diff --git a/provider/cmd/pulumi-resource-snowflake/schema.json b/provider/cmd/pulumi-resource-snowflake/schema.json index ad760046..2337543a 100644 --- a/provider/cmd/pulumi-resource-snowflake/schema.json +++ b/provider/cmd/pulumi-resource-snowflake/schema.json @@ -2275,6 +2275,10 @@ "type": "string", "description": "Specify a database to create a clone from.\n" }, + "fromReplica": { + "type": "string", + "description": "Specify a fully-qualified path to a database to create a replica from.\n" + }, "fromShare": { "type": "object", "additionalProperties": { @@ -2308,6 +2312,10 @@ "type": "string", "description": "Specify a database to create a clone from.\n" }, + "fromReplica": { + "type": "string", + "description": "Specify a fully-qualified path to a database to create a replica from.\n" + }, "fromShare": { "type": "object", "additionalProperties": { @@ -2339,6 +2347,10 @@ "type": "string", "description": "Specify a database to create a clone from.\n" }, + "fromReplica": { + "type": "string", + "description": "Specify a fully-qualified path to a database to create a replica from.\n" + }, "fromShare": { "type": "object", "additionalProperties": { @@ -5071,6 +5083,140 @@ "type": "object" } }, + "snowflake:index/oauthIntegration:OauthIntegration": { + "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as snowflake from \"@pulumi/snowflake\";\n\nconst tableauDesktop = new snowflake.OauthIntegration(\"tableau_desktop\", {\n blockedRolesLists: [\"SYSADMIN\"],\n enabled: true,\n oauthClient: \"TABLEAU_DESKTOP\",\n oauthIssueRefreshTokens: true,\n oauthRefreshTokenValidity: 3600,\n});\n```\n```python\nimport pulumi\nimport pulumi_snowflake as snowflake\n\ntableau_desktop = snowflake.OauthIntegration(\"tableauDesktop\",\n blocked_roles_lists=[\"SYSADMIN\"],\n enabled=True,\n oauth_client=\"TABLEAU_DESKTOP\",\n oauth_issue_refresh_tokens=True,\n oauth_refresh_token_validity=3600)\n```\n```csharp\nusing Pulumi;\nusing Snowflake = Pulumi.Snowflake;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var tableauDesktop = new Snowflake.OauthIntegration(\"tableauDesktop\", new Snowflake.OauthIntegrationArgs\n {\n BlockedRolesLists = \n {\n \"SYSADMIN\",\n },\n Enabled = true,\n OauthClient = \"TABLEAU_DESKTOP\",\n OauthIssueRefreshTokens = true,\n OauthRefreshTokenValidity = 3600,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-snowflake/sdk/go/snowflake\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := snowflake.NewOauthIntegration(ctx, \"tableauDesktop\", \u0026snowflake.OauthIntegrationArgs{\n\t\t\tBlockedRolesLists: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"SYSADMIN\"),\n\t\t\t},\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tOauthClient: pulumi.String(\"TABLEAU_DESKTOP\"),\n\t\t\tOauthIssueRefreshTokens: pulumi.Bool(true),\n\t\t\tOauthRefreshTokenValidity: pulumi.Int(3600),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n\n\n```sh\n $ pulumi import snowflake:index/oauthIntegration:OauthIntegration example name\n```\n\n ", + "properties": { + "blockedRolesLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of roles that a user cannot explicitly consent to using after authenticating. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.\n" + }, + "comment": { + "type": "string", + "description": "Specifies a comment for the OAuth integration.\n" + }, + "createdOn": { + "type": "string", + "description": "Date and time when the OAuth integration was created.\n" + }, + "enabled": { + "type": "boolean", + "description": "Specifies whether this OAuth integration is enabled or disabled.\n" + }, + "name": { + "type": "string", + "description": "Specifies the name of the OAuth integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.\n" + }, + "oauthClient": { + "type": "string", + "description": "Specifies the OAuth client type.\n" + }, + "oauthIssueRefreshTokens": { + "type": "boolean", + "description": "Specifies whether to allow the client to exchange a refresh token for an access token when the current access token has expired.\n" + }, + "oauthRefreshTokenValidity": { + "type": "integer", + "description": "Specifies how long refresh tokens should be valid (in seconds). OAUTH*ISSUE*REFRESH_TOKENS must be set to TRUE.\n" + }, + "oauthUseSecondaryRoles": { + "type": "string", + "description": "Specifies whether default secondary roles set in the user properties are activated by default in the session being opened.\n" + } + }, + "required": [ + "createdOn", + "name", + "oauthClient" + ], + "inputProperties": { + "blockedRolesLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of roles that a user cannot explicitly consent to using after authenticating. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.\n" + }, + "comment": { + "type": "string", + "description": "Specifies a comment for the OAuth integration.\n" + }, + "enabled": { + "type": "boolean", + "description": "Specifies whether this OAuth integration is enabled or disabled.\n" + }, + "name": { + "type": "string", + "description": "Specifies the name of the OAuth integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.\n" + }, + "oauthClient": { + "type": "string", + "description": "Specifies the OAuth client type.\n" + }, + "oauthIssueRefreshTokens": { + "type": "boolean", + "description": "Specifies whether to allow the client to exchange a refresh token for an access token when the current access token has expired.\n" + }, + "oauthRefreshTokenValidity": { + "type": "integer", + "description": "Specifies how long refresh tokens should be valid (in seconds). OAUTH*ISSUE*REFRESH_TOKENS must be set to TRUE.\n" + }, + "oauthUseSecondaryRoles": { + "type": "string", + "description": "Specifies whether default secondary roles set in the user properties are activated by default in the session being opened.\n" + } + }, + "requiredInputs": [ + "oauthClient" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering OauthIntegration resources.\n", + "properties": { + "blockedRolesLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of roles that a user cannot explicitly consent to using after authenticating. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.\n" + }, + "comment": { + "type": "string", + "description": "Specifies a comment for the OAuth integration.\n" + }, + "createdOn": { + "type": "string", + "description": "Date and time when the OAuth integration was created.\n" + }, + "enabled": { + "type": "boolean", + "description": "Specifies whether this OAuth integration is enabled or disabled.\n" + }, + "name": { + "type": "string", + "description": "Specifies the name of the OAuth integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.\n" + }, + "oauthClient": { + "type": "string", + "description": "Specifies the OAuth client type.\n" + }, + "oauthIssueRefreshTokens": { + "type": "boolean", + "description": "Specifies whether to allow the client to exchange a refresh token for an access token when the current access token has expired.\n" + }, + "oauthRefreshTokenValidity": { + "type": "integer", + "description": "Specifies how long refresh tokens should be valid (in seconds). OAUTH*ISSUE*REFRESH_TOKENS must be set to TRUE.\n" + }, + "oauthUseSecondaryRoles": { + "type": "string", + "description": "Specifies whether default secondary roles set in the user properties are activated by default in the session being opened.\n" + } + }, + "type": "object" + } + }, "snowflake:index/pipe:Pipe": { "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as snowflake from \"@pulumi/snowflake\";\n\nconst pipe = new snowflake.Pipe(\"pipe\", {\n autoIngest: false,\n awsSnsTopicArn: \"...\",\n comment: \"A pipe.\",\n copyStatement: \"copy into mytable from @mystage\",\n database: \"db\",\n notificationChannel: \"...\",\n owner: \"role1\",\n schema: \"schema\",\n});\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n# format is database name | schema name | pipe name\n\n```sh\n $ pulumi import snowflake:index/pipe:Pipe example 'dbName|schemaName|pipeName'\n```\n\n ", "properties": { @@ -5705,6 +5851,13 @@ "type": "integer" }, "description": "A list of percentage thresholds at which to suspend all warehouses.\n" + }, + "warehouses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of warehouses to apply the resource monitor to.\n" } }, "required": [ @@ -5758,6 +5911,13 @@ "type": "integer" }, "description": "A list of percentage thresholds at which to suspend all warehouses.\n" + }, + "warehouses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of warehouses to apply the resource monitor to.\n" } }, "stateInputs": { @@ -5807,6 +5967,13 @@ "type": "integer" }, "description": "A list of percentage thresholds at which to suspend all warehouses.\n" + }, + "warehouses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of warehouses to apply the resource monitor to.\n" } }, "type": "object" @@ -6227,6 +6394,247 @@ "type": "object" } }, + "snowflake:index/samlIntegration:SamlIntegration": { + "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as snowflake from \"@pulumi/snowflake\";\n\nconst samlIntegration = new snowflake.SamlIntegration(\"saml_integration\", {\n enabled: true,\n saml2Issuer: \"test_issuer\",\n saml2Provider: \"CUSTOM\",\n saml2SsoUrl: \"https://testsamlissuer.com\",\n saml2X509Cert: \"MIICYzCCAcygAwIBAgIBADANBgkqhkiG9w0BAQUFADAuMQswCQYDVQQGEwJVUzEMMAoGA1UEChMDSUJNMREwDwYDVQQLEwhMb2NhbCBDQTAeFw05OTEyMjIwNTAwMDBaFw0wMDEyMjMwNDU5NTlaMC4xCzAJBgNVBAYTAlVTMQwwCgYDVQQKEwNJQk0xETAPBgNVBAsTCExvY2FsIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD2bZEo7xGaX2/0GHkrNFZvlxBou9v1Jmt/PDiTMPve8r9FeJAQ0QdvFST/0JPQYD20rH0bimdDLgNdNynmyRoS2S/IInfpmf69iyc2G0TPyRvmHIiOZbdCd+YBHQi1adkj17NDcWj6S14tVurFX73zx0sNoMS79q3tuXKrDsxeuwIDAQABo4GQMIGNMEsGCVUdDwGG+EIBDQQ+EzxHZW5lcmF0ZWQgYnkgdGhlIFNlY3VyZVdheSBTZWN1cml0eSBTZXJ2ZXIgZm9yIE9TLzM5MCAoUkFDRikwDgYDVR0PAQH/BAQDAgAGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJ3+ocRyCTJw067dLSwr/nalx6YMMA0GCSqGSIb3DQEBBQUAA4GBAMaQzt+zaj1GU77yzlr8iiMBXgdQrwsZZWJo5exnAucJAEYQZmOfyLiMD6oYq+ZnfvM0n8G/Y79q8nhwvuxpYOnRSAXFp6xSkrIOeZtJMY1h00LKp/JX3Ng1svZ2agE126JHsQ0bhzN5TKsYfbwfTwfjdWAGy6Vf1nYi/rO+ryMO\",\n});\n```\n```python\nimport pulumi\nimport pulumi_snowflake as snowflake\n\nsaml_integration = snowflake.SamlIntegration(\"samlIntegration\",\n enabled=True,\n saml2_issuer=\"test_issuer\",\n saml2_provider=\"CUSTOM\",\n saml2_sso_url=\"https://testsamlissuer.com\",\n saml2_x509_cert=\"MIICYzCCAcygAwIBAgIBADANBgkqhkiG9w0BAQUFADAuMQswCQYDVQQGEwJVUzEMMAoGA1UEChMDSUJNMREwDwYDVQQLEwhMb2NhbCBDQTAeFw05OTEyMjIwNTAwMDBaFw0wMDEyMjMwNDU5NTlaMC4xCzAJBgNVBAYTAlVTMQwwCgYDVQQKEwNJQk0xETAPBgNVBAsTCExvY2FsIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD2bZEo7xGaX2/0GHkrNFZvlxBou9v1Jmt/PDiTMPve8r9FeJAQ0QdvFST/0JPQYD20rH0bimdDLgNdNynmyRoS2S/IInfpmf69iyc2G0TPyRvmHIiOZbdCd+YBHQi1adkj17NDcWj6S14tVurFX73zx0sNoMS79q3tuXKrDsxeuwIDAQABo4GQMIGNMEsGCVUdDwGG+EIBDQQ+EzxHZW5lcmF0ZWQgYnkgdGhlIFNlY3VyZVdheSBTZWN1cml0eSBTZXJ2ZXIgZm9yIE9TLzM5MCAoUkFDRikwDgYDVR0PAQH/BAQDAgAGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJ3+ocRyCTJw067dLSwr/nalx6YMMA0GCSqGSIb3DQEBBQUAA4GBAMaQzt+zaj1GU77yzlr8iiMBXgdQrwsZZWJo5exnAucJAEYQZmOfyLiMD6oYq+ZnfvM0n8G/Y79q8nhwvuxpYOnRSAXFp6xSkrIOeZtJMY1h00LKp/JX3Ng1svZ2agE126JHsQ0bhzN5TKsYfbwfTwfjdWAGy6Vf1nYi/rO+ryMO\")\n```\n```csharp\nusing Pulumi;\nusing Snowflake = Pulumi.Snowflake;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var samlIntegration = new Snowflake.SamlIntegration(\"samlIntegration\", new Snowflake.SamlIntegrationArgs\n {\n Enabled = true,\n Saml2Issuer = \"test_issuer\",\n Saml2Provider = \"CUSTOM\",\n Saml2SsoUrl = \"https://testsamlissuer.com\",\n Saml2X509Cert = \"MIICYzCCAcygAwIBAgIBADANBgkqhkiG9w0BAQUFADAuMQswCQYDVQQGEwJVUzEMMAoGA1UEChMDSUJNMREwDwYDVQQLEwhMb2NhbCBDQTAeFw05OTEyMjIwNTAwMDBaFw0wMDEyMjMwNDU5NTlaMC4xCzAJBgNVBAYTAlVTMQwwCgYDVQQKEwNJQk0xETAPBgNVBAsTCExvY2FsIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD2bZEo7xGaX2/0GHkrNFZvlxBou9v1Jmt/PDiTMPve8r9FeJAQ0QdvFST/0JPQYD20rH0bimdDLgNdNynmyRoS2S/IInfpmf69iyc2G0TPyRvmHIiOZbdCd+YBHQi1adkj17NDcWj6S14tVurFX73zx0sNoMS79q3tuXKrDsxeuwIDAQABo4GQMIGNMEsGCVUdDwGG+EIBDQQ+EzxHZW5lcmF0ZWQgYnkgdGhlIFNlY3VyZVdheSBTZWN1cml0eSBTZXJ2ZXIgZm9yIE9TLzM5MCAoUkFDRikwDgYDVR0PAQH/BAQDAgAGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJ3+ocRyCTJw067dLSwr/nalx6YMMA0GCSqGSIb3DQEBBQUAA4GBAMaQzt+zaj1GU77yzlr8iiMBXgdQrwsZZWJo5exnAucJAEYQZmOfyLiMD6oYq+ZnfvM0n8G/Y79q8nhwvuxpYOnRSAXFp6xSkrIOeZtJMY1h00LKp/JX3Ng1svZ2agE126JHsQ0bhzN5TKsYfbwfTwfjdWAGy6Vf1nYi/rO+ryMO\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-snowflake/sdk/go/snowflake\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := snowflake.NewSamlIntegration(ctx, \"samlIntegration\", \u0026snowflake.SamlIntegrationArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tSaml2Issuer: pulumi.String(\"test_issuer\"),\n\t\t\tSaml2Provider: pulumi.String(\"CUSTOM\"),\n\t\t\tSaml2SsoUrl: pulumi.String(\"https://testsamlissuer.com\"),\n\t\t\tSaml2X509Cert: pulumi.String(\"MIICYzCCAcygAwIBAgIBADANBgkqhkiG9w0BAQUFADAuMQswCQYDVQQGEwJVUzEMMAoGA1UEChMDSUJNMREwDwYDVQQLEwhMb2NhbCBDQTAeFw05OTEyMjIwNTAwMDBaFw0wMDEyMjMwNDU5NTlaMC4xCzAJBgNVBAYTAlVTMQwwCgYDVQQKEwNJQk0xETAPBgNVBAsTCExvY2FsIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD2bZEo7xGaX2/0GHkrNFZvlxBou9v1Jmt/PDiTMPve8r9FeJAQ0QdvFST/0JPQYD20rH0bimdDLgNdNynmyRoS2S/IInfpmf69iyc2G0TPyRvmHIiOZbdCd+YBHQi1adkj17NDcWj6S14tVurFX73zx0sNoMS79q3tuXKrDsxeuwIDAQABo4GQMIGNMEsGCVUdDwGG+EIBDQQ+EzxHZW5lcmF0ZWQgYnkgdGhlIFNlY3VyZVdheSBTZWN1cml0eSBTZXJ2ZXIgZm9yIE9TLzM5MCAoUkFDRikwDgYDVR0PAQH/BAQDAgAGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJ3+ocRyCTJw067dLSwr/nalx6YMMA0GCSqGSIb3DQEBBQUAA4GBAMaQzt+zaj1GU77yzlr8iiMBXgdQrwsZZWJo5exnAucJAEYQZmOfyLiMD6oYq+ZnfvM0n8G/Y79q8nhwvuxpYOnRSAXFp6xSkrIOeZtJMY1h00LKp/JX3Ng1svZ2agE126JHsQ0bhzN5TKsYfbwfTwfjdWAGy6Vf1nYi/rO+ryMO\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n\n\n```sh\n $ pulumi import snowflake:index/samlIntegration:SamlIntegration example name\n```\n\n ", + "properties": { + "createdOn": { + "type": "string", + "description": "Date and time when the SAML integration was created.\n" + }, + "enabled": { + "type": "boolean", + "description": "Specifies whether this security integration is enabled or disabled.\n" + }, + "name": { + "type": "string", + "description": "Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.\n" + }, + "saml2DigestMethodsUsed": { + "type": "string" + }, + "saml2EnableSpInitiated": { + "type": "boolean", + "description": "The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page.\n" + }, + "saml2ForceAuthn": { + "type": "boolean", + "description": "The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake.\n" + }, + "saml2Issuer": { + "type": "string", + "description": "The string containing the IdP EntityID / Issuer.\n" + }, + "saml2PostLogoutRedirectUrl": { + "type": "string", + "description": "The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.\n" + }, + "saml2Provider": { + "type": "string", + "description": "The string describing the IdP. One of the following: OKTA, ADFS, Custom.\n" + }, + "saml2RequestedNameidFormat": { + "type": "string", + "description": "The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient .\n" + }, + "saml2SignRequest": { + "type": "boolean", + "description": "The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed.\n" + }, + "saml2SignatureMethodsUsed": { + "type": "string" + }, + "saml2SnowflakeAcsUrl": { + "type": "string", + "description": "The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\\n\\n.\\n\\n.snowflakecomputing.com/fed/login\n" + }, + "saml2SnowflakeIssuerUrl": { + "type": "string", + "description": "The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.\n" + }, + "saml2SnowflakeMetadata": { + "type": "string", + "description": "Metadata created by Snowflake to provide to SAML2 provider.\n" + }, + "saml2SnowflakeX509Cert": { + "type": "string", + "description": "The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value.\n" + }, + "saml2SpInitiatedLoginPageLabel": { + "type": "string", + "description": "The string containing the label to display after the Log In With button on the login page.\n" + }, + "saml2SsoUrl": { + "type": "string", + "description": "The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message.\n" + }, + "saml2X509Cert": { + "type": "string", + "description": "The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers.\n" + } + }, + "required": [ + "createdOn", + "name", + "saml2DigestMethodsUsed", + "saml2Issuer", + "saml2Provider", + "saml2SignatureMethodsUsed", + "saml2SnowflakeAcsUrl", + "saml2SnowflakeIssuerUrl", + "saml2SnowflakeMetadata", + "saml2SnowflakeX509Cert", + "saml2SsoUrl", + "saml2X509Cert" + ], + "inputProperties": { + "enabled": { + "type": "boolean", + "description": "Specifies whether this security integration is enabled or disabled.\n" + }, + "name": { + "type": "string", + "description": "Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.\n" + }, + "saml2EnableSpInitiated": { + "type": "boolean", + "description": "The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page.\n" + }, + "saml2ForceAuthn": { + "type": "boolean", + "description": "The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake.\n" + }, + "saml2Issuer": { + "type": "string", + "description": "The string containing the IdP EntityID / Issuer.\n" + }, + "saml2PostLogoutRedirectUrl": { + "type": "string", + "description": "The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.\n" + }, + "saml2Provider": { + "type": "string", + "description": "The string describing the IdP. One of the following: OKTA, ADFS, Custom.\n" + }, + "saml2RequestedNameidFormat": { + "type": "string", + "description": "The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient .\n" + }, + "saml2SignRequest": { + "type": "boolean", + "description": "The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed.\n" + }, + "saml2SnowflakeAcsUrl": { + "type": "string", + "description": "The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\\n\\n.\\n\\n.snowflakecomputing.com/fed/login\n" + }, + "saml2SnowflakeIssuerUrl": { + "type": "string", + "description": "The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.\n" + }, + "saml2SnowflakeX509Cert": { + "type": "string", + "description": "The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value.\n" + }, + "saml2SpInitiatedLoginPageLabel": { + "type": "string", + "description": "The string containing the label to display after the Log In With button on the login page.\n" + }, + "saml2SsoUrl": { + "type": "string", + "description": "The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message.\n" + }, + "saml2X509Cert": { + "type": "string", + "description": "The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers.\n" + } + }, + "requiredInputs": [ + "saml2Issuer", + "saml2Provider", + "saml2SsoUrl", + "saml2X509Cert" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SamlIntegration resources.\n", + "properties": { + "createdOn": { + "type": "string", + "description": "Date and time when the SAML integration was created.\n" + }, + "enabled": { + "type": "boolean", + "description": "Specifies whether this security integration is enabled or disabled.\n" + }, + "name": { + "type": "string", + "description": "Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.\n" + }, + "saml2DigestMethodsUsed": { + "type": "string" + }, + "saml2EnableSpInitiated": { + "type": "boolean", + "description": "The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page.\n" + }, + "saml2ForceAuthn": { + "type": "boolean", + "description": "The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake.\n" + }, + "saml2Issuer": { + "type": "string", + "description": "The string containing the IdP EntityID / Issuer.\n" + }, + "saml2PostLogoutRedirectUrl": { + "type": "string", + "description": "The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.\n" + }, + "saml2Provider": { + "type": "string", + "description": "The string describing the IdP. One of the following: OKTA, ADFS, Custom.\n" + }, + "saml2RequestedNameidFormat": { + "type": "string", + "description": "The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient .\n" + }, + "saml2SignRequest": { + "type": "boolean", + "description": "The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed.\n" + }, + "saml2SignatureMethodsUsed": { + "type": "string" + }, + "saml2SnowflakeAcsUrl": { + "type": "string", + "description": "The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\\n\\n.\\n\\n.snowflakecomputing.com/fed/login\n" + }, + "saml2SnowflakeIssuerUrl": { + "type": "string", + "description": "The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.\n" + }, + "saml2SnowflakeMetadata": { + "type": "string", + "description": "Metadata created by Snowflake to provide to SAML2 provider.\n" + }, + "saml2SnowflakeX509Cert": { + "type": "string", + "description": "The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value.\n" + }, + "saml2SpInitiatedLoginPageLabel": { + "type": "string", + "description": "The string containing the label to display after the Log In With button on the login page.\n" + }, + "saml2SsoUrl": { + "type": "string", + "description": "The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message.\n" + }, + "saml2X509Cert": { + "type": "string", + "description": "The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers.\n" + } + }, + "type": "object" + } + }, "snowflake:index/schema:Schema": { "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as snowflake from \"@pulumi/snowflake\";\n\nconst schema = new snowflake.Schema(\"schema\", {\n comment: \"A schema.\",\n dataRetentionDays: 1,\n database: \"db\",\n isManaged: false,\n isTransient: false,\n});\n```\n```python\nimport pulumi\nimport pulumi_snowflake as snowflake\n\nschema = snowflake.Schema(\"schema\",\n comment=\"A schema.\",\n data_retention_days=1,\n database=\"db\",\n is_managed=False,\n is_transient=False)\n```\n```csharp\nusing Pulumi;\nusing Snowflake = Pulumi.Snowflake;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var schema = new Snowflake.Schema(\"schema\", new Snowflake.SchemaArgs\n {\n Comment = \"A schema.\",\n DataRetentionDays = 1,\n Database = \"db\",\n IsManaged = false,\n IsTransient = false,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-snowflake/sdk/go/snowflake\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := snowflake.NewSchema(ctx, \"schema\", \u0026snowflake.SchemaArgs{\n\t\t\tComment: pulumi.String(\"A schema.\"),\n\t\t\tDataRetentionDays: pulumi.Int(1),\n\t\t\tDatabase: pulumi.String(\"db\"),\n\t\t\tIsManaged: pulumi.Bool(false),\n\t\t\tIsTransient: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n# format is dbName | schemaName\n\n```sh\n $ pulumi import snowflake:index/schema:Schema example 'dbName|schemaName'\n```\n\n ", "properties": { @@ -7968,6 +8376,10 @@ "type": "boolean", "description": "Specifies if the task should be started (enabled) after creation or should remain suspended (default).\n" }, + "errorIntegration": { + "type": "string", + "description": "Specifies the name of the notification integration used for error notifications.\n" + }, "name": { "type": "string", "description": "Specifies the identifier for the task; must be unique for the database and schema in which the task is created.\n" @@ -8031,6 +8443,10 @@ "type": "boolean", "description": "Specifies if the task should be started (enabled) after creation or should remain suspended (default).\n" }, + "errorIntegration": { + "type": "string", + "description": "Specifies the name of the notification integration used for error notifications.\n" + }, "name": { "type": "string", "description": "Specifies the identifier for the task; must be unique for the database and schema in which the task is created.\n" @@ -8095,6 +8511,10 @@ "type": "boolean", "description": "Specifies if the task should be started (enabled) after creation or should remain suspended (default).\n" }, + "errorIntegration": { + "type": "string", + "description": "Specifies the name of the notification integration used for error notifications.\n" + }, "name": { "type": "string", "description": "Specifies the identifier for the task; must be unique for the database and schema in which the task is created.