs.
- External
Oauth stringAny Role Mode - Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token. Valid values are (case-insensitive):
DISABLE|ENABLE|ENABLE_FOR_PRIVILEGE. - External
Oauth List<string>Audience Lists - Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- External
Oauth List<string>Blocked Roles Lists - Specifies the list of roles that a client cannot set as the primary role. By default, this list includes the ACCOUNTADMIN, ORGADMIN and SECURITYADMIN roles. To remove these privileged roles from the list, use the ALTER ACCOUNT command to set the EXTERNALOAUTHADDPRIVILEGEDROLESTOBLOCKED*LIST account parameter to FALSE. For more information about this resource, see docs.
- External
Oauth stringIssuer - Specifies the URL to define the OAuth 2.0 authorization server.
- External
Oauth List<string>Jws Keys Urls - Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3. If removed from the config, the resource is recreated.
- External
Oauth stringRsa Public Key - Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. If removed from the config, the resource is recreated.
- External
Oauth stringRsa Public Key2 - Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation. If removed from the config, the resource is recreated.
- External
Oauth stringScope Delimiter - Specifies the scope delimiter in the authorization token.
- External
Oauth stringScope Mapping Attribute - Specifies the access token claim to map the access token to an account role. If removed from the config, the resource is recreated.
- External
Oauth stringSnowflake User Mapping Attribute - Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record. Valid values are (case-insensitive):
LOGIN_NAME|EMAIL_ADDRESS. - External
Oauth List<string>Token User Mapping Claims - Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record. If removed from the config, the resource is recreated.
- External
Oauth stringType - Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server. Valid values are (case-insensitive):
OKTA|AZURE|PING_FEDERATE|CUSTOM. - Fully
Qualified stringName - Fully qualified name of the resource. For more information, see object name resolution.
- Name
- Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. Due to technical limitations (read more here), avoid using the following characters:
|,.,". -
List<External
Oauth Integration Related Parameter> - Parameters related to this security integration.
- Show
Outputs List<ExternalOauth Integration Show Output> - Outputs the result of
SHOW SECURITY INTEGRATIONSfor the given security integration.
- Comment string
- Specifies a comment for the OAuth integration.
- Describe
Outputs []ExternalOauth Integration Describe Output Args - Outputs the result of
DESCRIBE SECURITY INTEGRATIONSfor the given security integration. - Enabled bool
- Specifies whether to initiate operation of the integration or suspend it.
- External
Oauth []stringAllowed Roles Lists - Specifies the list of roles that the client can set as the primary role. For more information about this resource, see docs.
- External
Oauth stringAny Role Mode - Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token. Valid values are (case-insensitive):
DISABLE|ENABLE|ENABLE_FOR_PRIVILEGE. - External
Oauth []stringAudience Lists - Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- External
Oauth []stringBlocked Roles Lists - Specifies the list of roles that a client cannot set as the primary role. By default, this list includes the ACCOUNTADMIN, ORGADMIN and SECURITYADMIN roles. To remove these privileged roles from the list, use the ALTER ACCOUNT command to set the EXTERNALOAUTHADDPRIVILEGEDROLESTOBLOCKED*LIST account parameter to FALSE. For more information about this resource, see docs.
- External
Oauth stringIssuer - Specifies the URL to define the OAuth 2.0 authorization server.
- External
Oauth []stringJws Keys Urls - Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3. If removed from the config, the resource is recreated.
- External
Oauth stringRsa Public Key - Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. If removed from the config, the resource is recreated.
- External
Oauth stringRsa Public Key2 - Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation. If removed from the config, the resource is recreated.
- External
Oauth stringScope Delimiter - Specifies the scope delimiter in the authorization token.
- External
Oauth stringScope Mapping Attribute - Specifies the access token claim to map the access token to an account role. If removed from the config, the resource is recreated.
- External
Oauth stringSnowflake User Mapping Attribute - Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record. Valid values are (case-insensitive):
LOGIN_NAME|EMAIL_ADDRESS. - External
Oauth []stringToken User Mapping Claims - Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record. If removed from the config, the resource is recreated.
