pulumi-snowflake 2.9.0a1761589382__py3-none-any.whl → 2.9.0a1761968339__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of pulumi-snowflake might be problematic. Click here for more details.
- pulumi_snowflake/__init__.py +1 -0
- pulumi_snowflake/_inputs.py +482 -1
- pulumi_snowflake/authentication_policy.py +172 -31
- pulumi_snowflake/compute_pool.py +7 -7
- pulumi_snowflake/config/__init__.pyi +16 -1
- pulumi_snowflake/config/vars.py +22 -1
- pulumi_snowflake/get_authentication_policies.py +214 -0
- pulumi_snowflake/get_compute_pools.py +0 -4
- pulumi_snowflake/get_git_repositories.py +0 -4
- pulumi_snowflake/get_image_repositories.py +0 -4
- pulumi_snowflake/get_services.py +0 -4
- pulumi_snowflake/get_user_programmatic_access_tokens.py +0 -4
- pulumi_snowflake/get_warehouses.py +4 -0
- pulumi_snowflake/outputs.py +539 -1
- pulumi_snowflake/provider.py +81 -5
- pulumi_snowflake/pulumi-plugin.json +1 -1
- {pulumi_snowflake-2.9.0a1761589382.dist-info → pulumi_snowflake-2.9.0a1761968339.dist-info}/METADATA +1 -1
- {pulumi_snowflake-2.9.0a1761589382.dist-info → pulumi_snowflake-2.9.0a1761968339.dist-info}/RECORD +20 -19
- {pulumi_snowflake-2.9.0a1761589382.dist-info → pulumi_snowflake-2.9.0a1761968339.dist-info}/WHEEL +0 -0
- {pulumi_snowflake-2.9.0a1761589382.dist-info → pulumi_snowflake-2.9.0a1761968339.dist-info}/top_level.txt +0 -0
|
@@ -28,19 +28,25 @@ class AuthenticationPolicyArgs:
|
|
|
28
28
|
comment: Optional[pulumi.Input[_builtins.str]] = None,
|
|
29
29
|
mfa_authentication_methods: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
30
30
|
mfa_enrollment: Optional[pulumi.Input[_builtins.str]] = None,
|
|
31
|
+
mfa_policy: Optional[pulumi.Input['AuthenticationPolicyMfaPolicyArgs']] = None,
|
|
31
32
|
name: Optional[pulumi.Input[_builtins.str]] = None,
|
|
32
|
-
|
|
33
|
+
pat_policy: Optional[pulumi.Input['AuthenticationPolicyPatPolicyArgs']] = None,
|
|
34
|
+
security_integrations: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
35
|
+
workload_identity_policy: Optional[pulumi.Input['AuthenticationPolicyWorkloadIdentityPolicyArgs']] = None):
|
|
33
36
|
"""
|
|
34
37
|
The set of arguments for constructing a AuthenticationPolicy resource.
|
|
35
38
|
:param pulumi.Input[_builtins.str] database: The database in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: `|`, `.`, `"`.
|
|
36
39
|
:param pulumi.Input[_builtins.str] schema: The schema in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: `|`, `.`, `"`.
|
|
37
|
-
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] authentication_methods: A list of authentication methods that are allowed during login.
|
|
38
|
-
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] client_types: A list of clients that can authenticate with Snowflake. If a client tries to connect, and the client is not one of the valid
|
|
40
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] authentication_methods: A list of authentication methods that are allowed during login. Valid values are (case-insensitive): `ALL` | `SAML` | `PASSWORD` | `OAUTH` | `KEYPAIR` | `PROGRAMMATIC_ACCESS_TOKEN` | `WORKLOAD_IDENTITY`.
|
|
41
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] client_types: A list of clients that can authenticate with Snowflake. If a client tries to connect, and the client is not one of the valid `client_types`, then the login attempt fails. Valid values are (case-insensitive): `ALL` | `SNOWFLAKE_UI` | `DRIVERS` | `SNOWSQL` | `SNOWFLAKE_CLI`. The `client_types` property of an authentication policy is a best effort method to block user logins based on specific clients. It should not be used as the sole control to establish a security boundary.
|
|
39
42
|
:param pulumi.Input[_builtins.str] comment: Specifies a comment for the authentication policy.
|
|
40
43
|
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] mfa_authentication_methods: A list of authentication methods that enforce multi-factor authentication (MFA) during login. Authentication methods not listed in this parameter do not prompt for multi-factor authentication. Allowed values are `ALL` | `SAML` | `PASSWORD`.