\n" diff --git a/provider/go.mod b/provider/go.mod index 784a7b89..435762e7 100644 --- a/provider/go.mod +++ b/provider/go.mod @@ -8,7 +8,7 @@ replace ( ) require ( - github.com/chanzuckerberg/terraform-provider-snowflake v0.25.34 + github.com/chanzuckerberg/terraform-provider-snowflake v0.26.1 github.com/hashicorp/terraform-plugin-sdk v1.9.1 // indirect github.com/pulumi/pulumi-terraform-bridge/v3 v3.18.0 github.com/pulumi/pulumi/sdk/v3 v3.23.2 diff --git a/provider/go.sum b/provider/go.sum index 31765962..1605b43a 100644 --- a/provider/go.sum +++ b/provider/go.sum @@ -289,8 +289,8 @@ github.com/chanzuckerberg/aws-oidc v0.23.1/go.mod h1:AbN6f7tGQ1aR8kJdr5Mpnyk3iab github.com/chanzuckerberg/go-misc v0.0.0-20200814145037-61fd36eedee6/go.mod h1:5GljuH2+xw/T7ovs4sRj9WbNRrgePgom8sMzJJPlAAo= github.com/chanzuckerberg/go-misc v0.0.0-20210907173712-618127c04a73 h1:CD7GXPOaHahGVTrmqF7qr+xARoTwWZXHW2u0v7cM5KE= github.com/chanzuckerberg/go-misc v0.0.0-20210907173712-618127c04a73/go.mod h1:4Kf7OxUaVoQxT2PJt44vy93byI0T7sJqlwEoVevclHE= -github.com/chanzuckerberg/terraform-provider-snowflake v0.25.34 h1:M2NEL6AdST/+NFILLgfKxXq+ws/g6fZknmnMpNIeKZU= -github.com/chanzuckerberg/terraform-provider-snowflake v0.25.34/go.mod h1:EWaIce3+oGUPGk+RgK+OnUy/+KCEclC62QFJrrwLn7M= +github.com/chanzuckerberg/terraform-provider-snowflake v0.26.1 h1:40FdHhpKIxUz1JbC7Ff2zx5xKO0SPZTQUvBioAT6u+E= +github.com/chanzuckerberg/terraform-provider-snowflake v0.26.1/go.mod h1:0lipnkJtNYw5TTeuiWiIu9zu1tZdRlOwGjQK5ZAsrlM= github.com/cheggaaa/pb v1.0.18/go.mod h1:pQciLPpbU0oxA0h+VJYYLxO+XeDQb5pZijXscXHm81s= github.com/cheggaaa/pb v1.0.27 h1:wIkZHkNfC7R6GI5w7l/PdAdzXzlrbcI3p8OAlnkTsnc= github.com/cheggaaa/pb v1.0.27/go.mod h1:pQciLPpbU0oxA0h+VJYYLxO+XeDQb5pZijXscXHm81s= @@ -1776,8 +1776,8 @@ golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.8 h1:P1HhGGuLW4aAclzjtmJdf0mJOjVUZUzOTqkAkWL+l6w= -golang.org/x/tools v0.1.8/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU= +golang.org/x/tools v0.1.9 h1:j9KsMiaP1c3B0OTQGth0/k+miLGTgLsAFUCrF2vLcF8= +golang.org/x/tools v0.1.9/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/provider/resources.go b/provider/resources.go index 29e8d581..396b34ae 100644 --- a/provider/resources.go +++ b/provider/resources.go @@ -129,6 +129,8 @@ func Provider() tfbridge.ProviderInfo { "snowflake_view_grant": {Tok: makeResource(mainMod, "ViewGrant")}, "snowflake_warehouse": {Tok: makeResource(mainMod, "Warehouse")}, "snowflake_warehouse_grant": {Tok: makeResource(mainMod, "WarehouseGrant")}, + "snowflake_oauth_integration": {Tok: makeResource(mainMod, "OauthIntegration")}, + "snowflake_saml_integration": {Tok: makeResource(mainMod, "SamlIntegration")}, }, DataSources: map[string]*tfbridge.DataSourceInfo{ "snowflake_current_account": {Tok: makeDataSource(mainMod, "getCurrentAccount")}, diff --git a/sdk/dotnet/Database.cs b/sdk/dotnet/Database.cs index f5131ac7..529810fc 100644 --- a/sdk/dotnet/Database.cs +++ b/sdk/dotnet/Database.cs @@ -55,6 +55,12 @@ public partial class Database : Pulumi.CustomResource [Output("fromDatabase")] public Output FromDatabase { get; private set; } = null!; + /// + /// Specify a fully-qualified path to a database to create a replica from. + /// + [Output("fromReplica")] + public Output FromReplica { get; private set; } = null!; + /// /// Specify a provider and a share in this map to create a database from a share. /// @@ -128,6 +134,12 @@ public sealed class DatabaseArgs : Pulumi.ResourceArgs [Input("fromDatabase")] public Input? FromDatabase { get; set; } + /// + /// Specify a fully-qualified path to a database to create a replica from. + /// + [Input("fromReplica")] + public Input? FromReplica { get; set; } + [Input("fromShare")] private InputMap? _fromShare; @@ -174,6 +186,12 @@ public sealed class DatabaseState : Pulumi.ResourceArgs [Input("fromDatabase")] public Input? FromDatabase { get; set; } + /// + /// Specify a fully-qualified path to a database to create a replica from. + /// + [Input("fromReplica")] + public Input? FromReplica { get; set; } + [Input("fromShare")] private InputMap? _fromShare; diff --git a/sdk/dotnet/OauthIntegration.cs b/sdk/dotnet/OauthIntegration.cs new file mode 100644 index 00000000..bc4352e4 --- /dev/null +++ b/sdk/dotnet/OauthIntegration.cs @@ -0,0 +1,273 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Snowflake +{ + /// + /// ## Example Usage + /// + /// ```csharp + /// using Pulumi; + /// using Snowflake = Pulumi.Snowflake; + /// + /// class MyStack : Stack + /// { + /// public MyStack() + /// { + /// var tableauDesktop = new Snowflake.OauthIntegration("tableauDesktop", new Snowflake.OauthIntegrationArgs + /// { + /// BlockedRolesLists = + /// { + /// "SYSADMIN", + /// }, + /// Enabled = true, + /// OauthClient = "TABLEAU_DESKTOP", + /// OauthIssueRefreshTokens = true, + /// OauthRefreshTokenValidity = 3600, + /// }); + /// } + /// + /// } + /// ``` + /// + /// ## Import + /// + /// ```sh + /// $ pulumi import snowflake:index/oauthIntegration:OauthIntegration example name + /// ``` + /// + [SnowflakeResourceType("snowflake:index/oauthIntegration:OauthIntegration")] + public partial class OauthIntegration : Pulumi.CustomResource + { + /// + /// List of roles that a user cannot explicitly consent to using after authenticating. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates. + /// + [Output("blockedRolesLists")] + public Output> BlockedRolesLists { get; private set; } = null!; + + /// + /// Specifies a comment for the OAuth integration. + /// + [Output("comment")] + public Output Comment { get; private set; } = null!; + + /// + /// Date and time when the OAuth integration was created. + /// + [Output("createdOn")] + public Output CreatedOn { get; private set; } = null!; + + /// + /// Specifies whether this OAuth integration is enabled or disabled. + /// + [Output("enabled")] + public Output Enabled { get; private set; } = null!; + + /// + /// Specifies the name of the OAuth integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + /// + [Output("name")] + public Output Name { get; private set; } = null!; + + /// + /// Specifies the OAuth client type. + /// + [Output("oauthClient")] + public Output OauthClient { get; private set; } = null!; + + /// + /// Specifies whether to allow the client to exchange a refresh token for an access token when the current access token has expired. + /// + [Output("oauthIssueRefreshTokens")] + public Output OauthIssueRefreshTokens { get; private set; } = null!; + + /// + /// Specifies how long refresh tokens should be valid (in seconds). OAUTH*ISSUE*REFRESH_TOKENS must be set to TRUE. + /// + [Output("oauthRefreshTokenValidity")] + public Output OauthRefreshTokenValidity { get; private set; } = null!; + + /// + /// Specifies whether default secondary roles set in the user properties are activated by default in the session being opened. + /// + [Output("oauthUseSecondaryRoles")] + public Output OauthUseSecondaryRoles { get; private set; } = null!; + + + /// + /// Create a OauthIntegration resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public OauthIntegration(string name, OauthIntegrationArgs args, CustomResourceOptions? options = null) + : base("snowflake:index/oauthIntegration:OauthIntegration", name, args ?? new OauthIntegrationArgs(), MakeResourceOptions(options, "")) + { + } + + private OauthIntegration(string name, Input id, OauthIntegrationState? state = null, CustomResourceOptions? options = null) + : base("snowflake:index/oauthIntegration:OauthIntegration", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing OauthIntegration resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static OauthIntegration Get(string name, Input id, OauthIntegrationState? state = null, CustomResourceOptions? options = null) + { + return new OauthIntegration(name, id, state, options); + } + } + + public sealed class OauthIntegrationArgs : Pulumi.ResourceArgs + { + [Input("blockedRolesLists")] + private InputList? _blockedRolesLists; + + /// + /// List of roles that a user cannot explicitly consent to using after authenticating. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates. + /// + public InputList BlockedRolesLists + { + get => _blockedRolesLists ?? (_blockedRolesLists = new InputList()); + set => _blockedRolesLists = value; + } + + /// + /// Specifies a comment for the OAuth integration. + /// + [Input("comment")] + public Input? Comment { get; set; } + + /// + /// Specifies whether this OAuth integration is enabled or disabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// Specifies the name of the OAuth integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + /// + [Input("name")] + public Input? Name { get; set; } + + /// + /// Specifies the OAuth client type. + /// + [Input("oauthClient", required: true)] + public Input OauthClient { get; set; } = null!; + + /// + /// Specifies whether to allow the client to exchange a refresh token for an access token when the current access token has expired. + /// + [Input("oauthIssueRefreshTokens")] + public Input? OauthIssueRefreshTokens { get; set; } + + /// + /// Specifies how long refresh tokens should be valid (in seconds). OAUTH*ISSUE*REFRESH_TOKENS must be set to TRUE. + /// + [Input("oauthRefreshTokenValidity")] + public Input? OauthRefreshTokenValidity { get; set; } + + /// + /// Specifies whether default secondary roles set in the user properties are activated by default in the session being opened. + /// + [Input("oauthUseSecondaryRoles")] + public Input? OauthUseSecondaryRoles { get; set; } + + public OauthIntegrationArgs() + { + } + } + + public sealed class OauthIntegrationState : Pulumi.ResourceArgs + { + [Input("blockedRolesLists")] + private InputList? _blockedRolesLists; + + /// + /// List of roles that a user cannot explicitly consent to using after authenticating. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates. + /// + public InputList BlockedRolesLists + { + get => _blockedRolesLists ?? (_blockedRolesLists = new InputList()); + set => _blockedRolesLists = value; + } + + /// + /// Specifies a comment for the OAuth integration. + /// + [Input("comment")] + public Input? Comment { get; set; } + + /// + /// Date and time when the OAuth integration was created. + /// + [Input("createdOn")] + public Input? CreatedOn { get; set; } + + /// + /// Specifies whether this OAuth integration is enabled or disabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// Specifies the name of the OAuth integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + /// + [Input("name")] + public Input? Name { get; set; } + + /// + /// Specifies the OAuth client type. + /// + [Input("oauthClient")] + public Input? OauthClient { get; set; } + + /// + /// Specifies whether to allow the client to exchange a refresh token for an access token when the current access token has expired. + /// + [Input("oauthIssueRefreshTokens")] + public Input? OauthIssueRefreshTokens { get; set; } + + /// + /// Specifies how long refresh tokens should be valid (in seconds). OAUTH*ISSUE*REFRESH_TOKENS must be set to TRUE. + /// + [Input("oauthRefreshTokenValidity")] + public Input? OauthRefreshTokenValidity { get; set; } + + /// + /// Specifies whether default secondary roles set in the user properties are activated by default in the session being opened. + /// + [Input("oauthUseSecondaryRoles")] + public Input? OauthUseSecondaryRoles { get; set; } + + public OauthIntegrationState() + { + } + } +} diff --git a/sdk/dotnet/ResourceMonitor.cs b/sdk/dotnet/ResourceMonitor.cs index 02a95010..f063be7d 100644 --- a/sdk/dotnet/ResourceMonitor.cs +++ b/sdk/dotnet/ResourceMonitor.cs @@ -107,6 +107,12 @@ public partial class ResourceMonitor : Pulumi.CustomResource [Output("suspendTriggers")] public Output> SuspendTriggers { get; private set; } = null!; + /// + /// A list of warehouses to apply the resource monitor to. + /// + [Output("warehouses")] + public Output> Warehouses { get; private set; } = null!; + /// /// Create a ResourceMonitor resource with the given unique name, arguments, and options. @@ -225,6 +231,18 @@ public InputList SuspendTriggers set => _suspendTriggers = value; } + [Input("warehouses")] + private InputList? _warehouses; + + /// + /// A list of warehouses to apply the resource monitor to. + /// + public InputList Warehouses + { + get => _warehouses ?? (_warehouses = new InputList()); + set => _warehouses = value; + } + public ResourceMonitorArgs() { } @@ -304,6 +322,18 @@ public InputList SuspendTriggers set => _suspendTriggers = value; } + [Input("warehouses")] + private InputList? _warehouses; + + /// + /// A list of warehouses to apply the resource monitor to. + /// + public InputList Warehouses + { + get => _warehouses ?? (_warehouses = new InputList()); + set => _warehouses = value; + } + public ResourceMonitorState() { } diff --git a/sdk/dotnet/SamlIntegration.cs b/sdk/dotnet/SamlIntegration.cs new file mode 100644 index 00000000..f911ce1b --- /dev/null +++ b/sdk/dotnet/SamlIntegration.cs @@ -0,0 +1,408 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Snowflake +{ + /// + /// ## Example Usage + /// + /// ```csharp + /// using Pulumi; + /// using Snowflake = Pulumi.Snowflake; + /// + /// class MyStack : Stack + /// { + /// public MyStack() + /// { + /// var samlIntegration = new Snowflake.SamlIntegration("samlIntegration", new Snowflake.SamlIntegrationArgs + /// { + /// Enabled = true, + /// Saml2Issuer = "test_issuer", + /// Saml2Provider = "CUSTOM", + /// Saml2SsoUrl = "https://testsamlissuer.com", + /// Saml2X509Cert = "MIICYzCCAcygAwIBAgIBADANBgkqhkiG9w0BAQUFADAuMQswCQYDVQQGEwJVUzEMMAoGA1UEChMDSUJNMREwDwYDVQQLEwhMb2NhbCBDQTAeFw05OTEyMjIwNTAwMDBaFw0wMDEyMjMwNDU5NTlaMC4xCzAJBgNVBAYTAlVTMQwwCgYDVQQKEwNJQk0xETAPBgNVBAsTCExvY2FsIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD2bZEo7xGaX2/0GHkrNFZvlxBou9v1Jmt/PDiTMPve8r9FeJAQ0QdvFST/0JPQYD20rH0bimdDLgNdNynmyRoS2S/IInfpmf69iyc2G0TPyRvmHIiOZbdCd+YBHQi1adkj17NDcWj6S14tVurFX73zx0sNoMS79q3tuXKrDsxeuwIDAQABo4GQMIGNMEsGCVUdDwGG+EIBDQQ+EzxHZW5lcmF0ZWQgYnkgdGhlIFNlY3VyZVdheSBTZWN1cml0eSBTZXJ2ZXIgZm9yIE9TLzM5MCAoUkFDRikwDgYDVR0PAQH/BAQDAgAGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJ3+ocRyCTJw067dLSwr/nalx6YMMA0GCSqGSIb3DQEBBQUAA4GBAMaQzt+zaj1GU77yzlr8iiMBXgdQrwsZZWJo5exnAucJAEYQZmOfyLiMD6oYq+ZnfvM0n8G/Y79q8nhwvuxpYOnRSAXFp6xSkrIOeZtJMY1h00LKp/JX3Ng1svZ2agE126JHsQ0bhzN5TKsYfbwfTwfjdWAGy6Vf1nYi/rO+ryMO", + /// }); + /// } + /// + /// } + /// ``` + /// + /// ## Import + /// + /// ```sh + /// $ pulumi import snowflake:index/samlIntegration:SamlIntegration example name + /// ``` + /// + [SnowflakeResourceType("snowflake:index/samlIntegration:SamlIntegration")] + public partial class SamlIntegration : Pulumi.CustomResource + { + /// + /// Date and time when the SAML integration was created. + /// + [Output("createdOn")] + public Output CreatedOn { get; private set; } = null!; + + /// + /// Specifies whether this security integration is enabled or disabled. + /// + [Output("enabled")] + public Output Enabled { get; private set; } = null!; + + /// + /// Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + /// + [Output("name")] + public Output Name { get; private set; } = null!; + + [Output("saml2DigestMethodsUsed")] + public Output Saml2DigestMethodsUsed { get; private set; } = null!; + + /// + /// The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page. + /// + [Output("saml2EnableSpInitiated")] + public Output Saml2EnableSpInitiated { get; private set; } = null!; + + /// + /// The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake. + /// + [Output("saml2ForceAuthn")] + public Output Saml2ForceAuthn { get; private set; } = null!; + + /// + /// The string containing the IdP EntityID / Issuer. + /// + [Output("saml2Issuer")] + public Output Saml2Issuer { get; private set; } = null!; + + /// + /// The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint. + /// + [Output("saml2PostLogoutRedirectUrl")] + public Output Saml2PostLogoutRedirectUrl { get; private set; } = null!; + + /// + /// The string describing the IdP. One of the following: OKTA, ADFS, Custom. + /// + [Output("saml2Provider")] + public Output Saml2Provider { get; private set; } = null!; + + /// + /// The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient . + /// + [Output("saml2RequestedNameidFormat")] + public Output Saml2RequestedNameidFormat { get; private set; } = null!; + + /// + /// The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed. + /// + [Output("saml2SignRequest")] + public Output Saml2SignRequest { get; private set; } = null!; + + [Output("saml2SignatureMethodsUsed")] + public Output Saml2SignatureMethodsUsed { get; private set; } = null!; + + /// + /// The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login + /// + [Output("saml2SnowflakeAcsUrl")] + public Output Saml2SnowflakeAcsUrl { get; private set; } = null!; + + /// + /// The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. + /// + [Output("saml2SnowflakeIssuerUrl")] + public Output Saml2SnowflakeIssuerUrl { get; private set; } = null!; + + /// + /// Metadata created by Snowflake to provide to SAML2 provider. + /// + [Output("saml2SnowflakeMetadata")] + public Output Saml2SnowflakeMetadata { get; private set; } = null!; + + /// + /// The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value. + /// + [Output("saml2SnowflakeX509Cert")] + public Output Saml2SnowflakeX509Cert { get; private set; } = null!; + + /// + /// The string containing the label to display after the Log In With button on the login page. + /// + [Output("saml2SpInitiatedLoginPageLabel")] + public Output Saml2SpInitiatedLoginPageLabel { get; private set; } = null!; + + /// + /// The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message. + /// + [Output("saml2SsoUrl")] + public Output Saml2SsoUrl { get; private set; } = null!; + + /// + /// The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers. + /// + [Output("saml2X509Cert")] + public Output Saml2X509Cert { get; private set; } = null!; + + + /// + /// Create a SamlIntegration resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public SamlIntegration(string name, SamlIntegrationArgs args, CustomResourceOptions? options = null) + : base("snowflake:index/samlIntegration:SamlIntegration", name, args ?? new SamlIntegrationArgs(), MakeResourceOptions(options, "")) + { + } + + private SamlIntegration(string name, Input id, SamlIntegrationState? state = null, CustomResourceOptions? options = null) + : base("snowflake:index/samlIntegration:SamlIntegration", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing SamlIntegration resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static SamlIntegration Get(string name, Input id, SamlIntegrationState? state = null, CustomResourceOptions? options = null) + { + return new SamlIntegration(name, id, state, options); + } + } + + public sealed class SamlIntegrationArgs : Pulumi.ResourceArgs + { + /// + /// Specifies whether this security integration is enabled or disabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + /// + [Input("name")] + public Input? Name { get; set; } + + /// + /// The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page. + /// + [Input("saml2EnableSpInitiated")] + public Input? Saml2EnableSpInitiated { get; set; } + + /// + /// The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake. + /// + [Input("saml2ForceAuthn")] + public Input? Saml2ForceAuthn { get; set; } + + /// + /// The string containing the IdP EntityID / Issuer. + /// + [Input("saml2Issuer", required: true)] + public Input Saml2Issuer { get; set; } = null!; + + /// + /// The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint. + /// + [Input("saml2PostLogoutRedirectUrl")] + public Input? Saml2PostLogoutRedirectUrl { get; set; } + + /// + /// The string describing the IdP. One of the following: OKTA, ADFS, Custom. + /// + [Input("saml2Provider", required: true)] + public Input Saml2Provider { get; set; } = null!; + + /// + /// The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient . + /// + [Input("saml2RequestedNameidFormat")] + public Input? Saml2RequestedNameidFormat { get; set; } + + /// + /// The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed. + /// + [Input("saml2SignRequest")] + public Input? Saml2SignRequest { get; set; } + + /// + /// The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login + /// + [Input("saml2SnowflakeAcsUrl")] + public Input? Saml2SnowflakeAcsUrl { get; set; } + + /// + /// The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. + /// + [Input("saml2SnowflakeIssuerUrl")] + public Input? Saml2SnowflakeIssuerUrl { get; set; } + + /// + /// The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value. + /// + [Input("saml2SnowflakeX509Cert")] + public Input? Saml2SnowflakeX509Cert { get; set; } + + /// + /// The string containing the label to display after the Log In With button on the login page. + /// + [Input("saml2SpInitiatedLoginPageLabel")] + public Input? Saml2SpInitiatedLoginPageLabel { get; set; } + + /// + /// The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message. + /// + [Input("saml2SsoUrl", required: true)] + public Input Saml2SsoUrl { get; set; } = null!; + + /// + /// The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers. + /// + [Input("saml2X509Cert", required: true)] + public Input Saml2X509Cert { get; set; } = null!; + + public SamlIntegrationArgs() + { + } + } + + public sealed class SamlIntegrationState : Pulumi.ResourceArgs + { + /// + /// Date and time when the SAML integration was created. + /// + [Input("createdOn")] + public Input? CreatedOn { get; set; } + + /// + /// Specifies whether this security integration is enabled or disabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + /// + [Input("name")] + public Input? Name { get; set; } + + [Input("saml2DigestMethodsUsed")] + public Input? Saml2DigestMethodsUsed { get; set; } + + /// + /// The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page. + /// + [Input("saml2EnableSpInitiated")] + public Input? Saml2EnableSpInitiated { get; set; } + + /// + /// The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake. + /// + [Input("saml2ForceAuthn")] + public Input? Saml2ForceAuthn { get; set; } + + /// + /// The string containing the IdP EntityID / Issuer. + /// + [Input("saml2Issuer")] + public Input? Saml2Issuer { get; set; } + + /// + /// The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint. + /// + [Input("saml2PostLogoutRedirectUrl")] + public Input? Saml2PostLogoutRedirectUrl { get; set; } + + /// + /// The string describing the IdP. One of the following: OKTA, ADFS, Custom. + /// + [Input("saml2Provider")] + public Input? Saml2Provider { get; set; } + + /// + /// The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient . + /// + [Input("saml2RequestedNameidFormat")] + public Input? Saml2RequestedNameidFormat { get; set; } + + /// + /// The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed. + /// + [Input("saml2SignRequest")] + public Input? Saml2SignRequest { get; set; } + + [Input("saml2SignatureMethodsUsed")] + public Input? Saml2SignatureMethodsUsed { get; set; } + + /// + /// The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login + /// + [Input("saml2SnowflakeAcsUrl")] + public Input? Saml2SnowflakeAcsUrl { get; set; } + + /// + /// The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. + /// + [Input("saml2SnowflakeIssuerUrl")] + public Input? Saml2SnowflakeIssuerUrl { get; set; } + + /// + /// Metadata created by Snowflake to provide to SAML2 provider. + /// + [Input("saml2SnowflakeMetadata")] + public Input? Saml2SnowflakeMetadata { get; set; } + + /// + /// The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value. + /// + [Input("saml2SnowflakeX509Cert")] + public Input? Saml2SnowflakeX509Cert { get; set; } + + /// + /// The string containing the label to display after the Log In With button on the login page. + /// + [Input("saml2SpInitiatedLoginPageLabel")] + public Input? Saml2SpInitiatedLoginPageLabel { get; set; } + + /// + /// The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message. + /// + [Input("saml2SsoUrl")] + public Input? Saml2SsoUrl { get; set; } + + /// + /// The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers. + /// + [Input("saml2X509Cert")] + public Input? Saml2X509Cert { get; set; } + + public SamlIntegrationState() + { + } + } +} diff --git a/sdk/dotnet/Task.cs b/sdk/dotnet/Task.cs index ca91d7e2..76409d51 100644 --- a/sdk/dotnet/Task.cs +++ b/sdk/dotnet/Task.cs @@ -94,6 +94,12 @@ public partial class Task : Pulumi.CustomResource [Output("enabled")] public Output Enabled { get; private set; } = null!; + /// + /// Specifies the name of the notification integration used for error notifications. + /// + [Output("errorIntegration")] + public Output ErrorIntegration { get; private set; } = null!; + /// /// Specifies the identifier for the task; must be unique for the database and schema in which the task is created. /// @@ -218,6 +224,12 @@ public sealed class TaskArgs : Pulumi.ResourceArgs [Input("enabled")] public Input? Enabled { get; set; } + /// + /// Specifies the name of the notification integration used for error notifications. + /// + [Input("errorIntegration")] + public Input? ErrorIntegration { get; set; } + /// /// Specifies the identifier for the task; must be unique for the database and schema in which the task is created. /// @@ -309,6 +321,12 @@ public sealed class TaskState : Pulumi.ResourceArgs [Input("enabled")] public Input? Enabled { get; set; } + /// + /// Specifies the name of the notification integration used for error notifications. + /// + [Input("errorIntegration")] + public Input? ErrorIntegration { get; set; } + /// /// Specifies the identifier for the task; must be unique for the database and schema in which the task is created. /// diff --git a/sdk/go/snowflake/database.go b/sdk/go/snowflake/database.go index 21d7c62b..8b1bc928 100644 --- a/sdk/go/snowflake/database.go +++ b/sdk/go/snowflake/database.go @@ -52,6 +52,8 @@ type Database struct { DataRetentionTimeInDays pulumi.IntOutput `pulumi:"dataRetentionTimeInDays"` // Specify a database to create a clone from. FromDatabase pulumi.StringPtrOutput `pulumi:"fromDatabase"` + // Specify a fully-qualified path to a database to create a replica from. + FromReplica pulumi.StringPtrOutput `pulumi:"fromReplica"` // Specify a provider and a share in this map to create a database from a share. FromShare pulumi.MapOutput `pulumi:"fromShare"` Name pulumi.StringOutput `pulumi:"name"` @@ -92,6 +94,8 @@ type databaseState struct { DataRetentionTimeInDays *int `pulumi:"dataRetentionTimeInDays"` // Specify a database to create a clone from. FromDatabase *string `pulumi:"fromDatabase"` + // Specify a fully-qualified path to a database to create a replica from. + FromReplica *string `pulumi:"fromReplica"` // Specify a provider and a share in this map to create a database from a share. FromShare map[string]interface{} `pulumi:"fromShare"` Name *string `pulumi:"name"` @@ -104,6 +108,8 @@ type DatabaseState struct { DataRetentionTimeInDays pulumi.IntPtrInput // Specify a database to create a clone from. FromDatabase pulumi.StringPtrInput + // Specify a fully-qualified path to a database to create a replica from. + FromReplica pulumi.StringPtrInput // Specify a provider and a share in this map to create a database from a share. FromShare pulumi.MapInput Name pulumi.StringPtrInput @@ -120,6 +126,8 @@ type databaseArgs struct { DataRetentionTimeInDays *int `pulumi:"dataRetentionTimeInDays"` // Specify a database to create a clone from. FromDatabase *string `pulumi:"fromDatabase"` + // Specify a fully-qualified path to a database to create a replica from. + FromReplica *string `pulumi:"fromReplica"` // Specify a provider and a share in this map to create a database from a share. FromShare map[string]interface{} `pulumi:"fromShare"` Name *string `pulumi:"name"` @@ -133,6 +141,8 @@ type DatabaseArgs struct { DataRetentionTimeInDays pulumi.IntPtrInput // Specify a database to create a clone from. FromDatabase pulumi.StringPtrInput + // Specify a fully-qualified path to a database to create a replica from. + FromReplica pulumi.StringPtrInput // Specify a provider and a share in this map to create a database from a share. FromShare pulumi.MapInput Name pulumi.StringPtrInput diff --git a/sdk/go/snowflake/init.go b/sdk/go/snowflake/init.go index 38d1b450..4bd1fb67 100644 --- a/sdk/go/snowflake/init.go +++ b/sdk/go/snowflake/init.go @@ -60,6 +60,8 @@ func (m *module) Construct(ctx *pulumi.Context, name, typ, urn string) (r pulumi r = &NetworkPolicyAttachment{} case "snowflake:index/notificationIntegration:NotificationIntegration": r = &NotificationIntegration{} + case "snowflake:index/oauthIntegration:OauthIntegration": + r = &OauthIntegration{} case "snowflake:index/pipe:Pipe": r = &Pipe{} case "snowflake:index/pipeGrant:PipeGrant": @@ -80,6 +82,8 @@ func (m *module) Construct(ctx *pulumi.Context, name, typ, urn string) (r pulumi r = &RowAccessPolicy{} case "snowflake:index/rowAccessPolicyGrant:RowAccessPolicyGrant": r = &RowAccessPolicyGrant{} + case "snowflake:index/samlIntegration:SamlIntegration": + r = &SamlIntegration{} case "snowflake:index/schema:Schema": r = &Schema{} case "snowflake:index/schemaGrant:SchemaGrant": @@ -255,6 +259,11 @@ func init() { "index/notificationIntegration", &module{version}, ) + pulumi.RegisterResourceModule( + "snowflake", + "index/oauthIntegration", + &module{version}, + ) pulumi.RegisterResourceModule( "snowflake", "index/pipe", @@ -305,6 +314,11 @@ func init() { "index/rowAccessPolicyGrant", &module{version}, ) + pulumi.RegisterResourceModule( + "snowflake", + "index/samlIntegration", + &module{version}, + ) pulumi.RegisterResourceModule( "snowflake", "index/schema", diff --git a/sdk/go/snowflake/oauthIntegration.go b/sdk/go/snowflake/oauthIntegration.go new file mode 100644 index 00000000..184f2288 --- /dev/null +++ b/sdk/go/snowflake/oauthIntegration.go @@ -0,0 +1,321 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package snowflake + +import ( + "context" + "reflect" + + "github.com/pkg/errors" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// ## Example Usage +// +// ```go +// package main +// +// import ( +// "github.com/pulumi/pulumi-snowflake/sdk/go/snowflake" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := snowflake.NewOauthIntegration(ctx, "tableauDesktop", &snowflake.OauthIntegrationArgs{ +// BlockedRolesLists: pulumi.StringArray{ +// pulumi.String("SYSADMIN"), +// }, +// Enabled: pulumi.Bool(true), +// OauthClient: pulumi.String("TABLEAU_DESKTOP"), +// OauthIssueRefreshTokens: pulumi.Bool(true), +// OauthRefreshTokenValidity: pulumi.Int(3600), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// ``` +// +// ## Import +// +// ```sh +// $ pulumi import snowflake:index/oauthIntegration:OauthIntegration example name +// ``` +type OauthIntegration struct { + pulumi.CustomResourceState + + // List of roles that a user cannot explicitly consent to using after authenticating. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates. + BlockedRolesLists pulumi.StringArrayOutput `pulumi:"blockedRolesLists"` + // Specifies a comment for the OAuth integration. + Comment pulumi.StringPtrOutput `pulumi:"comment"` + // Date and time when the OAuth integration was created. + CreatedOn pulumi.StringOutput `pulumi:"createdOn"` + // Specifies whether this OAuth integration is enabled or disabled. + Enabled pulumi.BoolPtrOutput `pulumi:"enabled"` + // Specifies the name of the OAuth integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + Name pulumi.StringOutput `pulumi:"name"` + // Specifies the OAuth client type. + OauthClient pulumi.StringOutput `pulumi:"oauthClient"` + // Specifies whether to allow the client to exchange a refresh token for an access token when the current access token has expired. + OauthIssueRefreshTokens pulumi.BoolPtrOutput `pulumi:"oauthIssueRefreshTokens"` + // Specifies how long refresh tokens should be valid (in seconds). OAUTH*ISSUE*REFRESH_TOKENS must be set to TRUE. + OauthRefreshTokenValidity pulumi.IntPtrOutput `pulumi:"oauthRefreshTokenValidity"` + // Specifies whether default secondary roles set in the user properties are activated by default in the session being opened. + OauthUseSecondaryRoles pulumi.StringPtrOutput `pulumi:"oauthUseSecondaryRoles"` +} + +// NewOauthIntegration registers a new resource with the given unique name, arguments, and options. +func NewOauthIntegration(ctx *pulumi.Context, + name string, args *OauthIntegrationArgs, opts ...pulumi.ResourceOption) (*OauthIntegration, error) { + if args == nil { + return nil, errors.New("missing one or more required arguments") + } + + if args.OauthClient == nil { + return nil, errors.New("invalid value for required argument 'OauthClient'") + } + var resource OauthIntegration + err := ctx.RegisterResource("snowflake:index/oauthIntegration:OauthIntegration", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetOauthIntegration gets an existing OauthIntegration resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetOauthIntegration(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *OauthIntegrationState, opts ...pulumi.ResourceOption) (*OauthIntegration, error) { + var resource OauthIntegration + err := ctx.ReadResource("snowflake:index/oauthIntegration:OauthIntegration", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering OauthIntegration resources. +type oauthIntegrationState struct { + // List of roles that a user cannot explicitly consent to using after authenticating. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates. + BlockedRolesLists []string `pulumi:"blockedRolesLists"` + // Specifies a comment for the OAuth integration. + Comment *string `pulumi:"comment"` + // Date and time when the OAuth integration was created. + CreatedOn *string `pulumi:"createdOn"` + // Specifies whether this OAuth integration is enabled or disabled. + Enabled *bool `pulumi:"enabled"` + // Specifies the name of the OAuth integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + Name *string `pulumi:"name"` + // Specifies the OAuth client type. + OauthClient *string `pulumi:"oauthClient"` + // Specifies whether to allow the client to exchange a refresh token for an access token when the current access token has expired. + OauthIssueRefreshTokens *bool `pulumi:"oauthIssueRefreshTokens"` + // Specifies how long refresh tokens should be valid (in seconds). OAUTH*ISSUE*REFRESH_TOKENS must be set to TRUE. + OauthRefreshTokenValidity *int `pulumi:"oauthRefreshTokenValidity"` + // Specifies whether default secondary roles set in the user properties are activated by default in the session being opened. + OauthUseSecondaryRoles *string `pulumi:"oauthUseSecondaryRoles"` +} + +type OauthIntegrationState struct { + // List of roles that a user cannot explicitly consent to using after authenticating. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates. + BlockedRolesLists pulumi.StringArrayInput + // Specifies a comment for the OAuth integration. + Comment pulumi.StringPtrInput + // Date and time when the OAuth integration was created. + CreatedOn pulumi.StringPtrInput + // Specifies whether this OAuth integration is enabled or disabled. + Enabled pulumi.BoolPtrInput + // Specifies the name of the OAuth integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + Name pulumi.StringPtrInput + // Specifies the OAuth client type. + OauthClient pulumi.StringPtrInput + // Specifies whether to allow the client to exchange a refresh token for an access token when the current access token has expired. + OauthIssueRefreshTokens pulumi.BoolPtrInput + // Specifies how long refresh tokens should be valid (in seconds). OAUTH*ISSUE*REFRESH_TOKENS must be set to TRUE. + OauthRefreshTokenValidity pulumi.IntPtrInput + // Specifies whether default secondary roles set in the user properties are activated by default in the session being opened. + OauthUseSecondaryRoles pulumi.StringPtrInput +} + +func (OauthIntegrationState) ElementType() reflect.Type { + return reflect.TypeOf((*oauthIntegrationState)(nil)).Elem() +} + +type oauthIntegrationArgs struct { + // List of roles that a user cannot explicitly consent to using after authenticating. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates. + BlockedRolesLists []string `pulumi:"blockedRolesLists"` + // Specifies a comment for the OAuth integration. + Comment *string `pulumi:"comment"` + // Specifies whether this OAuth integration is enabled or disabled. + Enabled *bool `pulumi:"enabled"` + // Specifies the name of the OAuth integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + Name *string `pulumi:"name"` + // Specifies the OAuth client type. + OauthClient string `pulumi:"oauthClient"` + // Specifies whether to allow the client to exchange a refresh token for an access token when the current access token has expired. + OauthIssueRefreshTokens *bool `pulumi:"oauthIssueRefreshTokens"` + // Specifies how long refresh tokens should be valid (in seconds). OAUTH*ISSUE*REFRESH_TOKENS must be set to TRUE. + OauthRefreshTokenValidity *int `pulumi:"oauthRefreshTokenValidity"` + // Specifies whether default secondary roles set in the user properties are activated by default in the session being opened. + OauthUseSecondaryRoles *string `pulumi:"oauthUseSecondaryRoles"` +} + +// The set of arguments for constructing a OauthIntegration resource. +type OauthIntegrationArgs struct { + // List of roles that a user cannot explicitly consent to using after authenticating. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates. + BlockedRolesLists pulumi.StringArrayInput + // Specifies a comment for the OAuth integration. + Comment pulumi.StringPtrInput + // Specifies whether this OAuth integration is enabled or disabled. + Enabled pulumi.BoolPtrInput + // Specifies the name of the OAuth integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + Name pulumi.StringPtrInput + // Specifies the OAuth client type. + OauthClient pulumi.StringInput + // Specifies whether to allow the client to exchange a refresh token for an access token when the current access token has expired. + OauthIssueRefreshTokens pulumi.BoolPtrInput + // Specifies how long refresh tokens should be valid (in seconds). OAUTH*ISSUE*REFRESH_TOKENS must be set to TRUE. + OauthRefreshTokenValidity pulumi.IntPtrInput + // Specifies whether default secondary roles set in the user properties are activated by default in the session being opened. + OauthUseSecondaryRoles pulumi.StringPtrInput +} + +func (OauthIntegrationArgs) ElementType() reflect.Type { + return reflect.TypeOf((*oauthIntegrationArgs)(nil)).Elem() +} + +type OauthIntegrationInput interface { + pulumi.Input + + ToOauthIntegrationOutput() OauthIntegrationOutput + ToOauthIntegrationOutputWithContext(ctx context.Context) OauthIntegrationOutput +} + +func (*OauthIntegration) ElementType() reflect.Type { + return reflect.TypeOf((**OauthIntegration)(nil)).Elem() +} + +func (i *OauthIntegration) ToOauthIntegrationOutput() OauthIntegrationOutput { + return i.ToOauthIntegrationOutputWithContext(context.Background()) +} + +func (i *OauthIntegration) ToOauthIntegrationOutputWithContext(ctx context.Context) OauthIntegrationOutput { + return pulumi.ToOutputWithContext(ctx, i).(OauthIntegrationOutput) +} + +// OauthIntegrationArrayInput is an input type that accepts OauthIntegrationArray and OauthIntegrationArrayOutput values. +// You can construct a concrete instance of `OauthIntegrationArrayInput` via: +// +// OauthIntegrationArray{ OauthIntegrationArgs{...} } +type OauthIntegrationArrayInput interface { + pulumi.Input + + ToOauthIntegrationArrayOutput() OauthIntegrationArrayOutput + ToOauthIntegrationArrayOutputWithContext(context.Context) OauthIntegrationArrayOutput +} + +type OauthIntegrationArray []OauthIntegrationInput + +func (OauthIntegrationArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*OauthIntegration)(nil)).Elem() +} + +func (i OauthIntegrationArray) ToOauthIntegrationArrayOutput() OauthIntegrationArrayOutput { + return i.ToOauthIntegrationArrayOutputWithContext(context.Background()) +} + +func (i OauthIntegrationArray) ToOauthIntegrationArrayOutputWithContext(ctx context.Context) OauthIntegrationArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(OauthIntegrationArrayOutput) +} + +// OauthIntegrationMapInput is an input type that accepts OauthIntegrationMap and OauthIntegrationMapOutput values. +// You can construct a concrete instance of `OauthIntegrationMapInput` via: +// +// OauthIntegrationMap{ "key": OauthIntegrationArgs{...} } +type OauthIntegrationMapInput interface { + pulumi.Input + + ToOauthIntegrationMapOutput() OauthIntegrationMapOutput + ToOauthIntegrationMapOutputWithContext(context.Context) OauthIntegrationMapOutput +} + +type OauthIntegrationMap map[string]OauthIntegrationInput + +func (OauthIntegrationMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*OauthIntegration)(nil)).Elem() +} + +func (i OauthIntegrationMap) ToOauthIntegrationMapOutput() OauthIntegrationMapOutput { + return i.ToOauthIntegrationMapOutputWithContext(context.Background()) +} + +func (i OauthIntegrationMap) ToOauthIntegrationMapOutputWithContext(ctx context.Context) OauthIntegrationMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(OauthIntegrationMapOutput) +} + +type OauthIntegrationOutput struct{ *pulumi.OutputState } + +func (OauthIntegrationOutput) ElementType() reflect.Type { + return reflect.TypeOf((**OauthIntegration)(nil)).Elem() +} + +func (o OauthIntegrationOutput) ToOauthIntegrationOutput() OauthIntegrationOutput { + return o +} + +func (o OauthIntegrationOutput) ToOauthIntegrationOutputWithContext(ctx context.Context) OauthIntegrationOutput { + return o +} + +type OauthIntegrationArrayOutput struct{ *pulumi.OutputState } + +func (OauthIntegrationArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*OauthIntegration)(nil)).Elem() +} + +func (o OauthIntegrationArrayOutput) ToOauthIntegrationArrayOutput() OauthIntegrationArrayOutput { + return o +} + +func (o OauthIntegrationArrayOutput) ToOauthIntegrationArrayOutputWithContext(ctx context.Context) OauthIntegrationArrayOutput { + return o +} + +func (o OauthIntegrationArrayOutput) Index(i pulumi.IntInput) OauthIntegrationOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *OauthIntegration { + return vs[0].([]*OauthIntegration)[vs[1].(int)] + }).(OauthIntegrationOutput) +} + +type OauthIntegrationMapOutput struct{ *pulumi.OutputState } + +func (OauthIntegrationMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*OauthIntegration)(nil)).Elem() +} + +func (o OauthIntegrationMapOutput) ToOauthIntegrationMapOutput() OauthIntegrationMapOutput { + return o +} + +func (o OauthIntegrationMapOutput) ToOauthIntegrationMapOutputWithContext(ctx context.Context) OauthIntegrationMapOutput { + return o +} + +func (o OauthIntegrationMapOutput) MapIndex(k pulumi.StringInput) OauthIntegrationOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *OauthIntegration { + return vs[0].(map[string]*OauthIntegration)[vs[1].(string)] + }).(OauthIntegrationOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*OauthIntegrationInput)(nil)).Elem(), &OauthIntegration{}) + pulumi.RegisterInputType(reflect.TypeOf((*OauthIntegrationArrayInput)(nil)).Elem(), OauthIntegrationArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*OauthIntegrationMapInput)(nil)).Elem(), OauthIntegrationMap{}) + pulumi.RegisterOutputType(OauthIntegrationOutput{}) + pulumi.RegisterOutputType(OauthIntegrationArrayOutput{}) + pulumi.RegisterOutputType(OauthIntegrationMapOutput{}) +} diff --git a/sdk/go/snowflake/resourceMonitor.go b/sdk/go/snowflake/resourceMonitor.go index 535edb12..622078fb 100644 --- a/sdk/go/snowflake/resourceMonitor.go +++ b/sdk/go/snowflake/resourceMonitor.go @@ -71,6 +71,8 @@ type ResourceMonitor struct { SuspendImmediateTriggers pulumi.IntArrayOutput `pulumi:"suspendImmediateTriggers"` // A list of percentage thresholds at which to suspend all warehouses. SuspendTriggers pulumi.IntArrayOutput `pulumi:"suspendTriggers"` + // A list of warehouses to apply the resource monitor to. + Warehouses pulumi.StringArrayOutput `pulumi:"warehouses"` } // NewResourceMonitor registers a new resource with the given unique name, arguments, and options. @@ -120,6 +122,8 @@ type resourceMonitorState struct { SuspendImmediateTriggers []int `pulumi:"suspendImmediateTriggers"` // A list of percentage thresholds at which to suspend all warehouses. SuspendTriggers []int `pulumi:"suspendTriggers"` + // A list of warehouses to apply the resource monitor to. + Warehouses []string `pulumi:"warehouses"` } type ResourceMonitorState struct { @@ -141,6 +145,8 @@ type ResourceMonitorState struct { SuspendImmediateTriggers pulumi.IntArrayInput // A list of percentage thresholds at which to suspend all warehouses. SuspendTriggers pulumi.IntArrayInput + // A list of warehouses to apply the resource monitor to. + Warehouses pulumi.StringArrayInput } func (ResourceMonitorState) ElementType() reflect.Type { @@ -166,6 +172,8 @@ type resourceMonitorArgs struct { SuspendImmediateTriggers []int `pulumi:"suspendImmediateTriggers"` // A list of percentage thresholds at which to suspend all warehouses. SuspendTriggers []int `pulumi:"suspendTriggers"` + // A list of warehouses to apply the resource monitor to. + Warehouses []string `pulumi:"warehouses"` } // The set of arguments for constructing a ResourceMonitor resource. @@ -188,6 +196,8 @@ type ResourceMonitorArgs struct { SuspendImmediateTriggers pulumi.IntArrayInput // A list of percentage thresholds at which to suspend all warehouses. SuspendTriggers pulumi.IntArrayInput + // A list of warehouses to apply the resource monitor to. + Warehouses pulumi.StringArrayInput } func (ResourceMonitorArgs) ElementType() reflect.Type { diff --git a/sdk/go/snowflake/samlIntegration.go b/sdk/go/snowflake/samlIntegration.go new file mode 100644 index 00000000..71976d40 --- /dev/null +++ b/sdk/go/snowflake/samlIntegration.go @@ -0,0 +1,410 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package snowflake + +import ( + "context" + "reflect" + + "github.com/pkg/errors" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// ## Example Usage +// +// ```go +// package main +// +// import ( +// "github.com/pulumi/pulumi-snowflake/sdk/go/snowflake" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := snowflake.NewSamlIntegration(ctx, "samlIntegration", &snowflake.SamlIntegrationArgs{ +// Enabled: pulumi.Bool(true), +// Saml2Issuer: pulumi.String("test_issuer"), +// Saml2Provider: pulumi.String("CUSTOM"), +// Saml2SsoUrl: pulumi.String("https://testsamlissuer.com"), +// Saml2X509Cert: pulumi.String("MIICYzCCAcygAwIBAgIBADANBgkqhkiG9w0BAQUFADAuMQswCQYDVQQGEwJVUzEMMAoGA1UEChMDSUJNMREwDwYDVQQLEwhMb2NhbCBDQTAeFw05OTEyMjIwNTAwMDBaFw0wMDEyMjMwNDU5NTlaMC4xCzAJBgNVBAYTAlVTMQwwCgYDVQQKEwNJQk0xETAPBgNVBAsTCExvY2FsIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD2bZEo7xGaX2/0GHkrNFZvlxBou9v1Jmt/PDiTMPve8r9FeJAQ0QdvFST/0JPQYD20rH0bimdDLgNdNynmyRoS2S/IInfpmf69iyc2G0TPyRvmHIiOZbdCd+YBHQi1adkj17NDcWj6S14tVurFX73zx0sNoMS79q3tuXKrDsxeuwIDAQABo4GQMIGNMEsGCVUdDwGG+EIBDQQ+EzxHZW5lcmF0ZWQgYnkgdGhlIFNlY3VyZVdheSBTZWN1cml0eSBTZXJ2ZXIgZm9yIE9TLzM5MCAoUkFDRikwDgYDVR0PAQH/BAQDAgAGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJ3+ocRyCTJw067dLSwr/nalx6YMMA0GCSqGSIb3DQEBBQUAA4GBAMaQzt+zaj1GU77yzlr8iiMBXgdQrwsZZWJo5exnAucJAEYQZmOfyLiMD6oYq+ZnfvM0n8G/Y79q8nhwvuxpYOnRSAXFp6xSkrIOeZtJMY1h00LKp/JX3Ng1svZ2agE126JHsQ0bhzN5TKsYfbwfTwfjdWAGy6Vf1nYi/rO+ryMO"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// ``` +// +// ## Import +// +// ```sh +// $ pulumi import snowflake:index/samlIntegration:SamlIntegration example name +// ``` +type SamlIntegration struct { + pulumi.CustomResourceState + + // Date and time when the SAML integration was created. + CreatedOn pulumi.StringOutput `pulumi:"createdOn"` + // Specifies whether this security integration is enabled or disabled. + Enabled pulumi.BoolPtrOutput `pulumi:"enabled"` + // Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + Name pulumi.StringOutput `pulumi:"name"` + Saml2DigestMethodsUsed pulumi.StringOutput `pulumi:"saml2DigestMethodsUsed"` + // The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page. + Saml2EnableSpInitiated pulumi.BoolPtrOutput `pulumi:"saml2EnableSpInitiated"` + // The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake. + Saml2ForceAuthn pulumi.BoolPtrOutput `pulumi:"saml2ForceAuthn"` + // The string containing the IdP EntityID / Issuer. + Saml2Issuer pulumi.StringOutput `pulumi:"saml2Issuer"` + // The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint. + Saml2PostLogoutRedirectUrl pulumi.StringPtrOutput `pulumi:"saml2PostLogoutRedirectUrl"` + // The string describing the IdP. One of the following: OKTA, ADFS, Custom. + Saml2Provider pulumi.StringOutput `pulumi:"saml2Provider"` + // The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient . + Saml2RequestedNameidFormat pulumi.StringPtrOutput `pulumi:"saml2RequestedNameidFormat"` + // The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed. + Saml2SignRequest pulumi.BoolPtrOutput `pulumi:"saml2SignRequest"` + Saml2SignatureMethodsUsed pulumi.StringOutput `pulumi:"saml2SignatureMethodsUsed"` + // The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login + Saml2SnowflakeAcsUrl pulumi.StringOutput `pulumi:"saml2SnowflakeAcsUrl"` + // The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. + Saml2SnowflakeIssuerUrl pulumi.StringOutput `pulumi:"saml2SnowflakeIssuerUrl"` + // Metadata created by Snowflake to provide to SAML2 provider. + Saml2SnowflakeMetadata pulumi.StringOutput `pulumi:"saml2SnowflakeMetadata"` + // The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value. + Saml2SnowflakeX509Cert pulumi.StringOutput `pulumi:"saml2SnowflakeX509Cert"` + // The string containing the label to display after the Log In With button on the login page. + Saml2SpInitiatedLoginPageLabel pulumi.StringPtrOutput `pulumi:"saml2SpInitiatedLoginPageLabel"` + // The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message. + Saml2SsoUrl pulumi.StringOutput `pulumi:"saml2SsoUrl"` + // The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers. + Saml2X509Cert pulumi.StringOutput `pulumi:"saml2X509Cert"` +} + +// NewSamlIntegration registers a new resource with the given unique name, arguments, and options. +func NewSamlIntegration(ctx *pulumi.Context, + name string, args *SamlIntegrationArgs, opts ...pulumi.ResourceOption) (*SamlIntegration, error) { + if args == nil { + return nil, errors.New("missing one or more required arguments") + } + + if args.Saml2Issuer == nil { + return nil, errors.New("invalid value for required argument 'Saml2Issuer'") + } + if args.Saml2Provider == nil { + return nil, errors.New("invalid value for required argument 'Saml2Provider'") + } + if args.Saml2SsoUrl == nil { + return nil, errors.New("invalid value for required argument 'Saml2SsoUrl'") + } + if args.Saml2X509Cert == nil { + return nil, errors.New("invalid value for required argument 'Saml2X509Cert'") + } + var resource SamlIntegration + err := ctx.RegisterResource("snowflake:index/samlIntegration:SamlIntegration", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetSamlIntegration gets an existing SamlIntegration resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetSamlIntegration(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *SamlIntegrationState, opts ...pulumi.ResourceOption) (*SamlIntegration, error) { + var resource SamlIntegration + err := ctx.ReadResource("snowflake:index/samlIntegration:SamlIntegration", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering SamlIntegration resources. +type samlIntegrationState struct { + // Date and time when the SAML integration was created. + CreatedOn *string `pulumi:"createdOn"` + // Specifies whether this security integration is enabled or disabled. + Enabled *bool `pulumi:"enabled"` + // Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + Name *string `pulumi:"name"` + Saml2DigestMethodsUsed *string `pulumi:"saml2DigestMethodsUsed"` + // The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page. + Saml2EnableSpInitiated *bool `pulumi:"saml2EnableSpInitiated"` + // The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake. + Saml2ForceAuthn *bool `pulumi:"saml2ForceAuthn"` + // The string containing the IdP EntityID / Issuer. + Saml2Issuer *string `pulumi:"saml2Issuer"` + // The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint. + Saml2PostLogoutRedirectUrl *string `pulumi:"saml2PostLogoutRedirectUrl"` + // The string describing the IdP. One of the following: OKTA, ADFS, Custom. + Saml2Provider *string `pulumi:"saml2Provider"` + // The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient . + Saml2RequestedNameidFormat *string `pulumi:"saml2RequestedNameidFormat"` + // The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed. + Saml2SignRequest *bool `pulumi:"saml2SignRequest"` + Saml2SignatureMethodsUsed *string `pulumi:"saml2SignatureMethodsUsed"` + // The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login + Saml2SnowflakeAcsUrl *string `pulumi:"saml2SnowflakeAcsUrl"` + // The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. + Saml2SnowflakeIssuerUrl *string `pulumi:"saml2SnowflakeIssuerUrl"` + // Metadata created by Snowflake to provide to SAML2 provider. + Saml2SnowflakeMetadata *string `pulumi:"saml2SnowflakeMetadata"` + // The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value. + Saml2SnowflakeX509Cert *string `pulumi:"saml2SnowflakeX509Cert"` + // The string containing the label to display after the Log In With button on the login page. + Saml2SpInitiatedLoginPageLabel *string `pulumi:"saml2SpInitiatedLoginPageLabel"` + // The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message. + Saml2SsoUrl *string `pulumi:"saml2SsoUrl"` + // The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers. + Saml2X509Cert *string `pulumi:"saml2X509Cert"` +} + +type SamlIntegrationState struct { + // Date and time when the SAML integration was created. + CreatedOn pulumi.StringPtrInput + // Specifies whether this security integration is enabled or disabled. + Enabled pulumi.BoolPtrInput + // Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + Name pulumi.StringPtrInput + Saml2DigestMethodsUsed pulumi.StringPtrInput + // The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page. + Saml2EnableSpInitiated pulumi.BoolPtrInput + // The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake. + Saml2ForceAuthn pulumi.BoolPtrInput + // The string containing the IdP EntityID / Issuer. + Saml2Issuer pulumi.StringPtrInput + // The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint. + Saml2PostLogoutRedirectUrl