@pulumi/snowflake 0.61.0-alpha.1731393894 → 0.61.0-alpha.1731504398

package/accountAuthenticationPolicyAttachment.d.ts

@@ -0,0 +1,48 @@
+import * as pulumi from "@pulumi/pulumi";
+export declare class AccountAuthenticationPolicyAttachment extends pulumi.CustomResource {
+    /**
+     * Get an existing AccountAuthenticationPolicyAttachment resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AccountAuthenticationPolicyAttachmentState, opts?: pulumi.CustomResourceOptions): AccountAuthenticationPolicyAttachment;
+    /**
+     * Returns true if the given object is an instance of AccountAuthenticationPolicyAttachment.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj: any): obj is AccountAuthenticationPolicyAttachment;
+    /**
+     * Qualified name (`"db"."schema"."policyName"`) of the authentication policy to apply to the current account.
+     */
+    readonly authenticationPolicy: pulumi.Output<string>;
+    /**
+     * Create a AccountAuthenticationPolicyAttachment resource with the given unique name, arguments, and options.
+     *
+     * @param name The _unique_ name of the resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param opts A bag of options that control this resource's behavior.
+     */
+    constructor(name: string, args: AccountAuthenticationPolicyAttachmentArgs, opts?: pulumi.CustomResourceOptions);
+}
+/**
+ * Input properties used for looking up and filtering AccountAuthenticationPolicyAttachment resources.
+ */
+export interface AccountAuthenticationPolicyAttachmentState {
+    /**
+     * Qualified name (`"db"."schema"."policyName"`) of the authentication policy to apply to the current account.
+     */
+    authenticationPolicy?: pulumi.Input<string>;
+}
+/**
+ * The set of arguments for constructing a AccountAuthenticationPolicyAttachment resource.
+ */
+export interface AccountAuthenticationPolicyAttachmentArgs {
+    /**
+     * Qualified name (`"db"."schema"."policyName"`) of the authentication policy to apply to the current account.
+     */
+    authenticationPolicy: pulumi.Input<string>;
+}

package/accountAuthenticationPolicyAttachment.js

@@ -0,0 +1,52 @@
+"use strict";
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AccountAuthenticationPolicyAttachment = void 0;
+const pulumi = require("@pulumi/pulumi");
+const utilities = require("./utilities");
+class AccountAuthenticationPolicyAttachment extends pulumi.CustomResource {
+    /**
+     * Get an existing AccountAuthenticationPolicyAttachment resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name, id, state, opts) {
+        return new AccountAuthenticationPolicyAttachment(name, state, Object.assign(Object.assign({}, opts), { id: id }));
+    }
+    /**
+     * Returns true if the given object is an instance of AccountAuthenticationPolicyAttachment.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj) {
+        if (obj === undefined || obj === null) {
+            return false;
+        }
+        return obj['__pulumiType'] === AccountAuthenticationPolicyAttachment.__pulumiType;
+    }
+    constructor(name, argsOrState, opts) {
+        let resourceInputs = {};
+        opts = opts || {};
+        if (opts.id) {
+            const state = argsOrState;
+            resourceInputs["authenticationPolicy"] = state ? state.authenticationPolicy : undefined;
+        }
+        else {
+            const args = argsOrState;
+            if ((!args || args.authenticationPolicy === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'authenticationPolicy'");
+            }
+            resourceInputs["authenticationPolicy"] = args ? args.authenticationPolicy : undefined;
+        }
+        opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
+        super(AccountAuthenticationPolicyAttachment.__pulumiType, name, resourceInputs, opts);
+    }
+}
+exports.AccountAuthenticationPolicyAttachment = AccountAuthenticationPolicyAttachment;
+/** @internal */
+AccountAuthenticationPolicyAttachment.__pulumiType = 'snowflake:index/accountAuthenticationPolicyAttachment:AccountAuthenticationPolicyAttachment';
+//# sourceMappingURL=accountAuthenticationPolicyAttachment.js.map