|
|
41
|
-
:param pulumi.Input[_builtins.str] mfa_enrollment:
|
|
44
|
+
:param pulumi.Input[_builtins.str] mfa_enrollment: Determines whether a user must enroll in multi-factor authentication. Valid values are (case-insensitive): `REQUIRED` | `REQUIRED_PASSWORD_ONLY` | `OPTIONAL`. When REQUIRED is specified, Enforces users to enroll in MFA. If this value is used, then the `client_types` parameter must include `snowflake_ui`, because Snowsight is the only place users can enroll in multi-factor authentication (MFA).
|
|
45
|
+
:param pulumi.Input['AuthenticationPolicyMfaPolicyArgs'] mfa_policy: Specifies the multi-factor authentication (MFA) methods that users can use as a second factor of authentication.
|
|
42
46
|
:param pulumi.Input[_builtins.str] name: Specifies the identifier for the authentication policy. Due to technical limitations (read more here), avoid using the following characters: `|`, `.`, `"`.
|
|
43
|
-
:param pulumi.Input[
|
|
47
|
+
:param pulumi.Input['AuthenticationPolicyPatPolicyArgs'] pat_policy: Specifies the policy for programmatic access tokens.
|
|
48
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] security_integrations: A list of security integrations the authentication policy is associated with. This parameter has no effect when `saml` or `oauth` are not in the `authentication_methods` list. All values in the `security_integrations` list must be compatible with the values in the `authentication_methods` list. For example, if `security_integrations` contains a SAML security integration, and `authentication_methods` contains OAUTH, then you cannot create the authentication policy. To allow all security integrations use `ALL` as parameter.
|
|
49
|
+
:param pulumi.Input['AuthenticationPolicyWorkloadIdentityPolicyArgs'] workload_identity_policy: Specifies the policy for workload identity federation.
|
|
44
50
|
"""
|
|
45
51
|
pulumi.set(__self__, "database", database)
|
|
46
52
|
pulumi.set(__self__, "schema", schema)
|
|
@@ -57,10 +63,16 @@ class AuthenticationPolicyArgs:
|
|
|
57
63
|
pulumi.set(__self__, "mfa_authentication_methods", mfa_authentication_methods)
|
|
58
64
|
if mfa_enrollment is not None:
|
|
59
65
|
pulumi.set(__self__, "mfa_enrollment", mfa_enrollment)
|
|
66
|
+
if mfa_policy is not None:
|
|
67
|
+
pulumi.set(__self__, "mfa_policy", mfa_policy)
|
|
60
68
|
if name is not None:
|
|
61
69
|
pulumi.set(__self__, "name", name)
|
|
70
|
+
if pat_policy is not None:
|
|
71
|
+
pulumi.set(__self__, "pat_policy", pat_policy)
|
|
62
72
|
if security_integrations is not None:
|
|
63
73
|
pulumi.set(__self__, "security_integrations", security_integrations)
|
|
74
|
+
if workload_identity_policy is not None:
|
|
75
|
+
pulumi.set(__self__, "workload_identity_policy", workload_identity_policy)
|
|
64
76
|
|
|
65
77
|
@_builtins.property
|
|
66
78
|
@pulumi.getter
|
|
@@ -90,7 +102,7 @@ class AuthenticationPolicyArgs:
|
|
|
90
102
|
@pulumi.getter(name="authenticationMethods")
|
|
91
103
|
def authentication_methods(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
92
104
|
"""
|
|
93
|
-
A list of authentication methods that are allowed during login.
|
|
105
|
+
A list of authentication methods that are allowed during login. Valid values are (case-insensitive): `ALL` | `SAML` | `PASSWORD` | `OAUTH` | `KEYPAIR` | `PROGRAMMATIC_ACCESS_TOKEN` | `WORKLOAD_IDENTITY`.
|
|
94
106
|
"""
|
|
95
107
|
return pulumi.get(self, "authentication_methods")
|
|
96
108
|
|
|
@@ -102,7 +114,7 @@ class AuthenticationPolicyArgs:
|
|
|
102
114
|
@pulumi.getter(name="clientTypes")
|
|
103
115
|
def client_types(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
104
116
|
"""
|
|
105
|
-
A list of clients that can authenticate with Snowflake. If a client tries to connect, and the client is not one of the valid
|
|
117
|
+
A list of clients that can authenticate with Snowflake. If a client tries to connect, and the client is not one of the valid `client_types`, then the login attempt fails. Valid values are (case-insensitive): `ALL` | `SNOWFLAKE_UI` | `DRIVERS` | `SNOWSQL` | `SNOWFLAKE_CLI`. The `client_types` property of an authentication policy is a best effort method to block user logins based on specific clients. It should not be used as the sole control to establish a security boundary.
|
|
106
118
|
"""
|
|
107
119
|
return pulumi.get(self, "client_types")
|
|
108
120
|
|
|
@@ -139,7 +151,7 @@ class AuthenticationPolicyArgs:
|
|
|
139
151
|
@pulumi.getter(name="mfaEnrollment")
|
|
140
152
|
def mfa_enrollment(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
141
153
|
"""
|
|
142
|
-
|
|
154
|
+
Determines whether a user must enroll in multi-factor authentication. Valid values are (case-insensitive): `REQUIRED` | `REQUIRED_PASSWORD_ONLY` | `OPTIONAL`. When REQUIRED is specified, Enforces users to enroll in MFA. If this value is used, then the `client_types` parameter must include `snowflake_ui`, because Snowsight is the only place users can enroll in multi-factor authentication (MFA).
|
|
143
155
|
"""
|
|
144
156
|
return pulumi.get(self, "mfa_enrollment")
|
|
145
157
|
|
|
@@ -147,6 +159,18 @@ class AuthenticationPolicyArgs:
|
|
|
147
159
|
def mfa_enrollment(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
148
160
|
pulumi.set(self, "mfa_enrollment", value)
|
|
149
161
|
|
|
162
|
+
@_builtins.property
|
|
163
|
+
@pulumi.getter(name="mfaPolicy")
|
|
164
|
+
def mfa_policy(self) -> Optional[pulumi.Input['AuthenticationPolicyMfaPolicyArgs']]:
|
|
165
|
+
"""
|
|
166
|
+
Specifies the multi-factor authentication (MFA) methods that users can use as a second factor of authentication.
|
|
167
|
+
"""
|
|
168
|
+
return pulumi.get(self, "mfa_policy")
|
|
169
|
+
|
|
170
|
+
@mfa_policy.setter
|
|
171
|
+
def mfa_policy(self, value: Optional[pulumi.Input['AuthenticationPolicyMfaPolicyArgs']]):
|
|
172
|
+
pulumi.set(self, "mfa_policy", value)
|
|
173
|
+
|
|
150
174
|
@_builtins.property
|
|
151
175
|
@pulumi.getter
|
|
152
176
|
def name(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
@@ -159,11 +183,23 @@ class AuthenticationPolicyArgs:
|
|
|
159
183
|
def name(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
160
184
|
pulumi.set(self, "name", value)
|
|
161
185
|
|
|
186
|
+
@_builtins.property
|
|
187
|
+
@pulumi.getter(name="patPolicy")
|
|
188
|
+
def pat_policy(self) -> Optional[pulumi.Input['AuthenticationPolicyPatPolicyArgs']]:
|
|
189
|
+
"""
|
|
190
|
+
Specifies the policy for programmatic access tokens.
|
|
191
|
+
"""
|
|
192
|
+
return pulumi.get(self, "pat_policy")
|
|
193
|
+
|
|
194
|
+
@pat_policy.setter
|
|
195
|
+
def pat_policy(self, value: Optional[pulumi.Input['AuthenticationPolicyPatPolicyArgs']]):
|
|
196
|
+
pulumi.set(self, "pat_policy", value)
|
|
197
|
+
|
|
162
198
|
@_builtins.property
|
|
163
199
|
@pulumi.getter(name="securityIntegrations")
|
|
164
200
|
def security_integrations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
165
201
|
"""
|
|
166
|
-
A list of security integrations the authentication policy is associated with. This parameter has no effect when
|
|
202
|
+
A list of security integrations the authentication policy is associated with. This parameter has no effect when `saml` or `oauth` are not in the `authentication_methods` list. All values in the `security_integrations` list must be compatible with the values in the `authentication_methods` list. For example, if `security_integrations` contains a SAML security integration, and `authentication_methods` contains OAUTH, then you cannot create the authentication policy. To allow all security integrations use `ALL` as parameter.
|
|
167
203
|
"""
|
|
168
204
|
return pulumi.get(self, "security_integrations")
|
|
169
205
|
|
|
@@ -171,6 +207,18 @@ class AuthenticationPolicyArgs:
|
|
|
171
207
|
def security_integrations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
172
208
|
pulumi.set(self, "security_integrations", value)
|
|
173
209
|
|
|
210
|
+
@_builtins.property
|
|
211
|
+
@pulumi.getter(name="workloadIdentityPolicy")
|
|
212
|
+
def workload_identity_policy(self) -> Optional[pulumi.Input['AuthenticationPolicyWorkloadIdentityPolicyArgs']]:
|
|
213
|
+
"""
|
|
214
|
+
Specifies the policy for workload identity federation.
|
|
215
|
+
"""
|
|
216
|
+
return pulumi.get(self, "workload_identity_policy")
|
|
217
|
+
|
|
218
|
+
@workload_identity_policy.setter
|
|
219
|
+
def workload_identity_policy(self, value: Optional[pulumi.Input['AuthenticationPolicyWorkloadIdentityPolicyArgs']]):
|
|
220
|
+
pulumi.set(self, "workload_identity_policy", value)
|
|
221
|
+
|
|
174
222
|
|
|
175
223
|
@pulumi.input_type
|
|
176
224
|
class _AuthenticationPolicyState:
|
|
@@ -183,24 +231,30 @@ class _AuthenticationPolicyState:
|
|
|
183
231
|
fully_qualified_name: Optional[pulumi.Input[_builtins.str]] = None,
|
|
184
232
|
mfa_authentication_methods: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
185
233
|
mfa_enrollment: Optional[pulumi.Input[_builtins.str]] = None,
|
|
234
|
+
mfa_policy: Optional[pulumi.Input['AuthenticationPolicyMfaPolicyArgs']] = None,
|
|
186
235
|
name: Optional[pulumi.Input[_builtins.str]] = None,
|
|
236
|
+
pat_policy: Optional[pulumi.Input['AuthenticationPolicyPatPolicyArgs']] = None,
|
|
187
237
|
schema: Optional[pulumi.Input[_builtins.str]] = None,
|
|
188
238
|
security_integrations: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
189
|
-
show_outputs: Optional[pulumi.Input[Sequence[pulumi.Input['AuthenticationPolicyShowOutputArgs']]]] = None
|
|
239
|
+
show_outputs: Optional[pulumi.Input[Sequence[pulumi.Input['AuthenticationPolicyShowOutputArgs']]]] = None,
|
|
240
|
+
workload_identity_policy: Optional[pulumi.Input['AuthenticationPolicyWorkloadIdentityPolicyArgs']] = None):
|
|
190
241
|
"""
|
|
191
242
|
Input properties used for looking up and filtering AuthenticationPolicy resources.
|
|
192
|
-
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] authentication_methods: A list of authentication methods that are allowed during login.
|
|
193
|
-
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] client_types: A list of clients that can authenticate with Snowflake. If a client tries to connect, and the client is not one of the valid
|
|
243
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] authentication_methods: A list of authentication methods that are allowed during login. Valid values are (case-insensitive): `ALL` | `SAML` | `PASSWORD` | `OAUTH` | `KEYPAIR` | `PROGRAMMATIC_ACCESS_TOKEN` | `WORKLOAD_IDENTITY`.
|
|
244
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] client_types: A list of clients that can authenticate with Snowflake. If a client tries to connect, and the client is not one of the valid `client_types`, then the login attempt fails. Valid values are (case-insensitive): `ALL` | `SNOWFLAKE_UI` | `DRIVERS` | `SNOWSQL` | `SNOWFLAKE_CLI`. The `client_types` property of an authentication policy is a best effort method to block user logins based on specific clients. It should not be used as the sole control to establish a security boundary.
|
|
194
245
|
:param pulumi.Input[_builtins.str] comment: Specifies a comment for the authentication policy.
|
|
195
246
|
:param pulumi.Input[_builtins.str] database: The database in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: `|`, `.`, `"`.
|
|
196
247
|
:param pulumi.Input[Sequence[pulumi.Input['AuthenticationPolicyDescribeOutputArgs']]] describe_outputs: Outputs the result of `DESCRIBE AUTHENTICATION POLICY` for the given policy.
|
|
197
248
|
:param pulumi.Input[_builtins.str] fully_qualified_name: Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
|
|
198
249
|
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] mfa_authentication_methods: A list of authentication methods that enforce multi-factor authentication (MFA) during login. Authentication methods not listed in this parameter do not prompt for multi-factor authentication. Allowed values are `ALL` | `SAML` | `PASSWORD`.
|
|
199
|
-
:param pulumi.Input[_builtins.str] mfa_enrollment:
|
|
250
|
+
:param pulumi.Input[_builtins.str] mfa_enrollment: Determines whether a user must enroll in multi-factor authentication. Valid values are (case-insensitive): `REQUIRED` | `REQUIRED_PASSWORD_ONLY` | `OPTIONAL`. When REQUIRED is specified, Enforces users to enroll in MFA. If this value is used, then the `client_types` parameter must include `snowflake_ui`, because Snowsight is the only place users can enroll in multi-factor authentication (MFA).
|
|
251
|
+
:param pulumi.Input['AuthenticationPolicyMfaPolicyArgs'] mfa_policy: Specifies the multi-factor authentication (MFA) methods that users can use as a second factor of authentication.