- External
Oauth stringType - Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server. Valid values are (case-insensitive):
OKTA|AZURE|PING_FEDERATE|CUSTOM. - Fully
Qualified stringName - Fully qualified name of the resource. For more information, see object name resolution.
- Name
- Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. Due to technical limitations (read more here), avoid using the following characters:
|,.,". -
[]External
Oauth Integration Related Parameter Args - Parameters related to this security integration.
- Show
Outputs []ExternalOauth Integration Show Output Args - Outputs the result of
SHOW SECURITY INTEGRATIONSfor the given security integration.
- comment String
- Specifies a comment for the OAuth integration.
- describe
Outputs List<ExternalOauth Integration Describe Output> - Outputs the result of
DESCRIBE SECURITY INTEGRATIONSfor the given security integration. - enabled Boolean
- Specifies whether to initiate operation of the integration or suspend it.
- external
Oauth List<String>Allowed Roles Lists - Specifies the list of roles that the client can set as the primary role. For more information about this resource, see docs.
- external
Oauth StringAny Role Mode - Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token. Valid values are (case-insensitive):
DISABLE|ENABLE|ENABLE_FOR_PRIVILEGE. - external
Oauth List<String>Audience Lists - Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- external
Oauth List<String>Blocked Roles Lists - Specifies the list of roles that a client cannot set as the primary role. By default, this list includes the ACCOUNTADMIN, ORGADMIN and SECURITYADMIN roles. To remove these privileged roles from the list, use the ALTER ACCOUNT command to set the EXTERNALOAUTHADDPRIVILEGEDROLESTOBLOCKED*LIST account parameter to FALSE. For more information about this resource, see docs.
- external
Oauth StringIssuer - Specifies the URL to define the OAuth 2.0 authorization server.
- external
Oauth List<String>Jws Keys Urls - Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3. If removed from the config, the resource is recreated.
- external
Oauth StringRsa Public Key - Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. If removed from the config, the resource is recreated.
- external
Oauth StringRsa Public Key2 - Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation. If removed from the config, the resource is recreated.
- external
Oauth StringScope Delimiter - Specifies the scope delimiter in the authorization token.
- external
Oauth StringScope Mapping Attribute - Specifies the access token claim to map the access token to an account role. If removed from the config, the resource is recreated.
- external
Oauth StringSnowflake User Mapping Attribute - Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record. Valid values are (case-insensitive):
LOGIN_NAME|EMAIL_ADDRESS. - external
Oauth List<String>Token User Mapping Claims - Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record. If removed from the config, the resource is recreated.
- external
Oauth StringType - Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server. Valid values are (case-insensitive):
OKTA|AZURE|PING_FEDERATE|CUSTOM. - fully
Qualified StringName - Fully qualified name of the resource. For more information, see object name resolution.
- name
- Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. Due to technical limitations (read more here), avoid using the following characters:
|,.,". -
List<External
Oauth Integration Related Parameter> - Parameters related to this security integration.
- show
Outputs List<ExternalOauth Integration Show Output> - Outputs the result of
SHOW SECURITY INTEGRATIONSfor the given security integration.
- comment string
- Specifies a comment for the OAuth integration.
- describe
Outputs ExternalOauth Integration Describe Output[] - Outputs the result of
DESCRIBE SECURITY INTEGRATIONSfor the given security integration. - enabled boolean
- Specifies whether to initiate operation of the integration or suspend it.
- external
Oauth string[]Allowed Roles Lists - Specifies the list of roles that the client can set as the primary role. For more information about this resource, see docs.
