pulumi-databricks 1.74.0a1753335781__py3-none-any.whl → 1.77.0__py3-none-any.whl

pulumi_databricks/access_control_rule_set.py

@@ -2,8 +2,7 @@
 # *** WARNING: this file was generated by pulumi-language-python. ***
 # *** Do not edit by hand unless you're certain you know what you are doing! ***
 
-import builtins
-import copy
+import builtins as _builtins
 import warnings
 import sys
 import pulumi
@@ -23,13 +22,13 @@ __all__ = ['AccessControlRuleSetArgs', 'AccessControlRuleSet']
 class AccessControlRuleSetArgs:
     def __init__(__self__, *,
                  grant_rules: Optional[pulumi.Input[Sequence[pulumi.Input['AccessControlRuleSetGrantRuleArgs']]]] = None,
-                 name: Optional[pulumi.Input[builtins.str]] = None):
+                 name: Optional[pulumi.Input[_builtins.str]] = None):
         """
         The set of arguments for constructing a AccessControlRuleSet resource.
         :param pulumi.Input[Sequence[pulumi.Input['AccessControlRuleSetGrantRuleArgs']]] grant_rules: The access control rules to be granted by this rule set, consisting of a set of principals and roles to be granted to them.
                
                !> Name uniquely identifies a rule set resource. Ensure all the grant_rules blocks for a rule set name are present in one `AccessControlRuleSet` resource block. Otherwise, after applying changes, users might lose their role assignment even if that was not intended.
-        :param pulumi.Input[builtins.str] name: Unique identifier of a rule set. The name determines the resource to which the rule set applies. **Changing the name recreates the resource!**. Currently, only default rule sets are supported. The following rule set formats are supported:
+        :param pulumi.Input[_builtins.str] name: Unique identifier of a rule set. The name determines the resource to which the rule set applies. **Changing the name recreates the resource!**. Currently, only default rule sets are supported. The following rule set formats are supported:
                * `accounts/{account_id}/ruleSets/default` - account-level access control.
                * `accounts/{account_id}/servicePrincipals/{service_principal_application_id}/ruleSets/default` - access control for a specific service principal.
                * `accounts/{account_id}/groups/{group_id}/ruleSets/default` - access control for a specific group.
@@ -40,7 +39,7 @@ class AccessControlRuleSetArgs:
         if name is not None:
             pulumi.set(__self__, "name", name)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="grantRules")
     def grant_rules(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['AccessControlRuleSetGrantRuleArgs']]]]:
         """
@@ -54,9 +53,9 @@ class AccessControlRuleSetArgs:
     def grant_rules(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['AccessControlRuleSetGrantRuleArgs']]]]):
         pulumi.set(self, "grant_rules", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def name(self) -> Optional[pulumi.Input[builtins.str]]:
+    def name(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Unique identifier of a rule set. The name determines the resource to which the rule set applies. **Changing the name recreates the resource!**. Currently, only default rule sets are supported. The following rule set formats are supported:
         * `accounts/{account_id}/ruleSets/default` - account-level access control.
@@ -67,22 +66,22 @@ class AccessControlRuleSetArgs:
         return pulumi.get(self, "name")
 
     @name.setter
-    def name(self, value: Optional[pulumi.Input[builtins.str]]):
+    def name(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "name", value)
 
 
 @pulumi.input_type
 class _AccessControlRuleSetState:
     def __init__(__self__, *,
-                 etag: Optional[pulumi.Input[builtins.str]] = None,
+                 etag: Optional[pulumi.Input[_builtins.str]] = None,
                  grant_rules: Optional[pulumi.Input[Sequence[pulumi.Input['AccessControlRuleSetGrantRuleArgs']]]] = None,
-                 name: Optional[pulumi.Input[builtins.str]] = None):
+                 name: Optional[pulumi.Input[_builtins.str]] = None):
         """
         Input properties used for looking up and filtering AccessControlRuleSet resources.