|
|
200
252
|
:param pulumi.Input[_builtins.str] name: Specifies the identifier for the authentication policy. Due to technical limitations (read more here), avoid using the following characters: `|`, `.`, `"`.
|
|
253
|
+
:param pulumi.Input['AuthenticationPolicyPatPolicyArgs'] pat_policy: Specifies the policy for programmatic access tokens.
|
|
201
254
|
:param pulumi.Input[_builtins.str] schema: The schema in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: `|`, `.`, `"`.
|
|
202
|
-
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] security_integrations: A list of security integrations the authentication policy is associated with. This parameter has no effect when
|
|
255
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] security_integrations: A list of security integrations the authentication policy is associated with. This parameter has no effect when `saml` or `oauth` are not in the `authentication_methods` list. All values in the `security_integrations` list must be compatible with the values in the `authentication_methods` list. For example, if `security_integrations` contains a SAML security integration, and `authentication_methods` contains OAUTH, then you cannot create the authentication policy. To allow all security integrations use `ALL` as parameter.
|
|
203
256
|
:param pulumi.Input[Sequence[pulumi.Input['AuthenticationPolicyShowOutputArgs']]] show_outputs: Outputs the result of `SHOW AUTHENTICATION POLICIES` for the given policy.
|
|
257
|
+
:param pulumi.Input['AuthenticationPolicyWorkloadIdentityPolicyArgs'] workload_identity_policy: Specifies the policy for workload identity federation.
|
|
204
258
|
"""
|
|
205
259
|
if authentication_methods is not None:
|
|
206
260
|
pulumi.set(__self__, "authentication_methods", authentication_methods)
|
|
@@ -221,20 +275,26 @@ class _AuthenticationPolicyState:
|
|
|
221
275
|
pulumi.set(__self__, "mfa_authentication_methods", mfa_authentication_methods)
|
|
222
276
|
if mfa_enrollment is not None:
|
|
223
277
|
pulumi.set(__self__, "mfa_enrollment", mfa_enrollment)
|
|
278
|
+
if mfa_policy is not None:
|
|
279
|
+
pulumi.set(__self__, "mfa_policy", mfa_policy)
|
|
224
280
|
if name is not None:
|
|
225
281
|
pulumi.set(__self__, "name", name)
|
|
282
|
+
if pat_policy is not None:
|
|
283
|
+
pulumi.set(__self__, "pat_policy", pat_policy)
|
|
226
284
|
if schema is not None:
|
|
227
285
|
pulumi.set(__self__, "schema", schema)
|
|
228
286
|
if security_integrations is not None:
|
|
229
287
|
pulumi.set(__self__, "security_integrations", security_integrations)
|
|
230
288
|
if show_outputs is not None:
|
|
231
289
|
pulumi.set(__self__, "show_outputs", show_outputs)
|
|
290
|
+
if workload_identity_policy is not None:
|
|
291
|
+
pulumi.set(__self__, "workload_identity_policy", workload_identity_policy)
|
|
232
292
|
|
|
233
293
|
@_builtins.property
|
|
234
294
|
@pulumi.getter(name="authenticationMethods")
|
|
235
295
|
def authentication_methods(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
236
296
|
"""
|
|
237
|
-
A list of authentication methods that are allowed during login.
|
|
297
|
+
A list of authentication methods that are allowed during login. Valid values are (case-insensitive): `ALL` | `SAML` | `PASSWORD` | `OAUTH` | `KEYPAIR` | `PROGRAMMATIC_ACCESS_TOKEN` | `WORKLOAD_IDENTITY`.
|
|
238
298
|
"""
|
|
239
299
|
return pulumi.get(self, "authentication_methods")
|
|
240
300
|
|
|
@@ -246,7 +306,7 @@ class _AuthenticationPolicyState:
|
|
|
246
306
|
@pulumi.getter(name="clientTypes")
|
|
247
307
|
def client_types(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
248
308
|
"""
|
|
249
|
-
A list of clients that can authenticate with Snowflake. If a client tries to connect, and the client is not one of the valid
|
|
309
|
+
A list of clients that can authenticate with Snowflake. If a client tries to connect, and the client is not one of the valid `client_types`, then the login attempt fails. Valid values are (case-insensitive): `ALL` | `SNOWFLAKE_UI` | `DRIVERS` | `SNOWSQL` | `SNOWFLAKE_CLI`. The `client_types` property of an authentication policy is a best effort method to block user logins based on specific clients. It should not be used as the sole control to establish a security boundary.