package/accountAuthenticationPolicyAttachment.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"accountAuthenticationPolicyAttachment.js","sourceRoot":"","sources":["../accountAuthenticationPolicyAttachment.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC,MAAa,qCAAsC,SAAQ,MAAM,CAAC,cAAc;IAC5E;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAkD,EAAE,IAAmC;QAChJ,OAAO,IAAI,qCAAqC,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAC5F,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,qCAAqC,CAAC,YAAY,CAAC;IACtF,CAAC;IAeD,YAAY,IAAY,EAAE,WAAoG,EAAE,IAAmC;QAC/J,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAqE,CAAC;YACpF,cAAc,CAAC,sBAAsB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC,SAAS,CAAC;SAC3F;aAAM;YACH,MAAM,IAAI,GAAG,WAAoE,CAAC;YAClF,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,oBAAoB,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACjE,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;aACvE;YACD,cAAc,CAAC,sBAAsB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC,SAAS,CAAC;SACzF;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,qCAAqC,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC1F,CAAC;;AAxDL,sFAyDC;AA3CG,gBAAgB;AACO,kDAAY,GAAG,6FAA6F,CAAC"}

package/authenticationPolicy.d.ts

@@ -0,0 +1,177 @@
+import * as pulumi from "@pulumi/pulumi";
+import * as inputs from "./types/input";
+import * as outputs from "./types/output";
+/**
+ * ## Import
+ *
+ * ```sh
+ * $ pulumi import snowflake:index/authenticationPolicy:AuthenticationPolicy example '"<database_name>"."<schema_name>"."<authentication_policy_name>"'
+ * ```
+ */
+export declare class AuthenticationPolicy extends pulumi.CustomResource {
+    /**
+     * Get an existing AuthenticationPolicy resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AuthenticationPolicyState, opts?: pulumi.CustomResourceOptions): AuthenticationPolicy;
+    /**
+     * Returns true if the given object is an instance of AuthenticationPolicy.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj: any): obj is AuthenticationPolicy;
+    /**
+     * A list of authentication methods that are allowed during login. This parameter accepts one or more of the following values: `ALL` | `SAML` | `PASSWORD` | `OAUTH` | `KEYPAIR`
+     */
+    readonly authenticationMethods: pulumi.Output<string[] | undefined>;
+    /**
+     * A list of clients that can authenticate with Snowflake. If a client tries to connect, and the client is not one of the valid CLIENT*TYPES, then the login attempt fails. Allowed values are `ALL` | `SNOWFLAKE_UI` | `DRIVERS` | `SNOWSQL`. The CLIENT*TYPES property of an authentication policy is a best effort method to block user logins based on specific clients. It should not be used as the sole control to establish a security boundary.
+     */
+    readonly clientTypes: pulumi.Output<string[] | undefined>;
+    /**
+     * Specifies a comment for the authentication policy.
+     */
+    readonly comment: pulumi.Output<string | undefined>;
+    /**
+     * The database in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: `|`, `.`, `(`, `)`, `"`
+     */
+    readonly database: pulumi.Output<string>;
+    /**
+     * Outputs the result of `DESCRIBE AUTHENTICATION POLICY` for the given policy.
+     */
+    readonly describeOutputs: pulumi.Output<outputs.AuthenticationPolicyDescribeOutput[]>;
+    /**
+     * Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
+     */
+    readonly fullyQualifiedName: pulumi.Output<string>;
+    /**
+     * A list of authentication methods that enforce multi-factor authentication (MFA) during login. Authentication methods not listed in this parameter do not prompt for multi-factor authentication. Allowed values are `ALL` | `SAML` | `PASSWORD`.
+     */
+    readonly mfaAuthenticationMethods: pulumi.Output<string[] | undefined>;
+    /**
+     * Determines whether a user must enroll in multi-factor authentication. Allowed values are REQUIRED and OPTIONAL. When REQUIRED is specified, Enforces users to enroll in MFA. If this value is used, then the CLIENT*TYPES parameter must include SNOWFLAKE*UI, because Snowsight is the only place users can enroll in multi-factor authentication (MFA).
+     */
+    readonly mfaEnrollment: pulumi.Output<string | undefined>;
+    /**
+     * Specifies the identifier for the authentication policy. Due to technical limitations (read more here), avoid using the following characters: `|`, `.`, `(`, `)`, `"`
+     */
+    readonly name: pulumi.Output<string>;
+    /**
+     * The schema in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: `|`, `.`, `(`, `)`, `"`
+     */
+    readonly schema: pulumi.Output<string>;
+    /**
+     * A list of security integrations the authentication policy is associated with. This parameter has no effect when SAML or OAUTH are not in the AUTHENTICATION*METHODS list. All values in the SECURITY*INTEGRATIONS list must be compatible with the values in the AUTHENTICATION*METHODS list. For example, if SECURITY*INTEGRATIONS contains a SAML security integration, and AUTHENTICATION_METHODS contains OAUTH, then you cannot create the authentication policy. To allow all security integrations use ALL as parameter.