         :param pulumi.Input[Sequence[pulumi.Input['AccessControlRuleSetGrantRuleArgs']]] grant_rules: The access control rules to be granted by this rule set, consisting of a set of principals and roles to be granted to them.
                
                !> Name uniquely identifies a rule set resource. Ensure all the grant_rules blocks for a rule set name are present in one `AccessControlRuleSet` resource block. Otherwise, after applying changes, users might lose their role assignment even if that was not intended.
-        :param pulumi.Input[builtins.str] name: Unique identifier of a rule set. The name determines the resource to which the rule set applies. **Changing the name recreates the resource!**. Currently, only default rule sets are supported. The following rule set formats are supported:
+        :param pulumi.Input[_builtins.str] name: Unique identifier of a rule set. The name determines the resource to which the rule set applies. **Changing the name recreates the resource!**. Currently, only default rule sets are supported. The following rule set formats are supported:
                * `accounts/{account_id}/ruleSets/default` - account-level access control.
                * `accounts/{account_id}/servicePrincipals/{service_principal_application_id}/ruleSets/default` - access control for a specific service principal.
                * `accounts/{account_id}/groups/{group_id}/ruleSets/default` - access control for a specific group.
@@ -95,16 +94,16 @@ class _AccessControlRuleSetState:
         if name is not None:
             pulumi.set(__self__, "name", name)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def etag(self) -> Optional[pulumi.Input[builtins.str]]:
+    def etag(self) -> Optional[pulumi.Input[_builtins.str]]:
         return pulumi.get(self, "etag")
 
     @etag.setter
-    def etag(self, value: Optional[pulumi.Input[builtins.str]]):
+    def etag(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "etag", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="grantRules")
     def grant_rules(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['AccessControlRuleSetGrantRuleArgs']]]]:
         """
@@ -118,9 +117,9 @@ class _AccessControlRuleSetState:
     def grant_rules(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['AccessControlRuleSetGrantRuleArgs']]]]):
         pulumi.set(self, "grant_rules", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def name(self) -> Optional[pulumi.Input[builtins.str]]:
+    def name(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Unique identifier of a rule set. The name determines the resource to which the rule set applies. **Changing the name recreates the resource!**. Currently, only default rule sets are supported. The following rule set formats are supported:
         * `accounts/{account_id}/ruleSets/default` - account-level access control.
@@ -131,7 +130,7 @@ class _AccessControlRuleSetState:
         return pulumi.get(self, "name")
 
     @name.setter
-    def name(self, value: Optional[pulumi.Input[builtins.str]]):
+    def name(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "name", value)
 
 
@@ -142,7 +141,7 @@ class AccessControlRuleSet(pulumi.CustomResource):
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
                  grant_rules: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AccessControlRuleSetGrantRuleArgs', 'AccessControlRuleSetGrantRuleArgsDict']]]]] = None,
-                 name: Optional[pulumi.Input[builtins.str]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
                  __props__=None):
         """
         This resource allows you to manage access rules on Databricks account level resources. For convenience we allow accessing this resource through the Databricks account and workspace.
@@ -328,7 +327,7 @@ class AccessControlRuleSet(pulumi.CustomResource):
         :param pulumi.Input[Sequence[pulumi.Input[Union['AccessControlRuleSetGrantRuleArgs', 'AccessControlRuleSetGrantRuleArgsDict']]]] grant_rules: The access control rules to be granted by this rule set, consisting of a set of principals and roles to be granted to them.
                
                !> Name uniquely identifies a rule set resource. Ensure all the grant_rules blocks for a rule set name are present in one `AccessControlRuleSet` resource block. Otherwise, after applying changes, users might lose their role assignment even if that was not intended.