|
|
250
310
|
"""
|
|
251
311
|
return pulumi.get(self, "client_types")
|
|
252
312
|
|
|
@@ -319,7 +379,7 @@ class _AuthenticationPolicyState:
|
|
|
319
379
|
@pulumi.getter(name="mfaEnrollment")
|
|
320
380
|
def mfa_enrollment(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
321
381
|
"""
|
|
322
|
-
|
|
382
|
+
Determines whether a user must enroll in multi-factor authentication. Valid values are (case-insensitive): `REQUIRED` | `REQUIRED_PASSWORD_ONLY` | `OPTIONAL`. When REQUIRED is specified, Enforces users to enroll in MFA. If this value is used, then the `client_types` parameter must include `snowflake_ui`, because Snowsight is the only place users can enroll in multi-factor authentication (MFA).
|
|
323
383
|
"""
|
|
324
384
|
return pulumi.get(self, "mfa_enrollment")
|
|
325
385
|
|
|
@@ -327,6 +387,18 @@ class _AuthenticationPolicyState:
|
|
|
327
387
|
def mfa_enrollment(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
328
388
|
pulumi.set(self, "mfa_enrollment", value)
|
|
329
389
|
|
|
390
|
+
@_builtins.property
|
|
391
|
+
@pulumi.getter(name="mfaPolicy")
|
|
392
|
+
def mfa_policy(self) -> Optional[pulumi.Input['AuthenticationPolicyMfaPolicyArgs']]:
|
|
393
|
+
"""
|
|
394
|
+
Specifies the multi-factor authentication (MFA) methods that users can use as a second factor of authentication.
|
|
395
|
+
"""
|
|
396
|
+
return pulumi.get(self, "mfa_policy")
|
|
397
|
+
|
|
398
|
+
@mfa_policy.setter
|
|
399
|
+
def mfa_policy(self, value: Optional[pulumi.Input['AuthenticationPolicyMfaPolicyArgs']]):
|
|
400
|
+
pulumi.set(self, "mfa_policy", value)
|
|
401
|
+
|
|
330
402
|
@_builtins.property
|
|
331
403
|
@pulumi.getter
|
|
332
404
|
def name(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
@@ -339,6 +411,18 @@ class _AuthenticationPolicyState:
|
|
|
339
411
|
def name(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
340
412
|
pulumi.set(self, "name", value)
|
|
341
413
|
|
|
414
|
+
@_builtins.property
|
|
415
|
+
@pulumi.getter(name="patPolicy")
|
|
416
|
+
def pat_policy(self) -> Optional[pulumi.Input['AuthenticationPolicyPatPolicyArgs']]:
|
|
417
|
+
"""
|
|
418
|
+
Specifies the policy for programmatic access tokens.
|
|
419
|
+
"""
|
|
420
|
+
return pulumi.get(self, "pat_policy")
|
|
421
|
+
|
|
422
|
+
@pat_policy.setter
|
|
423
|
+
def pat_policy(self, value: Optional[pulumi.Input['AuthenticationPolicyPatPolicyArgs']]):
|
|
424
|
+
pulumi.set(self, "pat_policy", value)
|
|
425
|
+
|
|
342
426
|
@_builtins.property
|
|
343
427
|
@pulumi.getter
|
|
344
428
|
def schema(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
@@ -355,7 +439,7 @@ class _AuthenticationPolicyState:
|
|
|
355
439
|
@pulumi.getter(name="securityIntegrations")
|
|
356
440
|
def security_integrations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
357
441
|
"""
|
|
358
|
-
A list of security integrations the authentication policy is associated with. This parameter has no effect when
|
|
442
|
+
A list of security integrations the authentication policy is associated with. This parameter has no effect when `saml` or `oauth` are not in the `authentication_methods` list. All values in the `security_integrations` list must be compatible with the values in the `authentication_methods` list. For example, if `security_integrations` contains a SAML security integration, and `authentication_methods` contains OAUTH, then you cannot create the authentication policy. To allow all security integrations use `ALL` as parameter.
|
|
359
443
|
"""
|
|
360
444
|
return pulumi.get(self, "security_integrations")
|
|
361
445
|
|
|
@@ -375,6 +459,18 @@ class _AuthenticationPolicyState:
|
|
|
375
459
|
def show_outputs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['AuthenticationPolicyShowOutputArgs']]]]):
|
|
376
460
|
pulumi.set(self, "show_outputs", value)
|
|
377
461
|
|
|
462
|
+
@_builtins.property
|
|
463
|
+
@pulumi.getter(name="workloadIdentityPolicy")
|
|
464
|
+
def workload_identity_policy(self) -> Optional[pulumi.Input['AuthenticationPolicyWorkloadIdentityPolicyArgs']]:
|
|
465
|
+
"""
|
|
466
|
+
Specifies the policy for workload identity federation.