- external
Oauth stringAny Role Mode - Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token. Valid values are (case-insensitive):
DISABLE|ENABLE|ENABLE_FOR_PRIVILEGE. - external
Oauth string[]Audience Lists - Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- external
Oauth string[]Blocked Roles Lists - Specifies the list of roles that a client cannot set as the primary role. By default, this list includes the ACCOUNTADMIN, ORGADMIN and SECURITYADMIN roles. To remove these privileged roles from the list, use the ALTER ACCOUNT command to set the EXTERNALOAUTHADDPRIVILEGEDROLESTOBLOCKED*LIST account parameter to FALSE. For more information about this resource, see docs.
- external
Oauth stringIssuer - Specifies the URL to define the OAuth 2.0 authorization server.
- external
Oauth string[]Jws Keys Urls - Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3. If removed from the config, the resource is recreated.
- external
Oauth stringRsa Public Key - Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. If removed from the config, the resource is recreated.
- external
Oauth stringRsa Public Key2 - Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation. If removed from the config, the resource is recreated.
- external
Oauth stringScope Delimiter - Specifies the scope delimiter in the authorization token.
- external
Oauth stringScope Mapping Attribute - Specifies the access token claim to map the access token to an account role. If removed from the config, the resource is recreated.
- external
Oauth stringSnowflake User Mapping Attribute - Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record. Valid values are (case-insensitive):
LOGIN_NAME|EMAIL_ADDRESS. - external
Oauth string[]Token User Mapping Claims - Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record. If removed from the config, the resource is recreated.
- external
Oauth stringType - Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server. Valid values are (case-insensitive):
OKTA|AZURE|PING_FEDERATE|CUSTOM. - fully
Qualified stringName - Fully qualified name of the resource. For more information, see object name resolution.
- name
- Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. Due to technical limitations (read more here), avoid using the following characters:
|,.,". -
External
Oauth Integration Related Parameter[] - Parameters related to this security integration.
- show
Outputs ExternalOauth Integration Show Output[] - Outputs the result of
SHOW SECURITY INTEGRATIONSfor the given security integration.
- comment str
- Specifies a comment for the OAuth integration.
- describe_
outputs Sequence[ExternalOauth Integration Describe Output Args] - Outputs the result of
DESCRIBE SECURITY INTEGRATIONSfor the given security integration. - enabled bool
- Specifies whether to initiate operation of the integration or suspend it.
- external_
oauth_ Sequence[str]allowed_ roles_ lists - Specifies the list of roles that the client can set as the primary role. For more information about this resource, see docs.
- external_
oauth_ strany_ role_ mode - Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token. Valid values are (case-insensitive):
DISABLE|ENABLE|ENABLE_FOR_PRIVILEGE. - external_
oauth_ Sequence[str]audience_ lists - Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- external_
oauth_ Sequence[str]blocked_ roles_ lists - Specifies the list of roles that a client cannot set as the primary role. By default, this list includes the ACCOUNTADMIN, ORGADMIN and SECURITYADMIN roles. To remove these privileged roles from the list, use the ALTER ACCOUNT command to set the EXTERNALOAUTHADDPRIVILEGEDROLESTOBLOCKED*LIST account parameter to FALSE. For more information about this resource, see docs.
- external_
oauth_ strissuer - Specifies the URL to define the OAuth 2.0 authorization server.
- external_
oauth_ Sequence[str]jws_ keys_ urls - Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3. If removed from the config, the resource is recreated.
- external_
oauth_ strrsa_ public_ key - Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. If removed from the config, the resource is recreated.
- external_
oauth_ strrsa_ public_ key2 - Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation. If removed from the config, the resource is recreated.
- external_
oauth_ strscope_ delimiter - Specifies the scope delimiter in the authorization token.
- external_
oauth_ strscope_ mapping_ attribute - Specifies the access token claim to map the access token to an account role. If removed from the config, the resource is recreated.
- external_
oauth_ strsnowflake_ user_ mapping_ attribute - Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record. Valid values are (case-insensitive):
LOGIN_NAME|EMAIL_ADDRESS. - external_
oauth_ Sequence[str]token_ user_ mapping_ claims - Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record. If removed from the config, the resource is recreated.