-        :param pulumi.Input[builtins.str] name: Unique identifier of a rule set. The name determines the resource to which the rule set applies. **Changing the name recreates the resource!**. Currently, only default rule sets are supported. The following rule set formats are supported:
+        :param pulumi.Input[_builtins.str] name: Unique identifier of a rule set. The name determines the resource to which the rule set applies. **Changing the name recreates the resource!**. Currently, only default rule sets are supported. The following rule set formats are supported:
                * `accounts/{account_id}/ruleSets/default` - account-level access control.
                * `accounts/{account_id}/servicePrincipals/{service_principal_application_id}/ruleSets/default` - access control for a specific service principal.
                * `accounts/{account_id}/groups/{group_id}/ruleSets/default` - access control for a specific group.
@@ -535,7 +534,7 @@ class AccessControlRuleSet(pulumi.CustomResource):
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
                  grant_rules: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AccessControlRuleSetGrantRuleArgs', 'AccessControlRuleSetGrantRuleArgsDict']]]]] = None,
-                 name: Optional[pulumi.Input[builtins.str]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
         if not isinstance(opts, pulumi.ResourceOptions):
@@ -558,9 +557,9 @@ class AccessControlRuleSet(pulumi.CustomResource):
     def get(resource_name: str,
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
-            etag: Optional[pulumi.Input[builtins.str]] = None,
+            etag: Optional[pulumi.Input[_builtins.str]] = None,
             grant_rules: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AccessControlRuleSetGrantRuleArgs', 'AccessControlRuleSetGrantRuleArgsDict']]]]] = None,
-            name: Optional[pulumi.Input[builtins.str]] = None) -> 'AccessControlRuleSet':
+            name: Optional[pulumi.Input[_builtins.str]] = None) -> 'AccessControlRuleSet':
         """
         Get an existing AccessControlRuleSet resource's state with the given name, id, and optional extra
         properties used to qualify the lookup.
@@ -571,7 +570,7 @@ class AccessControlRuleSet(pulumi.CustomResource):
         :param pulumi.Input[Sequence[pulumi.Input[Union['AccessControlRuleSetGrantRuleArgs', 'AccessControlRuleSetGrantRuleArgsDict']]]] grant_rules: The access control rules to be granted by this rule set, consisting of a set of principals and roles to be granted to them.
                
                !> Name uniquely identifies a rule set resource. Ensure all the grant_rules blocks for a rule set name are present in one `AccessControlRuleSet` resource block. Otherwise, after applying changes, users might lose their role assignment even if that was not intended.
-        :param pulumi.Input[builtins.str] name: Unique identifier of a rule set. The name determines the resource to which the rule set applies. **Changing the name recreates the resource!**. Currently, only default rule sets are supported. The following rule set formats are supported:
+        :param pulumi.Input[_builtins.str] name: Unique identifier of a rule set. The name determines the resource to which the rule set applies. **Changing the name recreates the resource!**. Currently, only default rule sets are supported. The following rule set formats are supported:
                * `accounts/{account_id}/ruleSets/default` - account-level access control.
                * `accounts/{account_id}/servicePrincipals/{service_principal_application_id}/ruleSets/default` - access control for a specific service principal.
                * `accounts/{account_id}/groups/{group_id}/ruleSets/default` - access control for a specific group.
@@ -586,12 +585,12 @@ class AccessControlRuleSet(pulumi.CustomResource):
         __props__.__dict__["name"] = name
         return AccessControlRuleSet(resource_name, opts=opts, __props__=__props__)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def etag(self) -> pulumi.Output[builtins.str]:
+    def etag(self) -> pulumi.Output[_builtins.str]:
         return pulumi.get(self, "etag")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="grantRules")
     def grant_rules(self) -> pulumi.Output[Optional[Sequence['outputs.AccessControlRuleSetGrantRule']]]:
         """
@@ -601,9 +600,9 @@ class AccessControlRuleSet(pulumi.CustomResource):
         """
         return pulumi.get(self, "grant_rules")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def name(self) -> pulumi.Output[builtins.str]:
+    def name(self) -> pulumi.Output[_builtins.str]:
         """
         Unique identifier of a rule set. The name determines the resource to which the rule set applies. **Changing the name recreates the resource!**. Currently, only default rule sets are supported. The following rule set formats are supported:
         * `accounts/{account_id}/ruleSets/default` - account-level access control.