pulumi.StringPtrInput + // The string describing the IdP. One of the following: OKTA, ADFS, Custom. + Saml2Provider pulumi.StringPtrInput + // The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient . + Saml2RequestedNameidFormat pulumi.StringPtrInput + // The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed. + Saml2SignRequest pulumi.BoolPtrInput + Saml2SignatureMethodsUsed pulumi.StringPtrInput + // The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login + Saml2SnowflakeAcsUrl pulumi.StringPtrInput + // The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. + Saml2SnowflakeIssuerUrl pulumi.StringPtrInput + // Metadata created by Snowflake to provide to SAML2 provider. + Saml2SnowflakeMetadata pulumi.StringPtrInput + // The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value. + Saml2SnowflakeX509Cert pulumi.StringPtrInput + // The string containing the label to display after the Log In With button on the login page. + Saml2SpInitiatedLoginPageLabel pulumi.StringPtrInput + // The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message. + Saml2SsoUrl pulumi.StringPtrInput + // The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers. + Saml2X509Cert pulumi.StringPtrInput +} + +func (SamlIntegrationState) ElementType() reflect.Type { + return reflect.TypeOf((*samlIntegrationState)(nil)).Elem() +} + +type samlIntegrationArgs struct { + // Specifies whether this security integration is enabled or disabled. + Enabled *bool `pulumi:"enabled"` + // Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + Name *string `pulumi:"name"` + // The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page. + Saml2EnableSpInitiated *bool `pulumi:"saml2EnableSpInitiated"` + // The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake. + Saml2ForceAuthn *bool `pulumi:"saml2ForceAuthn"` + // The string containing the IdP EntityID / Issuer. + Saml2Issuer string `pulumi:"saml2Issuer"` + // The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint. + Saml2PostLogoutRedirectUrl *string `pulumi:"saml2PostLogoutRedirectUrl"` + // The string describing the IdP. One of the following: OKTA, ADFS, Custom. + Saml2Provider string `pulumi:"saml2Provider"` + // The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient . + Saml2RequestedNameidFormat *string `pulumi:"saml2RequestedNameidFormat"` + // The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed. + Saml2SignRequest *bool `pulumi:"saml2SignRequest"` + // The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login + Saml2SnowflakeAcsUrl *string `pulumi:"saml2SnowflakeAcsUrl"` + // The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. + Saml2SnowflakeIssuerUrl *string `pulumi:"saml2SnowflakeIssuerUrl"` + // The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value. + Saml2SnowflakeX509Cert *string `pulumi:"saml2SnowflakeX509Cert"` + // The string containing the label to display after the Log In With button on the login page. + Saml2SpInitiatedLoginPageLabel *string `pulumi:"saml2SpInitiatedLoginPageLabel"` + // The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message. + Saml2SsoUrl string `pulumi:"saml2SsoUrl"` + // The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers. + Saml2X509Cert string `pulumi:"saml2X509Cert"` +} + +// The set of arguments for constructing a SamlIntegration resource. +type SamlIntegrationArgs struct { + // Specifies whether this security integration is enabled or disabled. + Enabled pulumi.BoolPtrInput + // Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + Name pulumi.StringPtrInput + // The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page. + Saml2EnableSpInitiated pulumi.BoolPtrInput + // The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake. + Saml2ForceAuthn pulumi.BoolPtrInput + // The string containing the IdP EntityID / Issuer. + Saml2Issuer pulumi.StringInput + // The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint. + Saml2PostLogoutRedirectUrl pulumi.StringPtrInput + // The string describing the IdP. One of the following: OKTA, ADFS, Custom. + Saml2Provider pulumi.StringInput + // The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient . + Saml2RequestedNameidFormat pulumi.StringPtrInput + // The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed. + Saml2SignRequest pulumi.BoolPtrInput + // The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login + Saml2SnowflakeAcsUrl pulumi.StringPtrInput + // The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. + Saml2SnowflakeIssuerUrl pulumi.StringPtrInput + // The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value. + Saml2SnowflakeX509Cert pulumi.StringPtrInput + // The string containing the label to display after the Log In With button on the login page. + Saml2SpInitiatedLoginPageLabel pulumi.StringPtrInput + // The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message. + Saml2SsoUrl pulumi.StringInput + // The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers. + Saml2X509Cert pulumi.StringInput +} + +func (SamlIntegrationArgs) ElementType() reflect.Type { + return reflect.TypeOf((*samlIntegrationArgs)(nil)).Elem() +} + +type SamlIntegrationInput interface { + pulumi.Input + + ToSamlIntegrationOutput() SamlIntegrationOutput + ToSamlIntegrationOutputWithContext(ctx context.Context) SamlIntegrationOutput +} + +func (*SamlIntegration) ElementType() reflect.Type { + return reflect.TypeOf((**SamlIntegration)(nil)).Elem() +} + +func (i *SamlIntegration) ToSamlIntegrationOutput() SamlIntegrationOutput { + return i.ToSamlIntegrationOutputWithContext(context.Background()) +} + +func (i *SamlIntegration) ToSamlIntegrationOutputWithContext(ctx context.Context) SamlIntegrationOutput { + return pulumi.ToOutputWithContext(ctx, i).(SamlIntegrationOutput) +} + +// SamlIntegrationArrayInput is an input type that accepts SamlIntegrationArray and SamlIntegrationArrayOutput values. +// You can construct a concrete instance of `SamlIntegrationArrayInput` via: +// +// SamlIntegrationArray{ SamlIntegrationArgs{...} } +type SamlIntegrationArrayInput interface { + pulumi.Input + + ToSamlIntegrationArrayOutput() SamlIntegrationArrayOutput + ToSamlIntegrationArrayOutputWithContext(context.Context) SamlIntegrationArrayOutput +} + +type SamlIntegrationArray []SamlIntegrationInput + +func (SamlIntegrationArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*SamlIntegration)(nil)).Elem() +} + +func (i SamlIntegrationArray) ToSamlIntegrationArrayOutput() SamlIntegrationArrayOutput { + return i.ToSamlIntegrationArrayOutputWithContext(context.Background()) +} + +func (i SamlIntegrationArray) ToSamlIntegrationArrayOutputWithContext(ctx context.Context) SamlIntegrationArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(SamlIntegrationArrayOutput) +} + +// SamlIntegrationMapInput is an input type that accepts SamlIntegrationMap and SamlIntegrationMapOutput values. +// You can construct a concrete instance of `SamlIntegrationMapInput` via: +// +// SamlIntegrationMap{ "key": SamlIntegrationArgs{...} } +type SamlIntegrationMapInput interface { + pulumi.Input + + ToSamlIntegrationMapOutput() SamlIntegrationMapOutput + ToSamlIntegrationMapOutputWithContext(context.Context) SamlIntegrationMapOutput +} + +type SamlIntegrationMap map[string]SamlIntegrationInput + +func (SamlIntegrationMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*SamlIntegration)(nil)).Elem() +} + +func (i SamlIntegrationMap) ToSamlIntegrationMapOutput() SamlIntegrationMapOutput { + return i.ToSamlIntegrationMapOutputWithContext(context.Background()) +} + +func (i SamlIntegrationMap) ToSamlIntegrationMapOutputWithContext(ctx context.Context) SamlIntegrationMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(SamlIntegrationMapOutput) +} + +type SamlIntegrationOutput struct{ *pulumi.OutputState } + +func (SamlIntegrationOutput) ElementType() reflect.Type { + return reflect.TypeOf((**SamlIntegration)(nil)).Elem() +} + +func (o SamlIntegrationOutput) ToSamlIntegrationOutput() SamlIntegrationOutput { + return o +} + +func (o SamlIntegrationOutput) ToSamlIntegrationOutputWithContext(ctx context.Context) SamlIntegrationOutput { + return o +} + +type SamlIntegrationArrayOutput struct{ *pulumi.OutputState } + +func (SamlIntegrationArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*SamlIntegration)(nil)).Elem() +} + +func (o SamlIntegrationArrayOutput) ToSamlIntegrationArrayOutput() SamlIntegrationArrayOutput { + return o +} + +func (o SamlIntegrationArrayOutput) ToSamlIntegrationArrayOutputWithContext(ctx context.Context) SamlIntegrationArrayOutput { + return o +} + +func (o SamlIntegrationArrayOutput) Index(i pulumi.IntInput) SamlIntegrationOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *SamlIntegration { + return vs[0].([]*SamlIntegration)[vs[1].(int)] + }).(SamlIntegrationOutput) +} + +type SamlIntegrationMapOutput struct{ *pulumi.OutputState } + +func (SamlIntegrationMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*SamlIntegration)(nil)).Elem() +} + +func (o SamlIntegrationMapOutput) ToSamlIntegrationMapOutput() SamlIntegrationMapOutput { + return o +} + +func (o SamlIntegrationMapOutput) ToSamlIntegrationMapOutputWithContext(ctx context.Context) SamlIntegrationMapOutput { + return o +} + +func (o SamlIntegrationMapOutput) MapIndex(k pulumi.StringInput) SamlIntegrationOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *SamlIntegration { + return vs[0].(map[string]*SamlIntegration)[vs[1].(string)] + }).(SamlIntegrationOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*SamlIntegrationInput)(nil)).Elem(), &SamlIntegration{}) + pulumi.RegisterInputType(reflect.TypeOf((*SamlIntegrationArrayInput)(nil)).Elem(), SamlIntegrationArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*SamlIntegrationMapInput)(nil)).Elem(), SamlIntegrationMap{}) + pulumi.RegisterOutputType(SamlIntegrationOutput{}) + pulumi.RegisterOutputType(SamlIntegrationArrayOutput{}) + pulumi.RegisterOutputType(SamlIntegrationMapOutput{}) +} diff --git a/sdk/go/snowflake/task.go b/sdk/go/snowflake/task.go index dec95ac8..7d61a9b0 100644 --- a/sdk/go/snowflake/task.go +++ b/sdk/go/snowflake/task.go @@ -82,6 +82,8 @@ type Task struct { Database pulumi.StringOutput `pulumi:"database"` // Specifies if the task should be started (enabled) after creation or should remain suspended (default). Enabled pulumi.BoolPtrOutput `pulumi:"enabled"` + // Specifies the name of the notification integration used for error notifications. + ErrorIntegration pulumi.StringPtrOutput `pulumi:"errorIntegration"` // Specifies the identifier for the task; must be unique for the database and schema in which the task is created. Name pulumi.StringOutput `pulumi:"name"` // The schedule for periodically running the task. This can be a cron or interval in minutes. (Conflict with after) @@ -148,6 +150,8 @@ type taskState struct { Database *string `pulumi:"database"` // Specifies if the task should be started (enabled) after creation or should remain suspended (default). Enabled *bool `pulumi:"enabled"` + // Specifies the name of the notification integration used for error notifications. + ErrorIntegration *string `pulumi:"errorIntegration"` // Specifies the identifier for the task; must be unique for the database and schema in which the task is created. Name *string `pulumi:"name"` // The schedule for periodically running the task. This can be a cron or interval in minutes. (Conflict with after) @@ -177,6 +181,8 @@ type TaskState struct { Database pulumi.StringPtrInput // Specifies if the task should be started (enabled) after creation or should remain suspended (default). Enabled pulumi.BoolPtrInput + // Specifies the name of the notification integration used for error notifications. + ErrorIntegration pulumi.StringPtrInput // Specifies the identifier for the task; must be unique for the database and schema in which the task is created. Name pulumi.StringPtrInput // The schedule for periodically running the task. This can be a cron or interval in minutes. (Conflict with after) @@ -210,6 +216,8 @@ type taskArgs struct { Database string `pulumi:"database"` // Specifies if the task should be started (enabled) after creation or should remain suspended (default). Enabled *bool `pulumi:"enabled"` + // Specifies the name of the notification integration used for error notifications. + ErrorIntegration *string `pulumi:"errorIntegration"` // Specifies the identifier for the task; must be unique for the database and schema in which the task is created. Name *string `pulumi:"name"` // The schedule for periodically running the task. This can be a cron or interval in minutes. (Conflict with after) @@ -240,6 +248,8 @@ type TaskArgs struct { Database pulumi.StringInput // Specifies if the task should be started (enabled) after creation or should remain suspended (default). Enabled pulumi.BoolPtrInput + // Specifies the name of the notification integration used for error notifications. + ErrorIntegration pulumi.StringPtrInput // Specifies the identifier for the task; must be unique for the database and schema in which the task is created. Name pulumi.StringPtrInput // The schedule for periodically running the task. This can be a cron or interval in minutes. (Conflict with after) diff --git a/sdk/nodejs/database.ts b/sdk/nodejs/database.ts index 886c9ef6..11107fc0 100644 --- a/sdk/nodejs/database.ts +++ b/sdk/nodejs/database.ts @@ -61,6 +61,10 @@ export class Database extends pulumi.CustomResource { * Specify a database to create a clone from. */ public readonly fromDatabase!: pulumi.Output; + /** + * Specify a fully-qualified path to a database to create a replica from. + */ + public readonly fromReplica!: pulumi.Output; /** * Specify a provider and a share in this map to create a database from a share. */ @@ -87,6 +91,7 @@ export class Database extends pulumi.CustomResource { resourceInputs["comment"] = state ? state.comment : undefined; resourceInputs["dataRetentionTimeInDays"] = state ? state.dataRetentionTimeInDays : undefined; resourceInputs["fromDatabase"] = state ? state.fromDatabase : undefined; + resourceInputs["fromReplica"] = state ? state.fromReplica : undefined; resourceInputs["fromShare"] = state ? state.fromShare : undefined; resourceInputs["name"] = state ? state.name : undefined; resourceInputs["tags"] = state ? state.tags : undefined; @@ -95,6 +100,7 @@ export class Database extends pulumi.CustomResource { resourceInputs["comment"] = args ? args.comment : undefined; resourceInputs["dataRetentionTimeInDays"] = args ? args.dataRetentionTimeInDays : undefined; resourceInputs["fromDatabase"] = args ? args.fromDatabase : undefined; + resourceInputs["fromReplica"] = args ? args.fromReplica : undefined; resourceInputs["fromShare"] = args ? args.fromShare : undefined; resourceInputs["name"] = args ? args.name : undefined; resourceInputs["tags"] = args ? args.tags : undefined; @@ -114,6 +120,10 @@ export interface DatabaseState { * Specify a database to create a clone from. */ fromDatabase?: pulumi.Input; + /** + * Specify a fully-qualified path to a database to create a replica from. + */ + fromReplica?: pulumi.Input; /** * Specify a provider and a share in this map to create a database from a share. */ @@ -135,6 +145,10 @@ export interface DatabaseArgs { * Specify a database to create a clone from. */ fromDatabase?: pulumi.Input; + /** + * Specify a fully-qualified path to a database to create a replica from. + */ + fromReplica?: pulumi.Input; /** * Specify a provider and a share in this map to create a database from a share. */ diff --git a/sdk/nodejs/index.ts b/sdk/nodejs/index.ts index 60104044..04350323 100644 --- a/sdk/nodejs/index.ts +++ b/sdk/nodejs/index.ts @@ -49,6 +49,7 @@ export * from "./materializedViewGrant"; export * from "./networkPolicy"; export * from "./networkPolicyAttachment"; export * from "./notificationIntegration"; +export * from "./oauthIntegration"; export * from "./pipe"; export * from "./pipeGrant"; export * from "./procedure"; @@ -60,6 +61,7 @@ export * from "./role"; export * from "./roleGrants"; export * from "./rowAccessPolicy"; export * from "./rowAccessPolicyGrant"; +export * from "./samlIntegration"; export * from "./schema"; export * from "./schemaGrant"; export * from "./scimIntegration"; @@ -113,6 +115,7 @@ import { MaterializedViewGrant } from "./materializedViewGrant"; import { NetworkPolicy } from "./networkPolicy"; import { NetworkPolicyAttachment } from "./networkPolicyAttachment"; import { NotificationIntegration } from "./notificationIntegration"; +import { OauthIntegration } from "./oauthIntegration"; import { Pipe } from "./pipe"; import { PipeGrant } from "./pipeGrant"; import { Procedure } from "./procedure"; @@ -123,6 +126,7 @@ import { Role } from "./role"; import { RoleGrants } from "./roleGrants"; import { RowAccessPolicy } from "./rowAccessPolicy"; import { RowAccessPolicyGrant } from "./rowAccessPolicyGrant"; +import { SamlIntegration } from "./samlIntegration"; import { Schema } from "./schema"; import { SchemaGrant } from "./schemaGrant"; import { ScimIntegration } from "./scimIntegration"; @@ -190,6 +194,8 @@ const _module = { return new NetworkPolicyAttachment(name, undefined, { urn }) case "snowflake:index/notificationIntegration:NotificationIntegration": return new NotificationIntegration(name, undefined, { urn }) + case "snowflake:index/oauthIntegration:OauthIntegration": + return new OauthIntegration(name, undefined, { urn }) case "snowflake:index/pipe:Pipe": return new Pipe(name, undefined, { urn }) case "snowflake:index/pipeGrant:PipeGrant": @@ -210,6 +216,8 @@ const _module = { return new RowAccessPolicy(name, undefined, { urn }) case "snowflake:index/rowAccessPolicyGrant:RowAccessPolicyGrant": return new RowAccessPolicyGrant(name, undefined, { urn }) + case "snowflake:index/samlIntegration:SamlIntegration": + return new SamlIntegration(name, undefined, { urn }) case "snowflake:index/schema:Schema": return new Schema(name, undefined, { urn }) case "snowflake:index/schemaGrant:SchemaGrant": @@ -279,6 +287,7 @@ pulumi.runtime.registerResourceModule("snowflake", "index/materializedViewGrant" pulumi.runtime.registerResourceModule("snowflake", "index/networkPolicy", _module) pulumi.runtime.registerResourceModule("snowflake", "index/networkPolicyAttachment", _module) pulumi.runtime.registerResourceModule("snowflake", "index/notificationIntegration", _module) +pulumi.runtime.registerResourceModule("snowflake", "index/oauthIntegration", _module) pulumi.runtime.registerResourceModule("snowflake", "index/pipe", _module) pulumi.runtime.registerResourceModule("snowflake", "index/pipeGrant", _module) pulumi.runtime.registerResourceModule("snowflake", "index/procedure", _module) @@ -289,6 +298,7 @@ pulumi.runtime.registerResourceModule("snowflake", "index/role", _module) pulumi.runtime.registerResourceModule("snowflake", "index/roleGrants", _module) pulumi.runtime.registerResourceModule("snowflake", "index/rowAccessPolicy", _module) pulumi.runtime.registerResourceModule("snowflake", "index/rowAccessPolicyGrant", _module) +pulumi.runtime.registerResourceModule("snowflake", "index/samlIntegration", _module) pulumi.runtime.registerResourceModule("snowflake", "index/schema", _module) pulumi.runtime.registerResourceModule("snowflake", "index/schemaGrant", _module) pulumi.runtime.registerResourceModule("snowflake", "index/scimIntegration", _module) diff --git a/sdk/nodejs/oauthIntegration.ts b/sdk/nodejs/oauthIntegration.ts new file mode 100644 index 00000000..00d49ae6 --- /dev/null +++ b/sdk/nodejs/oauthIntegration.ts @@ -0,0 +1,214 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as utilities from "./utilities"; + +/** + * ## Example Usage + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as snowflake from "@pulumi/snowflake"; + * + * const tableauDesktop = new snowflake.OauthIntegration("tableau_desktop", { + * blockedRolesLists: ["SYSADMIN"], + * enabled: true, + * oauthClient: "TABLEAU_DESKTOP", + * oauthIssueRefreshTokens: true, + * oauthRefreshTokenValidity: 3600, + * }); + * ``` + * + * ## Import + * + * ```sh + * $ pulumi import snowflake:index/oauthIntegration:OauthIntegration example name + * ``` + */ +export class OauthIntegration extends pulumi.CustomResource { + /** + * Get an existing OauthIntegration resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state Any extra arguments used during the lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, state?: OauthIntegrationState, opts?: pulumi.CustomResourceOptions): OauthIntegration { + return new OauthIntegration(name, state, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'snowflake:index/oauthIntegration:OauthIntegration'; + + /** + * Returns true if the given object is an instance of OauthIntegration. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is OauthIntegration { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === OauthIntegration.__pulumiType; + } + + /** + * List of roles that a user cannot explicitly consent to using after authenticating. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates. + */ + public readonly blockedRolesLists!: pulumi.Output; + /** + * Specifies a comment for the OAuth integration. + */ + public readonly comment!: pulumi.Output; + /** + * Date and time when the OAuth integration was created. + */ + public /*out*/ readonly createdOn!: pulumi.Output; + /** + * Specifies whether this OAuth integration is enabled or disabled. + */ + public readonly enabled!: pulumi.Output; + /** + * Specifies the name of the OAuth integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + */ + public readonly name!: pulumi.Output; + /** + * Specifies the OAuth client type. + */ + public readonly oauthClient!: pulumi.Output; + /** + * Specifies whether to allow the client to exchange a refresh token for an access token when the current access token has expired. + */ + public readonly oauthIssueRefreshTokens!: pulumi.Output; + /** + * Specifies how long refresh tokens should be valid (in seconds). OAUTH*ISSUE*REFRESH_TOKENS must be set to TRUE. + */ + public readonly oauthRefreshTokenValidity!: pulumi.Output; + /** + * Specifies whether default secondary roles set in the user properties are activated by default in the session being opened. + */ + public readonly oauthUseSecondaryRoles!: pulumi.Output; + + /** + * Create a OauthIntegration resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args: OauthIntegrationArgs, opts?: pulumi.CustomResourceOptions) + constructor(name: string, argsOrState?: OauthIntegrationArgs | OauthIntegrationState, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (opts.id) { + const state = argsOrState as OauthIntegrationState | undefined; + resourceInputs["blockedRolesLists"] = state ? state.blockedRolesLists : undefined; + resourceInputs["comment"] = state ? state.comment : undefined; + resourceInputs["createdOn"] = state ? state.createdOn : undefined; + resourceInputs["enabled"] = state ? state.enabled : undefined; + resourceInputs["name"] = state ? state.name : undefined; + resourceInputs["oauthClient"] = state ? state.oauthClient : undefined; + resourceInputs["oauthIssueRefreshTokens"] = state ? state.oauthIssueRefreshTokens : undefined; + resourceInputs["oauthRefreshTokenValidity"] = state ? state.oauthRefreshTokenValidity : undefined; + resourceInputs["oauthUseSecondaryRoles"] = state ? state.oauthUseSecondaryRoles : undefined; + } else { + const args = argsOrState as OauthIntegrationArgs | undefined; + if ((!args || args.oauthClient === undefined) && !opts.urn) { + throw new Error("Missing required property 'oauthClient'"); + } + resourceInputs["blockedRolesLists"] = args ? args.blockedRolesLists : undefined; + resourceInputs["comment"] = args ? args.comment : undefined; + resourceInputs["enabled"] = args ? args.enabled : undefined; + resourceInputs["name"] = args ? args.name : undefined; + resourceInputs["oauthClient"] = args ? args.oauthClient : undefined; + resourceInputs["oauthIssueRefreshTokens"] = args ? args.oauthIssueRefreshTokens : undefined; + resourceInputs["oauthRefreshTokenValidity"] = args ? args.oauthRefreshTokenValidity : undefined; + resourceInputs["oauthUseSecondaryRoles"] = args ? args.oauthUseSecondaryRoles : undefined; + resourceInputs["createdOn"] = undefined /*out*/; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + super(OauthIntegration.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * Input properties used for looking up and filtering OauthIntegration resources. + */ +export interface OauthIntegrationState { + /** + * List of roles that a user cannot explicitly consent to using after authenticating. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates. + */ + blockedRolesLists?: pulumi.Input[]>; + /** + * Specifies a comment for the OAuth integration. + */ + comment?: pulumi.Input; + /** + * Date and time when the OAuth integration was created. + */ + createdOn?: pulumi.Input; + /** + * Specifies whether this OAuth integration is enabled or disabled. + */ + enabled?: pulumi.Input; + /** + * Specifies the name of the OAuth integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + */ + name?: pulumi.Input; + /** + * Specifies the OAuth client type. + */ + oauthClient?: pulumi.Input; + /** + * Specifies whether to allow the client to exchange a refresh token for an access token when the current access token has expired. + */ + oauthIssueRefreshTokens?: pulumi.Input; + /** + * Specifies how long refresh tokens should be valid (in seconds). OAUTH*ISSUE*REFRESH_TOKENS must be set to TRUE. + */ + oauthRefreshTokenValidity?: pulumi.Input; + /** + * Specifies whether default secondary roles set in the user properties are activated by default in the session being opened. + */ + oauthUseSecondaryRoles?: pulumi.Input; +} + +/** + * The set of arguments for constructing a OauthIntegration resource. + */ +export interface OauthIntegrationArgs { + /** + * List of roles that a user cannot explicitly consent to using after authenticating. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates. + */ + blockedRolesLists?: pulumi.Input[]>; + /** + * Specifies a comment for the OAuth integration. + */ + comment?: pulumi.Input; + /** + * Specifies whether this OAuth integration is enabled or disabled. + */ + enabled?: pulumi.Input; + /** + * Specifies the name of the OAuth integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + */ + name?: pulumi.Input; + /** + * Specifies the OAuth client type. + */ + oauthClient: pulumi.Input; + /** + * Specifies whether to allow the client to exchange a refresh token for an access token when the current access token has expired. + */ + oauthIssueRefreshTokens?: pulumi.Input; + /** + * Specifies how long refresh tokens should be valid (in seconds). OAUTH*ISSUE*REFRESH_TOKENS must be set to TRUE. + */ + oauthRefreshTokenValidity?: pulumi.Input; + /** + * Specifies whether default secondary roles set in the user properties are activated by default in the session being opened. + */ + oauthUseSecondaryRoles?: pulumi.Input; +} diff --git a/sdk/nodejs/resourceMonitor.ts b/sdk/nodejs/resourceMonitor.ts index 9905d152..32dd169c 100644 --- a/sdk/nodejs/resourceMonitor.ts +++ b/sdk/nodejs/resourceMonitor.ts @@ -92,6 +92,10 @@ export class ResourceMonitor extends pulumi.CustomResource { * A list of percentage thresholds at which to suspend all warehouses. */ public readonly suspendTriggers!: pulumi.Output; + /** + * A list of warehouses to apply the resource monitor to. + */ + public readonly warehouses!: pulumi.Output; /** * Create a ResourceMonitor resource with the given unique name, arguments, and options. @@ -115,6 +119,7 @@ export class ResourceMonitor extends pulumi.CustomResource { resourceInputs["startTimestamp"] = state ? state.startTimestamp : undefined; resourceInputs["suspendImmediateTriggers"] = state ? state.suspendImmediateTriggers : undefined; resourceInputs["suspendTriggers"] = state ? state.suspendTriggers : undefined; + resourceInputs["warehouses"] = state ? state.warehouses : undefined; } else { const args = argsOrState as ResourceMonitorArgs | undefined; resourceInputs["creditQuota"] = args ? args.creditQuota : undefined; @@ -126,6 +131,7 @@ export class ResourceMonitor extends pulumi.CustomResource { resourceInputs["startTimestamp"] = args ? args.startTimestamp : undefined; resourceInputs["suspendImmediateTriggers"] = args ? args.suspendImmediateTriggers : undefined; resourceInputs["suspendTriggers"] = args ? args.suspendTriggers : undefined; + resourceInputs["warehouses"] = args ? args.warehouses : undefined; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); super(ResourceMonitor.__pulumiType, name, resourceInputs, opts); @@ -172,6 +178,10 @@ export interface ResourceMonitorState { * A list of percentage thresholds at which to suspend all warehouses. */ suspendTriggers?: pulumi.Input[]>; + /** + * A list of warehouses to apply the resource monitor to. + */ + warehouses?: pulumi.Input[]>; } /** @@ -214,4 +224,8 @@ export interface ResourceMonitorArgs { * A list of percentage thresholds at which to suspend all warehouses. */ suspendTriggers?: pulumi.Input[]>; + /** + * A list of warehouses to apply the resource monitor to. + */ + warehouses?: pulumi.Input[]>; } diff --git a/sdk/nodejs/samlIntegration.ts b/sdk/nodejs/samlIntegration.ts new file mode 100644 index 00000000..c8b008e5 --- /dev/null +++ b/sdk/nodejs/samlIntegration.ts @@ -0,0 +1,339 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as utilities from "./utilities"; + +/** + * ## Example Usage + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as snowflake from "@pulumi/snowflake"; + * + * const samlIntegration = new snowflake.SamlIntegration("saml_integration", { + * enabled: true, + * saml2Issuer: "test_issuer", + * saml2Provider: "CUSTOM", + * saml2SsoUrl: "https://testsamlissuer.com", + * saml2X509Cert: "MIICYzCCAcygAwIBAgIBADANBgkqhkiG9w0BAQUFADAuMQswCQYDVQQGEwJVUzEMMAoGA1UEChMDSUJNMREwDwYDVQQLEwhMb2NhbCBDQTAeFw05OTEyMjIwNTAwMDBaFw0wMDEyMjMwNDU5NTlaMC4xCzAJBgNVBAYTAlVTMQwwCgYDVQQKEwNJQk0xETAPBgNVBAsTCExvY2FsIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD2bZEo7xGaX2/0GHkrNFZvlxBou9v1Jmt/PDiTMPve8r9FeJAQ0QdvFST/0JPQYD20rH0bimdDLgNdNynmyRoS2S/IInfpmf69iyc2G0TPyRvmHIiOZbdCd+YBHQi1adkj17NDcWj6S14tVurFX73zx0sNoMS79q3tuXKrDsxeuwIDAQABo4GQMIGNMEsGCVUdDwGG+EIBDQQ+EzxHZW5lcmF0ZWQgYnkgdGhlIFNlY3VyZVdheSBTZWN1cml0eSBTZXJ2ZXIgZm9yIE9TLzM5MCAoUkFDRikwDgYDVR0PAQH/BAQDAgAGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJ3+ocRyCTJw067dLSwr/nalx6YMMA0GCSqGSIb3DQEBBQUAA4GBAMaQzt+zaj1GU77yzlr8iiMBXgdQrwsZZWJo5exnAucJAEYQZmOfyLiMD6oYq+ZnfvM0n8G/Y79q8nhwvuxpYOnRSAXFp6xSkrIOeZtJMY1h00LKp/JX3Ng1svZ2agE126JHsQ0bhzN5TKsYfbwfTwfjdWAGy6Vf1nYi/rO+ryMO", + * }); + * ``` + * + * ## Import + * + * ```sh + * $ pulumi import snowflake:index/samlIntegration:SamlIntegration example name + * ``` + */ +export class SamlIntegration extends pulumi.CustomResource { + /** + * Get an existing SamlIntegration resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state Any extra arguments used during the lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, state?: SamlIntegrationState, opts?: pulumi.CustomResourceOptions): SamlIntegration { + return new SamlIntegration(name, state, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'snowflake:index/samlIntegration:SamlIntegration'; + + /** + * Returns true if the given object is an instance of SamlIntegration. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is SamlIntegration { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === SamlIntegration.__pulumiType; + } + + /** + * Date and time when the SAML integration was created. + */ + public /*out*/ readonly createdOn!: pulumi.Output; + /** + * Specifies whether this security integration is enabled or disabled. + */ + public readonly enabled!: pulumi.Output; + /** + * Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + */ + public readonly name!: pulumi.Output; + public /*out*/ readonly saml2DigestMethodsUsed!: pulumi.Output; + /** + * The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page. + */ + public readonly saml2EnableSpInitiated!: pulumi.Output; + /** + * The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake. + */ + public readonly saml2ForceAuthn!: pulumi.Output; + /** + * The string containing the IdP EntityID / Issuer. + */ + public readonly saml2Issuer!: pulumi.Output; + /** + * The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint. + */ + public readonly saml2PostLogoutRedirectUrl!: pulumi.Output; + /** + * The string describing the IdP. One of the following: OKTA, ADFS, Custom. + */ + public readonly saml2Provider!: pulumi.Output; + /** + * The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient . + */ + public readonly saml2RequestedNameidFormat!: pulumi.Output; + /** + * The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed. + */ + public readonly saml2SignRequest!: pulumi.Output; + public /*out*/ readonly saml2SignatureMethodsUsed!: pulumi.Output; + /** + * The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login + */ + public readonly saml2SnowflakeAcsUrl!: pulumi.Output; + /** + * The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. + */ + public readonly saml2SnowflakeIssuerUrl!: pulumi.Output; + /** + * Metadata created by Snowflake to provide to SAML2 provider. + */ + public /*out*/ readonly saml2SnowflakeMetadata!: pulumi.Output; + /** + * The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value. + */ + public readonly saml2SnowflakeX509Cert!: pulumi.Output; + /** + * The string containing the label to display after the Log In With button on the login page. + */ + public readonly saml2SpInitiatedLoginPageLabel!: pulumi.Output; + /** + * The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message. + */ + public readonly saml2SsoUrl!: pulumi.Output; + /** + * The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers. + */ + public readonly saml2X509Cert!: pulumi.Output; + + /** + * Create a SamlIntegration resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args: SamlIntegrationArgs, opts?: pulumi.CustomResourceOptions) + constructor(name: string, argsOrState?: SamlIntegrationArgs | SamlIntegrationState, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (opts.id) { + const state = argsOrState as SamlIntegrationState | undefined; + resourceInputs["createdOn"] = state ? state.createdOn : undefined; + resourceInputs["enabled"] = state ? state.enabled : undefined; + resourceInputs["name"] = state ? state.name : undefined; + resourceInputs["saml2DigestMethodsUsed"] = state ? state.saml2DigestMethodsUsed : undefined; + resourceInputs["saml2EnableSpInitiated"] = state ? state.saml2EnableSpInitiated : undefined; + resourceInputs["saml2ForceAuthn"] = state ? state.saml2ForceAuthn : undefined; + resourceInputs["saml2Issuer"] = state ? state.saml2Issuer : undefined; + resourceInputs["saml2PostLogoutRedirectUrl"] = state ? state.saml2PostLogoutRedirectUrl : undefined; + resourceInputs["saml2Provider"] = state ? state.saml2Provider : undefined; + resourceInputs["saml2RequestedNameidFormat"] = state ? state.saml2RequestedNameidFormat : undefined; + resourceInputs["saml2SignRequest"] = state ? state.saml2SignRequest : undefined; + resourceInputs["saml2SignatureMethodsUsed"] = state ? state.saml2SignatureMethodsUsed : undefined; + resourceInputs["saml2SnowflakeAcsUrl"] = state ? state.saml2SnowflakeAcsUrl : undefined; + resourceInputs["saml2SnowflakeIssuerUrl"] = state ? state.saml2SnowflakeIssuerUrl : undefined; + resourceInputs["saml2SnowflakeMetadata"] = state ? state.saml2SnowflakeMetadata : undefined; + resourceInputs["saml2SnowflakeX509Cert"] = state ? state.saml2SnowflakeX509Cert : undefined; + resourceInputs["saml2SpInitiatedLoginPageLabel"] = state ? state.saml2SpInitiatedLoginPageLabel : undefined; + resourceInputs["saml2SsoUrl"] = state ? state.saml2SsoUrl : undefined; + resourceInputs["saml2X509Cert"] = state ? state.saml2X509Cert : undefined; + } else { + const args = argsOrState as SamlIntegrationArgs | undefined; + if ((!args || args.saml2Issuer === undefined) && !opts.urn) { + throw new Error("Missing required property 'saml2Issuer'"); + } + if ((!args || args.saml2Provider === undefined) && !opts.urn) { + throw new Error("Missing required property 'saml2Provider'"); + } + if ((!args || args.saml2SsoUrl === undefined) && !opts.urn) { + throw new Error("Missing required property 'saml2SsoUrl'"); + } + if ((!args || args.saml2X509Cert === undefined) && !opts.urn) { + throw new Error("Missing required property 'saml2X509Cert'"); + } + resourceInputs["enabled"] = args ? args.enabled : undefined; + resourceInputs["name"] = args ? args.name : undefined; + resourceInputs["saml2EnableSpInitiated"] = args ? args.saml2EnableSpInitiated : undefined; + resourceInputs["saml2ForceAuthn"] = args ? args.saml2ForceAuthn : undefined; + resourceInputs["saml2Issuer"] = args ? args.saml2Issuer : undefined; + resourceInputs["saml2PostLogoutRedirectUrl"] = args ? args.saml2PostLogoutRedirectUrl : undefined; + resourceInputs["saml2Provider"] = args ? args.saml2Provider : undefined; + resourceInputs["saml2RequestedNameidFormat"] = args ? args.saml2RequestedNameidFormat : undefined; + resourceInputs["saml2SignRequest"] = args ? args.saml2SignRequest : undefined; + resourceInputs["saml2SnowflakeAcsUrl"] = args ? args.saml2SnowflakeAcsUrl : undefined; + resourceInputs["saml2SnowflakeIssuerUrl"] = args ? args.saml2SnowflakeIssuerUrl : undefined; + resourceInputs["saml2SnowflakeX509Cert"] = args ? args.saml2SnowflakeX509Cert : undefined; + resourceInputs["saml2SpInitiatedLoginPageLabel"] = args ? args.saml2SpInitiatedLoginPageLabel : undefined; + resourceInputs["saml2SsoUrl"] = args ? args.saml2SsoUrl : undefined; + resourceInputs["saml2X509Cert"] = args ? args.saml2X509Cert : undefined; + resourceInputs["createdOn"] = undefined /*out*/; + resourceInputs["saml2DigestMethodsUsed"] = undefined /*out*/; + resourceInputs["saml2SignatureMethodsUsed"] = undefined /*out*/; + resourceInputs["saml2SnowflakeMetadata"] = undefined /*out*/; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + super(SamlIntegration.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * Input properties used for looking up and filtering SamlIntegration resources. + */ +export interface SamlIntegrationState { + /** + * Date and time when the SAML integration was created. + */ + createdOn?: pulumi.Input; + /** + * Specifies whether this security integration is enabled or disabled. + */ + enabled?: pulumi.Input; + /** + * Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + */ + name?: pulumi.Input; + saml2DigestMethodsUsed?: pulumi.Input; + /** + * The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page. + */ + saml2EnableSpInitiated?: pulumi.Input; + /** + * The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake. + */ + saml2ForceAuthn?: pulumi.Input; + /** + * The string containing the IdP EntityID / Issuer. + */ + saml2Issuer?: pulumi.Input; + /** + * The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint. + */ + saml2PostLogoutRedirectUrl?: pulumi.Input; + /** + * The string describing the IdP. One of the following: OKTA, ADFS, Custom. + */ + saml2Provider?: pulumi.Input; + /** + * The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient . + */ + saml2RequestedNameidFormat?: pulumi.Input; + /** + * The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed. + */ + saml2SignRequest?: pulumi.Input; + saml2SignatureMethodsUsed?: pulumi.Input; + /** + * The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login + */ + saml2SnowflakeAcsUrl?: pulumi.Input; + /** + * The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. + */ + saml2SnowflakeIssuerUrl?: pulumi.Input; + /** + * Metadata created by Snowflake to provide to SAML2 provider. + */ + saml2SnowflakeMetadata?: pulumi.Input; + /** + * The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value. + */ + saml2SnowflakeX509Cert?: pulumi.Input; + /** + * The string containing the label to display after the Log In With button on the login page. + */ + saml2SpInitiatedLoginPageLabel?: pulumi.Input; + /** + * The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message. + */ + saml2SsoUrl?: pulumi.Input; + /** + * The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers. + */ + saml2X509Cert?: pulumi.Input; +} + +/** + * The set of arguments for constructing a SamlIntegration resource. + */ +export interface SamlIntegrationArgs { + /** + * Specifies whether this security integration is enabled or disabled. + */ + enabled?: pulumi.Input; + /** + * Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + */ + name?: pulumi.Input; + /** + * The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page. + */ + saml2EnableSpInitiated?: pulumi.Input; + /** + * The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake. + */ + saml2ForceAuthn?: pulumi.Input; + /** + * The string containing the IdP EntityID / Issuer. + */ + saml2Issuer: pulumi.Input; + /** + * The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint. + */ + saml2PostLogoutRedirectUrl?: pulumi.Input; + /** + * The string describing the IdP. One of the following: OKTA, ADFS, Custom. + */ + saml2Provider: pulumi.Input; + /** + * The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient . + */ + saml2RequestedNameidFormat?: pulumi.Input; + /** + * The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed. + */ + saml2SignRequest?: pulumi.Input; + /** + * The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login + */ + saml2SnowflakeAcsUrl?: pulumi.Input; + /** + * The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. + */ + saml2SnowflakeIssuerUrl?: pulumi.Input; + /** + * The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value. + */ + saml2SnowflakeX509Cert?: pulumi.Input; + /** + * The string containing the label to display after the Log In With button on the login page. + */ + saml2SpInitiatedLoginPageLabel?: pulumi.Input; + /** + * The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message. + */ + saml2SsoUrl: pulumi.Input; + /** + * The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers. + */ + saml2X509Cert: pulumi.Input; +} diff --git a/sdk/nodejs/task.ts b/sdk/nodejs/task.ts index 690c33fd..6c47eeae 100644 --- a/sdk/nodejs/task.ts +++ b/sdk/nodejs/task.ts @@ -95,6 +95,10 @@ export class Task extends pulumi.CustomResource { * Specifies if the task should be started (enabled) after creation or should remain suspended (default). */ public readonly enabled!: pulumi.Output; + /** + * Specifies the name of the notification integration used for error notifications. + */ + public readonly errorIntegration!: pulumi.Output; /** * Specifies the identifier for the task; must be unique for the database and schema in which the task is created. */ @@ -149,6 +153,7 @@ export class Task extends pulumi.CustomResource { resourceInputs["comment"] = state ? state.comment : undefined; resourceInputs["database"] = state ? state.database : undefined; resourceInputs["enabled"] = state ? state.enabled : undefined; + resourceInputs["errorIntegration"] = state ? state.errorIntegration : undefined; resourceInputs["name"] = state ? state.name : undefined; resourceInputs["schedule"] = state ? state.schedule : undefined; resourceInputs["schema"] = state ? state.schema : undefined; @@ -173,6 +178,7 @@ export class Task extends pulumi.CustomResource { resourceInputs["comment"] = args ? args.comment : undefined; resourceInputs["database"] = args ? args.database : undefined; resourceInputs["enabled"] = args ? args.enabled : undefined; + resourceInputs["errorIntegration"] = args ? args.errorIntegration : undefined; resourceInputs["name"] = args ? args.name : undefined; resourceInputs["schedule"] = args ? args.schedule : undefined; resourceInputs["schema"] = args ? args.schema : undefined; @@ -208,6 +214,10 @@ export interface TaskState { * Specifies if the task should be started (enabled) after creation or should remain suspended (default). */ enabled?: pulumi.Input; + /** + * Specifies the name of the notification integration used for error notifications. + */ + errorIntegration?: pulumi.Input; /** * Specifies the identifier for the task; must be unique for the database and schema in which the task is created. */ @@ -266,6 +276,10 @@ export interface TaskArgs { * Specifies if the task should be started (enabled) after creation or should remain suspended (default). */ enabled?: pulumi.Input; + /** + * Specifies the name of the notification integration used for error notifications. + */ + errorIntegration?: pulumi.Input; /** * Specifies the identifier for the task; must be unique for the database and schema in which the task is created. */ diff --git a/sdk/nodejs/tsconfig.json b/sdk/nodejs/tsconfig.json index 3d5493e2..0c61f3b6 100644 --- a/sdk/nodejs/tsconfig.json +++ b/sdk/nodejs/tsconfig.json @@ -60,6 +60,7 @@ "networkPolicy.ts", "networkPolicyAttachment.ts", "notificationIntegration.ts", + "oauthIntegration.ts", "pipe.ts", "pipeGrant.ts", "procedure.ts", @@ -71,6 +72,7 @@ "roleGrants.ts", "rowAccessPolicy.ts", "rowAccessPolicyGrant.ts", + "samlIntegration.ts", "schema.ts", "schemaGrant.ts", "scimIntegration.ts", diff --git a/sdk/python/pulumi_snowflake/__init__.py b/sdk/python/pulumi_snowflake/__init__.py index 3fb00e85..52de81f9 100644 --- a/sdk/python/pulumi_snowflake/__init__.py +++ b/sdk/python/pulumi_snowflake/__init__.py @@ -49,6 +49,7 @@ from .network_policy import * from .network_policy_attachment import * from .notification_integration import * +from .oauth_integration import * from .pipe import * from .pipe_grant import * from .procedure import * @@ -60,6 +61,7 @@ from .role_grants import * from .row_access_policy import * from .row_access_policy_grant import * +from .saml_integration import * from .schema import * from .schema_grant import * from .scim_integration import * @@ -255,6 +257,14 @@ "snowflake:index/notificationIntegration:NotificationIntegration": "NotificationIntegration" } }, + { + "pkg": "snowflake", + "mod": "index/oauthIntegration", + "fqn": "pulumi_snowflake", + "classes": { + "snowflake:index/oauthIntegration:OauthIntegration": "OauthIntegration" + } + }, { "pkg": "snowflake", "mod": "index/pipe", @@ -335,6 +345,14 @@ "snowflake:index/rowAccessPolicyGrant:RowAccessPolicyGrant": "RowAccessPolicyGrant" } }, + { + "pkg": "snowflake", + "mod": "index/samlIntegration", + "fqn": "pulumi_snowflake", + "classes": { + "snowflake:index/samlIntegration:SamlIntegration": "SamlIntegration" + } + }, { "pkg": "snowflake", "mod": "index/schema", diff --git a/sdk/python/pulumi_snowflake/database.py b/sdk/python/pulumi_snowflake/database.py index 3fa5a855..e86c6b4d 100644 --- a/sdk/python/pulumi_snowflake/database.py +++ b/sdk/python/pulumi_snowflake/database.py @@ -18,12 +18,14 @@ def __init__(__self__, *, comment: Optional[pulumi.Input[str]] = None, data_retention_time_in_days: Optional[pulumi.Input[int]] = None, from_database: Optional[pulumi.Input[str]] = None, + from_replica: Optional[pulumi.Input[str]] = None, from_share: Optional[pulumi.Input[Mapping[str, Any]]] = None, name: Optional[pulumi.Input[str]] = None, tags: Optional[pulumi.Input[Sequence[pulumi.Input['DatabaseTagArgs']]]] = None): """ The set of arguments for constructing a Database resource. :param pulumi.Input[str] from_database: Specify a database to create a clone from. + :param pulumi.Input[str] from_replica: Specify a fully-qualified path to a database to create a replica from. :param pulumi.Input[Mapping[str, Any]] from_share: Specify a provider and a share in this map to create a database from a share. :param pulumi.Input[Sequence[pulumi.Input['DatabaseTagArgs']]] tags: Definitions of a tag to associate with the resource. """ @@ -33,6 +35,8 @@ def __init__(__self__, *, pulumi.set(__self__, "data_retention_time_in_days", data_retention_time_in_days) if from_database is not None: pulumi.set(__self__, "from_database", from_database) + if from_replica is not None: + pulumi.set(__self__, "from_replica", from_replica) if from_share is not None: pulumi.set(__self__, "from_share", from_share) if name is not None: @@ -70,6 +74,18 @@ def from_database(self) -> Optional[pulumi.Input[str]]: def from_database(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "from_database", value) + @property + @pulumi.getter(name="fromReplica") + def from_replica(self) -> Optional[pulumi.Input[str]]: + """ + Specify a fully-qualified path to a database to create a replica from. + """ + return pulumi.get(self, "from_replica") + + @from_replica.setter + def from_replica(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "from_replica", value) + @property @pulumi.getter(name="fromShare") def from_share(self) -> Optional[pulumi.Input[Mapping[str, Any]]]: @@ -110,12 +126,14 @@ def __init__(__self__, *, comment: Optional[pulumi.Input[str]] = None, data_retention_time_in_days: Optional[pulumi.Input[int]] = None, from_database: Optional[pulumi.Input[str]] = None, + from_replica: Optional[pulumi.Input[str]] = None, from_share: Optional[pulumi.Input[Mapping[str, Any]]] = None, name: Optional[pulumi.Input[str]] = None, tags: Optional[pulumi.Input[Sequence[pulumi.Input['DatabaseTagArgs']]]] = None): """ Input properties used for looking up and filtering Database resources. :param pulumi.Input[str] from_database: Specify a database to create a clone from. + :param pulumi.Input[str] from_replica: Specify a fully-qualified path to a database to create a replica from. :param pulumi.Input[Mapping[str, Any]] from_share: Specify a provider and a share in this map to create a database from a share. :param pulumi.Input[Sequence[pulumi.Input['DatabaseTagArgs']]] tags: Definitions of a tag to associate with the resource. """ @@ -125,6 +143,8 @@ def __init__(__self__, *, pulumi.set(__self__, "data_retention_time_in_days", data_retention_time_in_days) if from_database is not None: pulumi.set(__self__, "from_database", from_database) + if from_replica is not None: + pulumi.set(__self__, "from_replica", from_replica) if from_share is not None: pulumi.set(__self__, "from_share", from_share) if name is not None: @@ -162,6 +182,18 @@ def from_database(self) -> Optional[pulumi.Input[str]]: def from_database(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "from_database", value) + @property + @pulumi.getter(name="fromReplica") + def from_replica(self) -> Optional[pulumi.Input[str]]: + """ + Specify a fully-qualified path to a database to create a replica from. + """ + return pulumi.get(self, "from_replica") + + @from_replica.setter + def from_replica(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "from_replica", value) + @property @pulumi.getter(name="fromShare") def from_share(self) -> Optional[pulumi.Input[Mapping[str, Any]]]: @@ -204,6 +236,7 @@ def __init__(__self__, comment: Optional[pulumi.Input[str]] = None, data_retention_time_in_days: Optional[pulumi.Input[int]] = None, from_database: Optional[pulumi.Input[str]] = None, + from_replica: Optional[pulumi.Input[str]] = None, from_share: Optional[pulumi.Input[Mapping[str, Any]]] = None, name: Optional[pulumi.Input[str]] = None, tags: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['DatabaseTagArgs']]]]] = None, @@ -230,6 +263,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] from_database: Specify a database to create a clone from. + :param pulumi.Input[str] from_replica: Specify a fully-qualified path to a database to create a replica from. :param pulumi.Input[Mapping[str, Any]] from_share: Specify a provider and a share in this map to create a database from a share. :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['DatabaseTagArgs']]]] tags: Definitions of a tag to associate with the resource. """ @@ -276,6 +310,7 @@ def _internal_init(__self__, comment: Optional[pulumi.Input[str]] = None, data_retention_time_in_days: Optional[pulumi.Input[int]] = None, from_database: Optional[pulumi.Input[str]] = None, + from_replica: Optional[pulumi.Input[str]] = None, from_share: Optional[pulumi.Input[Mapping[str, Any]]] = None, name: Optional[pulumi.Input[str]] = None, tags: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['DatabaseTagArgs']]]]] = None, @@ -294,6 +329,7 @@ def _internal_init(__self__, __props__.__dict__["comment"] = comment __props__.__dict__["data_retention_time_in_days"] = data_retention_time_in_days __props__.__dict__["from_database"] = from_database + __props__.__dict__["from_replica"] = from_replica __props__.__dict__["from_share"] = from_share __props__.__dict__["name"] = name __props__.