1. Packages
  2. Snowflake Provider
  3. API Docs
  4. ExternalOauthIntegration
Snowflake v0.61.1 published on Thursday, Nov 14, 2024 by Pulumi

snowflake.ExternalOauthIntegration

Explore with Pulumi AI

snowflake logo
Snowflake v0.61.1 published on Thursday, Nov 14, 2024 by Pulumi

    Import

    $ pulumi import snowflake:index/externalOauthIntegration:ExternalOauthIntegration example "name"
    

    Create ExternalOauthIntegration Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new ExternalOauthIntegration(name: string, args: ExternalOauthIntegrationArgs, opts?: CustomResourceOptions);
    @overload
    def ExternalOauthIntegration(resource_name: str,
                                 args: ExternalOauthIntegrationArgs,
                                 opts: Optional[ResourceOptions] = None)
    
    @overload
    def ExternalOauthIntegration(resource_name: str,
                                 opts: Optional[ResourceOptions] = None,
                                 external_oauth_issuer: Optional[str] = None,
                                 enabled: Optional[bool] = None,
                                 external_oauth_type: Optional[str] = None,
                                 external_oauth_token_user_mapping_claims: Optional[Sequence[str]] = None,
                                 external_oauth_snowflake_user_mapping_attribute: Optional[str] = None,
                                 external_oauth_audience_lists: Optional[Sequence[str]] = None,
                                 external_oauth_blocked_roles_lists: Optional[Sequence[str]] = None,
                                 external_oauth_jws_keys_urls: Optional[Sequence[str]] = None,
                                 external_oauth_rsa_public_key: Optional[str] = None,
                                 external_oauth_rsa_public_key2: Optional[str] = None,
                                 external_oauth_scope_delimiter: Optional[str] = None,
                                 external_oauth_scope_mapping_attribute: Optional[str] = None,
                                 comment: Optional[str] = None,
                                 external_oauth_any_role_mode: Optional[str] = None,
                                 external_oauth_allowed_roles_lists: Optional[Sequence[str]] = None,
                                 name: Optional[str] = None)
    func NewExternalOauthIntegration(ctx *Context, name string, args ExternalOauthIntegrationArgs, opts ...ResourceOption) (*ExternalOauthIntegration, error)
    public ExternalOauthIntegration(string name, ExternalOauthIntegrationArgs args, CustomResourceOptions? opts = null)
    public ExternalOauthIntegration(String name, ExternalOauthIntegrationArgs args)
    public ExternalOauthIntegration(String name, ExternalOauthIntegrationArgs args, CustomResourceOptions options)
    
    type: snowflake:ExternalOauthIntegration
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args ExternalOauthIntegrationArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ExternalOauthIntegrationArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ExternalOauthIntegrationArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ExternalOauthIntegrationArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ExternalOauthIntegrationArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var externalOauthIntegrationResource = new Snowflake.ExternalOauthIntegration("externalOauthIntegrationResource", new()
    {
        ExternalOauthIssuer = "string",
        Enabled = false,
        ExternalOauthType = "string",
        ExternalOauthTokenUserMappingClaims = new[]
        {
            "string",
        },
        ExternalOauthSnowflakeUserMappingAttribute = "string",
        ExternalOauthAudienceLists = new[]
        {
            "string",
        },
        ExternalOauthBlockedRolesLists = new[]
        {
            "string",
        },
        ExternalOauthJwsKeysUrls = new[]
        {
            "string",
        },
        ExternalOauthRsaPublicKey = "string",
        ExternalOauthRsaPublicKey2 = "string",
        ExternalOauthScopeDelimiter = "string",
        ExternalOauthScopeMappingAttribute = "string",
        Comment = "string",
        ExternalOauthAnyRoleMode = "string",
        ExternalOauthAllowedRolesLists = new[]
        {
            "string",
        },
        Name = "string",
    });
    
    example, err := snowflake.NewExternalOauthIntegration(ctx, "externalOauthIntegrationResource", &snowflake.ExternalOauthIntegrationArgs{
    	ExternalOauthIssuer: pulumi.String("string"),
    	Enabled:             pulumi.Bool(false),
    	ExternalOauthType:   pulumi.String("string"),
    	ExternalOauthTokenUserMappingClaims: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	ExternalOauthSnowflakeUserMappingAttribute: pulumi.String("string"),
    	ExternalOauthAudienceLists: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	ExternalOauthBlockedRolesLists: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	ExternalOauthJwsKeysUrls: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	ExternalOauthRsaPublicKey:          pulumi.String("string"),
    	ExternalOauthRsaPublicKey2:         pulumi.String("string"),
    	ExternalOauthScopeDelimiter:        pulumi.String("string"),
    	ExternalOauthScopeMappingAttribute: pulumi.String("string"),
    	Comment:                            pulumi.String("string"),
    	ExternalOauthAnyRoleMode:           pulumi.String("string"),
    	ExternalOauthAllowedRolesLists: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Name: pulumi.String("string"),
    })
    
    var externalOauthIntegrationResource = new ExternalOauthIntegration("externalOauthIntegrationResource", ExternalOauthIntegrationArgs.builder()
        .externalOauthIssuer("string")
        .enabled(false)
        .externalOauthType("string")
        .externalOauthTokenUserMappingClaims("string")
        .externalOauthSnowflakeUserMappingAttribute("string")
        .externalOauthAudienceLists("string")
        .externalOauthBlockedRolesLists("string")
        .externalOauthJwsKeysUrls("string")
        .externalOauthRsaPublicKey("string")
        .externalOauthRsaPublicKey2("string")
        .externalOauthScopeDelimiter("string")
        .externalOauthScopeMappingAttribute("string")
        .comment("string")
        .externalOauthAnyRoleMode("string")
        .externalOauthAllowedRolesLists("string")
        .name("string")
        .build());
    
    external_oauth_integration_resource = snowflake.ExternalOauthIntegration("externalOauthIntegrationResource",
        external_oauth_issuer="string",
        enabled=False,
        external_oauth_type="string",
        external_oauth_token_user_mapping_claims=["string"],
        external_oauth_snowflake_user_mapping_attribute="string",
        external_oauth_audience_lists=["string"],
        external_oauth_blocked_roles_lists=["string"],
        external_oauth_jws_keys_urls=["string"],
        external_oauth_rsa_public_key="string",
        external_oauth_rsa_public_key2="string",
        external_oauth_scope_delimiter="string",
        external_oauth_scope_mapping_attribute="string",
        comment="string",
        external_oauth_any_role_mode="string",
        external_oauth_allowed_roles_lists=["string"],
        name="string")
    