+     */
+    readonly securityIntegrations: pulumi.Output<string[] | undefined>;
+    /**
+     * Outputs the result of `SHOW AUTHENTICATION POLICIES` for the given policy.
+     */
+    readonly showOutputs: pulumi.Output<outputs.AuthenticationPolicyShowOutput[]>;
+    /**
+     * Create a AuthenticationPolicy resource with the given unique name, arguments, and options.
+     *
+     * @param name The _unique_ name of the resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param opts A bag of options that control this resource's behavior.
+     */
+    constructor(name: string, args: AuthenticationPolicyArgs, opts?: pulumi.CustomResourceOptions);
+}
+/**
+ * Input properties used for looking up and filtering AuthenticationPolicy resources.
+ */
+export interface AuthenticationPolicyState {
+    /**
+     * A list of authentication methods that are allowed during login. This parameter accepts one or more of the following values: `ALL` | `SAML` | `PASSWORD` | `OAUTH` | `KEYPAIR`
+     */
+    authenticationMethods?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * A list of clients that can authenticate with Snowflake. If a client tries to connect, and the client is not one of the valid CLIENT*TYPES, then the login attempt fails. Allowed values are `ALL` | `SNOWFLAKE_UI` | `DRIVERS` | `SNOWSQL`. The CLIENT*TYPES property of an authentication policy is a best effort method to block user logins based on specific clients. It should not be used as the sole control to establish a security boundary.
+     */
+    clientTypes?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * Specifies a comment for the authentication policy.
+     */
+    comment?: pulumi.Input<string>;
+    /**
+     * The database in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: `|`, `.`, `(`, `)`, `"`
+     */
+    database?: pulumi.Input<string>;
+    /**
+     * Outputs the result of `DESCRIBE AUTHENTICATION POLICY` for the given policy.
+     */
+    describeOutputs?: pulumi.Input<pulumi.Input<inputs.AuthenticationPolicyDescribeOutput>[]>;
+    /**
+     * Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
+     */
+    fullyQualifiedName?: pulumi.Input<string>;
+    /**
+     * A list of authentication methods that enforce multi-factor authentication (MFA) during login. Authentication methods not listed in this parameter do not prompt for multi-factor authentication. Allowed values are `ALL` | `SAML` | `PASSWORD`.
+     */
+    mfaAuthenticationMethods?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * Determines whether a user must enroll in multi-factor authentication. Allowed values are REQUIRED and OPTIONAL. When REQUIRED is specified, Enforces users to enroll in MFA. If this value is used, then the CLIENT*TYPES parameter must include SNOWFLAKE*UI, because Snowsight is the only place users can enroll in multi-factor authentication (MFA).
+     */
+    mfaEnrollment?: pulumi.Input<string>;
+    /**
+     * Specifies the identifier for the authentication policy. Due to technical limitations (read more here), avoid using the following characters: `|`, `.`, `(`, `)`, `"`
+     */
+    name?: pulumi.Input<string>;
+    /**
+     * The schema in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: `|`, `.`, `(`, `)`, `"`
+     */
+    schema?: pulumi.Input<string>;
+    /**
+     * A list of security integrations the authentication policy is associated with. This parameter has no effect when SAML or OAUTH are not in the AUTHENTICATION*METHODS list. All values in the SECURITY*INTEGRATIONS list must be compatible with the values in the AUTHENTICATION*METHODS list. For example, if SECURITY*INTEGRATIONS contains a SAML security integration, and AUTHENTICATION_METHODS contains OAUTH, then you cannot create the authentication policy. To allow all security integrations use ALL as parameter.
+     */
+    securityIntegrations?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * Outputs the result of `SHOW AUTHENTICATION POLICIES` for the given policy.
+     */
+    showOutputs?: pulumi.Input<pulumi.Input<inputs.AuthenticationPolicyShowOutput>[]>;
+}
+/**
+ * The set of arguments for constructing a AuthenticationPolicy resource.
+ */
+export interface AuthenticationPolicyArgs {
+    /**
+     * A list of authentication methods that are allowed during login. This parameter accepts one or more of the following values: `ALL` | `SAML` | `PASSWORD` | `OAUTH` | `KEYPAIR`
+     */
+    authenticationMethods?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * A list of clients that can authenticate with Snowflake. If a client tries to connect, and the client is not one of the valid CLIENT*TYPES, then the login attempt fails. Allowed values are `ALL` | `SNOWFLAKE_UI` | `DRIVERS` | `SNOWSQL`. The CLIENT*TYPES property of an authentication policy is a best effort method to block user logins based on specific clients. It should not be used as the sole control to establish a security boundary.