__dict__["tags"] = tags @@ -310,6 +346,7 @@ def get(resource_name: str, comment: Optional[pulumi.Input[str]] = None, data_retention_time_in_days: Optional[pulumi.Input[int]] = None, from_database: Optional[pulumi.Input[str]] = None, + from_replica: Optional[pulumi.Input[str]] = None, from_share: Optional[pulumi.Input[Mapping[str, Any]]] = None, name: Optional[pulumi.Input[str]] = None, tags: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['DatabaseTagArgs']]]]] = None) -> 'Database': @@ -321,6 +358,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] from_database: Specify a database to create a clone from. + :param pulumi.Input[str] from_replica: Specify a fully-qualified path to a database to create a replica from. :param pulumi.Input[Mapping[str, Any]] from_share: Specify a provider and a share in this map to create a database from a share. :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['DatabaseTagArgs']]]] tags: Definitions of a tag to associate with the resource. """ @@ -331,6 +369,7 @@ def get(resource_name: str, __props__.__dict__["comment"] = comment __props__.__dict__["data_retention_time_in_days"] = data_retention_time_in_days __props__.__dict__["from_database"] = from_database + __props__.__dict__["from_replica"] = from_replica __props__.__dict__["from_share"] = from_share __props__.__dict__["name"] = name __props__.__dict__["tags"] = tags @@ -354,6 +393,14 @@ def from_database(self) -> pulumi.Output[Optional[str]]: """ return pulumi.get(self, "from_database") + @property + @pulumi.getter(name="fromReplica") + def from_replica(self) -> pulumi.Output[Optional[str]]: + """ + Specify a fully-qualified path to a database to create a replica from. + """ + return pulumi.get(self, "from_replica") + @property @pulumi.getter(name="fromShare") def from_share(self) -> pulumi.Output[Optional[Mapping[str, Any]]]: diff --git a/sdk/python/pulumi_snowflake/oauth_integration.py b/sdk/python/pulumi_snowflake/oauth_integration.py new file mode 100644 index 00000000..87c9d4a4 --- /dev/null +++ b/sdk/python/pulumi_snowflake/oauth_integration.py @@ -0,0 +1,541 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import warnings +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +from . import _utilities + +__all__ = ['OauthIntegrationArgs', 'OauthIntegration'] + +@pulumi.input_type +class OauthIntegrationArgs: + def __init__(__self__, *, + oauth_client: pulumi.Input[str], + blocked_roles_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + comment: Optional[pulumi.Input[str]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + name: Optional[pulumi.Input[str]] = None, + oauth_issue_refresh_tokens: Optional[pulumi.Input[bool]] = None, + oauth_refresh_token_validity: Optional[pulumi.Input[int]] = None, + oauth_use_secondary_roles: Optional[pulumi.Input[str]] = None): + """ + The set of arguments for constructing a OauthIntegration resource. + :param pulumi.Input[str] oauth_client: Specifies the OAuth client type. + :param pulumi.Input[Sequence[pulumi.Input[str]]] blocked_roles_lists: List of roles that a user cannot explicitly consent to using after authenticating. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates. + :param pulumi.Input[str] comment: Specifies a comment for the OAuth integration. + :param pulumi.Input[bool] enabled: Specifies whether this OAuth integration is enabled or disabled. + :param pulumi.Input[str] name: Specifies the name of the OAuth integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + :param pulumi.Input[bool] oauth_issue_refresh_tokens: Specifies whether to allow the client to exchange a refresh token for an access token when the current access token has expired. + :param pulumi.Input[int] oauth_refresh_token_validity: Specifies how long refresh tokens should be valid (in seconds). OAUTH*ISSUE*REFRESH_TOKENS must be set to TRUE. + :param pulumi.Input[str] oauth_use_secondary_roles: Specifies whether default secondary roles set in the user properties are activated by default in the session being opened. + """ + pulumi.set(__self__, "oauth_client", oauth_client) + if blocked_roles_lists is not None: + pulumi.set(__self__, "blocked_roles_lists", blocked_roles_lists) + if comment is not None: + pulumi.set(__self__, "comment", comment) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if name is not None: + pulumi.set(__self__, "name", name) + if oauth_issue_refresh_tokens is not None: + pulumi.set(__self__, "oauth_issue_refresh_tokens", oauth_issue_refresh_tokens) + if oauth_refresh_token_validity is not None: + pulumi.set(__self__, "oauth_refresh_token_validity", oauth_refresh_token_validity) + if oauth_use_secondary_roles is not None: + pulumi.set(__self__, "oauth_use_secondary_roles", oauth_use_secondary_roles) + + @property + @pulumi.getter(name="oauthClient") + def oauth_client(self) -> pulumi.Input[str]: + """ + Specifies the OAuth client type. + """ + return pulumi.get(self, "oauth_client") + + @oauth_client.setter + def oauth_client(self, value: pulumi.Input[str]): + pulumi.set(self, "oauth_client", value) + + @property + @pulumi.getter(name="blockedRolesLists") + def blocked_roles_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of roles that a user cannot explicitly consent to using after authenticating. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates. + """ + return pulumi.get(self, "blocked_roles_lists") + + @blocked_roles_lists.setter + def blocked_roles_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "blocked_roles_lists", value) + + @property + @pulumi.getter + def comment(self) -> Optional[pulumi.Input[str]]: + """ + Specifies a comment for the OAuth integration. + """ + return pulumi.get(self, "comment") + + @comment.setter + def comment(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "comment", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Specifies whether this OAuth integration is enabled or disabled. + """ + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Specifies the name of the OAuth integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter(name="oauthIssueRefreshTokens") + def oauth_issue_refresh_tokens(self) -> Optional[pulumi.Input[bool]]: + """ + Specifies whether to allow the client to exchange a refresh token for an access token when the current access token has expired. + """ + return pulumi.get(self, "oauth_issue_refresh_tokens") + + @oauth_issue_refresh_tokens.setter + def oauth_issue_refresh_tokens(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "oauth_issue_refresh_tokens", value) + + @property + @pulumi.getter(name="oauthRefreshTokenValidity") + def oauth_refresh_token_validity(self) -> Optional[pulumi.Input[int]]: + """ + Specifies how long refresh tokens should be valid (in seconds). OAUTH*ISSUE*REFRESH_TOKENS must be set to TRUE. + """ + return pulumi.get(self, "oauth_refresh_token_validity") + + @oauth_refresh_token_validity.setter + def oauth_refresh_token_validity(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "oauth_refresh_token_validity", value) + + @property + @pulumi.getter(name="oauthUseSecondaryRoles") + def oauth_use_secondary_roles(self) -> Optional[pulumi.Input[str]]: + """ + Specifies whether default secondary roles set in the user properties are activated by default in the session being opened. + """ + return pulumi.get(self, "oauth_use_secondary_roles") + + @oauth_use_secondary_roles.setter + def oauth_use_secondary_roles(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "oauth_use_secondary_roles", value) + + +@pulumi.input_type +class _OauthIntegrationState: + def __init__(__self__, *, + blocked_roles_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + comment: Optional[pulumi.Input[str]] = None, + created_on: Optional[pulumi.Input[str]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + name: Optional[pulumi.Input[str]] = None, + oauth_client: Optional[pulumi.Input[str]] = None, + oauth_issue_refresh_tokens: Optional[pulumi.Input[bool]] = None, + oauth_refresh_token_validity: Optional[pulumi.Input[int]] = None, + oauth_use_secondary_roles: Optional[pulumi.Input[str]] = None): + """ + Input properties used for looking up and filtering OauthIntegration resources. + :param pulumi.Input[Sequence[pulumi.Input[str]]] blocked_roles_lists: List of roles that a user cannot explicitly consent to using after authenticating. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates. + :param pulumi.Input[str] comment: Specifies a comment for the OAuth integration. + :param pulumi.Input[str] created_on: Date and time when the OAuth integration was created. + :param pulumi.Input[bool] enabled: Specifies whether this OAuth integration is enabled or disabled. + :param pulumi.Input[str] name: Specifies the name of the OAuth integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + :param pulumi.Input[str] oauth_client: Specifies the OAuth client type. + :param pulumi.Input[bool] oauth_issue_refresh_tokens: Specifies whether to allow the client to exchange a refresh token for an access token when the current access token has expired. + :param pulumi.Input[int] oauth_refresh_token_validity: Specifies how long refresh tokens should be valid (in seconds). OAUTH*ISSUE*REFRESH_TOKENS must be set to TRUE. + :param pulumi.Input[str] oauth_use_secondary_roles: Specifies whether default secondary roles set in the user properties are activated by default in the session being opened. + """ + if blocked_roles_lists is not None: + pulumi.set(__self__, "blocked_roles_lists", blocked_roles_lists) + if comment is not None: + pulumi.set(__self__, "comment", comment) + if created_on is not None: + pulumi.set(__self__, "created_on", created_on) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if name is not None: + pulumi.set(__self__, "name", name) + if oauth_client is not None: + pulumi.set(__self__, "oauth_client", oauth_client) + if oauth_issue_refresh_tokens is not None: + pulumi.set(__self__, "oauth_issue_refresh_tokens", oauth_issue_refresh_tokens) + if oauth_refresh_token_validity is not None: + pulumi.set(__self__, "oauth_refresh_token_validity", oauth_refresh_token_validity) + if oauth_use_secondary_roles is not None: + pulumi.set(__self__, "oauth_use_secondary_roles", oauth_use_secondary_roles) + + @property + @pulumi.getter(name="blockedRolesLists") + def blocked_roles_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of roles that a user cannot explicitly consent to using after authenticating. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates. + """ + return pulumi.get(self, "blocked_roles_lists") + + @blocked_roles_lists.setter + def blocked_roles_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "blocked_roles_lists", value) + + @property + @pulumi.getter + def comment(self) -> Optional[pulumi.Input[str]]: + """ + Specifies a comment for the OAuth integration. + """ + return pulumi.get(self, "comment") + + @comment.setter + def comment(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "comment", value) + + @property + @pulumi.getter(name="createdOn") + def created_on(self) -> Optional[pulumi.Input[str]]: + """ + Date and time when the OAuth integration was created. + """ + return pulumi.get(self, "created_on") + + @created_on.setter + def created_on(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "created_on", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Specifies whether this OAuth integration is enabled or disabled. + """ + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Specifies the name of the OAuth integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter(name="oauthClient") + def oauth_client(self) -> Optional[pulumi.Input[str]]: + """ + Specifies the OAuth client type. + """ + return pulumi.get(self, "oauth_client") + + @oauth_client.setter + def oauth_client(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "oauth_client", value) + + @property + @pulumi.getter(name="oauthIssueRefreshTokens") + def oauth_issue_refresh_tokens(self) -> Optional[pulumi.Input[bool]]: + """ + Specifies whether to allow the client to exchange a refresh token for an access token when the current access token has expired. + """ + return pulumi.get(self, "oauth_issue_refresh_tokens") + + @oauth_issue_refresh_tokens.setter + def oauth_issue_refresh_tokens(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "oauth_issue_refresh_tokens", value) + + @property + @pulumi.getter(name="oauthRefreshTokenValidity") + def oauth_refresh_token_validity(self) -> Optional[pulumi.Input[int]]: + """ + Specifies how long refresh tokens should be valid (in seconds). OAUTH*ISSUE*REFRESH_TOKENS must be set to TRUE. + """ + return pulumi.get(self, "oauth_refresh_token_validity") + + @oauth_refresh_token_validity.setter + def oauth_refresh_token_validity(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "oauth_refresh_token_validity", value) + + @property + @pulumi.getter(name="oauthUseSecondaryRoles") + def oauth_use_secondary_roles(self) -> Optional[pulumi.Input[str]]: + """ + Specifies whether default secondary roles set in the user properties are activated by default in the session being opened. + """ + return pulumi.get(self, "oauth_use_secondary_roles") + + @oauth_use_secondary_roles.setter + def oauth_use_secondary_roles(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "oauth_use_secondary_roles", value) + + +class OauthIntegration(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + blocked_roles_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + comment: Optional[pulumi.Input[str]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + name: Optional[pulumi.Input[str]] = None, + oauth_client: Optional[pulumi.Input[str]] = None, + oauth_issue_refresh_tokens: Optional[pulumi.Input[bool]] = None, + oauth_refresh_token_validity: Optional[pulumi.Input[int]] = None, + oauth_use_secondary_roles: Optional[pulumi.Input[str]] = None, + __props__=None): + """ + ## Example Usage + + ```python + import pulumi + import pulumi_snowflake as snowflake + + tableau_desktop = snowflake.OauthIntegration("tableauDesktop", + blocked_roles_lists=["SYSADMIN"], + enabled=True, + oauth_client="TABLEAU_DESKTOP", + oauth_issue_refresh_tokens=True, + oauth_refresh_token_validity=3600) + ``` + + ## Import + + ```sh + $ pulumi import snowflake:index/oauthIntegration:OauthIntegration example name + ``` + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[Sequence[pulumi.Input[str]]] blocked_roles_lists: List of roles that a user cannot explicitly consent to using after authenticating. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates. + :param pulumi.Input[str] comment: Specifies a comment for the OAuth integration. + :param pulumi.Input[bool] enabled: Specifies whether this OAuth integration is enabled or disabled. + :param pulumi.Input[str] name: Specifies the name of the OAuth integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + :param pulumi.Input[str] oauth_client: Specifies the OAuth client type. + :param pulumi.Input[bool] oauth_issue_refresh_tokens: Specifies whether to allow the client to exchange a refresh token for an access token when the current access token has expired. + :param pulumi.Input[int] oauth_refresh_token_validity: Specifies how long refresh tokens should be valid (in seconds). OAUTH*ISSUE*REFRESH_TOKENS must be set to TRUE. + :param pulumi.Input[str] oauth_use_secondary_roles: Specifies whether default secondary roles set in the user properties are activated by default in the session being opened. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: OauthIntegrationArgs, + opts: Optional[pulumi.ResourceOptions] = None): + """ + ## Example Usage + + ```python + import pulumi + import pulumi_snowflake as snowflake + + tableau_desktop = snowflake.OauthIntegration("tableauDesktop", + blocked_roles_lists=["SYSADMIN"], + enabled=True, + oauth_client="TABLEAU_DESKTOP", + oauth_issue_refresh_tokens=True, + oauth_refresh_token_validity=3600) + ``` + + ## Import + + ```sh + $ pulumi import snowflake:index/oauthIntegration:OauthIntegration example name + ``` + + :param str resource_name: The name of the resource. + :param OauthIntegrationArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(OauthIntegrationArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + blocked_roles_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + comment: Optional[pulumi.Input[str]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + name: Optional[pulumi.Input[str]] = None, + oauth_client: Optional[pulumi.Input[str]] = None, + oauth_issue_refresh_tokens: Optional[pulumi.Input[bool]] = None, + oauth_refresh_token_validity: Optional[pulumi.Input[int]] = None, + oauth_use_secondary_roles: Optional[pulumi.Input[str]] = None, + __props__=None): + if opts is None: + opts = pulumi.ResourceOptions() + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.version is None: + opts.version = _utilities.get_version() + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = OauthIntegrationArgs.__new__(OauthIntegrationArgs) + + __props__.__dict__["blocked_roles_lists"] = blocked_roles_lists + __props__.__dict__["comment"] = comment + __props__.__dict__["enabled"] = enabled + __props__.__dict__["name"] = name + if oauth_client is None and not opts.urn: + raise TypeError("Missing required property 'oauth_client'") + __props__.__dict__["oauth_client"] = oauth_client + __props__.__dict__["oauth_issue_refresh_tokens"] = oauth_issue_refresh_tokens + __props__.__dict__["oauth_refresh_token_validity"] = oauth_refresh_token_validity + __props__.__dict__["oauth_use_secondary_roles"] = oauth_use_secondary_roles + __props__.__dict__["created_on"] = None + super(OauthIntegration, __self__).__init__( + 'snowflake:index/oauthIntegration:OauthIntegration', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None, + blocked_roles_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + comment: Optional[pulumi.Input[str]] = None, + created_on: Optional[pulumi.Input[str]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + name: Optional[pulumi.Input[str]] = None, + oauth_client: Optional[pulumi.Input[str]] = None, + oauth_issue_refresh_tokens: Optional[pulumi.Input[bool]] = None, + oauth_refresh_token_validity: Optional[pulumi.Input[int]] = None, + oauth_use_secondary_roles: Optional[pulumi.Input[str]] = None) -> 'OauthIntegration': + """ + Get an existing OauthIntegration resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[Sequence[pulumi.Input[str]]] blocked_roles_lists: List of roles that a user cannot explicitly consent to using after authenticating. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates. + :param pulumi.Input[str] comment: Specifies a comment for the OAuth integration. + :param pulumi.Input[str] created_on: Date and time when the OAuth integration was created. + :param pulumi.Input[bool] enabled: Specifies whether this OAuth integration is enabled or disabled. + :param pulumi.Input[str] name: Specifies the name of the OAuth integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + :param pulumi.Input[str] oauth_client: Specifies the OAuth client type. + :param pulumi.Input[bool] oauth_issue_refresh_tokens: Specifies whether to allow the client to exchange a refresh token for an access token when the current access token has expired. + :param pulumi.Input[int] oauth_refresh_token_validity: Specifies how long refresh tokens should be valid (in seconds). OAUTH*ISSUE*REFRESH_TOKENS must be set to TRUE. + :param pulumi.Input[str] oauth_use_secondary_roles: Specifies whether default secondary roles set in the user properties are activated by default in the session being opened. + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = _OauthIntegrationState.__new__(_OauthIntegrationState) + + __props__.__dict__["blocked_roles_lists"] = blocked_roles_lists + __props__.__dict__["comment"] = comment + __props__.__dict__["created_on"] = created_on + __props__.__dict__["enabled"] = enabled + __props__.__dict__["name"] = name + __props__.__dict__["oauth_client"] = oauth_client + __props__.__dict__["oauth_issue_refresh_tokens"] = oauth_issue_refresh_tokens + __props__.__dict__["oauth_refresh_token_validity"] = oauth_refresh_token_validity + __props__.__dict__["oauth_use_secondary_roles"] = oauth_use_secondary_roles + return OauthIntegration(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter(name="blockedRolesLists") + def blocked_roles_lists(self) -> pulumi.Output[Optional[Sequence[str]]]: + """ + List of roles that a user cannot explicitly consent to using after authenticating. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates. + """ + return pulumi.get(self, "blocked_roles_lists") + + @property + @pulumi.getter + def comment(self) -> pulumi.Output[Optional[str]]: + """ + Specifies a comment for the OAuth integration. + """ + return pulumi.get(self, "comment") + + @property + @pulumi.getter(name="createdOn") + def created_on(self) -> pulumi.Output[str]: + """ + Date and time when the OAuth integration was created. + """ + return pulumi.get(self, "created_on") + + @property + @pulumi.getter + def enabled(self) -> pulumi.Output[Optional[bool]]: + """ + Specifies whether this OAuth integration is enabled or disabled. + """ + return pulumi.get(self, "enabled") + + @property + @pulumi.getter + def name(self) -> pulumi.Output[str]: + """ + Specifies the name of the OAuth integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter(name="oauthClient") + def oauth_client(self) -> pulumi.Output[str]: + """ + Specifies the OAuth client type. + """ + return pulumi.get(self, "oauth_client") + + @property + @pulumi.getter(name="oauthIssueRefreshTokens") + def oauth_issue_refresh_tokens(self) -> pulumi.Output[Optional[bool]]: + """ + Specifies whether to allow the client to exchange a refresh token for an access token when the current access token has expired. + """ + return pulumi.get(self, "oauth_issue_refresh_tokens") + + @property + @pulumi.getter(name="oauthRefreshTokenValidity") + def oauth_refresh_token_validity(self) -> pulumi.Output[Optional[int]]: + """ + Specifies how long refresh tokens should be valid (in seconds). OAUTH*ISSUE*REFRESH_TOKENS must be set to TRUE. + """ + return pulumi.get(self, "oauth_refresh_token_validity") + + @property + @pulumi.getter(name="oauthUseSecondaryRoles") + def oauth_use_secondary_roles(self) -> pulumi.Output[Optional[str]]: + """ + Specifies whether default secondary roles set in the user properties are activated by default in the session being opened. + """ + return pulumi.get(self, "oauth_use_secondary_roles") + diff --git a/sdk/python/pulumi_snowflake/resource_monitor.py b/sdk/python/pulumi_snowflake/resource_monitor.py index 4d534cef..c7222e61 100644 --- a/sdk/python/pulumi_snowflake/resource_monitor.py +++ b/sdk/python/pulumi_snowflake/resource_monitor.py @@ -21,7 +21,8 @@ def __init__(__self__, *, set_for_account: Optional[pulumi.Input[bool]] = None, start_timestamp: Optional[pulumi.Input[str]] = None, suspend_immediate_triggers: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None, - suspend_triggers: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None): + suspend_triggers: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None, + warehouses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): """ The set of arguments for constructing a ResourceMonitor resource. :param pulumi.Input[int] credit_quota: The number of credits allocated monthly to the resource monitor. @@ -33,6 +34,7 @@ def __init__(__self__, *, :param pulumi.Input[str] start_timestamp: The date and time when the resource monitor starts monitoring credit usage for the assigned warehouses. :param pulumi.Input[Sequence[pulumi.Input[int]]] suspend_immediate_triggers: A list of percentage thresholds at which to immediately suspend all warehouses. :param pulumi.Input[Sequence[pulumi.Input[int]]] suspend_triggers: A list of percentage thresholds at which to suspend all warehouses. + :param pulumi.Input[Sequence[pulumi.Input[str]]] warehouses: A list of warehouses to apply the resource monitor to. """ if credit_quota is not None: pulumi.set(__self__, "credit_quota", credit_quota) @@ -52,6 +54,8 @@ def __init__(__self__, *, pulumi.set(__self__, "suspend_immediate_triggers", suspend_immediate_triggers) if suspend_triggers is not None: pulumi.set(__self__, "suspend_triggers", suspend_triggers) + if warehouses is not None: + pulumi.set(__self__, "warehouses", warehouses) @property @pulumi.getter(name="creditQuota") @@ -161,6 +165,18 @@ def suspend_triggers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[int]]] def suspend_triggers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]]): pulumi.set(self, "suspend_triggers", value) + @property + @pulumi.getter + def warehouses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + A list of warehouses to apply the resource monitor to. + """ + return pulumi.get(self, "warehouses") + + @warehouses.setter + def warehouses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "warehouses", value) + @pulumi.input_type class _ResourceMonitorState: @@ -173,7 +189,8 @@ def __init__(__self__, *, set_for_account: Optional[pulumi.Input[bool]] = None, start_timestamp: Optional[pulumi.Input[str]] = None, suspend_immediate_triggers: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None, - suspend_triggers: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None): + suspend_triggers: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None, + warehouses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): """ Input properties used for looking up and filtering ResourceMonitor resources. :param pulumi.Input[int] credit_quota: The number of credits allocated monthly to the resource monitor. @@ -185,6 +202,7 @@ def __init__(__self__, *, :param pulumi.Input[str] start_timestamp: The date and time when the resource monitor starts monitoring credit usage for the assigned warehouses. :param pulumi.Input[Sequence[pulumi.Input[int]]] suspend_immediate_triggers: A list of percentage thresholds at which to immediately suspend all warehouses. :param pulumi.Input[Sequence[pulumi.Input[int]]] suspend_triggers: A list of percentage thresholds at which to suspend all warehouses. + :param pulumi.Input[Sequence[pulumi.Input[str]]] warehouses: A list of warehouses to apply the resource monitor to. """ if credit_quota is not None: pulumi.set(__self__, "credit_quota", credit_quota) @@ -204,6 +222,8 @@ def __init__(__self__, *, pulumi.set(__self__, "suspend_immediate_triggers", suspend_immediate_triggers) if suspend_triggers is not None: pulumi.set(__self__, "suspend_triggers", suspend_triggers) + if warehouses is not None: + pulumi.set(__self__, "warehouses", warehouses) @property @pulumi.getter(name="creditQuota") @@ -313,6 +333,18 @@ def suspend_triggers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[int]]] def suspend_triggers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]]): pulumi.set(self, "suspend_triggers", value) + @property + @pulumi.getter + def warehouses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + A list of warehouses to apply the resource monitor to. + """ + return pulumi.get(self, "warehouses") + + @warehouses.setter + def warehouses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "warehouses", value) + class ResourceMonitor(pulumi.CustomResource): @overload @@ -328,6 +360,7 @@ def __init__(__self__, start_timestamp: Optional[pulumi.Input[str]] = None, suspend_immediate_triggers: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None, suspend_triggers: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None, + warehouses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, __props__=None): """ ## Example Usage @@ -363,6 +396,7 @@ def __init__(__self__, :param pulumi.Input[str] start_timestamp: The date and time when the resource monitor starts monitoring credit usage for the assigned warehouses. :param pulumi.Input[Sequence[pulumi.Input[int]]] suspend_immediate_triggers: A list of percentage thresholds at which to immediately suspend all warehouses. :param pulumi.Input[Sequence[pulumi.Input[int]]] suspend_triggers: A list of percentage thresholds at which to suspend all warehouses. + :param pulumi.Input[Sequence[pulumi.Input[str]]] warehouses: A list of warehouses to apply the resource monitor to. """ ... @overload @@ -417,6 +451,7 @@ def _internal_init(__self__, start_timestamp: Optional[pulumi.Input[str]] = None, suspend_immediate_triggers: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None, suspend_triggers: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None, + warehouses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, __props__=None): if opts is None: opts = pulumi.ResourceOptions() @@ -438,6 +473,7 @@ def _internal_init(__self__, __props__.