- external_
oauth_ strtype - Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server. Valid values are (case-insensitive):
OKTA|AZURE|PING_FEDERATE|CUSTOM. - fully_
qualified_ strname - Fully qualified name of the resource. For more information, see object name resolution.
- name
- Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. Due to technical limitations (read more here), avoid using the following characters:
|,.,". -
Sequence[External
Oauth Integration Related Parameter Args] - Parameters related to this security integration.
- show_
outputs Sequence[ExternalOauth Integration Show Output Args] - Outputs the result of
SHOW SECURITY INTEGRATIONSfor the given security integration.
- comment String
- Specifies a comment for the OAuth integration.
- describe
Outputs List<Property Map> - Outputs the result of
DESCRIBE SECURITY INTEGRATIONSfor the given security integration. - enabled Boolean
- Specifies whether to initiate operation of the integration or suspend it.
- external
Oauth List<String>Allowed Roles Lists - Specifies the list of roles that the client can set as the primary role. For more information about this resource, see docs.
- external
Oauth StringAny Role Mode - Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token. Valid values are (case-insensitive):
DISABLE|ENABLE|ENABLE_FOR_PRIVILEGE. - external
Oauth List<String>Audience Lists - Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
- external
Oauth List<String>Blocked Roles Lists - Specifies the list of roles that a client cannot set as the primary role. By default, this list includes the ACCOUNTADMIN, ORGADMIN and SECURITYADMIN roles. To remove these privileged roles from the list, use the ALTER ACCOUNT command to set the EXTERNALOAUTHADDPRIVILEGEDROLESTOBLOCKED*LIST account parameter to FALSE. For more information about this resource, see docs.
- external
Oauth StringIssuer - Specifies the URL to define the OAuth 2.0 authorization server.
- external
Oauth List<String>Jws Keys Urls - Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3. If removed from the config, the resource is recreated.
- external
Oauth StringRsa Public Key - Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. If removed from the config, the resource is recreated.
- external
Oauth StringRsa Public Key2 - Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation. If removed from the config, the resource is recreated.
- external
Oauth StringScope Delimiter - Specifies the scope delimiter in the authorization token.
- external
Oauth StringScope Mapping Attribute - Specifies the access token claim to map the access token to an account role. If removed from the config, the resource is recreated.
- external
Oauth StringSnowflake User Mapping Attribute - Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record. Valid values are (case-insensitive):
LOGIN_NAME|EMAIL_ADDRESS. - external
Oauth List<String>Token User Mapping Claims - Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record. If removed from the config, the resource is recreated.
- external
Oauth StringType - Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server. Valid values are (case-insensitive):
OKTA|AZURE|PING_FEDERATE|CUSTOM. - fully
Qualified StringName - Fully qualified name of the resource. For more information, see object name resolution.
- name
- Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. Due to technical limitations (read more here), avoid using the following characters:
|,.,". - List<Property Map>
- Parameters related to this security integration.
- show
Outputs List<Property Map> - Outputs the result of
SHOW SECURITY INTEGRATIONSfor the given security integration.