    const externalOauthIntegrationResource = new snowflake.ExternalOauthIntegration("externalOauthIntegrationResource", {
        externalOauthIssuer: "string",
        enabled: false,
        externalOauthType: "string",
        externalOauthTokenUserMappingClaims: ["string"],
        externalOauthSnowflakeUserMappingAttribute: "string",
        externalOauthAudienceLists: ["string"],
        externalOauthBlockedRolesLists: ["string"],
        externalOauthJwsKeysUrls: ["string"],
        externalOauthRsaPublicKey: "string",
        externalOauthRsaPublicKey2: "string",
        externalOauthScopeDelimiter: "string",
        externalOauthScopeMappingAttribute: "string",
        comment: "string",
        externalOauthAnyRoleMode: "string",
        externalOauthAllowedRolesLists: ["string"],
        name: "string",
    });
    
    type: snowflake:ExternalOauthIntegration
    properties:
        comment: string
        enabled: false
        externalOauthAllowedRolesLists:
            - string
        externalOauthAnyRoleMode: string
        externalOauthAudienceLists:
            - string
        externalOauthBlockedRolesLists:
            - string
        externalOauthIssuer: string
        externalOauthJwsKeysUrls:
            - string
        externalOauthRsaPublicKey: string
        externalOauthRsaPublicKey2: string
        externalOauthScopeDelimiter: string
        externalOauthScopeMappingAttribute: string
        externalOauthSnowflakeUserMappingAttribute: string
        externalOauthTokenUserMappingClaims:
            - string
        externalOauthType: string
        name: string
    

    ExternalOauthIntegration Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The ExternalOauthIntegration resource accepts the following input properties:

    Enabled bool
    Specifies whether to initiate operation of the integration or suspend it.
    ExternalOauthIssuer string
    Specifies the URL to define the OAuth 2.0 authorization server.
    ExternalOauthSnowflakeUserMappingAttribute string
    Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record. Valid values are (case-insensitive): LOGIN_NAME | EMAIL_ADDRESS.
    ExternalOauthTokenUserMappingClaims List<string>
    Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record. If removed from the config, the resource is recreated.
    ExternalOauthType string
    Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server. Valid values are (case-insensitive): OKTA | AZURE | PING_FEDERATE | CUSTOM.
    Comment string
    Specifies a comment for the OAuth integration.
    ExternalOauthAllowedRolesLists List<string>
    Specifies the list of roles that the client can set as the primary role.
    ExternalOauthAnyRoleMode string
    Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token. Valid values are (case-insensitive): DISABLE | ENABLE | ENABLE_FOR_PRIVILEGE.
    ExternalOauthAudienceLists List<string>
    Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
    ExternalOauthBlockedRolesLists List<string>
    Specifies the list of roles that a client cannot set as the primary role. By default, this list includes the ACCOUNTADMIN, ORGADMIN and SECURITYADMIN roles. To remove these privileged roles from the list, use the ALTER ACCOUNT command to set the EXTERNALOAUTHADDPRIVILEGEDROLESTOBLOCKED_LIST account parameter to FALSE.
    ExternalOauthJwsKeysUrls List<string>
    Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3. If removed from the config, the resource is recreated.
    ExternalOauthRsaPublicKey string
    Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. If removed from the config, the resource is recreated.
    ExternalOauthRsaPublicKey2 string
    Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation. If removed from the config, the resource is recreated.
    ExternalOauthScopeDelimiter string
    Specifies the scope delimiter in the authorization token.
    ExternalOauthScopeMappingAttribute string
    Specifies the access token claim to map the access token to an account role. If removed from the config, the resource is recreated.
    Name string
    Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. Due to technical limitations (read more here), avoid using the following characters: |, ., (, ), "
    Enabled bool
    Specifies whether to initiate operation of the integration or suspend it.
    ExternalOauthIssuer string
    Specifies the URL to define the OAuth 2.0 authorization server.
    ExternalOauthSnowflakeUserMappingAttribute string
    Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record. Valid values are (case-insensitive): LOGIN_NAME | EMAIL_ADDRESS.
    ExternalOauthTokenUserMappingClaims []string
    Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record. If removed from the config, the resource is recreated.
    ExternalOauthType string
    Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server. Valid values are (case-insensitive): OKTA | AZURE | PING_FEDERATE | CUSTOM.
    Comment string
    Specifies a comment for the OAuth integration.
    ExternalOauthAllowedRolesLists []string
    Specifies the list of roles that the client can set as the primary role.
    ExternalOauthAnyRoleMode string
    Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token. Valid values are (case-insensitive): DISABLE | ENABLE | ENABLE_FOR_PRIVILEGE.
    ExternalOauthAudienceLists []string
    Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
    ExternalOauthBlockedRolesLists []string
    Specifies the list of roles that a client cannot set as the primary role. By default, this list includes the ACCOUNTADMIN, ORGADMIN and SECURITYADMIN roles. To remove these privileged roles from the list, use the ALTER ACCOUNT command to set the EXTERNALOAUTHADDPRIVILEGEDROLESTOBLOCKED_LIST account parameter to FALSE.
    ExternalOauthJwsKeysUrls []string
    Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3. If removed from the config, the resource is recreated.
    ExternalOauthRsaPublicKey string
    Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. If removed from the config, the resource is recreated.
    ExternalOauthRsaPublicKey2 string
    Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation. If removed from the config, the resource is recreated.
    ExternalOauthScopeDelimiter string
    Specifies the scope delimiter in the authorization token.
    ExternalOauthScopeMappingAttribute string
    Specifies the access token claim to map the access token to an account role. If removed from the config, the resource is recreated.
    Name string
    Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. Due to technical limitations (read more here), avoid using the following characters: |, ., (, ), "
    enabled Boolean
    Specifies whether to initiate operation of the integration or suspend it.
    externalOauthIssuer String
    Specifies the URL to define the OAuth 2.0 authorization server.
    externalOauthSnowflakeUserMappingAttribute String
    Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record. Valid values are (case-insensitive): LOGIN_NAME | EMAIL_ADDRESS.
    externalOauthTokenUserMappingClaims List<String>
    Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record. If removed from the config, the resource is recreated.
    externalOauthType String
    Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server. Valid values are (case-insensitive): OKTA | AZURE | PING_FEDERATE | CUSTOM.
    comment String
    Specifies a comment for the OAuth integration.
    externalOauthAllowedRolesLists List<String>
    Specifies the list of roles that the client can set as the primary role.
    externalOauthAnyRoleMode String
    Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token. Valid values are (case-insensitive): DISABLE | ENABLE | ENABLE_FOR_PRIVILEGE.
    externalOauthAudienceLists List<String>
    Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
    externalOauthBlockedRolesLists List<String>
    Specifies the list of roles that a client cannot set as the primary role. By default, this list includes the ACCOUNTADMIN, ORGADMIN and SECURITYADMIN roles. To remove these privileged roles from the list, use the ALTER ACCOUNT command to set the EXTERNALOAUTHADDPRIVILEGEDROLESTOBLOCKED_LIST account parameter to FALSE.
    externalOauthJwsKeysUrls List<String>
    Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3. If removed from the config, the resource is recreated.
    externalOauthRsaPublicKey String
    Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. If removed from the config, the resource is recreated.
    externalOauthRsaPublicKey2 String
    Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation. If removed from the config, the resource is recreated.
    externalOauthScopeDelimiter String
    Specifies the scope delimiter in the authorization token.
    externalOauthScopeMappingAttribute String
    Specifies the access token claim to map the access token to an account role. If removed from the config, the resource is recreated.
    name String
    Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. Due to technical limitations (read more here), avoid using the following characters: |, ., (, ), "
    enabled boolean
    Specifies whether to initiate operation of the integration or suspend it.
    externalOauthIssuer string
    Specifies the URL to define the OAuth 2.0 authorization server.
    externalOauthSnowflakeUserMappingAttribute string
    Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record. Valid values are (case-insensitive): LOGIN_NAME | EMAIL_ADDRESS.
    externalOauthTokenUserMappingClaims string[]
    Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record. If removed from the config, the resource is recreated.
    externalOauthType string
    Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server. Valid values are (case-insensitive): OKTA | AZURE | PING_FEDERATE | CUSTOM.
    comment string
    Specifies a comment for the OAuth integration.
    externalOauthAllowedRolesLists string[]
    Specifies the list of roles that the client can set as the primary role.
    externalOauthAnyRoleMode string
    Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token. Valid values are (case-insensitive): DISABLE | ENABLE | ENABLE_FOR_PRIVILEGE.
    externalOauthAudienceLists string[]
    Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
    externalOauthBlockedRolesLists string[]
    Specifies the list of roles that a client cannot set as the primary role. By default, this list includes the ACCOUNTADMIN, ORGADMIN and SECURITYADMIN roles. To remove these privileged roles from the list, use the ALTER ACCOUNT command to set the EXTERNALOAUTHADDPRIVILEGEDROLESTOBLOCKED_LIST account parameter to FALSE.
    externalOauthJwsKeysUrls string[]
    Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3. If removed from the config, the resource is recreated.
    externalOauthRsaPublicKey string
    Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. If removed from the config, the resource is recreated.
    externalOauthRsaPublicKey2 string
    Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation. If removed from the config, the resource is recreated.
    externalOauthScopeDelimiter string
    Specifies the scope delimiter in the authorization token.
    externalOauthScopeMappingAttribute string
    Specifies the access token claim to map the access token to an account role. If removed from the config, the resource is recreated.
    name string
    Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. Due to technical limitations (read more here), avoid using the following characters: |, ., (, ), "
    enabled bool
    Specifies whether to initiate operation of the integration or suspend it.
    external_oauth_issuer str
    Specifies the URL to define the OAuth 2.0 authorization server.
    external_oauth_snowflake_user_mapping_attribute str
    Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record. Valid values are (case-insensitive): LOGIN_NAME | EMAIL_ADDRESS.
    external_oauth_token_user_mapping_claims Sequence[str]
    Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record. If removed from the config, the resource is recreated.
    external_oauth_type str
    Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server. Valid values are (case-insensitive): OKTA | AZURE | PING_FEDERATE | CUSTOM.
    comment str
    Specifies a comment for the OAuth integration.
    external_oauth_allowed_roles_lists Sequence[str]
    Specifies the list of roles that the client can set as the primary role.
    external_oauth_any_role_mode str
    Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token. Valid values are (case-insensitive): DISABLE | ENABLE | ENABLE_FOR_PRIVILEGE.
    external_oauth_audience_lists Sequence[str]
    Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
    external_oauth_blocked_roles_lists Sequence[str]
    Specifies the list of roles that a client cannot set as the primary role. By default, this list includes the ACCOUNTADMIN, ORGADMIN and SECURITYADMIN roles. To remove these privileged roles from the list, use the ALTER ACCOUNT command to set the EXTERNALOAUTHADDPRIVILEGEDROLESTOBLOCKED_LIST account parameter to FALSE.
    external_oauth_jws_keys_urls Sequence[str]
    Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3. If removed from the config, the resource is recreated.
    external_oauth_rsa_public_key str
    Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. If removed from the config, the resource is recreated.
    external_oauth_rsa_public_key2 str
    Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation. If removed from the config, the resource is recreated.
    external_oauth_scope_delimiter str
    Specifies the scope delimiter in the authorization token.
    external_oauth_scope_mapping_attribute str
    Specifies the access token claim to map the access token to an account role. If removed from the config, the resource is recreated.
    name str
    Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. Due to technical limitations (read more here), avoid using the following characters: |, ., (, ), "
    enabled Boolean
    Specifies whether to initiate operation of the integration or suspend it.
    externalOauthIssuer String
    Specifies the URL to define the OAuth 2.0 authorization server.
    externalOauthSnowflakeUserMappingAttribute String
    Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record. Valid values are (case-insensitive): LOGIN_NAME | EMAIL_ADDRESS.
    externalOauthTokenUserMappingClaims List<String>
    Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record. If removed from the config, the resource is recreated.
    externalOauthType String
    Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server. Valid values are (case-insensitive): OKTA | AZURE | PING_FEDERATE | CUSTOM.
    comment String
    Specifies a comment for the OAuth integration.
    externalOauthAllowedRolesLists List<String>
    Specifies the list of roles that the client can set as the primary role.
    externalOauthAnyRoleMode String
    Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token. Valid values are (case-insensitive): DISABLE | ENABLE | ENABLE_FOR_PRIVILEGE.
    externalOauthAudienceLists List<String>
    Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
    externalOauthBlockedRolesLists List<String>
    Specifies the list of roles that a client cannot set as the primary role. By default, this list includes the ACCOUNTADMIN, ORGADMIN and SECURITYADMIN roles. To remove these privileged roles from the list, use the ALTER ACCOUNT command to set the EXTERNALOAUTHADDPRIVILEGEDROLESTOBLOCKED_LIST account parameter to FALSE.
    externalOauthJwsKeysUrls List<String>
    Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3. If removed from the config, the resource is recreated.
    externalOauthRsaPublicKey String
    Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. If removed from the config, the resource is recreated.
    externalOauthRsaPublicKey2 String
    Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation. If removed from the config, the resource is recreated.
    externalOauthScopeDelimiter String
    Specifies the scope delimiter in the authorization token.
    externalOauthScopeMappingAttribute String
    Specifies the access token claim to map the access token to an account role. If removed from the config, the resource is recreated.
    name String
    Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. Due to technical limitations (read more here), avoid using the following characters: |, ., (, ), "

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ExternalOauthIntegration resource produces the following output properties:

    DescribeOutputs List<ExternalOauthIntegrationDescribeOutput>
    Outputs the result of DESCRIBE SECURITY INTEGRATIONS for the given security integration.
    FullyQualifiedName string
    Fully qualified name of the resource. For more information, see object name resolution.
    Id string
    The provider-assigned unique ID for this managed resource.
    RelatedParameters List<ExternalOauthIntegrationRelatedParameter>
    Paramteres related to this security integration.
    ShowOutputs List<ExternalOauthIntegrationShowOutput>
    Outputs the result of SHOW SECURITY INTEGRATIONS for the given security integration.
    DescribeOutputs []ExternalOauthIntegrationDescribeOutput
    Outputs the result of DESCRIBE SECURITY INTEGRATIONS for the given security integration.
    FullyQualifiedName string
    Fully qualified name of the resource. For more information, see object name resolution.
    Id string
    The provider-assigned unique ID for this managed resource.
    RelatedParameters []ExternalOauthIntegrationRelatedParameter
    Paramteres related to this security integration.
    ShowOutputs []ExternalOauthIntegrationShowOutput
    Outputs the result of SHOW SECURITY INTEGRATIONS for the given security integration.
    describeOutputs List<ExternalOauthIntegrationDescribeOutput>
    Outputs the result of DESCRIBE SECURITY INTEGRATIONS for the given security integration.
    fullyQualifiedName String
    Fully qualified name of the resource. For more information, see object name resolution.
    id String
    The provider-assigned unique ID for this managed resource.
    relatedParameters List<ExternalOauthIntegrationRelatedParameter>
    Paramteres related to this security integration.
    showOutputs List<ExternalOauthIntegrationShowOutput>
    Outputs the result of SHOW SECURITY INTEGRATIONS for the given security integration.
    describeOutputs ExternalOauthIntegrationDescribeOutput[]
    Outputs the result of DESCRIBE SECURITY INTEGRATIONS for the given security integration.
    fullyQualifiedName string
    Fully qualified name of the resource. For more information, see object name resolution.
    id string
    The provider-assigned unique ID for this managed resource.
    relatedParameters ExternalOauthIntegrationRelatedParameter[]
    Paramteres related to this security integration.
    showOutputs ExternalOauthIntegrationShowOutput[]
    Outputs the result of SHOW SECURITY INTEGRATIONS for the given security integration.
    describe_outputs Sequence[ExternalOauthIntegrationDescribeOutput]
    Outputs the result of DESCRIBE SECURITY INTEGRATIONS for the given security integration.
    fully_qualified_name str
    Fully qualified name of the resource. For more information, see object name resolution.
    id str
    The provider-assigned unique ID for this managed resource.
    related_parameters Sequence[ExternalOauthIntegrationRelatedParameter]
    Paramteres related to this security integration.
    show_outputs Sequence[ExternalOauthIntegrationShowOutput]
    Outputs the result of SHOW SECURITY INTEGRATIONS for the given security integration.
    describeOutputs List<Property Map>
    Outputs the result of DESCRIBE SECURITY INTEGRATIONS for the given security integration.
    fullyQualifiedName String
    Fully qualified name of the resource. For more information, see object name resolution.
    id String
    The provider-assigned unique ID for this managed resource.
    relatedParameters List<Property Map>
    Paramteres related to this security integration.
    showOutputs List<Property Map>
    Outputs the result of SHOW SECURITY INTEGRATIONS for the given security integration.