__dict__["start_timestamp"] = start_timestamp __props__.__dict__["suspend_immediate_triggers"] = suspend_immediate_triggers __props__.__dict__["suspend_triggers"] = suspend_triggers + __props__.__dict__["warehouses"] = warehouses super(ResourceMonitor, __self__).__init__( 'snowflake:index/resourceMonitor:ResourceMonitor', resource_name, @@ -456,7 +492,8 @@ def get(resource_name: str, set_for_account: Optional[pulumi.Input[bool]] = None, start_timestamp: Optional[pulumi.Input[str]] = None, suspend_immediate_triggers: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None, - suspend_triggers: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None) -> 'ResourceMonitor': + suspend_triggers: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None, + warehouses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None) -> 'ResourceMonitor': """ Get an existing ResourceMonitor resource's state with the given name, id, and optional extra properties used to qualify the lookup. @@ -473,6 +510,7 @@ def get(resource_name: str, :param pulumi.Input[str] start_timestamp: The date and time when the resource monitor starts monitoring credit usage for the assigned warehouses. :param pulumi.Input[Sequence[pulumi.Input[int]]] suspend_immediate_triggers: A list of percentage thresholds at which to immediately suspend all warehouses. :param pulumi.Input[Sequence[pulumi.Input[int]]] suspend_triggers: A list of percentage thresholds at which to suspend all warehouses. + :param pulumi.Input[Sequence[pulumi.Input[str]]] warehouses: A list of warehouses to apply the resource monitor to. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -487,6 +525,7 @@ def get(resource_name: str, __props__.__dict__["start_timestamp"] = start_timestamp __props__.__dict__["suspend_immediate_triggers"] = suspend_immediate_triggers __props__.__dict__["suspend_triggers"] = suspend_triggers + __props__.__dict__["warehouses"] = warehouses return ResourceMonitor(resource_name, opts=opts, __props__=__props__) @property @@ -561,3 +600,11 @@ def suspend_triggers(self) -> pulumi.Output[Optional[Sequence[int]]]: """ return pulumi.get(self, "suspend_triggers") + @property + @pulumi.getter + def warehouses(self) -> pulumi.Output[Optional[Sequence[str]]]: + """ + A list of warehouses to apply the resource monitor to. + """ + return pulumi.get(self, "warehouses") + diff --git a/sdk/python/pulumi_snowflake/saml_integration.py b/sdk/python/pulumi_snowflake/saml_integration.py new file mode 100644 index 00000000..d87962a2 --- /dev/null +++ b/sdk/python/pulumi_snowflake/saml_integration.py @@ -0,0 +1,941 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import warnings +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +from . import _utilities + +__all__ = ['SamlIntegrationArgs', 'SamlIntegration'] + +@pulumi.input_type +class SamlIntegrationArgs: + def __init__(__self__, *, + saml2_issuer: pulumi.Input[str], + saml2_provider: pulumi.Input[str], + saml2_sso_url: pulumi.Input[str], + saml2_x509_cert: pulumi.Input[str], + enabled: Optional[pulumi.Input[bool]] = None, + name: Optional[pulumi.Input[str]] = None, + saml2_enable_sp_initiated: Optional[pulumi.Input[bool]] = None, + saml2_force_authn: Optional[pulumi.Input[bool]] = None, + saml2_post_logout_redirect_url: Optional[pulumi.Input[str]] = None, + saml2_requested_nameid_format: Optional[pulumi.Input[str]] = None, + saml2_sign_request: Optional[pulumi.Input[bool]] = None, + saml2_snowflake_acs_url: Optional[pulumi.Input[str]] = None, + saml2_snowflake_issuer_url: Optional[pulumi.Input[str]] = None, + saml2_snowflake_x509_cert: Optional[pulumi.Input[str]] = None, + saml2_sp_initiated_login_page_label: Optional[pulumi.Input[str]] = None): + """ + The set of arguments for constructing a SamlIntegration resource. + :param pulumi.Input[str] saml2_issuer: The string containing the IdP EntityID / Issuer. + :param pulumi.Input[str] saml2_provider: The string describing the IdP. One of the following: OKTA, ADFS, Custom. + :param pulumi.Input[str] saml2_sso_url: The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message. + :param pulumi.Input[str] saml2_x509_cert: The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers. + :param pulumi.Input[bool] enabled: Specifies whether this security integration is enabled or disabled. + :param pulumi.Input[str] name: Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + :param pulumi.Input[bool] saml2_enable_sp_initiated: The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page. + :param pulumi.Input[bool] saml2_force_authn: The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake. + :param pulumi.Input[str] saml2_post_logout_redirect_url: The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint. + :param pulumi.Input[str] saml2_requested_nameid_format: The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient . + :param pulumi.Input[bool] saml2_sign_request: The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed. + :param pulumi.Input[str] saml2_snowflake_acs_url: The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login + :param pulumi.Input[str] saml2_snowflake_issuer_url: The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. + :param pulumi.Input[str] saml2_snowflake_x509_cert: The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value. + :param pulumi.Input[str] saml2_sp_initiated_login_page_label: The string containing the label to display after the Log In With button on the login page. + """ + pulumi.set(__self__, "saml2_issuer", saml2_issuer) + pulumi.set(__self__, "saml2_provider", saml2_provider) + pulumi.set(__self__, "saml2_sso_url", saml2_sso_url) + pulumi.set(__self__, "saml2_x509_cert", saml2_x509_cert) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if name is not None: + pulumi.set(__self__, "name", name) + if saml2_enable_sp_initiated is not None: + pulumi.set(__self__, "saml2_enable_sp_initiated", saml2_enable_sp_initiated) + if saml2_force_authn is not None: + pulumi.set(__self__, "saml2_force_authn", saml2_force_authn) + if saml2_post_logout_redirect_url is not None: + pulumi.set(__self__, "saml2_post_logout_redirect_url", saml2_post_logout_redirect_url) + if saml2_requested_nameid_format is not None: + pulumi.set(__self__, "saml2_requested_nameid_format", saml2_requested_nameid_format) + if saml2_sign_request is not None: + pulumi.set(__self__, "saml2_sign_request", saml2_sign_request) + if saml2_snowflake_acs_url is not None: + pulumi.set(__self__, "saml2_snowflake_acs_url", saml2_snowflake_acs_url) + if saml2_snowflake_issuer_url is not None: + pulumi.set(__self__, "saml2_snowflake_issuer_url", saml2_snowflake_issuer_url) + if saml2_snowflake_x509_cert is not None: + pulumi.set(__self__, "saml2_snowflake_x509_cert", saml2_snowflake_x509_cert) + if saml2_sp_initiated_login_page_label is not None: + pulumi.set(__self__, "saml2_sp_initiated_login_page_label", saml2_sp_initiated_login_page_label) + + @property + @pulumi.getter(name="saml2Issuer") + def saml2_issuer(self) -> pulumi.Input[str]: + """ + The string containing the IdP EntityID / Issuer. + """ + return pulumi.get(self, "saml2_issuer") + + @saml2_issuer.setter + def saml2_issuer(self, value: pulumi.Input[str]): + pulumi.set(self, "saml2_issuer", value) + + @property + @pulumi.getter(name="saml2Provider") + def saml2_provider(self) -> pulumi.Input[str]: + """ + The string describing the IdP. One of the following: OKTA, ADFS, Custom. + """ + return pulumi.get(self, "saml2_provider") + + @saml2_provider.setter + def saml2_provider(self, value: pulumi.Input[str]): + pulumi.set(self, "saml2_provider", value) + + @property + @pulumi.getter(name="saml2SsoUrl") + def saml2_sso_url(self) -> pulumi.Input[str]: + """ + The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message. + """ + return pulumi.get(self, "saml2_sso_url") + + @saml2_sso_url.setter + def saml2_sso_url(self, value: pulumi.Input[str]): + pulumi.set(self, "saml2_sso_url", value) + + @property + @pulumi.getter(name="saml2X509Cert") + def saml2_x509_cert(self) -> pulumi.Input[str]: + """ + The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers. + """ + return pulumi.get(self, "saml2_x509_cert") + + @saml2_x509_cert.setter + def saml2_x509_cert(self, value: pulumi.Input[str]): + pulumi.set(self, "saml2_x509_cert", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Specifies whether this security integration is enabled or disabled. + """ + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter(name="saml2EnableSpInitiated") + def saml2_enable_sp_initiated(self) -> Optional[pulumi.Input[bool]]: + """ + The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page. + """ + return pulumi.get(self, "saml2_enable_sp_initiated") + + @saml2_enable_sp_initiated.setter + def saml2_enable_sp_initiated(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "saml2_enable_sp_initiated", value) + + @property + @pulumi.getter(name="saml2ForceAuthn") + def saml2_force_authn(self) -> Optional[pulumi.Input[bool]]: + """ + The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake. + """ + return pulumi.get(self, "saml2_force_authn") + + @saml2_force_authn.setter + def saml2_force_authn(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "saml2_force_authn", value) + + @property + @pulumi.getter(name="saml2PostLogoutRedirectUrl") + def saml2_post_logout_redirect_url(self) -> Optional[pulumi.Input[str]]: + """ + The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint. + """ + return pulumi.get(self, "saml2_post_logout_redirect_url") + + @saml2_post_logout_redirect_url.setter + def saml2_post_logout_redirect_url(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "saml2_post_logout_redirect_url", value) + + @property + @pulumi.getter(name="saml2RequestedNameidFormat") + def saml2_requested_nameid_format(self) -> Optional[pulumi.Input[str]]: + """ + The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient . + """ + return pulumi.get(self, "saml2_requested_nameid_format") + + @saml2_requested_nameid_format.setter + def saml2_requested_nameid_format(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "saml2_requested_nameid_format", value) + + @property + @pulumi.getter(name="saml2SignRequest") + def saml2_sign_request(self) -> Optional[pulumi.Input[bool]]: + """ + The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed. + """ + return pulumi.get(self, "saml2_sign_request") + + @saml2_sign_request.setter + def saml2_sign_request(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "saml2_sign_request", value) + + @property + @pulumi.getter(name="saml2SnowflakeAcsUrl") + def saml2_snowflake_acs_url(self) -> Optional[pulumi.Input[str]]: + """ + The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login + """ + return pulumi.get(self, "saml2_snowflake_acs_url") + + @saml2_snowflake_acs_url.setter + def saml2_snowflake_acs_url(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "saml2_snowflake_acs_url", value) + + @property + @pulumi.getter(name="saml2SnowflakeIssuerUrl") + def saml2_snowflake_issuer_url(self) -> Optional[pulumi.Input[str]]: + """ + The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. + """ + return pulumi.get(self, "saml2_snowflake_issuer_url") + + @saml2_snowflake_issuer_url.setter + def saml2_snowflake_issuer_url(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "saml2_snowflake_issuer_url", value) + + @property + @pulumi.getter(name="saml2SnowflakeX509Cert") + def saml2_snowflake_x509_cert(self) -> Optional[pulumi.Input[str]]: + """ + The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value. + """ + return pulumi.get(self, "saml2_snowflake_x509_cert") + + @saml2_snowflake_x509_cert.setter + def saml2_snowflake_x509_cert(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "saml2_snowflake_x509_cert", value) + + @property + @pulumi.getter(name="saml2SpInitiatedLoginPageLabel") + def saml2_sp_initiated_login_page_label(self) -> Optional[pulumi.Input[str]]: + """ + The string containing the label to display after the Log In With button on the login page. + """ + return pulumi.get(self, "saml2_sp_initiated_login_page_label") + + @saml2_sp_initiated_login_page_label.setter + def saml2_sp_initiated_login_page_label(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "saml2_sp_initiated_login_page_label", value) + + +@pulumi.input_type +class _SamlIntegrationState: + def __init__(__self__, *, + created_on: Optional[pulumi.Input[str]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + name: Optional[pulumi.Input[str]] = None, + saml2_digest_methods_used: Optional[pulumi.Input[str]] = None, + saml2_enable_sp_initiated: Optional[pulumi.Input[bool]] = None, + saml2_force_authn: Optional[pulumi.Input[bool]] = None, + saml2_issuer: Optional[pulumi.Input[str]] = None, + saml2_post_logout_redirect_url: Optional[pulumi.Input[str]] = None, + saml2_provider: Optional[pulumi.Input[str]] = None, + saml2_requested_nameid_format: Optional[pulumi.Input[str]] = None, + saml2_sign_request: Optional[pulumi.Input[bool]] = None, + saml2_signature_methods_used: Optional[pulumi.Input[str]] = None, + saml2_snowflake_acs_url: Optional[pulumi.Input[str]] = None, + saml2_snowflake_issuer_url: Optional[pulumi.Input[str]] = None, + saml2_snowflake_metadata: Optional[pulumi.Input[str]] = None, + saml2_snowflake_x509_cert: Optional[pulumi.Input[str]] = None, + saml2_sp_initiated_login_page_label: Optional[pulumi.Input[str]] = None, + saml2_sso_url: Optional[pulumi.Input[str]] = None, + saml2_x509_cert: Optional[pulumi.Input[str]] = None): + """ + Input properties used for looking up and filtering SamlIntegration resources. + :param pulumi.Input[str] created_on: Date and time when the SAML integration was created. + :param pulumi.Input[bool] enabled: Specifies whether this security integration is enabled or disabled. + :param pulumi.Input[str] name: Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + :param pulumi.Input[bool] saml2_enable_sp_initiated: The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page. + :param pulumi.Input[bool] saml2_force_authn: The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake. + :param pulumi.Input[str] saml2_issuer: The string containing the IdP EntityID / Issuer. + :param pulumi.Input[str] saml2_post_logout_redirect_url: The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint. + :param pulumi.Input[str] saml2_provider: The string describing the IdP. One of the following: OKTA, ADFS, Custom. + :param pulumi.Input[str] saml2_requested_nameid_format: The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient . + :param pulumi.Input[bool] saml2_sign_request: The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed. + :param pulumi.Input[str] saml2_snowflake_acs_url: The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login + :param pulumi.Input[str] saml2_snowflake_issuer_url: The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. + :param pulumi.Input[str] saml2_snowflake_metadata: Metadata created by Snowflake to provide to SAML2 provider. + :param pulumi.Input[str] saml2_snowflake_x509_cert: The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value. + :param pulumi.Input[str] saml2_sp_initiated_login_page_label: The string containing the label to display after the Log In With button on the login page. + :param pulumi.Input[str] saml2_sso_url: The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message. + :param pulumi.Input[str] saml2_x509_cert: The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers. + """ + if created_on is not None: + pulumi.set(__self__, "created_on", created_on) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if name is not None: + pulumi.set(__self__, "name", name) + if saml2_digest_methods_used is not None: + pulumi.set(__self__, "saml2_digest_methods_used", saml2_digest_methods_used) + if saml2_enable_sp_initiated is not None: + pulumi.set(__self__, "saml2_enable_sp_initiated", saml2_enable_sp_initiated) + if saml2_force_authn is not None: + pulumi.set(__self__, "saml2_force_authn", saml2_force_authn) + if saml2_issuer is not None: + pulumi.set(__self__, "saml2_issuer", saml2_issuer) + if saml2_post_logout_redirect_url is not None: + pulumi.set(__self__, "saml2_post_logout_redirect_url", saml2_post_logout_redirect_url) + if saml2_provider is not None: + pulumi.set(__self__, "saml2_provider", saml2_provider) + if saml2_requested_nameid_format is not None: + pulumi.set(__self__, "saml2_requested_nameid_format", saml2_requested_nameid_format) + if saml2_sign_request is not None: + pulumi.set(__self__, "saml2_sign_request", saml2_sign_request) + if saml2_signature_methods_used is not None: + pulumi.set(__self__, "saml2_signature_methods_used", saml2_signature_methods_used) + if saml2_snowflake_acs_url is not None: + pulumi.set(__self__, "saml2_snowflake_acs_url", saml2_snowflake_acs_url) + if saml2_snowflake_issuer_url is not None: + pulumi.set(__self__, "saml2_snowflake_issuer_url", saml2_snowflake_issuer_url) + if saml2_snowflake_metadata is not None: + pulumi.set(__self__, "saml2_snowflake_metadata", saml2_snowflake_metadata) + if saml2_snowflake_x509_cert is not None: + pulumi.set(__self__, "saml2_snowflake_x509_cert", saml2_snowflake_x509_cert) + if saml2_sp_initiated_login_page_label is not None: + pulumi.set(__self__, "saml2_sp_initiated_login_page_label", saml2_sp_initiated_login_page_label) + if saml2_sso_url is not None: + pulumi.set(__self__, "saml2_sso_url", saml2_sso_url) + if saml2_x509_cert is not None: + pulumi.set(__self__, "saml2_x509_cert", saml2_x509_cert) + + @property + @pulumi.getter(name="createdOn") + def created_on(self) -> Optional[pulumi.Input[str]]: + """ + Date and time when the SAML integration was created. + """ + return pulumi.get(self, "created_on") + + @created_on.setter + def created_on(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "created_on", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Specifies whether this security integration is enabled or disabled. + """ + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter(name="saml2DigestMethodsUsed") + def saml2_digest_methods_used(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "saml2_digest_methods_used") + + @saml2_digest_methods_used.setter + def saml2_digest_methods_used(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "saml2_digest_methods_used", value) + + @property + @pulumi.getter(name="saml2EnableSpInitiated") + def saml2_enable_sp_initiated(self) -> Optional[pulumi.Input[bool]]: + """ + The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page. + """ + return pulumi.get(self, "saml2_enable_sp_initiated") + + @saml2_enable_sp_initiated.setter + def saml2_enable_sp_initiated(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "saml2_enable_sp_initiated", value) + + @property + @pulumi.getter(name="saml2ForceAuthn") + def saml2_force_authn(self) -> Optional[pulumi.Input[bool]]: + """ + The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake. + """ + return pulumi.get(self, "saml2_force_authn") + + @saml2_force_authn.setter + def saml2_force_authn(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "saml2_force_authn", value) + + @property + @pulumi.getter(name="saml2Issuer") + def saml2_issuer(self) -> Optional[pulumi.Input[str]]: + """ + The string containing the IdP EntityID / Issuer. + """ + return pulumi.get(self, "saml2_issuer") + + @saml2_issuer.setter + def saml2_issuer(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "saml2_issuer", value) + + @property + @pulumi.getter(name="saml2PostLogoutRedirectUrl") + def saml2_post_logout_redirect_url(self) -> Optional[pulumi.Input[str]]: + """ + The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint. + """ + return pulumi.get(self, "saml2_post_logout_redirect_url") + + @saml2_post_logout_redirect_url.setter + def saml2_post_logout_redirect_url(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "saml2_post_logout_redirect_url", value) + + @property + @pulumi.getter(name="saml2Provider") + def saml2_provider(self) -> Optional[pulumi.Input[str]]: + """ + The string describing the IdP. One of the following: OKTA, ADFS, Custom. + """ + return pulumi.get(self, "saml2_provider") + + @saml2_provider.setter + def saml2_provider(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "saml2_provider", value) + + @property + @pulumi.getter(name="saml2RequestedNameidFormat") + def saml2_requested_nameid_format(self) -> Optional[pulumi.Input[str]]: + """ + The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient . + """ + return pulumi.get(self, "saml2_requested_nameid_format") + + @saml2_requested_nameid_format.setter + def saml2_requested_nameid_format(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "saml2_requested_nameid_format", value) + + @property + @pulumi.getter(name="saml2SignRequest") + def saml2_sign_request(self) -> Optional[pulumi.Input[bool]]: + """ + The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed. + """ + return pulumi.get(self, "saml2_sign_request") + + @saml2_sign_request.setter + def saml2_sign_request(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "saml2_sign_request", value) + + @property + @pulumi.getter(name="saml2SignatureMethodsUsed") + def saml2_signature_methods_used(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "saml2_signature_methods_used") + + @saml2_signature_methods_used.setter + def saml2_signature_methods_used(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "saml2_signature_methods_used", value) + + @property + @pulumi.getter(name="saml2SnowflakeAcsUrl") + def saml2_snowflake_acs_url(self) -> Optional[pulumi.Input[str]]: + """ + The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login + """ + return pulumi.get(self, "saml2_snowflake_acs_url") + + @saml2_snowflake_acs_url.setter + def saml2_snowflake_acs_url(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "saml2_snowflake_acs_url", value) + + @property + @pulumi.getter(name="saml2SnowflakeIssuerUrl") + def saml2_snowflake_issuer_url(self) -> Optional[pulumi.Input[str]]: + """ + The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. + """ + return pulumi.get(self, "saml2_snowflake_issuer_url") + + @saml2_snowflake_issuer_url.setter + def saml2_snowflake_issuer_url(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "saml2_snowflake_issuer_url", value) + + @property + @pulumi.getter(name="saml2SnowflakeMetadata") + def saml2_snowflake_metadata(self) -> Optional[pulumi.Input[str]]: + """ + Metadata created by Snowflake to provide to SAML2 provider. + """ + return pulumi.get(self, "saml2_snowflake_metadata") + + @saml2_snowflake_metadata.setter + def saml2_snowflake_metadata(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "saml2_snowflake_metadata", value) + + @property + @pulumi.getter(name="saml2SnowflakeX509Cert") + def saml2_snowflake_x509_cert(self) -> Optional[pulumi.Input[str]]: + """ + The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value. + """ + return pulumi.get(self, "saml2_snowflake_x509_cert") + + @saml2_snowflake_x509_cert.setter + def saml2_snowflake_x509_cert(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "saml2_snowflake_x509_cert", value) + + @property + @pulumi.getter(name="saml2SpInitiatedLoginPageLabel") + def saml2_sp_initiated_login_page_label(self) -> Optional[pulumi.Input[str]]: + """ + The string containing the label to display after the Log In With button on the login page. + """ + return pulumi.get(self, "saml2_sp_initiated_login_page_label") + + @saml2_sp_initiated_login_page_label.setter + def saml2_sp_initiated_login_page_label(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "saml2_sp_initiated_login_page_label", value) + + @property + @pulumi.getter(name="saml2SsoUrl") + def saml2_sso_url(self) -> Optional[pulumi.Input[str]]: + """ + The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message. + """ + return pulumi.get(self, "saml2_sso_url") + + @saml2_sso_url.setter + def saml2_sso_url(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "saml2_sso_url", value) + + @property + @pulumi.getter(name="saml2X509Cert") + def saml2_x509_cert(self) -> Optional[pulumi.Input[str]]: + """ + The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers. + """ + return