Supporting Types
ExternalOauthIntegrationDescribeOutput, ExternalOauthIntegrationDescribeOutputArgs
, ExternalOauthIntegrationDescribeOutputArgs
- Comments
List<External
Oauth Integration Describe Output Comment> - Enableds
List<External
Oauth Integration Describe Output Enabled> - External
Oauth List<ExternalAllowed Roles Lists Oauth Integration Describe Output External Oauth Allowed Roles List> - External
Oauth List<ExternalAny Role Modes Oauth Integration Describe Output External Oauth Any Role Mode> - External
Oauth List<ExternalAudience Lists Oauth Integration Describe Output External Oauth Audience List> - External
Oauth List<ExternalBlocked Roles Lists Oauth Integration Describe Output External Oauth Blocked Roles List> - External
Oauth List<ExternalIssuers Oauth Integration Describe Output External Oauth Issuer> - External
Oauth List<ExternalJws Keys Urls Oauth Integration Describe Output External Oauth Jws Keys Url> - External
Oauth List<ExternalRsa Public Key2s Oauth Integration Describe Output External Oauth Rsa Public Key2> - External
Oauth List<ExternalRsa Public Keys Oauth Integration Describe Output External Oauth Rsa Public Key> - External
Oauth List<ExternalScope Delimiters Oauth Integration Describe Output External Oauth Scope Delimiter> - External
Oauth List<ExternalSnowflake User Mapping Attributes Oauth Integration Describe Output External Oauth Snowflake User Mapping Attribute> - External
Oauth List<ExternalToken User Mapping Claims Oauth Integration Describe Output External Oauth Token User Mapping Claim>
- Comments
[]External
Oauth Integration Describe Output Comment - Enableds
[]External
Oauth Integration Describe Output Enabled - External
Oauth []ExternalAllowed Roles Lists Oauth Integration Describe Output External Oauth Allowed Roles List - External
Oauth []ExternalAny Role Modes Oauth Integration Describe Output External Oauth Any Role Mode - External
Oauth []ExternalAudience Lists Oauth Integration Describe Output External Oauth Audience List - External
Oauth []ExternalBlocked Roles Lists Oauth Integration Describe Output External Oauth Blocked Roles List - External
Oauth []ExternalIssuers Oauth Integration Describe Output External Oauth Issuer - External
Oauth []ExternalJws Keys Urls Oauth Integration Describe Output External Oauth Jws Keys Url - External
Oauth []ExternalRsa Public Key2s Oauth Integration Describe Output External Oauth Rsa Public Key2 - External
Oauth []ExternalRsa Public Keys Oauth Integration Describe Output External Oauth Rsa Public Key - External
Oauth []ExternalScope Delimiters Oauth Integration Describe Output External Oauth Scope Delimiter - External
Oauth []ExternalSnowflake User Mapping Attributes Oauth Integration Describe Output External Oauth Snowflake User Mapping Attribute - External
Oauth []ExternalToken User Mapping Claims Oauth Integration Describe Output External Oauth Token User Mapping Claim
- comments
List<External
Oauth Integration Describe Output Comment> - enableds
List<External
Oauth Integration Describe Output Enabled> - external
Oauth List<ExternalAllowed Roles Lists Oauth Integration Describe Output External Oauth Allowed Roles List> - external
Oauth List<ExternalAny Role Modes Oauth Integration Describe Output External Oauth Any Role Mode> - external
Oauth List<ExternalAudience Lists Oauth Integration Describe Output External Oauth Audience List> - external
Oauth List<ExternalBlocked Roles Lists Oauth Integration Describe Output External Oauth Blocked Roles List> - external
Oauth List<ExternalIssuers Oauth Integration Describe Output External Oauth Issuer> - external
Oauth List<ExternalJws Keys Urls Oauth Integration Describe Output External Oauth Jws Keys Url> - external
Oauth List<ExternalRsa Public Key2s Oauth Integration Describe Output External Oauth Rsa Public Key2> - external
Oauth List<ExternalRsa Public Keys Oauth Integration Describe Output External Oauth Rsa Public Key> - external