pulumi_databricks/account_federation_policy.py

@@ -0,0 +1,473 @@
+# coding=utf-8
+# *** WARNING: this file was generated by pulumi-language-python. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import builtins as _builtins
+import warnings
+import sys
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
+from . import _utilities
+from . import outputs
+from ._inputs import *
+
+__all__ = ['AccountFederationPolicyArgs', 'AccountFederationPolicy']
+
+@pulumi.input_type
+class AccountFederationPolicyArgs:
+    def __init__(__self__, *,
+                 description: Optional[pulumi.Input[_builtins.str]] = None,
+                 oidc_policy: Optional[pulumi.Input['AccountFederationPolicyOidcPolicyArgs']] = None,
+                 policy_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 service_principal_id: Optional[pulumi.Input[_builtins.int]] = None):
+        """
+        The set of arguments for constructing a AccountFederationPolicy resource.
+        :param pulumi.Input[_builtins.str] description: Description of the federation policy
+        :param pulumi.Input[_builtins.str] policy_id: (string) - The ID of the federation policy. Output only
+        :param pulumi.Input[_builtins.int] service_principal_id: (integer) - The service principal ID that this federation policy applies to. Output only. Only set for service principal federation policies
+        """
+        if description is not None:
+            pulumi.set(__self__, "description", description)
+        if oidc_policy is not None:
+            pulumi.set(__self__, "oidc_policy", oidc_policy)
+        if policy_id is not None:
+            pulumi.set(__self__, "policy_id", policy_id)
+        if service_principal_id is not None:
+            pulumi.set(__self__, "service_principal_id", service_principal_id)
+
+    @_builtins.property
+    @pulumi.getter
+    def description(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Description of the federation policy
+        """
+        return pulumi.get(self, "description")
+
+    @description.setter
+    def description(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "description", value)
+
+    @_builtins.property
+    @pulumi.getter(name="oidcPolicy")
+    def oidc_policy(self) -> Optional[pulumi.Input['AccountFederationPolicyOidcPolicyArgs']]:
+        return pulumi.get(self, "oidc_policy")
+
+    @oidc_policy.setter
+    def oidc_policy(self, value: Optional[pulumi.Input['AccountFederationPolicyOidcPolicyArgs']]):
+        pulumi.set(self, "oidc_policy", value)
+
+    @_builtins.property
+    @pulumi.getter(name="policyId")
+    def policy_id(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        (string) - The ID of the federation policy. Output only
+        """
+        return pulumi.get(self, "policy_id")
+
+    @policy_id.setter
+    def policy_id(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "policy_id", value)
+
+    @_builtins.property
+    @pulumi.getter(name="servicePrincipalId")
+    def service_principal_id(self) -> Optional[pulumi.Input[_builtins.int]]:
+        """
+        (integer) - The service principal ID that this federation policy applies to. Output only. Only set for service principal federation policies
+        """
+        return pulumi.get(self, "service_principal_id")
+
+    @service_principal_id.setter
+    def service_principal_id(self, value: Optional[pulumi.Input[_builtins.int]]):
+        pulumi.set(self, "service_principal_id", value)
+
+
+@pulumi.input_type
+class _AccountFederationPolicyState:
+    def __init__(__self__, *,
+                 create_time: Optional[pulumi.Input[_builtins.str]] = None,
+                 description: Optional[pulumi.Input[_builtins.str]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 oidc_policy: Optional[pulumi.Input['AccountFederationPolicyOidcPolicyArgs']] = None,
+                 policy_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 service_principal_id: Optional[pulumi.Input[_builtins.int]] = None,
+                 uid: Optional[pulumi.Input[_builtins.str]] = None,
+                 update_time: Optional[pulumi.Input[_builtins.str]] = None):
+        """
+        Input properties used for looking up and filtering AccountFederationPolicy resources.