|
|
467
|
+
"""
|
|
468
|
+
return pulumi.get(self, "workload_identity_policy")
|
|
469
|
+
|
|
470
|
+
@workload_identity_policy.setter
|
|
471
|
+
def workload_identity_policy(self, value: Optional[pulumi.Input['AuthenticationPolicyWorkloadIdentityPolicyArgs']]):
|
|
472
|
+
pulumi.set(self, "workload_identity_policy", value)
|
|
473
|
+
|
|
378
474
|
|
|
379
475
|
@pulumi.type_token("snowflake:index/authenticationPolicy:AuthenticationPolicy")
|
|
380
476
|
class AuthenticationPolicy(pulumi.CustomResource):
|
|
@@ -388,9 +484,12 @@ class AuthenticationPolicy(pulumi.CustomResource):
|
|
|
388
484
|
database: Optional[pulumi.Input[_builtins.str]] = None,
|
|
389
485
|
mfa_authentication_methods: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
390
486
|
mfa_enrollment: Optional[pulumi.Input[_builtins.str]] = None,
|
|
487
|
+
mfa_policy: Optional[pulumi.Input[Union['AuthenticationPolicyMfaPolicyArgs', 'AuthenticationPolicyMfaPolicyArgsDict']]] = None,
|
|
391
488
|
name: Optional[pulumi.Input[_builtins.str]] = None,
|
|
489
|
+
pat_policy: Optional[pulumi.Input[Union['AuthenticationPolicyPatPolicyArgs', 'AuthenticationPolicyPatPolicyArgsDict']]] = None,
|
|
392
490
|
schema: Optional[pulumi.Input[_builtins.str]] = None,
|
|
393
491
|
security_integrations: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
492
|
+
workload_identity_policy: Optional[pulumi.Input[Union['AuthenticationPolicyWorkloadIdentityPolicyArgs', 'AuthenticationPolicyWorkloadIdentityPolicyArgsDict']]] = None,
|
|
394
493
|
__props__=None):
|
|
395
494
|
"""
|
|
396
495
|
## Import
|
|
@@ -401,15 +500,18 @@ class AuthenticationPolicy(pulumi.CustomResource):
|
|
|
401
500
|
|
|
402
501
|
:param str resource_name: The name of the resource.
|
|
403
502
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
|
404
|
-
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] authentication_methods: A list of authentication methods that are allowed during login.
|
|
405
|
-
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] client_types: A list of clients that can authenticate with Snowflake. If a client tries to connect, and the client is not one of the valid
|
|
503
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] authentication_methods: A list of authentication methods that are allowed during login. Valid values are (case-insensitive): `ALL` | `SAML` | `PASSWORD` | `OAUTH` | `KEYPAIR` | `PROGRAMMATIC_ACCESS_TOKEN` | `WORKLOAD_IDENTITY`.
|
|
504
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] client_types: A list of clients that can authenticate with Snowflake. If a client tries to connect, and the client is not one of the valid `client_types`, then the login attempt fails. Valid values are (case-insensitive): `ALL` | `SNOWFLAKE_UI` | `DRIVERS` | `SNOWSQL` | `SNOWFLAKE_CLI`. The `client_types` property of an authentication policy is a best effort method to block user logins based on specific clients. It should not be used as the sole control to establish a security boundary.
|
|
406
505
|
:param pulumi.Input[_builtins.str] comment: Specifies a comment for the authentication policy.
|
|
407
506
|
:param pulumi.Input[_builtins.str] database: The database in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: `|`, `.`, `"`.
|
|
408
507
|
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] mfa_authentication_methods: A list of authentication methods that enforce multi-factor authentication (MFA) during login. Authentication methods not listed in this parameter do not prompt for multi-factor authentication. Allowed values are `ALL` | `SAML` | `PASSWORD`.
|
|
409
|
-
:param pulumi.Input[_builtins.str] mfa_enrollment:
|
|
508
|
+
:param pulumi.Input[_builtins.str] mfa_enrollment: Determines whether a user must enroll in multi-factor authentication. Valid values are (case-insensitive): `REQUIRED` | `REQUIRED_PASSWORD_ONLY` | `OPTIONAL`. When REQUIRED is specified, Enforces users to enroll in MFA. If this value is used, then the `client_types` parameter must include `snowflake_ui`, because Snowsight is the only place users can enroll in multi-factor authentication (MFA).
|
|
509
|
+
:param pulumi.Input[Union['AuthenticationPolicyMfaPolicyArgs', 'AuthenticationPolicyMfaPolicyArgsDict']] mfa_policy: Specifies the multi-factor authentication (MFA) methods that users can use as a second factor of authentication.