    Look up Existing ExternalOauthIntegration Resource

    Get an existing ExternalOauthIntegration resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ExternalOauthIntegrationState, opts?: CustomResourceOptions): ExternalOauthIntegration
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            comment: Optional[str] = None,
            describe_outputs: Optional[Sequence[ExternalOauthIntegrationDescribeOutputArgs]] = None,
            enabled: Optional[bool] = None,
            external_oauth_allowed_roles_lists: Optional[Sequence[str]] = None,
            external_oauth_any_role_mode: Optional[str] = None,
            external_oauth_audience_lists: Optional[Sequence[str]] = None,
            external_oauth_blocked_roles_lists: Optional[Sequence[str]] = None,
            external_oauth_issuer: Optional[str] = None,
            external_oauth_jws_keys_urls: Optional[Sequence[str]] = None,
            external_oauth_rsa_public_key: Optional[str] = None,
            external_oauth_rsa_public_key2: Optional[str] = None,
            external_oauth_scope_delimiter: Optional[str] = None,
            external_oauth_scope_mapping_attribute: Optional[str] = None,
            external_oauth_snowflake_user_mapping_attribute: Optional[str] = None,
            external_oauth_token_user_mapping_claims: Optional[Sequence[str]] = None,
            external_oauth_type: Optional[str] = None,
            fully_qualified_name: Optional[str] = None,
            name: Optional[str] = None,
            related_parameters: Optional[Sequence[ExternalOauthIntegrationRelatedParameterArgs]] = None,
            show_outputs: Optional[Sequence[ExternalOauthIntegrationShowOutputArgs]] = None) -> ExternalOauthIntegration
    func GetExternalOauthIntegration(ctx *Context, name string, id IDInput, state *ExternalOauthIntegrationState, opts ...ResourceOption) (*ExternalOauthIntegration, error)
    public static ExternalOauthIntegration Get(string name, Input<string> id, ExternalOauthIntegrationState? state, CustomResourceOptions? opts = null)
    public static ExternalOauthIntegration get(String name, Output<String> id, ExternalOauthIntegrationState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Comment string
    Specifies a comment for the OAuth integration.
    DescribeOutputs List<ExternalOauthIntegrationDescribeOutput>
    Outputs the result of DESCRIBE SECURITY INTEGRATIONS for the given security integration.
    Enabled bool
    Specifies whether to initiate operation of the integration or suspend it.
    ExternalOauthAllowedRolesLists List<string>
    Specifies the list of roles that the client can set as the primary role.
    ExternalOauthAnyRoleMode string
    Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token. Valid values are (case-insensitive): DISABLE | ENABLE | ENABLE_FOR_PRIVILEGE.
    ExternalOauthAudienceLists List<string>
    Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
    ExternalOauthBlockedRolesLists List<string>
    Specifies the list of roles that a client cannot set as the primary role. By default, this list includes the ACCOUNTADMIN, ORGADMIN and SECURITYADMIN roles. To remove these privileged roles from the list, use the ALTER ACCOUNT command to set the EXTERNALOAUTHADDPRIVILEGEDROLESTOBLOCKED_LIST account parameter to FALSE.
    ExternalOauthIssuer string
    Specifies the URL to define the OAuth 2.0 authorization server.
    ExternalOauthJwsKeysUrls List<string>
    Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3. If removed from the config, the resource is recreated.
    ExternalOauthRsaPublicKey string
    Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. If removed from the config, the resource is recreated.
    ExternalOauthRsaPublicKey2 string
    Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation. If removed from the config, the resource is recreated.
    ExternalOauthScopeDelimiter string
    Specifies the scope delimiter in the authorization token.
    ExternalOauthScopeMappingAttribute string
    Specifies the access token claim to map the access token to an account role. If removed from the config, the resource is recreated.
    ExternalOauthSnowflakeUserMappingAttribute string
    Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record. Valid values are (case-insensitive): LOGIN_NAME | EMAIL_ADDRESS.
    ExternalOauthTokenUserMappingClaims List<string>
    Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record. If removed from the config, the resource is recreated.
    ExternalOauthType string
    Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server. Valid values are (case-insensitive): OKTA | AZURE | PING_FEDERATE | CUSTOM.
    FullyQualifiedName string
    Fully qualified name of the resource. For more information, see object name resolution.
    Name string
    Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. Due to technical limitations (read more here), avoid using the following characters: |, ., (, ), "
    RelatedParameters List<ExternalOauthIntegrationRelatedParameter>
    Paramteres related to this security integration.
    ShowOutputs List<ExternalOauthIntegrationShowOutput>
    Outputs the result of SHOW SECURITY INTEGRATIONS for the given security integration.
    Comment string
    Specifies a comment for the OAuth integration.
    DescribeOutputs []ExternalOauthIntegrationDescribeOutputArgs
    Outputs the result of DESCRIBE SECURITY INTEGRATIONS for the given security integration.
    Enabled bool
    Specifies whether to initiate operation of the integration or suspend it.
    ExternalOauthAllowedRolesLists []string
    Specifies the list of roles that the client can set as the primary role.
    ExternalOauthAnyRoleMode string
    Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token. Valid values are (case-insensitive): DISABLE | ENABLE | ENABLE_FOR_PRIVILEGE.
    ExternalOauthAudienceLists []string
    Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
    ExternalOauthBlockedRolesLists []string
    Specifies the list of roles that a client cannot set as the primary role. By default, this list includes the ACCOUNTADMIN, ORGADMIN and SECURITYADMIN roles. To remove these privileged roles from the list, use the ALTER ACCOUNT command to set the EXTERNALOAUTHADDPRIVILEGEDROLESTOBLOCKED_LIST account parameter to FALSE.
    ExternalOauthIssuer string
    Specifies the URL to define the OAuth 2.0 authorization server.
    ExternalOauthJwsKeysUrls []string
    Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3. If removed from the config, the resource is recreated.
    ExternalOauthRsaPublicKey string
    Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. If removed from the config, the resource is recreated.
    ExternalOauthRsaPublicKey2 string
    Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation. If removed from the config, the resource is recreated.
    ExternalOauthScopeDelimiter string
    Specifies the scope delimiter in the authorization token.
    ExternalOauthScopeMappingAttribute string
    Specifies the access token claim to map the access token to an account role. If removed from the config, the resource is recreated.
    ExternalOauthSnowflakeUserMappingAttribute string
    Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record. Valid values are (case-insensitive): LOGIN_NAME | EMAIL_ADDRESS.
    ExternalOauthTokenUserMappingClaims []string
    Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record. If removed from the config, the resource is recreated.
    ExternalOauthType string
    Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server. Valid values are (case-insensitive): OKTA | AZURE | PING_FEDERATE | CUSTOM.
    FullyQualifiedName string
    Fully qualified name of the resource. For more information, see object name resolution.
    Name string
    Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. Due to technical limitations (read more here), avoid using the following characters: |, ., (, ), "
    RelatedParameters []ExternalOauthIntegrationRelatedParameterArgs
    Paramteres related to this security integration.
    ShowOutputs []ExternalOauthIntegrationShowOutputArgs
    Outputs the result of SHOW SECURITY INTEGRATIONS for the given security integration.
    comment String
    Specifies a comment for the OAuth integration.
    describeOutputs List<ExternalOauthIntegrationDescribeOutput>
    Outputs the result of DESCRIBE SECURITY INTEGRATIONS for the given security integration.
    enabled Boolean
    Specifies whether to initiate operation of the integration or suspend it.
    externalOauthAllowedRolesLists List<String>
    Specifies the list of roles that the client can set as the primary role.
    externalOauthAnyRoleMode String
    Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token. Valid values are (case-insensitive): DISABLE | ENABLE | ENABLE_FOR_PRIVILEGE.
    externalOauthAudienceLists List<String>
    Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
    externalOauthBlockedRolesLists List<String>
    Specifies the list of roles that a client cannot set as the primary role. By default, this list includes the ACCOUNTADMIN, ORGADMIN and SECURITYADMIN roles. To remove these privileged roles from the list, use the ALTER ACCOUNT command to set the EXTERNALOAUTHADDPRIVILEGEDROLESTOBLOCKED_LIST account parameter to FALSE.
    externalOauthIssuer String
    Specifies the URL to define the OAuth 2.0 authorization server.
    externalOauthJwsKeysUrls List<String>
    Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3. If removed from the config, the resource is recreated.
    externalOauthRsaPublicKey String
    Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. If removed from the config, the resource is recreated.
    externalOauthRsaPublicKey2 String
    Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation. If removed from the config, the resource is recreated.
    externalOauthScopeDelimiter String
    Specifies the scope delimiter in the authorization token.
    externalOauthScopeMappingAttribute String
    Specifies the access token claim to map the access token to an account role. If removed from the config, the resource is recreated.
    externalOauthSnowflakeUserMappingAttribute String
    Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record. Valid values are (case-insensitive): LOGIN_NAME | EMAIL_ADDRESS.
    externalOauthTokenUserMappingClaims List<String>
    Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record. If removed from the config, the resource is recreated.
    externalOauthType String
    Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server. Valid values are (case-insensitive): OKTA | AZURE | PING_FEDERATE | CUSTOM.
    fullyQualifiedName String
    Fully qualified name of the resource. For more information, see object name resolution.
    name String
    Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. Due to technical limitations (read more here), avoid using the following characters: |, ., (, ), "
    relatedParameters List<ExternalOauthIntegrationRelatedParameter>
    Paramteres related to this security integration.
    showOutputs List<ExternalOauthIntegrationShowOutput>
    Outputs the result of SHOW SECURITY INTEGRATIONS for the given security integration.
    comment string
    Specifies a comment for the OAuth integration.
    describeOutputs ExternalOauthIntegrationDescribeOutput[]
    Outputs the result of DESCRIBE SECURITY INTEGRATIONS for the given security integration.
    enabled boolean
    Specifies whether to initiate operation of the integration or suspend it.
    externalOauthAllowedRolesLists string[]
    Specifies the list of roles that the client can set as the primary role.
    externalOauthAnyRoleMode string
    Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token. Valid values are (case-insensitive): DISABLE | ENABLE | ENABLE_FOR_PRIVILEGE.
    externalOauthAudienceLists string[]
    Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
    externalOauthBlockedRolesLists string[]
    Specifies the list of roles that a client cannot set as the primary role. By default, this list includes the ACCOUNTADMIN, ORGADMIN and SECURITYADMIN roles. To remove these privileged roles from the list, use the ALTER ACCOUNT command to set the EXTERNALOAUTHADDPRIVILEGEDROLESTOBLOCKED_LIST account parameter to FALSE.
    externalOauthIssuer string
    Specifies the URL to define the OAuth 2.0 authorization server.
    externalOauthJwsKeysUrls string[]
    Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3. If removed from the config, the resource is recreated.
    externalOauthRsaPublicKey string
    Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. If removed from the config, the resource is recreated.
    externalOauthRsaPublicKey2 string
    Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation. If removed from the config, the resource is recreated.
    externalOauthScopeDelimiter string
    Specifies the scope delimiter in the authorization token.
    externalOauthScopeMappingAttribute string
    Specifies the access token claim to map the access token to an account role. If removed from the config, the resource is recreated.
    externalOauthSnowflakeUserMappingAttribute string
    Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record. Valid values are (case-insensitive): LOGIN_NAME | EMAIL_ADDRESS.
    externalOauthTokenUserMappingClaims string[]
    Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record. If removed from the config, the resource is recreated.
    externalOauthType string
    Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server. Valid values are (case-insensitive): OKTA | AZURE | PING_FEDERATE | CUSTOM.
    fullyQualifiedName string
    Fully qualified name of the resource. For more information, see object name resolution.
    name string
    Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. Due to technical limitations (read more here), avoid using the following characters: |, ., (, ), "
    relatedParameters ExternalOauthIntegrationRelatedParameter[]
    Paramteres related to this security integration.
    showOutputs ExternalOauthIntegrationShowOutput[]
    Outputs the result of SHOW SECURITY INTEGRATIONS for the given security integration.
    comment str
    Specifies a comment for the OAuth integration.
    describe_outputs Sequence[ExternalOauthIntegrationDescribeOutputArgs]
    Outputs the result of DESCRIBE SECURITY INTEGRATIONS for the given security integration.
    enabled bool
    Specifies whether to initiate operation of the integration or suspend it.
    external_oauth_allowed_roles_lists Sequence[str]
    Specifies the list of roles that the client can set as the primary role.
    external_oauth_any_role_mode str
    Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token. Valid values are (case-insensitive): DISABLE | ENABLE | ENABLE_FOR_PRIVILEGE.
    external_oauth_audience_lists Sequence[str]
    Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
    external_oauth_blocked_roles_lists Sequence[str]
    Specifies the list of roles that a client cannot set as the primary role. By default, this list includes the ACCOUNTADMIN, ORGADMIN and SECURITYADMIN roles. To remove these privileged roles from the list, use the ALTER ACCOUNT command to set the EXTERNALOAUTHADDPRIVILEGEDROLESTOBLOCKED_LIST account parameter to FALSE.
    external_oauth_issuer str
    Specifies the URL to define the OAuth 2.0 authorization server.
    external_oauth_jws_keys_urls Sequence[str]
    Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3. If removed from the config, the resource is recreated.
    external_oauth_rsa_public_key str
    Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. If removed from the config, the resource is recreated.
    external_oauth_rsa_public_key2 str
    Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation. If removed from the config, the resource is recreated.
    external_oauth_scope_delimiter str
    Specifies the scope delimiter in the authorization token.
    external_oauth_scope_mapping_attribute str
    Specifies the access token claim to map the access token to an account role. If removed from the config, the resource is recreated.
    external_oauth_snowflake_user_mapping_attribute str
    Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record. Valid values are (case-insensitive): LOGIN_NAME | EMAIL_ADDRESS.
    external_oauth_token_user_mapping_claims Sequence[str]
    Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record. If removed from the config, the resource is recreated.
    external_oauth_type str
    Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server. Valid values are (case-insensitive): OKTA | AZURE | PING_FEDERATE | CUSTOM.
    fully_qualified_name str
    Fully qualified name of the resource. For more information, see object name resolution.
    name str
    Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. Due to technical limitations (read more here), avoid using the following characters: |, ., (, ), "
    related_parameters Sequence[ExternalOauthIntegrationRelatedParameterArgs]
    Paramteres related to this security integration.
    show_outputs Sequence[ExternalOauthIntegrationShowOutputArgs]
    Outputs the result of SHOW SECURITY INTEGRATIONS for the given security integration.
    comment String
    Specifies a comment for the OAuth integration.
    describeOutputs List<Property Map>
    Outputs the result of DESCRIBE SECURITY INTEGRATIONS for the given security integration.
    enabled Boolean
    Specifies whether to initiate operation of the integration or suspend it.
    externalOauthAllowedRolesLists List<String>
    Specifies the list of roles that the client can set as the primary role.
    externalOauthAnyRoleMode String
    Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token. Valid values are (case-insensitive): DISABLE | ENABLE | ENABLE_FOR_PRIVILEGE.
    externalOauthAudienceLists List<String>
    Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
    externalOauthBlockedRolesLists List<String>
    Specifies the list of roles that a client cannot set as the primary role. By default, this list includes the ACCOUNTADMIN, ORGADMIN and SECURITYADMIN roles. To remove these privileged roles from the list, use the ALTER ACCOUNT command to set the EXTERNALOAUTHADDPRIVILEGEDROLESTOBLOCKED_LIST account parameter to FALSE.
    externalOauthIssuer String
    Specifies the URL to define the OAuth 2.0 authorization server.
    externalOauthJwsKeysUrls List<String>
    Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3. If removed from the config, the resource is recreated.
    externalOauthRsaPublicKey String
    Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. If removed from the config, the resource is recreated.
    externalOauthRsaPublicKey2 String
    Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation. If removed from the config, the resource is recreated.
    externalOauthScopeDelimiter String
    Specifies the scope delimiter in the authorization token.
    externalOauthScopeMappingAttribute String
    Specifies the access token claim to map the access token to an account role. If removed from the config, the resource is recreated.
    externalOauthSnowflakeUserMappingAttribute String
    Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record. Valid values are (case-insensitive): LOGIN_NAME | EMAIL_ADDRESS.
    externalOauthTokenUserMappingClaims List<String>
    Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record. If removed from the config, the resource is recreated.
    externalOauthType String
    Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server. Valid values are (case-insensitive): OKTA | AZURE | PING_FEDERATE | CUSTOM.
    fullyQualifiedName String
    Fully qualified name of the resource. For more information, see object name resolution.
    name String
    Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. Due to technical limitations (read more here), avoid using the following characters: |, ., (, ), "
    relatedParameters List<Property Map>
    Paramteres related to this security integration.
    showOutputs List<Property Map>
    Outputs the result of SHOW SECURITY INTEGRATIONS for the given security integration.

    Supporting Types

    ExternalOauthIntegrationDescribeOutput, ExternalOauthIntegrationDescribeOutputArgs

    Comments List<ExternalOauthIntegrationDescribeOutputComment>
    Enableds List<ExternalOauthIntegrationDescribeOutputEnabled>
    ExternalOauthAllowedRolesLists List<ExternalOauthIntegrationDescribeOutputExternalOauthAllowedRolesList>
    ExternalOauthAnyRoleModes List<ExternalOauthIntegrationDescribeOutputExternalOauthAnyRoleMode>
    ExternalOauthAudienceLists List<ExternalOauthIntegrationDescribeOutputExternalOauthAudienceList>
    ExternalOauthBlockedRolesLists List<ExternalOauthIntegrationDescribeOutputExternalOauthBlockedRolesList>
    ExternalOauthIssuers List<ExternalOauthIntegrationDescribeOutputExternalOauthIssuer>
    ExternalOauthJwsKeysUrls List<ExternalOauthIntegrationDescribeOutputExternalOauthJwsKeysUrl>
    ExternalOauthRsaPublicKey2s List<ExternalOauthIntegrationDescribeOutputExternalOauthRsaPublicKey2>
    ExternalOauthRsaPublicKeys List<ExternalOauthIntegrationDescribeOutputExternalOauthRsaPublicKey>
    ExternalOauthScopeDelimiters List<ExternalOauthIntegrationDescribeOutputExternalOauthScopeDelimiter>
    ExternalOauthSnowflakeUserMappingAttributes List<ExternalOauthIntegrationDescribeOutputExternalOauthSnowflakeUserMappingAttribute>
    ExternalOauthTokenUserMappingClaims List<ExternalOauthIntegrationDescribeOutputExternalOauthTokenUserMappingClaim>
    Comments []ExternalOauthIntegrationDescribeOutputComment
    Enableds []ExternalOauthIntegrationDescribeOutputEnabled
    ExternalOauthAllowedRolesLists []ExternalOauthIntegrationDescribeOutputExternalOauthAllowedRolesList
    ExternalOauthAnyRoleModes []ExternalOauthIntegrationDescribeOutputExternalOauthAnyRoleMode
    ExternalOauthAudienceLists []ExternalOauthIntegrationDescribeOutputExternalOauthAudienceList
    ExternalOauthBlockedRolesLists []ExternalOauthIntegrationDescribeOutputExternalOauthBlockedRolesList
    ExternalOauthIssuers []ExternalOauthIntegrationDescribeOutputExternalOauthIssuer
    ExternalOauthJwsKeysUrls []ExternalOauthIntegrationDescribeOutputExternalOauthJwsKeysUrl
    ExternalOauthRsaPublicKey2s []ExternalOauthIntegrationDescribeOutputExternalOauthRsaPublicKey2
    ExternalOauthRsaPublicKeys []ExternalOauthIntegrationDescribeOutputExternalOauthRsaPublicKey
    ExternalOauthScopeDelimiters []ExternalOauthIntegrationDescribeOutputExternalOauthScopeDelimiter
    ExternalOauthSnowflakeUserMappingAttributes []ExternalOauthIntegrationDescribeOutputExternalOauthSnowflakeUserMappingAttribute
    ExternalOauthTokenUserMappingClaims []ExternalOauthIntegrationDescribeOutputExternalOauthTokenUserMappingClaim
    comments List<ExternalOauthIntegrationDescribeOutputComment>
    enableds List<ExternalOauthIntegrationDescribeOutputEnabled>
    externalOauthAllowedRolesLists List<ExternalOauthIntegrationDescribeOutputExternalOauthAllowedRolesList>
    externalOauthAnyRoleModes List<ExternalOauthIntegrationDescribeOutputExternalOauthAnyRoleMode>
    externalOauthAudienceLists List<ExternalOauthIntegrationDescribeOutputExternalOauthAudienceList>
    externalOauthBlockedRolesLists List<ExternalOauthIntegrationDescribeOutputExternalOauthBlockedRolesList>
    externalOauthIssuers List<ExternalOauthIntegrationDescribeOutputExternalOauthIssuer>
    externalOauthJwsKeysUrls List<ExternalOauthIntegrationDescribeOutputExternalOauthJwsKeysUrl>
    externalOauthRsaPublicKey2s List<ExternalOauthIntegrationDescribeOutputExternalOauthRsaPublicKey2>
    externalOauthRsaPublicKeys List<ExternalOauthIntegrationDescribeOutputExternalOauthRsaPublicKey>
    externalOauthScopeDelimiters List<ExternalOauthIntegrationDescribeOutputExternalOauthScopeDelimiter>
    externalOauthSnowflakeUserMappingAttributes List<ExternalOauthIntegrationDescribeOutputExternalOauthSnowflakeUserMappingAttribute>
    externalOauthTokenUserMappingClaims List<ExternalOauthIntegrationDescribeOutputExternalOauthTokenUserMappingClaim>
    comments ExternalOauthIntegrationDescribeOutputComment[]
    enableds ExternalOauthIntegrationDescribeOutputEnabled[]
    externalOauthAllowedRolesLists ExternalOauthIntegrationDescribeOutputExternalOauthAllowedRolesList[]
    externalOauthAnyRoleModes ExternalOauthIntegrationDescribeOutputExternalOauthAnyRoleMode[]
    externalOauthAudienceLists ExternalOauthIntegrationDescribeOutputExternalOauthAudienceList[]
    externalOauthBlockedRolesLists ExternalOauthIntegrationDescribeOutputExternalOauthBlockedRolesList[]
    externalOauthIssuers ExternalOauthIntegrationDescribeOutputExternalOauthIssuer[]
    externalOauthJwsKeysUrls ExternalOauthIntegrationDescribeOutputExternalOauthJwsKeysUrl[]
    externalOauthRsaPublicKey2s ExternalOauthIntegrationDescribeOutputExternalOauthRsaPublicKey2[]
    externalOauthRsaPublicKeys ExternalOauthIntegrationDescribeOutputExternalOauthRsaPublicKey[]
    externalOauthScopeDelimiters ExternalOauthIntegrationDescribeOutputExternalOauthScopeDelimiter[]
    externalOauthSnowflakeUserMappingAttributes ExternalOauthIntegrationDescribeOutputExternalOauthSnowflakeUserMappingAttribute[]
    externalOauthTokenUserMappingClaims ExternalOauthIntegrationDescribeOutputExternalOauthTokenUserMappingClaim[]
    comments Sequence[ExternalOauthIntegrationDescribeOutputComment]
    enableds Sequence[ExternalOauthIntegrationDescribeOutputEnabled]
    external_oauth_allowed_roles_lists Sequence[ExternalOauthIntegrationDescribeOutputExternalOauthAllowedRolesList]
    external_oauth_any_role_modes Sequence[ExternalOauthIntegrationDescribeOutputExternalOauthAnyRoleMode]
    external_oauth_audience_lists Sequence[ExternalOauthIntegrationDescribeOutputExternalOauthAudienceList]
    external_oauth_blocked_roles_lists Sequence[ExternalOauthIntegrationDescribeOutputExternalOauthBlockedRolesList]
    external_oauth_issuers Sequence[ExternalOauthIntegrationDescribeOutputExternalOauthIssuer]
    external_oauth_jws_keys_urls Sequence[ExternalOauthIntegrationDescribeOutputExternalOauthJwsKeysUrl]
    external_oauth_rsa_public_key2s Sequence[ExternalOauthIntegrationDescribeOutputExternalOauthRsaPublicKey2]
    external_oauth_rsa_public_keys Sequence[ExternalOauthIntegrationDescribeOutputExternalOauthRsaPublicKey]
    external_oauth_scope_delimiters Sequence[ExternalOauthIntegrationDescribeOutputExternalOauthScopeDelimiter]
    external_oauth_snowflake_user_mapping_attributes Sequence[ExternalOauthIntegrationDescribeOutputExternalOauthSnowflakeUserMappingAttribute]
    external_oauth_token_user_mapping_claims Sequence[ExternalOauthIntegrationDescribeOutputExternalOauthTokenUserMappingClaim]

    ExternalOauthIntegrationDescribeOutputComment, ExternalOauthIntegrationDescribeOutputCommentArgs

    Default string
    Name string
    Type string
    Value string
    Default string
    Name string
    Type string
    Value string
    default_ String
    name String
    type String
    value String
    default string
    name string
    type string
    value string
    default str
    name str
    type str
    value str
    default String
    name String
    type String
    value String

    ExternalOauthIntegrationDescribeOutputEnabled, ExternalOauthIntegrationDescribeOutputEnabledArgs

    Default string
    Name string
    Type string
    Value string
    Default string
    Name string
    Type string
    Value string
    default_ String
    name String
    type String
    value String
    default string
    name string
    type string
    value string
    default str
    name str
    type str
    value str
    default String
    name String
    type String
    value String

    ExternalOauthIntegrationDescribeOutputExternalOauthAllowedRolesList, ExternalOauthIntegrationDescribeOutputExternalOauthAllowedRolesListArgs

    Default string
    Name string
    Type string
    Value string
    Default string
    Name string
    Type string
    Value string
    default_ String
    name String
    type String
    value String
    default string
    name string
    type string
    value string
    default str
    name str
    type str
    value str
    default String
    name String
    type String
    value String

    ExternalOauthIntegrationDescribeOutputExternalOauthAnyRoleMode, ExternalOauthIntegrationDescribeOutputExternalOauthAnyRoleModeArgs

    Default string
    Name string
    Type string
    Value string
    Default string
    Name string
    Type string
    Value string
    default_ String
    name String
    type String
    value String
    default string
    name string
    type string
    value string
    default str
    name str
    type str
    value str
    default String
    name String
    type String
    value String

    ExternalOauthIntegrationDescribeOutputExternalOauthAudienceList, ExternalOauthIntegrationDescribeOutputExternalOauthAudienceListArgs

    Default string
    Name string
    Type string
    Value string
    Default string
    Name string
    Type string
    Value string
    default_ String
    name String
    type String
    value String
    default string
    name string
    type string
    value string
    default str
    name str
    type str
    value str
    default String
    name String
    type String
    value String

    ExternalOauthIntegrationDescribeOutputExternalOauthBlockedRolesList, ExternalOauthIntegrationDescribeOutputExternalOauthBlockedRolesListArgs

    Default string
    Name string
    Type string
    Value string
    Default string
    Name string
    Type string
    Value string
    default_ String
    name String
    type String
    value String
    default string
    name string
    type string
    value string
    default str
    name str
    type str
    value str
    default String
    name String
    type String
    value String

    ExternalOauthIntegrationDescribeOutputExternalOauthIssuer, ExternalOauthIntegrationDescribeOutputExternalOauthIssuerArgs

    Default string
    Name string
    Type string
    Value string
    Default string
    Name string
    Type string
    Value string
    default_ String
    name String
    type String
    value String
    default string
    name string
    type string
    value string
    default str
    name str
    type str
    value str
    default String
    name String
    type String
    value String

    ExternalOauthIntegrationDescribeOutputExternalOauthJwsKeysUrl, ExternalOauthIntegrationDescribeOutputExternalOauthJwsKeysUrlArgs

    Default string
    Name string
    Type string
    Value string
    Default string
    Name string
    Type string
    Value string
    default_ String
    name String
    type String
    value String
    default string
    name string
    type string
    value string
    default str
    name str
    type str
    value str
    default String
    name String
    type String
    value String

    ExternalOauthIntegrationDescribeOutputExternalOauthRsaPublicKey, ExternalOauthIntegrationDescribeOutputExternalOauthRsaPublicKeyArgs

    Default string
    Name string
    Type string
    Value string
    Default string
    Name string
    Type string
    Value string
    default_ String
    name String
    type String
    value String
    default string
    name string
    type string
    value string
    default str
    name str
    type str
    value str
    default String
    name String
    type String
    value String

    ExternalOauthIntegrationDescribeOutputExternalOauthRsaPublicKey2, ExternalOauthIntegrationDescribeOutputExternalOauthRsaPublicKey2Args

    Default string
    Name string
    Type string
    Value string
    Default string
    Name string
    Type string
    Value string
    default_ String
    name String
    type String
    value String
    default string
    name string
    type string
    value string
    default str
    name str
    type str
    value str
    default String
    name String
    type String
    value String

    ExternalOauthIntegrationDescribeOutputExternalOauthScopeDelimiter, ExternalOauthIntegrationDescribeOutputExternalOauthScopeDelimiterArgs

    Default string
    Name string
    Type string
    Value string
    Default string
    Name string
    Type string
    Value string
    default_ String
    name String
    type String
    value String
    default string
    name string
    type string
    value string
    default str
    name str
    type str
    value str
    default String
    name String
    type String
    value String

    ExternalOauthIntegrationDescribeOutputExternalOauthSnowflakeUserMappingAttribute, ExternalOauthIntegrationDescribeOutputExternalOauthSnowflakeUserMappingAttributeArgs

    Default string
    Name string
    Type string
    Value string
    Default string
    Name string
    Type string
    Value string
    default_ String
    name String
    type String
    value String
    default string
    name string
    type string
    value string
    default str
    name str
    type str
    value str
    default String
    name String
    type String
    value String

    ExternalOauthIntegrationDescribeOutputExternalOauthTokenUserMappingClaim, ExternalOauthIntegrationDescribeOutputExternalOauthTokenUserMappingClaimArgs

    Default string
    Name string
    Type string
    Value string
    Default string
    Name string
    Type string
    Value string
    default_ String
    name String
    type String
    value String
    default string
    name string
    type string
    value string
    default str
    name str
    type str
    value str
    default String
    name String
    type String
    value String

    ExternalOauthIntegrationRelatedParameter, ExternalOauthIntegrationRelatedParameterArgs

    ExternalOauthIntegrationRelatedParameterExternalOauthAddPrivilegedRolesToBlockedList, ExternalOauthIntegrationRelatedParameterExternalOauthAddPrivilegedRolesToBlockedListArgs

    Default string
    Description string
    Key string
    Level string
    Value string
    Default string
    Description string
    Key string
    Level string
    Value string
    default_ String
    description String
    key String
    level String
    value String
    default string
    description string
    key string
    level string
    value string
    default String
    description String
    key String
    level String
    value String

    ExternalOauthIntegrationShowOutput, ExternalOauthIntegrationShowOutputArgs

    Category string
    Comment string
    CreatedOn string
    Enabled bool
    IntegrationType string
    Name string
    Category string
    Comment string
    CreatedOn string
    Enabled bool
    IntegrationType string
    Name string
    category String
    comment String
    createdOn String
    enabled Boolean
    integrationType String
    name String
    category string
    comment string
    createdOn string
    enabled boolean
    integrationType string
    name string
    category String
    comment String
    createdOn String
    enabled Boolean
    integrationType String
    name String

    Package Details

    Repository
    Snowflake pulumi/pulumi-snowflake
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the snowflake Terraform Provider.
    snowflake logo
    Snowflake v0.61.1 published on Thursday, Nov 14, 2024 by Pulumi