+        :param pulumi.Input[_builtins.str] create_time: (string) - Creation time of the federation policy
+        :param pulumi.Input[_builtins.str] description: Description of the federation policy
+        :param pulumi.Input[_builtins.str] name: (string) - Resource name for the federation policy. Example values include
+               `accounts/<account-id>/federationPolicies/my-federation-policy` for Account Federation Policies, and
+               `accounts/<account-id>/servicePrincipals/<service-principal-id>/federationPolicies/my-federation-policy`
+               for Service Principal Federation Policies. Typically an output parameter, which does not need to be
+               specified in create or update requests. If specified in a request, must match the value in the
+               request URL
+        :param pulumi.Input[_builtins.str] policy_id: (string) - The ID of the federation policy. Output only
+        :param pulumi.Input[_builtins.int] service_principal_id: (integer) - The service principal ID that this federation policy applies to. Output only. Only set for service principal federation policies
+        :param pulumi.Input[_builtins.str] uid: (string) - Unique, immutable id of the federation policy
+        :param pulumi.Input[_builtins.str] update_time: (string) - Last update time of the federation policy
+        """
+        if create_time is not None:
+            pulumi.set(__self__, "create_time", create_time)
+        if description is not None:
+            pulumi.set(__self__, "description", description)
+        if name is not None:
+            pulumi.set(__self__, "name", name)
+        if oidc_policy is not None:
+            pulumi.set(__self__, "oidc_policy", oidc_policy)
+        if policy_id is not None:
+            pulumi.set(__self__, "policy_id", policy_id)
+        if service_principal_id is not None:
+            pulumi.set(__self__, "service_principal_id", service_principal_id)
+        if uid is not None:
+            pulumi.set(__self__, "uid", uid)
+        if update_time is not None:
+            pulumi.set(__self__, "update_time", update_time)
+
+    @_builtins.property
+    @pulumi.getter(name="createTime")
+    def create_time(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        (string) - Creation time of the federation policy
+        """
+        return pulumi.get(self, "create_time")
+
+    @create_time.setter
+    def create_time(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "create_time", value)
+
+    @_builtins.property
+    @pulumi.getter
+    def description(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Description of the federation policy
+        """
+        return pulumi.get(self, "description")
+
+    @description.setter
+    def description(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "description", value)
+
+    @_builtins.property
+    @pulumi.getter
+    def name(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        (string) - Resource name for the federation policy. Example values include
+        `accounts/<account-id>/federationPolicies/my-federation-policy` for Account Federation Policies, and
+        `accounts/<account-id>/servicePrincipals/<service-principal-id>/federationPolicies/my-federation-policy`
+        for Service Principal Federation Policies. Typically an output parameter, which does not need to be
+        specified in create or update requests. If specified in a request, must match the value in the
+        request URL
+        """
+        return pulumi.get(self, "name")
+
+    @name.setter
+    def name(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "name", value)
+
+    @_builtins.property
+    @pulumi.getter(name="oidcPolicy")
+    def oidc_policy(self) -> Optional[pulumi.Input['AccountFederationPolicyOidcPolicyArgs']]:
+        return pulumi.get(self, "oidc_policy")
+
+    @oidc_policy.setter
+    def oidc_policy(self, value: Optional[pulumi.Input['AccountFederationPolicyOidcPolicyArgs']]):
+        pulumi.set(self, "oidc_policy", value)
+
+    @_builtins.property
+    @pulumi.getter(name="policyId")
+    def policy_id(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        (string) - The ID of the federation policy. Output only
+        """
+        return pulumi.get(self, "policy_id")
+
+    @policy_id.setter
+    def policy_id(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "policy_id", value)
+
+    @_builtins.property
+    @pulumi.getter(name="servicePrincipalId")
+    def service_principal_id(self) -> Optional[pulumi.Input[_builtins.int]]:
+        """
+        (integer) - The service principal ID that this federation policy applies to. Output only. Only set for service principal federation policies
+        """
+        return pulumi.get(self, "service_principal_id")
+
+    @service_principal_id.setter
+    def service_principal_id(self, value: Optional[pulumi.Input[_builtins.int]]):
+        pulumi.set(self, "service_principal_id", value)
+
+    @_builtins.property
+    @pulumi.getter
+    def uid(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        (string) - Unique, immutable id of the federation policy
+        """
+        return pulumi.get(self, "uid")
+
+    @uid.setter
+    def uid(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "uid", value)
+
+    @_builtins.property
+    @pulumi.getter(name="updateTime")
+    def update_time(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        (string) - Last update time of the federation policy
+        """
+        return pulumi.get(self, "update_time")
+
+    @update_time.setter
+    def update_time(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "update_time", value)
+
+
+@pulumi.type_token("databricks:index/accountFederationPolicy:AccountFederationPolicy")
+class AccountFederationPolicy(pulumi.CustomResource):
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 description: Optional[pulumi.Input[_builtins.str]] = None,
+                 oidc_policy: Optional[pulumi.Input[Union['AccountFederationPolicyOidcPolicyArgs', 'AccountFederationPolicyOidcPolicyArgsDict']]] = None,
+                 policy_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 service_principal_id: Optional[pulumi.Input[_builtins.int]] = None,
+                 __props__=None):
+        """
+        [![GA](https://img.shields.io/badge/Release_Stage-GA-green)](https://docs.databricks.com/aws/en/release-notes/release-types)
+
+        Account federation policies allow users and service principals in your Databricks account to securely access Databricks APIs using tokens from your trusted identity providers (IdPs).
+
+        Token federation policies eliminate the need to manage Databricks secrets, and allow you to centralize management of token issuance policies in your IdP. Databricks token federation policies are typically used in combination with [SCIM](https://www.terraform.io/admin/users-groups/scim/index.html), so users in your IdP are synchronized into your Databricks account.
+
+        An account federation policy specifies:
+        * which IdP, or issuer, your Databricks account should accept tokens from
+        * how to determine which Databricks user, or subject, a token is issued for
+
+        ## Example Usage
+
+        ## Import
+
+        As of Pulumi v1.5, resources can be imported through configuration.
+
+        hcl
+
+        import {
+
+          id = "policy_id"
+
+          to = databricks_account_federation_policy.this
+
+        }
+
+        If you are using an older version of Pulumi, import the resource using the `pulumi import` command as follows:
+
+        ```sh
+        $ pulumi import databricks:index/accountFederationPolicy:AccountFederationPolicy this "policy_id"
+        ```
+
+        :param str resource_name: The name of the resource.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[_builtins.str] description: Description of the federation policy
+        :param pulumi.Input[_builtins.str] policy_id: (string) - The ID of the federation policy. Output only
+        :param pulumi.Input[_builtins.int] service_principal_id: (integer) - The service principal ID that this federation policy applies to. Output only. Only set for service principal federation policies
+        """
+        ...
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 args: Optional[AccountFederationPolicyArgs] = None,
+                 opts: Optional[pulumi.ResourceOptions] = None):
+        """
+        [![GA](https://img.shields.io/badge/Release_Stage-GA-green)](https://docs.databricks.com/aws/en/release-notes/release-types)
+
+        Account federation policies allow users and service principals in your Databricks account to securely access Databricks APIs using tokens from your trusted identity providers (IdPs).
+
+        Token federation policies eliminate the need to manage Databricks secrets, and allow you to centralize management of token issuance policies in your IdP. Databricks token federation policies are typically used in combination with [SCIM](https://www.terraform.io/admin/users-groups/scim/index.html), so users in your IdP are synchronized into your Databricks account.
+
+        An account federation policy specifies:
+        * which IdP, or issuer, your Databricks account should accept tokens from
+        * how to determine which Databricks user, or subject, a token is issued for
+
+        ## Example Usage
+
+        ## Import
+
+        As of Pulumi v1.5, resources can be imported through configuration.
+
+        hcl
+
+        import {
+
+          id = "policy_id"
+
+          to = databricks_account_federation_policy.this
+
+        }
+
+        If you are using an older version of Pulumi, import the resource using the `pulumi import` command as follows:
+
+        ```sh
+        $ pulumi import databricks:index/accountFederationPolicy:AccountFederationPolicy this "policy_id"
+        ```
+
+        :param str resource_name: The name of the resource.
+        :param AccountFederationPolicyArgs args: The arguments to use to populate this resource's properties.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        """
+        ...
+    def __init__(__self__, resource_name: str, *args, **kwargs):
+        resource_args, opts = _utilities.get_resource_args_opts(AccountFederationPolicyArgs, pulumi.ResourceOptions, *args, **kwargs)
+        if resource_args is not None:
+            __self__._internal_init(resource_name, opts, **resource_args.__dict__)
+        else:
+            __self__._internal_init(resource_name, *args, **kwargs)
+
+    def _internal_init(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 description: Optional[pulumi.Input[_builtins.str]] = None,
+                 oidc_policy: Optional[pulumi.Input[Union['AccountFederationPolicyOidcPolicyArgs', 'AccountFederationPolicyOidcPolicyArgsDict']]] = None,
+                 policy_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 service_principal_id: Optional[pulumi.Input[_builtins.int]] = None,
+                 __props__=None):
+        opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
+        if not isinstance(opts, pulumi.ResourceOptions):
+            raise TypeError('Expected resource options to be a ResourceOptions instance')
+        if opts.id is None:
+            if __props__ is not None:
+                raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
+            __props__ = AccountFederationPolicyArgs.__new__(AccountFederationPolicyArgs)
+
+            __props__.__dict__["description"] = description
+            __props__.__dict__["oidc_policy"] = oidc_policy
+            __props__.__dict__["policy_id"] = policy_id
+            __props__.__dict__["service_principal_id"] = service_principal_id
+            __props__.__dict__["create_time"] = None
+            __props__.__dict__["name"] = None
+            __props__.__dict__["uid"] = None
+            __props__.__dict__["update_time"] = None
+        super(AccountFederationPolicy, __self__).__init__(
+            'databricks:index/accountFederationPolicy:AccountFederationPolicy',
+            resource_name,
+            __props__,
+            opts)
+
+    @staticmethod
+    def get(resource_name: str,
+            id: pulumi.Input[str],
+            opts: Optional[pulumi.ResourceOptions] = None,
+            create_time: Optional[pulumi.Input[_builtins.str]] = None,
+            description: Optional[pulumi.Input[_builtins.str]] = None,
+            name: Optional[pulumi.Input[_builtins.str]] = None,
+            oidc_policy: Optional[pulumi.Input[Union['AccountFederationPolicyOidcPolicyArgs', 'AccountFederationPolicyOidcPolicyArgsDict']]] = None,
+            policy_id: Optional[pulumi.Input[_builtins.str]] = None,
+            service_principal_id: Optional[pulumi.Input[_builtins.int]] = None,
+            uid: Optional[pulumi.Input[_builtins.str]] = None,
+            update_time: Optional[pulumi.Input[_builtins.str]] = None) -> 'AccountFederationPolicy':
+        """
+        Get an existing AccountFederationPolicy resource's state with the given name, id, and optional extra
+        properties used to qualify the lookup.
+
+        :param str resource_name: The unique name of the resulting resource.