pulumi.get(self, "saml2_x509_cert") + + @saml2_x509_cert.setter + def saml2_x509_cert(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "saml2_x509_cert", value) + + +class SamlIntegration(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + enabled: Optional[pulumi.Input[bool]] = None, + name: Optional[pulumi.Input[str]] = None, + saml2_enable_sp_initiated: Optional[pulumi.Input[bool]] = None, + saml2_force_authn: Optional[pulumi.Input[bool]] = None, + saml2_issuer: Optional[pulumi.Input[str]] = None, + saml2_post_logout_redirect_url: Optional[pulumi.Input[str]] = None, + saml2_provider: Optional[pulumi.Input[str]] = None, + saml2_requested_nameid_format: Optional[pulumi.Input[str]] = None, + saml2_sign_request: Optional[pulumi.Input[bool]] = None, + saml2_snowflake_acs_url: Optional[pulumi.Input[str]] = None, + saml2_snowflake_issuer_url: Optional[pulumi.Input[str]] = None, + saml2_snowflake_x509_cert: Optional[pulumi.Input[str]] = None, + saml2_sp_initiated_login_page_label: Optional[pulumi.Input[str]] = None, + saml2_sso_url: Optional[pulumi.Input[str]] = None, + saml2_x509_cert: Optional[pulumi.Input[str]] = None, + __props__=None): + """ + ## Example Usage + + ```python + import pulumi + import pulumi_snowflake as snowflake + + saml_integration = snowflake.SamlIntegration("samlIntegration", + enabled=True, + saml2_issuer="test_issuer", + saml2_provider="CUSTOM", + saml2_sso_url="https://testsamlissuer.com", + saml2_x509_cert="MIICYzCCAcygAwIBAgIBADANBgkqhkiG9w0BAQUFADAuMQswCQYDVQQGEwJVUzEMMAoGA1UEChMDSUJNMREwDwYDVQQLEwhMb2NhbCBDQTAeFw05OTEyMjIwNTAwMDBaFw0wMDEyMjMwNDU5NTlaMC4xCzAJBgNVBAYTAlVTMQwwCgYDVQQKEwNJQk0xETAPBgNVBAsTCExvY2FsIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD2bZEo7xGaX2/0GHkrNFZvlxBou9v1Jmt/PDiTMPve8r9FeJAQ0QdvFST/0JPQYD20rH0bimdDLgNdNynmyRoS2S/IInfpmf69iyc2G0TPyRvmHIiOZbdCd+YBHQi1adkj17NDcWj6S14tVurFX73zx0sNoMS79q3tuXKrDsxeuwIDAQABo4GQMIGNMEsGCVUdDwGG+EIBDQQ+EzxHZW5lcmF0ZWQgYnkgdGhlIFNlY3VyZVdheSBTZWN1cml0eSBTZXJ2ZXIgZm9yIE9TLzM5MCAoUkFDRikwDgYDVR0PAQH/BAQDAgAGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJ3+ocRyCTJw067dLSwr/nalx6YMMA0GCSqGSIb3DQEBBQUAA4GBAMaQzt+zaj1GU77yzlr8iiMBXgdQrwsZZWJo5exnAucJAEYQZmOfyLiMD6oYq+ZnfvM0n8G/Y79q8nhwvuxpYOnRSAXFp6xSkrIOeZtJMY1h00LKp/JX3Ng1svZ2agE126JHsQ0bhzN5TKsYfbwfTwfjdWAGy6Vf1nYi/rO+ryMO") + ``` + + ## Import + + ```sh + $ pulumi import snowflake:index/samlIntegration:SamlIntegration example name + ``` + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[bool] enabled: Specifies whether this security integration is enabled or disabled. + :param pulumi.Input[str] name: Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + :param pulumi.Input[bool] saml2_enable_sp_initiated: The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page. + :param pulumi.Input[bool] saml2_force_authn: The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake. + :param pulumi.Input[str] saml2_issuer: The string containing the IdP EntityID / Issuer. + :param pulumi.Input[str] saml2_post_logout_redirect_url: The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint. + :param pulumi.Input[str] saml2_provider: The string describing the IdP. One of the following: OKTA, ADFS, Custom. + :param pulumi.Input[str] saml2_requested_nameid_format: The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient . + :param pulumi.Input[bool] saml2_sign_request: The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed. + :param pulumi.Input[str] saml2_snowflake_acs_url: The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login + :param pulumi.Input[str] saml2_snowflake_issuer_url: The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. + :param pulumi.Input[str] saml2_snowflake_x509_cert: The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value. + :param pulumi.Input[str] saml2_sp_initiated_login_page_label: The string containing the label to display after the Log In With button on the login page. + :param pulumi.Input[str] saml2_sso_url: The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message. + :param pulumi.Input[str] saml2_x509_cert: The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: SamlIntegrationArgs, + opts: Optional[pulumi.ResourceOptions] = None): + """ + ## Example Usage + + ```python + import pulumi + import pulumi_snowflake as snowflake + + saml_integration = snowflake.SamlIntegration("samlIntegration", + enabled=True, + saml2_issuer="test_issuer", + saml2_provider="CUSTOM", + saml2_sso_url="https://testsamlissuer.com", + saml2_x509_cert="MIICYzCCAcygAwIBAgIBADANBgkqhkiG9w0BAQUFADAuMQswCQYDVQQGEwJVUzEMMAoGA1UEChMDSUJNMREwDwYDVQQLEwhMb2NhbCBDQTAeFw05OTEyMjIwNTAwMDBaFw0wMDEyMjMwNDU5NTlaMC4xCzAJBgNVBAYTAlVTMQwwCgYDVQQKEwNJQk0xETAPBgNVBAsTCExvY2FsIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD2bZEo7xGaX2/0GHkrNFZvlxBou9v1Jmt/PDiTMPve8r9FeJAQ0QdvFST/0JPQYD20rH0bimdDLgNdNynmyRoS2S/IInfpmf69iyc2G0TPyRvmHIiOZbdCd+YBHQi1adkj17NDcWj6S14tVurFX73zx0sNoMS79q3tuXKrDsxeuwIDAQABo4GQMIGNMEsGCVUdDwGG+EIBDQQ+EzxHZW5lcmF0ZWQgYnkgdGhlIFNlY3VyZVdheSBTZWN1cml0eSBTZXJ2ZXIgZm9yIE9TLzM5MCAoUkFDRikwDgYDVR0PAQH/BAQDAgAGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJ3+ocRyCTJw067dLSwr/nalx6YMMA0GCSqGSIb3DQEBBQUAA4GBAMaQzt+zaj1GU77yzlr8iiMBXgdQrwsZZWJo5exnAucJAEYQZmOfyLiMD6oYq+ZnfvM0n8G/Y79q8nhwvuxpYOnRSAXFp6xSkrIOeZtJMY1h00LKp/JX3Ng1svZ2agE126JHsQ0bhzN5TKsYfbwfTwfjdWAGy6Vf1nYi/rO+ryMO") + ``` + + ## Import + + ```sh + $ pulumi import snowflake:index/samlIntegration:SamlIntegration example name + ``` + + :param str resource_name: The name of the resource. + :param SamlIntegrationArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(SamlIntegrationArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + enabled: Optional[pulumi.Input[bool]] = None, + name: Optional[pulumi.Input[str]] = None, + saml2_enable_sp_initiated: Optional[pulumi.Input[bool]] = None, + saml2_force_authn: Optional[pulumi.Input[bool]] = None, + saml2_issuer: Optional[pulumi.Input[str]] = None, + saml2_post_logout_redirect_url: Optional[pulumi.Input[str]] = None, + saml2_provider: Optional[pulumi.Input[str]] = None, + saml2_requested_nameid_format: Optional[pulumi.Input[str]] = None, + saml2_sign_request: Optional[pulumi.Input[bool]] = None, + saml2_snowflake_acs_url: Optional[pulumi.Input[str]] = None, + saml2_snowflake_issuer_url: Optional[pulumi.Input[str]] = None, + saml2_snowflake_x509_cert: Optional[pulumi.Input[str]] = None, + saml2_sp_initiated_login_page_label: Optional[pulumi.Input[str]] = None, + saml2_sso_url: Optional[pulumi.Input[str]] = None, + saml2_x509_cert: Optional[pulumi.Input[str]] = None, + __props__=None): + if opts is None: + opts = pulumi.ResourceOptions() + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.version is None: + opts.version = _utilities.get_version() + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = SamlIntegrationArgs.__new__(SamlIntegrationArgs) + + __props__.__dict__["enabled"] = enabled + __props__.__dict__["name"] = name + __props__.__dict__["saml2_enable_sp_initiated"] = saml2_enable_sp_initiated + __props__.__dict__["saml2_force_authn"] = saml2_force_authn + if saml2_issuer is None and not opts.urn: + raise TypeError("Missing required property 'saml2_issuer'") + __props__.__dict__["saml2_issuer"] = saml2_issuer + __props__.__dict__["saml2_post_logout_redirect_url"] = saml2_post_logout_redirect_url + if saml2_provider is None and not opts.urn: + raise TypeError("Missing required property 'saml2_provider'") + __props__.__dict__["saml2_provider"] = saml2_provider + __props__.__dict__["saml2_requested_nameid_format"] = saml2_requested_nameid_format + __props__.__dict__["saml2_sign_request"] = saml2_sign_request + __props__.__dict__["saml2_snowflake_acs_url"] = saml2_snowflake_acs_url + __props__.__dict__["saml2_snowflake_issuer_url"] = saml2_snowflake_issuer_url + __props__.__dict__["saml2_snowflake_x509_cert"] = saml2_snowflake_x509_cert + __props__.__dict__["saml2_sp_initiated_login_page_label"] = saml2_sp_initiated_login_page_label + if saml2_sso_url is None and not opts.urn: + raise TypeError("Missing required property 'saml2_sso_url'") + __props__.__dict__["saml2_sso_url"] = saml2_sso_url + if saml2_x509_cert is None and not opts.urn: + raise TypeError("Missing required property 'saml2_x509_cert'") + __props__.__dict__["saml2_x509_cert"] = saml2_x509_cert + __props__.__dict__["created_on"] = None + __props__.__dict__["saml2_digest_methods_used"] = None + __props__.__dict__["saml2_signature_methods_used"] = None + __props__.__dict__["saml2_snowflake_metadata"] = None + super(SamlIntegration, __self__).__init__( + 'snowflake:index/samlIntegration:SamlIntegration', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None, + created_on: Optional[pulumi.Input[str]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + name: Optional[pulumi.Input[str]] = None, + saml2_digest_methods_used: Optional[pulumi.Input[str]] = None, + saml2_enable_sp_initiated: Optional[pulumi.Input[bool]] = None, + saml2_force_authn: Optional[pulumi.Input[bool]] = None, + saml2_issuer: Optional[pulumi.Input[str]] = None, + saml2_post_logout_redirect_url: Optional[pulumi.Input[str]] = None, + saml2_provider: Optional[pulumi.Input[str]] = None, + saml2_requested_nameid_format: Optional[pulumi.Input[str]] = None, + saml2_sign_request: Optional[pulumi.Input[bool]] = None, + saml2_signature_methods_used: Optional[pulumi.Input[str]] = None, + saml2_snowflake_acs_url: Optional[pulumi.Input[str]] = None, + saml2_snowflake_issuer_url: Optional[pulumi.Input[str]] = None, + saml2_snowflake_metadata: Optional[pulumi.Input[str]] = None, + saml2_snowflake_x509_cert: Optional[pulumi.Input[str]] = None, + saml2_sp_initiated_login_page_label: Optional[pulumi.Input[str]] = None, + saml2_sso_url: Optional[pulumi.Input[str]] = None, + saml2_x509_cert: Optional[pulumi.Input[str]] = None) -> 'SamlIntegration': + """ + Get an existing SamlIntegration resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] created_on: Date and time when the SAML integration was created. + :param pulumi.Input[bool] enabled: Specifies whether this security integration is enabled or disabled. + :param pulumi.Input[str] name: Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + :param pulumi.Input[bool] saml2_enable_sp_initiated: The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page. + :param pulumi.Input[bool] saml2_force_authn: The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake. + :param pulumi.Input[str] saml2_issuer: The string containing the IdP EntityID / Issuer. + :param pulumi.Input[str] saml2_post_logout_redirect_url: The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint. + :param pulumi.Input[str] saml2_provider: The string describing the IdP. One of the following: OKTA, ADFS, Custom. + :param pulumi.Input[str] saml2_requested_nameid_format: The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient . + :param pulumi.Input[bool] saml2_sign_request: The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed. + :param pulumi.Input[str] saml2_snowflake_acs_url: The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login + :param pulumi.Input[str] saml2_snowflake_issuer_url: The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. + :param pulumi.Input[str] saml2_snowflake_metadata: Metadata created by Snowflake to provide to SAML2 provider. + :param pulumi.Input[str] saml2_snowflake_x509_cert: The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value. + :param pulumi.Input[str] saml2_sp_initiated_login_page_label: The string containing the label to display after the Log In With button on the login page. + :param pulumi.Input[str] saml2_sso_url: The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message. + :param pulumi.Input[str] saml2_x509_cert: The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers. + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = _SamlIntegrationState.__new__(_SamlIntegrationState) + + __props__.__dict__["created_on"] = created_on + __props__.__dict__["enabled"] = enabled + __props__.__dict__["name"] = name + __props__.__dict__["saml2_digest_methods_used"] = saml2_digest_methods_used + __props__.__dict__["saml2_enable_sp_initiated"] = saml2_enable_sp_initiated + __props__.__dict__["saml2_force_authn"] = saml2_force_authn + __props__.__dict__["saml2_issuer"] = saml2_issuer + __props__.__dict__["saml2_post_logout_redirect_url"] = saml2_post_logout_redirect_url + __props__.__dict__["saml2_provider"] = saml2_provider + __props__.__dict__["saml2_requested_nameid_format"] = saml2_requested_nameid_format + __props__.__dict__["saml2_sign_request"] = saml2_sign_request + __props__.__dict__["saml2_signature_methods_used"] = saml2_signature_methods_used + __props__.__dict__["saml2_snowflake_acs_url"] = saml2_snowflake_acs_url + __props__.__dict__["saml2_snowflake_issuer_url"] = saml2_snowflake_issuer_url + __props__.__dict__["saml2_snowflake_metadata"] = saml2_snowflake_metadata + __props__.__dict__["saml2_snowflake_x509_cert"] = saml2_snowflake_x509_cert + __props__.__dict__["saml2_sp_initiated_login_page_label"] = saml2_sp_initiated_login_page_label + __props__.__dict__["saml2_sso_url"] = saml2_sso_url + __props__.__dict__["saml2_x509_cert"] = saml2_x509_cert + return SamlIntegration(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter(name="createdOn") + def created_on(self) -> pulumi.Output[str]: + """ + Date and time when the SAML integration was created. + """ + return pulumi.get(self, "created_on") + + @property + @pulumi.getter + def enabled(self) -> pulumi.Output[Optional[bool]]: + """ + Specifies whether this security integration is enabled or disabled. + """ + return pulumi.get(self, "enabled") + + @property + @pulumi.getter + def name(self) -> pulumi.Output[str]: + """ + Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account. + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter(name="saml2DigestMethodsUsed") + def saml2_digest_methods_used(self) -> pulumi.Output[str]: + return pulumi.get(self, "saml2_digest_methods_used") + + @property + @pulumi.getter(name="saml2EnableSpInitiated") + def saml2_enable_sp_initiated(self) -> pulumi.Output[Optional[bool]]: + """ + The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page. + """ + return pulumi.get(self, "saml2_enable_sp_initiated") + + @property + @pulumi.getter(name="saml2ForceAuthn") + def saml2_force_authn(self) -> pulumi.Output[Optional[bool]]: + """ + The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake. + """ + return pulumi.get(self, "saml2_force_authn") + + @property + @pulumi.getter(name="saml2Issuer") + def saml2_issuer(self) -> pulumi.Output[str]: + """ + The string containing the IdP EntityID / Issuer. + """ + return pulumi.get(self, "saml2_issuer") + + @property + @pulumi.getter(name="saml2PostLogoutRedirectUrl") + def saml2_post_logout_redirect_url(self) -> pulumi.Output[Optional[str]]: + """ + The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint. + """ + return pulumi.get(self, "saml2_post_logout_redirect_url") + + @property + @pulumi.getter(name="saml2Provider") + def saml2_provider(self) -> pulumi.Output[str]: + """ + The string describing the IdP. One of the following: OKTA, ADFS, Custom. + """ + return pulumi.get(self, "saml2_provider") + + @property + @pulumi.getter(name="saml2RequestedNameidFormat") + def saml2_requested_nameid_format(self) -> pulumi.Output[Optional[str]]: + """ + The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient . + """ + return pulumi.get(self, "saml2_requested_nameid_format") + + @property + @pulumi.getter(name="saml2SignRequest") + def saml2_sign_request(self) -> pulumi.Output[Optional[bool]]: + """ + The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed. + """ + return pulumi.get(self, "saml2_sign_request") + + @property + @pulumi.getter(name="saml2SignatureMethodsUsed") + def saml2_signature_methods_used(self) -> pulumi.Output[str]: + return pulumi.get(self, "saml2_signature_methods_used") + + @property + @pulumi.getter(name="saml2SnowflakeAcsUrl") + def saml2_snowflake_acs_url(self) -> pulumi.Output[str]: + """ + The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login + """ + return pulumi.get(self, "saml2_snowflake_acs_url") + + @property + @pulumi.getter(name="saml2SnowflakeIssuerUrl") + def saml2_snowflake_issuer_url(self) -> pulumi.Output[str]: + """ + The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. + """ + return pulumi.get(self, "saml2_snowflake_issuer_url") + + @property + @pulumi.getter(name="saml2SnowflakeMetadata") + def saml2_snowflake_metadata(self) -> pulumi.Output[str]: + """ + Metadata created by Snowflake to provide to SAML2 provider. + """ + return pulumi.get(self, "saml2_snowflake_metadata") + + @property + @pulumi.getter(name="saml2SnowflakeX509Cert") + def saml2_snowflake_x509_cert(self) -> pulumi.Output[str]: + """ + The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value. + """ + return pulumi.get(self, "saml2_snowflake_x509_cert") + + @property + @pulumi.getter(name="saml2SpInitiatedLoginPageLabel") + def saml2_sp_initiated_login_page_label(self) -> pulumi.Output[Optional[str]]: + """ + The string containing the label to display after the Log In With button on the login page. + """ + return pulumi.get(self, "saml2_sp_initiated_login_page_label") + + @property + @pulumi.getter(name="saml2SsoUrl") + def saml2_sso_url(self) -> pulumi.Output[str]: + """ + The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message. + """ + return pulumi.get(self, "saml2_sso_url") + + @property + @pulumi.getter(name="saml2X509Cert") + def saml2_x509_cert(self) -> pulumi.Output[str]: + """ + The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers. + """ + return pulumi.get(self, "saml2_x509_cert") + diff --git a/sdk/python/pulumi_snowflake/task.py b/sdk/python/pulumi_snowflake/task.py index 95d148fc..6442f169 100644 --- a/sdk/python/pulumi_snowflake/task.py +++ b/sdk/python/pulumi_snowflake/task.py @@ -19,6 +19,7 @@ def __init__(__self__, *, after: Optional[pulumi.Input[str]] = None, comment: Optional[pulumi.Input[str]] = None, enabled: Optional[pulumi.Input[bool]] = None, + error_integration: Optional[pulumi.Input[str]] = None, name: Optional[pulumi.Input[str]] = None, schedule: Optional[pulumi.Input[str]] = None, session_parameters: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, @@ -34,6 +35,7 @@ def __init__(__self__, *, :param pulumi.Input[str] after: Specifies the predecessor task in the same database and schema of the current task. When a run of the predecessor task finishes successfully, it triggers this task (after a brief lag). (Conflict with schedule) :param pulumi.Input[str] comment: Specifies a comment for the task. :param pulumi.Input[bool] enabled: Specifies if the task should be started (enabled) after creation or should remain suspended (default). + :param pulumi.Input[str] error_integration: Specifies the name of the notification integration used for error notifications. :param pulumi.Input[str] name: Specifies the identifier for the task; must be unique for the database and schema in which the task is created. :param pulumi.Input[str] schedule: The schedule for periodically running the task. This can be a cron or interval in minutes. (Conflict with after) :param pulumi.Input[Mapping[str, pulumi.Input[str]]] session_parameters: Specifies session parameters to set for the session when the task runs. A task supports all session parameters. @@ -51,6 +53,8 @@ def __init__(__self__, *, pulumi.set(__self__, "comment", comment) if enabled is not None: pulumi.set(__self__, "enabled", enabled) + if error_integration is not None: + pulumi.set(__self__, "error_integration", error_integration) if name is not None: pulumi.set(__self__, "name", name) if schedule is not None: @@ -138,6 +142,18 @@ def enabled(self) -> Optional[pulumi.Input[bool]]: def enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "enabled", value) + @property + @pulumi.getter(name="errorIntegration") + def error_integration(self) -> Optional[pulumi.Input[str]]: + """ + Specifies the name of the notification integration used for error notifications. + """ + return pulumi.get(self, "error_integration") + + @error_integration.setter + def error_integration(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "error_integration", value) + @property @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: @@ -230,6 +246,7 @@ def __init__(__self__, *, comment: Optional[pulumi.Input[str]] = None, database: Optional[pulumi.Input[str]] = None, enabled: Optional[pulumi.Input[bool]] = None, + error_integration: Optional[pulumi.Input[str]] = None, name: Optional[pulumi.Input[str]] = None, schedule: Optional[pulumi.Input[str]] = None, schema: Optional[pulumi.Input[str]] = None, @@ -245,6 +262,7 @@ def __init__(__self__, *, :param pulumi.Input[str] comment: Specifies a comment for the task. :param pulumi.Input[str] database: The database in which to create the task. :param pulumi.Input[bool] enabled: Specifies if the task should be started (enabled) after creation or should remain suspended (default). + :param pulumi.Input[str] error_integration: Specifies the name of the notification integration used for error notifications. :param pulumi.Input[str] name: Specifies the identifier for the task; must be unique for the database and schema in which the task is created. :param pulumi.Input[str] schedule: The schedule for periodically running the task. This can be a cron or interval in minutes. (Conflict with after) :param pulumi.Input[str] schema: The schema in which to create the task. @@ -263,6 +281,8 @@ def __init__(__self__, *, pulumi.set(__self__, "database", database) if enabled is not None: pulumi.set(__self__, "enabled", enabled) + if error_integration is not None: + pulumi.set(__self__, "error_integration", error_integration) if name is not None: pulumi.set(__self__, "name", name) if schedule is not None: @@ -330,6 +350,18 @@ def enabled(self) -> Optional[pulumi.Input[bool]]: def enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "enabled", value) + @property + @pulumi.getter(name="errorIntegration") + def error_integration(self) -> Optional[pulumi.Input[str]]: + """ + Specifies the name of the notification integration used for error notifications. + """ + return pulumi.get(self, "error_integration") + + @error_integration.setter + def error_integration(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "error_integration", value) + @property @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: @@ -448,6 +480,7 @@ def __init__(__self__, comment: Optional[pulumi.Input[str]] = None, database: Optional[pulumi.Input[str]] = None, enabled: Optional[pulumi.Input[bool]] = None, + error_integration: Optional[pulumi.Input[str]] = None, name: Optional[pulumi.Input[str]] = None, schedule: Optional[pulumi.Input[str]] = None, schema: Optional[pulumi.Input[str]] = None, @@ -509,6 +542,7 @@ def __init__(__self__, :param pulumi.Input[str] comment: Specifies a comment for the task. :param pulumi.Input[str] database: The database in which to create the task. :param pulumi.Input[bool] enabled: Specifies if the task should be started (enabled) after creation or should remain suspended (default). + :param pulumi.Input[str] error_integration: Specifies the name of the notification integration used for error notifications. :param pulumi.Input[str] name: Specifies the identifier for the task; must be unique for the database and schema in which the task is created. :param pulumi.Input[str] schedule: The schedule for periodically running the task. This can be a cron or interval in minutes. (Conflict with after) :param pulumi.Input[str] schema: The schema in which to create the task. @@ -589,6 +623,7 @@ def _internal_init(__self__, comment: Optional[pulumi.Input[str]] = None, database: Optional[pulumi.Input[str]] = None, enabled: Optional[pulumi.Input[bool]] = None, + error_integration: Optional[pulumi.Input[str]] = None, name: Optional[pulumi.Input[str]] = None, schedule: Optional[pulumi.Input[str]] = None, schema: Optional[pulumi.Input[str]] = None, @@ -616,6 +651,7 @@ def _internal_init(__self__, raise TypeError("Missing required property 'database'") __props__.__dict__["database"] = database __props__.__dict__["enabled"] = enabled + __props__.__dict__["error_integration"] = error_integration __props__.__dict__["name"] = name __props__.__dict__["schedule"] = schedule if schema is None and not opts.urn: @@ -643,6 +679,7 @@ def get(resource_name: str, comment: Optional[pulumi.Input[str]] = None, database: Optional[pulumi.Input[str]] = None, enabled: Optional[pulumi.Input[bool]] = None, + error_integration: Optional[pulumi.Input[str]] = None, name: Optional[pulumi.Input[str]] = None, schedule: Optional[pulumi.Input[str]] = None, schema: Optional[pulumi.Input[str]] = None, @@ -663,6 +700,7 @@ def get(resource_name: str, :param pulumi.Input[str] comment: Specifies a comment for the task. :param pulumi.Input[str] database: The database in which to create the task. :param pulumi.Input[bool] enabled: Specifies if the task should be started (enabled) after creation or should remain suspended (default). + :param pulumi.Input[str] error_integration: Specifies the name of the notification integration used for error notifications. :param pulumi.Input[str] name: Specifies the identifier for the task; must be unique for the database and schema in which the task is created. :param pulumi.Input[str] schedule: The schedule for periodically running the task. This can be a cron or interval in minutes. (Conflict with after) :param pulumi.Input[str] schema: The schema in which to create the task. @@ -681,6 +719,7 @@ def get(resource_name: str, __props__.__dict__["comment"] = comment __props__.__dict__["database"] = database __props__.__dict__["enabled"] = enabled + __props__.__dict__["error_integration"] = error_integration __props__.__dict__["name"] = name __props__.__dict__["schedule"] = schedule __props__.__dict__["schema"] = schema @@ -724,6 +763,14 @@ def enabled(self) -> pulumi.Output[Optional[bool]]: """ return pulumi.get(self, "enabled") + @property + @pulumi.getter(name="errorIntegration") + def error_integration(self) -> pulumi.Output[Optional[str]]: + """ + Specifies the name of the notification integration used for error notifications. + """ + return pulumi.get(self, "error_integration") + @property @pulumi.getter def name(self) -> pulumi.Output[str]: