generated from pulumi/pulumi-tf-provider-boilerplate
/
samlIntegration.go
410 lines (364 loc) · 31.1 KB
/
samlIntegration.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
package snowflake
import (
"context"
"reflect"
"github.com/pkg/errors"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
// ## Example Usage
//
// ```go
// package main
//
// import (
// "github.com/pulumi/pulumi-snowflake/sdk/go/snowflake"
// "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
// )
//
// func main() {
// pulumi.Run(func(ctx *pulumi.Context) error {
// _, err := snowflake.NewSamlIntegration(ctx, "samlIntegration", &snowflake.SamlIntegrationArgs{
// Enabled: pulumi.Bool(true),
// Saml2Issuer: pulumi.String("test_issuer"),
// Saml2Provider: pulumi.String("CUSTOM"),
// Saml2SsoUrl: pulumi.String("https://testsamlissuer.com"),
// Saml2X509Cert: pulumi.String("MIICYzCCAcygAwIBAgIBADANBgkqhkiG9w0BAQUFADAuMQswCQYDVQQGEwJVUzEMMAoGA1UEChMDSUJNMREwDwYDVQQLEwhMb2NhbCBDQTAeFw05OTEyMjIwNTAwMDBaFw0wMDEyMjMwNDU5NTlaMC4xCzAJBgNVBAYTAlVTMQwwCgYDVQQKEwNJQk0xETAPBgNVBAsTCExvY2FsIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD2bZEo7xGaX2/0GHkrNFZvlxBou9v1Jmt/PDiTMPve8r9FeJAQ0QdvFST/0JPQYD20rH0bimdDLgNdNynmyRoS2S/IInfpmf69iyc2G0TPyRvmHIiOZbdCd+YBHQi1adkj17NDcWj6S14tVurFX73zx0sNoMS79q3tuXKrDsxeuwIDAQABo4GQMIGNMEsGCVUdDwGG+EIBDQQ+EzxHZW5lcmF0ZWQgYnkgdGhlIFNlY3VyZVdheSBTZWN1cml0eSBTZXJ2ZXIgZm9yIE9TLzM5MCAoUkFDRikwDgYDVR0PAQH/BAQDAgAGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJ3+ocRyCTJw067dLSwr/nalx6YMMA0GCSqGSIb3DQEBBQUAA4GBAMaQzt+zaj1GU77yzlr8iiMBXgdQrwsZZWJo5exnAucJAEYQZmOfyLiMD6oYq+ZnfvM0n8G/Y79q8nhwvuxpYOnRSAXFp6xSkrIOeZtJMY1h00LKp/JX3Ng1svZ2agE126JHsQ0bhzN5TKsYfbwfTwfjdWAGy6Vf1nYi/rO+ryMO"),
// })
// if err != nil {
// return err
// }
// return nil
// })
// }
// ```
//
// ## Import
//
// ```sh
// $ pulumi import snowflake:index/samlIntegration:SamlIntegration example name
// ```
type SamlIntegration struct {
pulumi.CustomResourceState
// Date and time when the SAML integration was created.
CreatedOn pulumi.StringOutput `pulumi:"createdOn"`
// Specifies whether this security integration is enabled or disabled.
Enabled pulumi.BoolPtrOutput `pulumi:"enabled"`
// Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
Name pulumi.StringOutput `pulumi:"name"`
Saml2DigestMethodsUsed pulumi.StringOutput `pulumi:"saml2DigestMethodsUsed"`
// The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page.
Saml2EnableSpInitiated pulumi.BoolPtrOutput `pulumi:"saml2EnableSpInitiated"`
// The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake.
Saml2ForceAuthn pulumi.BoolPtrOutput `pulumi:"saml2ForceAuthn"`
// The string containing the IdP EntityID / Issuer.
Saml2Issuer pulumi.StringOutput `pulumi:"saml2Issuer"`
// The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.
Saml2PostLogoutRedirectUrl pulumi.StringPtrOutput `pulumi:"saml2PostLogoutRedirectUrl"`
// The string describing the IdP. One of the following: OKTA, ADFS, Custom.
Saml2Provider pulumi.StringOutput `pulumi:"saml2Provider"`
// The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient .
Saml2RequestedNameidFormat pulumi.StringPtrOutput `pulumi:"saml2RequestedNameidFormat"`
// The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed.
Saml2SignRequest pulumi.BoolPtrOutput `pulumi:"saml2SignRequest"`
Saml2SignatureMethodsUsed pulumi.StringOutput `pulumi:"saml2SignatureMethodsUsed"`
// The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login
Saml2SnowflakeAcsUrl pulumi.StringOutput `pulumi:"saml2SnowflakeAcsUrl"`
// The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
Saml2SnowflakeIssuerUrl pulumi.StringOutput `pulumi:"saml2SnowflakeIssuerUrl"`
// Metadata created by Snowflake to provide to SAML2 provider.
Saml2SnowflakeMetadata pulumi.StringOutput `pulumi:"saml2SnowflakeMetadata"`
// The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value.
Saml2SnowflakeX509Cert pulumi.StringOutput `pulumi:"saml2SnowflakeX509Cert"`
// The string containing the label to display after the Log In With button on the login page.
Saml2SpInitiatedLoginPageLabel pulumi.StringPtrOutput `pulumi:"saml2SpInitiatedLoginPageLabel"`
// The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message.
Saml2SsoUrl pulumi.StringOutput `pulumi:"saml2SsoUrl"`
// The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers.
Saml2X509Cert pulumi.StringOutput `pulumi:"saml2X509Cert"`
}
// NewSamlIntegration registers a new resource with the given unique name, arguments, and options.
func NewSamlIntegration(ctx *pulumi.Context,
name string, args *SamlIntegrationArgs, opts ...pulumi.ResourceOption) (*SamlIntegration, error) {
if args == nil {
return nil, errors.New("missing one or more required arguments")
}
if args.Saml2Issuer == nil {
return nil, errors.New("invalid value for required argument 'Saml2Issuer'")
}
if args.Saml2Provider == nil {
return nil, errors.New("invalid value for required argument 'Saml2Provider'")
}
if args.Saml2SsoUrl == nil {
return nil, errors.New("invalid value for required argument 'Saml2SsoUrl'")
}
if args.Saml2X509Cert == nil {
return nil, errors.New("invalid value for required argument 'Saml2X509Cert'")
}
var resource SamlIntegration
err := ctx.RegisterResource("snowflake:index/samlIntegration:SamlIntegration", name, args, &resource, opts...)
if err != nil {
return nil, err
}
return &resource, nil
}
// GetSamlIntegration gets an existing SamlIntegration resource's state with the given name, ID, and optional
// state properties that are used to uniquely qualify the lookup (nil if not required).
func GetSamlIntegration(ctx *pulumi.Context,
name string, id pulumi.IDInput, state *SamlIntegrationState, opts ...pulumi.ResourceOption) (*SamlIntegration, error) {
var resource SamlIntegration
err := ctx.ReadResource("snowflake:index/samlIntegration:SamlIntegration", name, id, state, &resource, opts...)
if err != nil {
return nil, err
}
return &resource, nil
}
// Input properties used for looking up and filtering SamlIntegration resources.
type samlIntegrationState struct {
// Date and time when the SAML integration was created.
CreatedOn *string `pulumi:"createdOn"`
// Specifies whether this security integration is enabled or disabled.
Enabled *bool `pulumi:"enabled"`
// Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
Name *string `pulumi:"name"`
Saml2DigestMethodsUsed *string `pulumi:"saml2DigestMethodsUsed"`
// The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page.
Saml2EnableSpInitiated *bool `pulumi:"saml2EnableSpInitiated"`
// The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake.
Saml2ForceAuthn *bool `pulumi:"saml2ForceAuthn"`
// The string containing the IdP EntityID / Issuer.
Saml2Issuer *string `pulumi:"saml2Issuer"`
// The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.
Saml2PostLogoutRedirectUrl *string `pulumi:"saml2PostLogoutRedirectUrl"`
// The string describing the IdP. One of the following: OKTA, ADFS, Custom.
Saml2Provider *string `pulumi:"saml2Provider"`
// The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient .
Saml2RequestedNameidFormat *string `pulumi:"saml2RequestedNameidFormat"`
// The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed.
Saml2SignRequest *bool `pulumi:"saml2SignRequest"`
Saml2SignatureMethodsUsed *string `pulumi:"saml2SignatureMethodsUsed"`
// The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login
Saml2SnowflakeAcsUrl *string `pulumi:"saml2SnowflakeAcsUrl"`
// The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
Saml2SnowflakeIssuerUrl *string `pulumi:"saml2SnowflakeIssuerUrl"`
// Metadata created by Snowflake to provide to SAML2 provider.
Saml2SnowflakeMetadata *string `pulumi:"saml2SnowflakeMetadata"`
// The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value.
Saml2SnowflakeX509Cert *string `pulumi:"saml2SnowflakeX509Cert"`
// The string containing the label to display after the Log In With button on the login page.
Saml2SpInitiatedLoginPageLabel *string `pulumi:"saml2SpInitiatedLoginPageLabel"`
// The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message.
Saml2SsoUrl *string `pulumi:"saml2SsoUrl"`
// The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers.
Saml2X509Cert *string `pulumi:"saml2X509Cert"`
}
type SamlIntegrationState struct {
// Date and time when the SAML integration was created.
CreatedOn pulumi.StringPtrInput
// Specifies whether this security integration is enabled or disabled.
Enabled pulumi.BoolPtrInput
// Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
Name pulumi.StringPtrInput
Saml2DigestMethodsUsed pulumi.StringPtrInput
// The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page.
Saml2EnableSpInitiated pulumi.BoolPtrInput
// The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake.
Saml2ForceAuthn pulumi.BoolPtrInput
// The string containing the IdP EntityID / Issuer.
Saml2Issuer pulumi.StringPtrInput
// The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.
Saml2PostLogoutRedirectUrl pulumi.StringPtrInput
// The string describing the IdP. One of the following: OKTA, ADFS, Custom.
Saml2Provider pulumi.StringPtrInput
// The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient .
Saml2RequestedNameidFormat pulumi.StringPtrInput
// The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed.
Saml2SignRequest pulumi.BoolPtrInput
Saml2SignatureMethodsUsed pulumi.StringPtrInput
// The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login
Saml2SnowflakeAcsUrl pulumi.StringPtrInput
// The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
Saml2SnowflakeIssuerUrl pulumi.StringPtrInput
// Metadata created by Snowflake to provide to SAML2 provider.
Saml2SnowflakeMetadata pulumi.StringPtrInput
// The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value.
Saml2SnowflakeX509Cert pulumi.StringPtrInput
// The string containing the label to display after the Log In With button on the login page.
Saml2SpInitiatedLoginPageLabel pulumi.StringPtrInput
// The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message.
Saml2SsoUrl pulumi.StringPtrInput
// The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers.
Saml2X509Cert pulumi.StringPtrInput
}
func (SamlIntegrationState) ElementType() reflect.Type {
return reflect.TypeOf((*samlIntegrationState)(nil)).Elem()
}
type samlIntegrationArgs struct {
// Specifies whether this security integration is enabled or disabled.
Enabled *bool `pulumi:"enabled"`
// Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
Name *string `pulumi:"name"`
// The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page.
Saml2EnableSpInitiated *bool `pulumi:"saml2EnableSpInitiated"`
// The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake.
Saml2ForceAuthn *bool `pulumi:"saml2ForceAuthn"`
// The string containing the IdP EntityID / Issuer.
Saml2Issuer string `pulumi:"saml2Issuer"`
// The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.
Saml2PostLogoutRedirectUrl *string `pulumi:"saml2PostLogoutRedirectUrl"`
// The string describing the IdP. One of the following: OKTA, ADFS, Custom.
Saml2Provider string `pulumi:"saml2Provider"`
// The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient .
Saml2RequestedNameidFormat *string `pulumi:"saml2RequestedNameidFormat"`
// The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed.
Saml2SignRequest *bool `pulumi:"saml2SignRequest"`
// The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login
Saml2SnowflakeAcsUrl *string `pulumi:"saml2SnowflakeAcsUrl"`
// The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
Saml2SnowflakeIssuerUrl *string `pulumi:"saml2SnowflakeIssuerUrl"`
// The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value.
Saml2SnowflakeX509Cert *string `pulumi:"saml2SnowflakeX509Cert"`
// The string containing the label to display after the Log In With button on the login page.
Saml2SpInitiatedLoginPageLabel *string `pulumi:"saml2SpInitiatedLoginPageLabel"`
// The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message.
Saml2SsoUrl string `pulumi:"saml2SsoUrl"`
// The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers.
Saml2X509Cert string `pulumi:"saml2X509Cert"`
}
// The set of arguments for constructing a SamlIntegration resource.
type SamlIntegrationArgs struct {
// Specifies whether this security integration is enabled or disabled.
Enabled pulumi.BoolPtrInput
// Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
Name pulumi.StringPtrInput
// The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page.
Saml2EnableSpInitiated pulumi.BoolPtrInput
// The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake.
Saml2ForceAuthn pulumi.BoolPtrInput
// The string containing the IdP EntityID / Issuer.
Saml2Issuer pulumi.StringInput
// The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.
Saml2PostLogoutRedirectUrl pulumi.StringPtrInput
// The string describing the IdP. One of the following: OKTA, ADFS, Custom.
Saml2Provider pulumi.StringInput
// The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient .
Saml2RequestedNameidFormat pulumi.StringPtrInput
// The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed.
Saml2SignRequest pulumi.BoolPtrInput
// The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login
Saml2SnowflakeAcsUrl pulumi.StringPtrInput
// The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
Saml2SnowflakeIssuerUrl pulumi.StringPtrInput
// The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value.
Saml2SnowflakeX509Cert pulumi.StringPtrInput
// The string containing the label to display after the Log In With button on the login page.
Saml2SpInitiatedLoginPageLabel pulumi.StringPtrInput
// The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message.
Saml2SsoUrl pulumi.StringInput
// The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers.
Saml2X509Cert pulumi.StringInput
}
func (SamlIntegrationArgs) ElementType() reflect.Type {
return reflect.TypeOf((*samlIntegrationArgs)(nil)).Elem()
}
type SamlIntegrationInput interface {
pulumi.Input
ToSamlIntegrationOutput() SamlIntegrationOutput
ToSamlIntegrationOutputWithContext(ctx context.Context) SamlIntegrationOutput
}
func (*SamlIntegration) ElementType() reflect.Type {
return reflect.TypeOf((**SamlIntegration)(nil)).Elem()
}
func (i *SamlIntegration) ToSamlIntegrationOutput() SamlIntegrationOutput {
return i.ToSamlIntegrationOutputWithContext(context.Background())
}
func (i *SamlIntegration) ToSamlIntegrationOutputWithContext(ctx context.Context) SamlIntegrationOutput {
return pulumi.ToOutputWithContext(ctx, i).(SamlIntegrationOutput)
}
// SamlIntegrationArrayInput is an input type that accepts SamlIntegrationArray and SamlIntegrationArrayOutput values.
// You can construct a concrete instance of `SamlIntegrationArrayInput` via:
//
// SamlIntegrationArray{ SamlIntegrationArgs{...} }
type SamlIntegrationArrayInput interface {
pulumi.Input
ToSamlIntegrationArrayOutput() SamlIntegrationArrayOutput
ToSamlIntegrationArrayOutputWithContext(context.Context) SamlIntegrationArrayOutput
}
type SamlIntegrationArray []SamlIntegrationInput
func (SamlIntegrationArray) ElementType() reflect.Type {
return reflect.TypeOf((*[]*SamlIntegration)(nil)).Elem()
}
func (i SamlIntegrationArray) ToSamlIntegrationArrayOutput() SamlIntegrationArrayOutput {
return i.ToSamlIntegrationArrayOutputWithContext(context.Background())
}
func (i SamlIntegrationArray) ToSamlIntegrationArrayOutputWithContext(ctx context.Context) SamlIntegrationArrayOutput {
return pulumi.ToOutputWithContext(ctx, i).(SamlIntegrationArrayOutput)
}
// SamlIntegrationMapInput is an input type that accepts SamlIntegrationMap and SamlIntegrationMapOutput values.
// You can construct a concrete instance of `SamlIntegrationMapInput` via:
//
// SamlIntegrationMap{ "key": SamlIntegrationArgs{...} }
type SamlIntegrationMapInput interface {
pulumi.Input
ToSamlIntegrationMapOutput() SamlIntegrationMapOutput
ToSamlIntegrationMapOutputWithContext(context.Context) SamlIntegrationMapOutput
}
type SamlIntegrationMap map[string]SamlIntegrationInput
func (SamlIntegrationMap) ElementType() reflect.Type {
return reflect.TypeOf((*map[string]*SamlIntegration)(nil)).Elem()
}
func (i SamlIntegrationMap) ToSamlIntegrationMapOutput() SamlIntegrationMapOutput {
return i.ToSamlIntegrationMapOutputWithContext(context.Background())
}
func (i SamlIntegrationMap) ToSamlIntegrationMapOutputWithContext(ctx context.Context) SamlIntegrationMapOutput {
return pulumi.ToOutputWithContext(ctx, i).(SamlIntegrationMapOutput)
}
type SamlIntegrationOutput struct{ *pulumi.OutputState }
func (SamlIntegrationOutput) ElementType() reflect.Type {
return reflect.TypeOf((**SamlIntegration)(nil)).Elem()
}
func (o SamlIntegrationOutput) ToSamlIntegrationOutput() SamlIntegrationOutput {
return o
}
func (o SamlIntegrationOutput) ToSamlIntegrationOutputWithContext(ctx context.Context) SamlIntegrationOutput {
return o
}
type SamlIntegrationArrayOutput struct{ *pulumi.OutputState }
func (SamlIntegrationArrayOutput) ElementType() reflect.Type {
return reflect.TypeOf((*[]*SamlIntegration)(nil)).Elem()
}
func (o SamlIntegrationArrayOutput) ToSamlIntegrationArrayOutput() SamlIntegrationArrayOutput {
return o
}
func (o SamlIntegrationArrayOutput) ToSamlIntegrationArrayOutputWithContext(ctx context.Context) SamlIntegrationArrayOutput {
return o
}
func (o SamlIntegrationArrayOutput) Index(i pulumi.IntInput) SamlIntegrationOutput {
return pulumi.All(o, i).ApplyT(func(vs []interface{}) *SamlIntegration {
return vs[0].([]*SamlIntegration)[vs[1].(int)]
}).(SamlIntegrationOutput)
}
type SamlIntegrationMapOutput struct{ *pulumi.OutputState }
func (SamlIntegrationMapOutput) ElementType() reflect.Type {
return reflect.TypeOf((*map[string]*SamlIntegration)(nil)).Elem()
}
func (o SamlIntegrationMapOutput) ToSamlIntegrationMapOutput() SamlIntegrationMapOutput {
return o
}
func (o SamlIntegrationMapOutput) ToSamlIntegrationMapOutputWithContext(ctx context.Context) SamlIntegrationMapOutput {
return o
}
func (o SamlIntegrationMapOutput) MapIndex(k pulumi.StringInput) SamlIntegrationOutput {
return pulumi.All(o, k).ApplyT(func(vs []interface{}) *SamlIntegration {
return vs[0].(map[string]*SamlIntegration)[vs[1].(string)]
}).(SamlIntegrationOutput)
}
func init() {
pulumi.RegisterInputType(reflect.TypeOf((*SamlIntegrationInput)(nil)).Elem(), &SamlIntegration{})
pulumi.RegisterInputType(reflect.TypeOf((*SamlIntegrationArrayInput)(nil)).Elem(), SamlIntegrationArray{})
pulumi.RegisterInputType(reflect.TypeOf((*SamlIntegrationMapInput)(nil)).Elem(), SamlIntegrationMap{})
pulumi.RegisterOutputType(SamlIntegrationOutput{})
pulumi.RegisterOutputType(SamlIntegrationArrayOutput{})
pulumi.RegisterOutputType(SamlIntegrationMapOutput{})
}