+     */
+    clientTypes?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * Specifies a comment for the authentication policy.
+     */
+    comment?: pulumi.Input<string>;
+    /**
+     * The database in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: `|`, `.`, `(`, `)`, `"`
+     */
+    database: pulumi.Input<string>;
+    /**
+     * A list of authentication methods that enforce multi-factor authentication (MFA) during login. Authentication methods not listed in this parameter do not prompt for multi-factor authentication. Allowed values are `ALL` | `SAML` | `PASSWORD`.
+     */
+    mfaAuthenticationMethods?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * Determines whether a user must enroll in multi-factor authentication. Allowed values are REQUIRED and OPTIONAL. When REQUIRED is specified, Enforces users to enroll in MFA. If this value is used, then the CLIENT*TYPES parameter must include SNOWFLAKE*UI, because Snowsight is the only place users can enroll in multi-factor authentication (MFA).
+     */
+    mfaEnrollment?: pulumi.Input<string>;
+    /**
+     * Specifies the identifier for the authentication policy. Due to technical limitations (read more here), avoid using the following characters: `|`, `.`, `(`, `)`, `"`
+     */
+    name?: pulumi.Input<string>;
+    /**
+     * The schema in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: `|`, `.`, `(`, `)`, `"`
+     */
+    schema: pulumi.Input<string>;
+    /**
+     * A list of security integrations the authentication policy is associated with. This parameter has no effect when SAML or OAUTH are not in the AUTHENTICATION*METHODS list. All values in the SECURITY*INTEGRATIONS list must be compatible with the values in the AUTHENTICATION*METHODS list. For example, if SECURITY*INTEGRATIONS contains a SAML security integration, and AUTHENTICATION_METHODS contains OAUTH, then you cannot create the authentication policy. To allow all security integrations use ALL as parameter.
+     */
+    securityIntegrations?: pulumi.Input<pulumi.Input<string>[]>;
+}

package/authenticationPolicy.js

@@ -0,0 +1,84 @@
+"use strict";
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthenticationPolicy = void 0;
+const pulumi = require("@pulumi/pulumi");
+const utilities = require("./utilities");
+/**
+ * ## Import
+ *
+ * ```sh
+ * $ pulumi import snowflake:index/authenticationPolicy:AuthenticationPolicy example '"<database_name>"."<schema_name>"."<authentication_policy_name>"'
+ * ```
+ */
+class AuthenticationPolicy extends pulumi.CustomResource {
+    /**
+     * Get an existing AuthenticationPolicy resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name, id, state, opts) {
+        return new AuthenticationPolicy(name, state, Object.assign(Object.assign({}, opts), { id: id }));
+    }
+    /**
+     * Returns true if the given object is an instance of AuthenticationPolicy.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj) {
+        if (obj === undefined || obj === null) {
+            return false;
+        }
+        return obj['__pulumiType'] === AuthenticationPolicy.__pulumiType;
+    }
+    constructor(name, argsOrState, opts) {
+        let resourceInputs = {};
+        opts = opts || {};
+        if (opts.id) {
+            const state = argsOrState;
+            resourceInputs["authenticationMethods"] = state ? state.authenticationMethods : undefined;
+            resourceInputs["clientTypes"] = state ? state.clientTypes : undefined;
+            resourceInputs["comment"] = state ? state.comment : undefined;
+            resourceInputs["database"] = state ? state.database : undefined;
+            resourceInputs["describeOutputs"] = state ? state.describeOutputs : undefined;
+            resourceInputs["fullyQualifiedName"] = state ? state.fullyQualifiedName : undefined;
+            resourceInputs["mfaAuthenticationMethods"] = state ? state.mfaAuthenticationMethods : undefined;
+            resourceInputs["mfaEnrollment"] = state ? state.mfaEnrollment : undefined;
+            resourceInputs["name"] = state ? state.name : undefined;
+            resourceInputs["schema"] = state ? state.schema : undefined;
+            resourceInputs["securityIntegrations"] = state ? state.securityIntegrations : undefined;
+            resourceInputs["showOutputs"] = state ? state.showOutputs : undefined;
+        }
+        else {
+            const args = argsOrState;
+            if ((!args || args.database === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'database'");
+            }
+            if ((!args || args.schema === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'schema'");
+            }
+            resourceInputs["authenticationMethods"] = args ? args.authenticationMethods : undefined;