Oauth List<ExternalScope Delimiters Oauth Integration Describe Output External Oauth Scope Delimiter> - external
Oauth List<ExternalSnowflake User Mapping Attributes Oauth Integration Describe Output External Oauth Snowflake User Mapping Attribute> - external
Oauth List<ExternalToken User Mapping Claims Oauth Integration Describe Output External Oauth Token User Mapping Claim>
- comments
External
Oauth Integration Describe Output Comment[] - enableds
External
Oauth Integration Describe Output Enabled[] - external
Oauth ExternalAllowed Roles Lists Oauth Integration Describe Output External Oauth Allowed Roles List[] - external
Oauth ExternalAny Role Modes Oauth Integration Describe Output External Oauth Any Role Mode[] - external
Oauth ExternalAudience Lists Oauth Integration Describe Output External Oauth Audience List[] - external
Oauth ExternalBlocked Roles Lists Oauth Integration Describe Output External Oauth Blocked Roles List[] - external
Oauth ExternalIssuers Oauth Integration Describe Output External Oauth Issuer[] - external
Oauth ExternalJws Keys Urls Oauth Integration Describe Output External Oauth Jws Keys Url[] - external
Oauth ExternalRsa Public Key2s Oauth Integration Describe Output External Oauth Rsa Public Key2[] - external
Oauth ExternalRsa Public Keys Oauth Integration Describe Output External Oauth Rsa Public Key[] - external
Oauth ExternalScope Delimiters Oauth Integration Describe Output External Oauth Scope Delimiter[] - external
Oauth ExternalSnowflake User Mapping Attributes Oauth Integration Describe Output External Oauth Snowflake User Mapping Attribute[] - external
Oauth ExternalToken User Mapping Claims Oauth Integration Describe Output External Oauth Token User Mapping Claim[]
- comments
Sequence[External
Oauth Integration Describe Output Comment] - enableds
Sequence[External
Oauth Integration Describe Output Enabled] - external_
oauth_ Sequence[Externalallowed_ roles_ lists Oauth Integration Describe Output External Oauth Allowed Roles List] - external_
oauth_ Sequence[Externalany_ role_ modes Oauth Integration Describe Output External Oauth Any Role Mode] - external_
oauth_ Sequence[Externalaudience_ lists Oauth Integration Describe Output External Oauth Audience List] - external_
oauth_ Sequence[Externalblocked_ roles_ lists Oauth Integration Describe Output External Oauth Blocked Roles List] - external_
oauth_ Sequence[Externalissuers Oauth Integration Describe Output External Oauth Issuer] - external_
oauth_ Sequence[Externaljws_ keys_ urls Oauth Integration Describe Output External Oauth Jws Keys Url] - external_
oauth_ Sequence[Externalrsa_ public_ key2s Oauth Integration Describe Output External Oauth Rsa Public Key2] - external_
oauth_ Sequence[Externalrsa_ public_ keys Oauth Integration Describe Output External Oauth Rsa Public Key] - external_
oauth_ Sequence[Externalscope_ delimiters Oauth Integration Describe Output External Oauth Scope Delimiter] - external_
oauth_ Sequence[Externalsnowflake_ user_ mapping_ attributes Oauth Integration Describe Output External Oauth Snowflake User Mapping Attribute] - external_
oauth_ Sequence[Externaltoken_ user_ mapping_ claims Oauth Integration Describe Output External Oauth Token User Mapping Claim]
- comments List<Property Map>
- enableds List<Property Map>
- external
Oauth List<Property Map>Allowed Roles Lists - external
Oauth List<Property Map>Any Role Modes - external
Oauth List<Property Map>Audience Lists - external
Oauth List<Property Map>Blocked Roles Lists - external
Oauth List<Property Map>Issuers - external
Oauth List<Property Map>Jws Keys Urls - external
Oauth List<Property Map>Rsa Public Key2s - external
Oauth List<Property Map>Rsa Public Keys - external
Oauth List<Property Map>Scope Delimiters - external
Oauth List<Property Map>Snowflake User Mapping Attributes - external
Oauth List<Property Map>Token User Mapping Claims
ExternalOauthIntegrationDescribeOutputComment, ExternalOauthIntegrationDescribeOutputCommentArgs
, ExternalOauthIntegrationDescribeOutputCommentArgs
ExternalOauthIntegrationDescribeOutputEnabled, ExternalOauthIntegrationDescribeOutputEnabledArgs
, ExternalOauthIntegrationDescribeOutputEnabledArgs
ExternalOauthIntegrationDescribeOutputExternalOauthAllowedRolesList, ExternalOauthIntegrationDescribeOutputExternalOauthAllowedRolesListArgs
, ExternalOauthIntegrationDescribeOutputExternalOauthAllowedRolesListArgs
ExternalOauthIntegrationDescribeOutputExternalOauthAnyRoleMode, ExternalOauthIntegrationDescribeOutputExternalOauthAnyRoleModeArgs
, ExternalOauthIntegrationDescribeOutputExternalOauthAnyRoleModeArgs
ExternalOauthIntegrationDescribeOutputExternalOauthAudienceList, ExternalOauthIntegrationDescribeOutputExternalOauthAudienceListArgs
, ExternalOauthIntegrationDescribeOutputExternalOauthAudienceListArgs
ExternalOauthIntegrationDescribeOutputExternalOauthBlockedRolesList, ExternalOauthIntegrationDescribeOutputExternalOauthBlockedRolesListArgs
, ExternalOauthIntegrationDescribeOutputExternalOauthBlockedRolesListArgs
ExternalOauthIntegrationDescribeOutputExternalOauthIssuer, ExternalOauthIntegrationDescribeOutputExternalOauthIssuerArgs
, ExternalOauthIntegrationDescribeOutputExternalOauthIssuerArgs
ExternalOauthIntegrationDescribeOutputExternalOauthJwsKeysUrl, ExternalOauthIntegrationDescribeOutputExternalOauthJwsKeysUrlArgs
, ExternalOauthIntegrationDescribeOutputExternalOauthJwsKeysUrlArgs
ExternalOauthIntegrationDescribeOutputExternalOauthRsaPublicKey, ExternalOauthIntegrationDescribeOutputExternalOauthRsaPublicKeyArgs
, ExternalOauthIntegrationDescribeOutputExternalOauthRsaPublicKeyArgs
ExternalOauthIntegrationDescribeOutputExternalOauthRsaPublicKey2, ExternalOauthIntegrationDescribeOutputExternalOauthRsaPublicKey2Args
, ExternalOauthIntegrationDescribeOutputExternalOauthRsaPublicKey2Args
ExternalOauthIntegrationDescribeOutputExternalOauthScopeDelimiter, ExternalOauthIntegrationDescribeOutputExternalOauthScopeDelimiterArgs
, ExternalOauthIntegrationDescribeOutputExternalOauthScopeDelimiterArgs
ExternalOauthIntegrationDescribeOutputExternalOauthSnowflakeUserMappingAttribute, ExternalOauthIntegrationDescribeOutputExternalOauthSnowflakeUserMappingAttributeArgs
, ExternalOauthIntegrationDescribeOutputExternalOauthSnowflakeUserMappingAttributeArgs
ExternalOauthIntegrationDescribeOutputExternalOauthTokenUserMappingClaim, ExternalOauthIntegrationDescribeOutputExternalOauthTokenUserMappingClaimArgs
, ExternalOauthIntegrationDescribeOutputExternalOauthTokenUserMappingClaimArgs
ExternalOauthIntegrationRelatedParameter, ExternalOauthIntegrationRelatedParameterArgs
, ExternalOauthIntegrationRelatedParameterArgs
ExternalOauthIntegrationRelatedParameterExternalOauthAddPrivilegedRolesToBlockedList, ExternalOauthIntegrationRelatedParameterExternalOauthAddPrivilegedRolesToBlockedListArgs
, ExternalOauthIntegrationRelatedParameterExternalOauthAddPrivilegedRolesToBlockedListArgs
- Default string
- Description string
- Key string
- Level string
- Value string
- Default string
- Description string
- Key string
- Level string
- Value string
- default_ String
- description String
- key String
- level String
- value String
- default string
- description string
- key string
- level string
- value string
- default str
- description str
- key str
- level str
- value str
- default String
- description String
- key String
- level String
- value String
ExternalOauthIntegrationShowOutput, ExternalOauthIntegrationShowOutputArgs
, ExternalOauthIntegrationShowOutputArgs
- category str
- comment str
- created_
on str - enabled bool
- integration_
type str - name str
Package Details
- Repository
- Snowflake pulumi/pulumi-snowflake
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
snowflakeTerraform Provider.