+        :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[_builtins.str] create_time: (string) - Creation time of the federation policy
+        :param pulumi.Input[_builtins.str] description: Description of the federation policy
+        :param pulumi.Input[_builtins.str] name: (string) - Resource name for the federation policy. Example values include
+               `accounts/<account-id>/federationPolicies/my-federation-policy` for Account Federation Policies, and
+               `accounts/<account-id>/servicePrincipals/<service-principal-id>/federationPolicies/my-federation-policy`
+               for Service Principal Federation Policies. Typically an output parameter, which does not need to be
+               specified in create or update requests. If specified in a request, must match the value in the
+               request URL
+        :param pulumi.Input[_builtins.str] policy_id: (string) - The ID of the federation policy. Output only
+        :param pulumi.Input[_builtins.int] service_principal_id: (integer) - The service principal ID that this federation policy applies to. Output only. Only set for service principal federation policies
+        :param pulumi.Input[_builtins.str] uid: (string) - Unique, immutable id of the federation policy
+        :param pulumi.Input[_builtins.str] update_time: (string) - Last update time of the federation policy
+        """
+        opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
+
+        __props__ = _AccountFederationPolicyState.__new__(_AccountFederationPolicyState)
+
+        __props__.__dict__["create_time"] = create_time
+        __props__.__dict__["description"] = description
+        __props__.__dict__["name"] = name
+        __props__.__dict__["oidc_policy"] = oidc_policy
+        __props__.__dict__["policy_id"] = policy_id
+        __props__.__dict__["service_principal_id"] = service_principal_id
+        __props__.__dict__["uid"] = uid
+        __props__.__dict__["update_time"] = update_time
+        return AccountFederationPolicy(resource_name, opts=opts, __props__=__props__)
+
+    @_builtins.property
+    @pulumi.getter(name="createTime")
+    def create_time(self) -> pulumi.Output[_builtins.str]:
+        """
+        (string) - Creation time of the federation policy
+        """
+        return pulumi.get(self, "create_time")
+
+    @_builtins.property
+    @pulumi.getter
+    def description(self) -> pulumi.Output[Optional[_builtins.str]]:
+        """
+        Description of the federation policy
+        """
+        return pulumi.get(self, "description")
+
+    @_builtins.property
+    @pulumi.getter
+    def name(self) -> pulumi.Output[_builtins.str]:
+        """
+        (string) - Resource name for the federation policy. Example values include
+        `accounts/<account-id>/federationPolicies/my-federation-policy` for Account Federation Policies, and
+        `accounts/<account-id>/servicePrincipals/<service-principal-id>/federationPolicies/my-federation-policy`
+        for Service Principal Federation Policies. Typically an output parameter, which does not need to be
+        specified in create or update requests. If specified in a request, must match the value in the
+        request URL
+        """
+        return pulumi.get(self, "name")
+
+    @_builtins.property
+    @pulumi.getter(name="oidcPolicy")
+    def oidc_policy(self) -> pulumi.Output[Optional['outputs.AccountFederationPolicyOidcPolicy']]:
+        return pulumi.get(self, "oidc_policy")
+
+    @_builtins.property
+    @pulumi.getter(name="policyId")
+    def policy_id(self) -> pulumi.Output[_builtins.str]:
+        """
+        (string) - The ID of the federation policy. Output only
+        """
+        return pulumi.get(self, "policy_id")
+
+    @_builtins.property
+    @pulumi.getter(name="servicePrincipalId")
+    def service_principal_id(self) -> pulumi.Output[_builtins.int]:
+        """
+        (integer) - The service principal ID that this federation policy applies to. Output only. Only set for service principal federation policies
+        """
+        return pulumi.get(self, "service_principal_id")
+
+    @_builtins.property
+    @pulumi.getter
+    def uid(self) -> pulumi.Output[_builtins.str]:
+        """
+        (string) - Unique, immutable id of the federation policy
+        """
+        return pulumi.get(self, "uid")
+
+    @_builtins.property
+    @pulumi.getter(name="updateTime")
+    def update_time(self) -> pulumi.Output[_builtins.str]:
+        """
+        (string) - Last update time of the federation policy
+        """
+        return pulumi.get(self, "update_time")
+