+            resourceInputs["clientTypes"] = args ? args.clientTypes : undefined;
+            resourceInputs["comment"] = args ? args.comment : undefined;
+            resourceInputs["database"] = args ? args.database : undefined;
+            resourceInputs["mfaAuthenticationMethods"] = args ? args.mfaAuthenticationMethods : undefined;
+            resourceInputs["mfaEnrollment"] = args ? args.mfaEnrollment : undefined;
+            resourceInputs["name"] = args ? args.name : undefined;
+            resourceInputs["schema"] = args ? args.schema : undefined;
+            resourceInputs["securityIntegrations"] = args ? args.securityIntegrations : undefined;
+            resourceInputs["describeOutputs"] = undefined /*out*/;
+            resourceInputs["fullyQualifiedName"] = undefined /*out*/;
+            resourceInputs["showOutputs"] = undefined /*out*/;
+        }
+        opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
+        super(AuthenticationPolicy.__pulumiType, name, resourceInputs, opts);
+    }
+}
+exports.AuthenticationPolicy = AuthenticationPolicy;
+/** @internal */
+AuthenticationPolicy.__pulumiType = 'snowflake:index/authenticationPolicy:AuthenticationPolicy';
+//# sourceMappingURL=authenticationPolicy.js.map

package/authenticationPolicy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authenticationPolicy.js","sourceRoot":"","sources":["../authenticationPolicy.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAGzC,yCAAyC;AAEzC;;;;;;GAMG;AACH,MAAa,oBAAqB,SAAQ,MAAM,CAAC,cAAc;IAC3D;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAiC,EAAE,IAAmC;QAC/H,OAAO,IAAI,oBAAoB,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAC3E,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,oBAAoB,CAAC,YAAY,CAAC;IACrE,CAAC;IA2DD,YAAY,IAAY,EAAE,WAAkE,EAAE,IAAmC;QAC7H,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAoD,CAAC;YACnE,cAAc,CAAC,uBAAuB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1F,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,oBAAoB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YACpF,cAAc,CAAC,0BAA0B,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChG,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,sBAAsB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC,SAAS,CAAC;YACxF,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;SACzE;aAAM;YACH,MAAM,IAAI,GAAG,WAAmD,CAAC;YACjE,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACrD,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;aAC3D;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACnD,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;aACzD;YACD,cAAc,CAAC,uBAAuB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC,CAAC,SAAS,CAAC;YACxF,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,0BAA0B,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9F,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,sBAAsB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC,SAAS,CAAC;YACtF,cAAc,CAAC,iBAAiB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACtD,cAAc,CAAC,oBAAoB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACzD,cAAc,CAAC,aAAa,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SACrD;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,oBAAoB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACzE,CAAC;;AA7HL,oDA8HC;AAhHG,gBAAgB;AACO,iCAAY,GAAG,2DAA2D,CAAC"}

package/config/vars.d.ts

@@ -1,15 +1,24 @@
 import * as outputs from "../types/output";
 /**
- * Specifies your Snowflake account identifier assigned, by Snowflake. For information about account identifiers, see the
- * [Snowflake documentation](https://docs.snowflake.com/en/user-guide/admin-account-identifier.html). Can also be sourced
- * from the `SNOWFLAKE_ACCOUNT` environment variable. Required unless using `profile`.
+ * Use `accountName` and `organizationName` instead. Specifies your Snowflake account identifier assigned, by Snowflake.
+ * The [account
+ * locator](https://docs.snowflake.com/en/user-guide/admin-account-identifier#format-2-account-locator-in-a-region) format
+ * is not supported. For information about account identifiers, see the [Snowflake
+ * documentation](https://docs.snowflake.com/en/user-guide/admin-account-identifier.html). Required unless using `profile`.
+ * Can also be sourced from the `SNOWFLAKE_ACCOUNT` environment variable.
  */
 export declare const account: string | undefined;
+/**
+ * Specifies your Snowflake account name assigned by Snowflake. For information about account identifiers, see the
+ * [Snowflake documentation](https://docs.snowflake.com/en/user-guide/admin-account-identifier#account-name). Required
+ * unless using `profile`. Can also be sourced from the `SNOWFLAKE_ACCOUNT_NAME` environment variable.
+ */
+export declare const accountName: string | undefined;
 /**
  * Specifies the [authentication type](https://pkg.go.dev/github.com/snowflakedb/gosnowflake#AuthType) to use when
- * connecting to Snowflake. Valid values include: Snowflake, OAuth, ExternalBrowser, Okta, JWT, TokenAccessor,
- * UsernamePasswordMFA. Can also be sourced from the `SNOWFLAKE_AUTHENTICATOR` environment variable. It has to be set
- * explicitly to JWT for private key authentication.
+ * connecting to Snowflake. Valid options are: `SNOWFLAKE` | `OAUTH` | `EXTERNALBROWSER` | `OKTA` | `JWT` | `SNOWFLAKE_JWT`
+ * | `TOKENACCESSOR` | `USERNAMEPASSWORDMFA`. Value `JWT` is deprecated and will be removed in future releases. Can also be
+ * sourced from the `SNOWFLAKE_AUTHENTICATOR` environment variable.
  */
 export declare const authenticator: string | undefined;
 /**
@@ -24,36 +33,51 @@ export declare const clientIp: string | undefined;
  * When true the MFA token is cached in the credential manager. True by default in Windows/OSX. False for Linux. Can also
  * be sourced from the `SNOWFLAKE_CLIENT_REQUEST_MFA_TOKEN` environment variable.
  */
-export declare const clientRequestMfaToken: boolean | undefined;
+export declare const clientRequestMfaToken: string | undefined;
 /**
  * When true the ID token is cached in the credential manager. True by default in Windows/OSX. False for Linux. Can also be
  * sourced from the `SNOWFLAKE_CLIENT_STORE_TEMPORARY_CREDENTIAL` environment variable.
  */
-export declare const clientStoreTemporaryCredential: boolean | undefined;
+export declare const clientStoreTemporaryCredential: string | undefined;
 /**
- * The timeout in seconds for the client to complete the authentication. Default is 900 seconds. Can also be sourced from
- * the `SNOWFLAKE_CLIENT_TIMEOUT` environment variable.
+ * The timeout in seconds for the client to complete the authentication. Can also be sourced from the
+ * `SNOWFLAKE_CLIENT_TIMEOUT` environment variable.
  */
 export declare const clientTimeout: number | undefined;
 /**
- * Should HTAP query context cache be disabled. Can also be sourced from the `SNOWFLAKE_DISABLE_QUERY_CONTEXT_CACHE`
+ * Indicates whether console login should be disabled in the driver. Can also be sourced from the
+ * `SNOWFLAKE_DISABLE_CONSOLE_LOGIN` environment variable.
+ */
+export declare const disableConsoleLogin: string | undefined;
+/**
+ * Disables HTAP query context cache in the driver. Can also be sourced from the `SNOWFLAKE_DISABLE_QUERY_CONTEXT_CACHE`
  * environment variable.
  */
 export declare const disableQueryContextCache: boolean | undefined;
 /**
- * Indicates whether to disable telemetry. Can also be sourced from the `SNOWFLAKE_DISABLE_TELEMETRY` environment variable.
+ * Disables telemetry in the driver. Can also be sourced from the `DISABLE_TELEMETRY` environment variable.
  */
 export declare const disableTelemetry: boolean | undefined;
 /**
- * The timeout in seconds for the external browser to complete the authentication. Default is 120 seconds. Can also be
- * sourced from the `SNOWFLAKE_EXTERNAL_BROWSER_TIMEOUT` environment variable.
+ * Specifies the logging level to be used by the driver. Valid options are: `trace` | `debug` | `info` | `print` |
+ * `warning` | `error` | `fatal` | `panic`. Can also be sourced from the `SNOWFLAKE_DRIVER_TRACING` environment variable.
+ */
+export declare const driverTracing: string | undefined;
+/**
+ * The timeout in seconds for the external browser to complete the authentication. Can also be sourced from the
+ * `SNOWFLAKE_EXTERNAL_BROWSER_TIMEOUT` environment variable.
  */
 export declare const externalBrowserTimeout: number | undefined;
 /**
- * Supports passing in a custom host value to the snowflake go driver for use with privatelink. Can also be sourced from
- * the `SNOWFLAKE_HOST` environment variable.
+ * Specifies a custom host value used by the driver for privatelink connections. Can also be sourced from the
+ * `SNOWFLAKE_HOST` environment variable.
  */
 export declare const host: string | undefined;
+/**
+ * Should retried request contain retry reason. Can also be sourced from the `SNOWFLAKE_INCLUDE_RETRY_REASON` environment
+ * variable.
+ */
+export declare const includeRetryReason: string | undefined;
 /**
  * If true, bypass the Online Certificate Status Protocol (OCSP) certificate revocation check. IMPORTANT: Change the
  * default value for testing or emergency situations only. Can also be sourced from the `SNOWFLAKE_INSECURE_MODE`
@@ -61,8 +85,8 @@ export declare const host: string | undefined;
  */
 export declare const insecureMode: boolean | undefined;
 /**
- * The timeout in seconds for the JWT client to complete the authentication. Default is 10 seconds. Can also be sourced
- * from the `SNOWFLAKE_JWT_CLIENT_TIMEOUT` environment variable.
+ * The timeout in seconds for the JWT client to complete the authentication. Can also be sourced from the
+ * `SNOWFLAKE_JWT_CLIENT_TIMEOUT` environment variable.
  */
 export declare const jwtClientTimeout: number | undefined;
 /**
@@ -75,10 +99,15 @@ export declare const jwtExpireTimeout: number | undefined;
  */
 export declare const keepSessionAlive: boolean | undefined;
 /**
- * Login retry timeout EXCLUDING network roundtrip and read out http response. Can also be sourced from the
+ * Login retry timeout in seconds EXCLUDING network roundtrip and read out http response. Can also be sourced from the
  * `SNOWFLAKE_LOGIN_TIMEOUT` environment variable.
  */
 export declare const loginTimeout: number | undefined;
+/**
+ * Specifies how many times non-periodic HTTP request can be retried by the driver. Can also be sourced from the
+ * `SNOWFLAKE_MAX_RETRY_COUNT` environment variable.
+ */
+export declare const maxRetryCount: number | undefined;
 /**
  * Token for use with OAuth. Generating the token is left to other tools. Cannot be used with `browserAuth`,
  * `privateKeyPath`, `oauthRefreshToken` or `password`. Can also be sourced from `SNOWFLAKE_OAUTH_ACCESS_TOKEN` environment
@@ -113,14 +142,22 @@ export declare const oauthRefreshToken: string | undefined;
  * True represents OCSP fail open mode. False represents OCSP fail closed mode. Fail open true by default. Can also be
  * sourced from the `SNOWFLAKE_OCSP_FAIL_OPEN` environment variable.
  */
-export declare const ocspFailOpen: boolean | undefined;
+export declare const ocspFailOpen: string | undefined;
 /**
- * The URL of the Okta server. e.g. https://example.okta.com. Can also be sourced from the `SNOWFLAKE_OKTA_URL` environment
- * variable.
+ * The URL of the Okta server. e.g. https://example.okta.com. Okta URL host needs to to have a suffix `okta.com`. Read more
+ * in Snowflake [docs](https://docs.snowflake.com/en/user-guide/oauth-okta). Can also be sourced from the
+ * `SNOWFLAKE_OKTA_URL` environment variable.
  */
 export declare const oktaUrl: string | undefined;
 /**
- * Sets other connection (i.e. session) parameters. [Parameters](https://docs.snowflake.com/en/sql-reference/parameters)
+ * Specifies your Snowflake organization name assigned by Snowflake. For information about account identifiers, see the
+ * [Snowflake documentation](https://docs.snowflake.com/en/user-guide/admin-account-identifier#organization-name). Required
+ * unless using `profile`. Can also be sourced from the `SNOWFLAKE_ORGANIZATION_NAME` environment variable.
+ */
+export declare const organizationName: string | undefined;
+/**
+ * Sets other connection (i.e. session) parameters. [Parameters](https://docs.snowflake.com/en/sql-reference/parameters).
+ * This field can not be set with environmental variables.
  */
 export declare const params: {
     [key: string]: string;
@@ -131,28 +168,28 @@ export declare const params: {
  */
 export declare const passcode: string | undefined;
 /**
- * False by default. Set to true if the MFA passcode is embedded in the login password. Appends the MFA passcode to the end
- * of the password. Can also be sourced from the `SNOWFLAKE_PASSCODE_IN_PASSWORD` environment variable.
+ * False by default. Set to true if the MFA passcode is embedded to the configured password. Can also be sourced from the
+ * `SNOWFLAKE_PASSCODE_IN_PASSWORD` environment variable.
  */
 export declare const passcodeInPassword: boolean | undefined;
 /**
- * Password for username+password auth. Cannot be used with `browserAuth` or `privateKeyPath`. Can also be sourced from the
+ * Password for user + password auth. Cannot be used with `browserAuth` or `privateKeyPath`. Can also be sourced from the
  * `SNOWFLAKE_PASSWORD` environment variable.
  */
 export declare const password: string | undefined;
 /**
- * Support custom port values to snowflake go driver for use with privatelink. Can also be sourced from the
+ * Specifies a custom port value used by the driver for privatelink connections. Can also be sourced from the
  * `SNOWFLAKE_PORT` environment variable.
  */
 export declare const port: number | undefined;
 /**
- * Private Key for username+private-key auth. Cannot be used with `browserAuth` or `password`. Can also be sourced from
+ * Private Key for username+private-key auth. Cannot be used with `browserAuth` or `password`. Can also be sourced from the
  * `SNOWFLAKE_PRIVATE_KEY` environment variable.
  */
 export declare const privateKey: string | undefined;
 /**
  * Supports the encryption ciphers aes-128-cbc, aes-128-gcm, aes-192-cbc, aes-192-gcm, aes-256-cbc, aes-256-gcm, and
- * des-ede3-cbc. Can also be sourced from `SNOWFLAKE_PRIVATE_KEY_PASSPHRASE` environment variable.
+ * des-ede3-cbc. Can also be sourced from the `SNOWFLAKE_PRIVATE_KEY_PASSPHRASE` environment variable.
  */
 export declare const privateKeyPassphrase: string | undefined;
 /**
@@ -166,7 +203,8 @@ export declare const privateKeyPath: string | undefined;
  */
 export declare const profile: string | undefined;
 /**
- * Either http or https, defaults to https. Can also be sourced from the `SNOWFLAKE_PROTOCOL` environment variable.
+ * A protocol used in the connection. Valid options are: `http` | `https`. Can also be sourced from the
+ * `SNOWFLAKE_PROTOCOL` environment variable.
  */
 export declare const protocol: string | undefined;
 /**
@@ -179,13 +217,13 @@ export declare const protocol: string | undefined;
  */
 export declare const region: string | undefined;
 /**
- * request retry timeout EXCLUDING network roundtrip and read out http response. Can also be sourced from the
+ * request retry timeout in seconds EXCLUDING network roundtrip and read out http response. Can also be sourced from the
  * `SNOWFLAKE_REQUEST_TIMEOUT` environment variable.
  */
 export declare const requestTimeout: number | undefined;
 /**
  * Specifies the role to use by default for accessing Snowflake objects in the client session. Can also be sourced from the
- * `SNOWFLAKE_ROLE` environment variable. .
+ * `SNOWFLAKE_ROLE` environment variable.
  */
 export declare const role: string | undefined;
 /**
@@ -194,6 +232,11 @@ export declare const role: string | undefined;
 export declare const sessionParams: {
     [key: string]: string;
 } | undefined;
+/**
+ * Sets temporary directory used by the driver for operations like encrypting, compressing etc. Can also be sourced from
+ * the `SNOWFLAKE_TMP_DIRECTORY_PATH` environment variable.
+ */
+export declare const tmpDirectoryPath: string | undefined;
 /**
  * Token to use for OAuth and other forms of token based auth. Can also be sourced from the `SNOWFLAKE_TOKEN` environment
  * variable.
@@ -201,19 +244,19 @@ export declare const sessionParams: {
 export declare const token: string | undefined;
 export declare const tokenAccessor: outputs.config.TokenAccessor | undefined;
 /**
- * Username. Can also be sourced from the `SNOWFLAKE_USER` environment variable. Required unless using `profile`.
+ * Username. Required unless using `profile`. Can also be sourced from the `SNOWFLAKE_USER` environment variable.
  */
 export declare const user: string | undefined;
 /**
- * Username for username+password authentication. Can also be sourced from the `SNOWFLAKE_USERNAME` environment variable.
- * Required unless using `profile`.
+ * Username for user + password authentication. Required unless using `profile`. Can also be sourced from the
+ * `SNOWFLAKE_USERNAME` environment variable.
  */
 export declare const username: string | undefined;
 /**
  * True by default. If false, disables the validation checks for Database, Schema, Warehouse and Role at the time a
  * connection is established. Can also be sourced from the `SNOWFLAKE_VALIDATE_DEFAULT_PARAMETERS` environment variable.
  */
-export declare const validateDefaultParameters: boolean | undefined;
+export declare const validateDefaultParameters: string | undefined;
 /**
  * Specifies the virtual warehouse to use by default for queries, loading, etc. in the client session. Can also be sourced
  * from the `SNOWFLAKE_WAREHOUSE` environment variable.