|
|
410
510
|
:param pulumi.Input[_builtins.str] name: Specifies the identifier for the authentication policy. Due to technical limitations (read more here), avoid using the following characters: `|`, `.`, `"`.
|
|
511
|
+
:param pulumi.Input[Union['AuthenticationPolicyPatPolicyArgs', 'AuthenticationPolicyPatPolicyArgsDict']] pat_policy: Specifies the policy for programmatic access tokens.
|
|
411
512
|
:param pulumi.Input[_builtins.str] schema: The schema in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: `|`, `.`, `"`.
|
|
412
|
-
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] security_integrations: A list of security integrations the authentication policy is associated with. This parameter has no effect when
|
|
513
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] security_integrations: A list of security integrations the authentication policy is associated with. This parameter has no effect when `saml` or `oauth` are not in the `authentication_methods` list. All values in the `security_integrations` list must be compatible with the values in the `authentication_methods` list. For example, if `security_integrations` contains a SAML security integration, and `authentication_methods` contains OAUTH, then you cannot create the authentication policy. To allow all security integrations use `ALL` as parameter.
|
|
514
|
+
:param pulumi.Input[Union['AuthenticationPolicyWorkloadIdentityPolicyArgs', 'AuthenticationPolicyWorkloadIdentityPolicyArgsDict']] workload_identity_policy: Specifies the policy for workload identity federation.
|
|
413
515
|
"""
|
|
414
516
|
...
|
|
415
517
|
@overload
|
|
@@ -445,9 +547,12 @@ class AuthenticationPolicy(pulumi.CustomResource):
|
|
|
445
547
|
database: Optional[pulumi.Input[_builtins.str]] = None,
|
|
446
548
|
mfa_authentication_methods: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
447
549
|
mfa_enrollment: Optional[pulumi.Input[_builtins.str]] = None,
|
|
550
|
+
mfa_policy: Optional[pulumi.Input[Union['AuthenticationPolicyMfaPolicyArgs', 'AuthenticationPolicyMfaPolicyArgsDict']]] = None,
|
|
448
551
|
name: Optional[pulumi.Input[_builtins.str]] = None,
|
|
552
|
+
pat_policy: Optional[pulumi.Input[Union['AuthenticationPolicyPatPolicyArgs', 'AuthenticationPolicyPatPolicyArgsDict']]] = None,
|
|
449
553
|
schema: Optional[pulumi.Input[_builtins.str]] = None,
|
|
450
554
|
security_integrations: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
555
|
+
workload_identity_policy: Optional[pulumi.Input[Union['AuthenticationPolicyWorkloadIdentityPolicyArgs', 'AuthenticationPolicyWorkloadIdentityPolicyArgsDict']]] = None,
|
|
451
556
|
__props__=None):
|
|
452
557
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
|
453
558
|
if not isinstance(opts, pulumi.ResourceOptions):
|
|
@@ -465,11 +570,14 @@ class AuthenticationPolicy(pulumi.CustomResource):
|
|
|
465
570
|
__props__.__dict__["database"] = database
|
|
466
571
|
__props__.__dict__["mfa_authentication_methods"] = mfa_authentication_methods
|
|
467
572
|
__props__.__dict__["mfa_enrollment"] = mfa_enrollment
|
|
573
|
+
__props__.__dict__["mfa_policy"] = mfa_policy
|
|
468
574
|
__props__.__dict__["name"] = name
|
|
575
|
+
__props__.__dict__["pat_policy"] = pat_policy
|
|
469
576
|
if schema is None and not opts.urn:
|
|
470
577
|
raise TypeError("Missing required property 'schema'")
|
|
471
578
|
__props__.__dict__["schema"] = schema
|
|
472
579
|
__props__.__dict__["security_integrations"] = security_integrations
|
|
580
|
+
__props__.__dict__["workload_identity_policy"] = workload_identity_policy
|
|
473
581
|
__props__.__dict__["describe_outputs"] = None
|
|
474
582
|
__props__.__dict__["fully_qualified_name"] = None
|
|
475
583
|
__props__.__dict__["show_outputs"] = None
|
|
@@ -491,10 +599,13 @@ class AuthenticationPolicy(pulumi.CustomResource):
|
|
|
491
599
|
fully_qualified_name: Optional[pulumi.Input[_builtins.str]] = None,
|
|
492
600
|
mfa_authentication_methods: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
493
601
|
mfa_enrollment: Optional[pulumi.Input[_builtins.str]] = None,
|
|
602
|
+
mfa_policy: Optional[pulumi.Input[Union['AuthenticationPolicyMfaPolicyArgs', 'AuthenticationPolicyMfaPolicyArgsDict']]] = None,
|
|
494
603
|
name: Optional[pulumi.Input[_builtins.str]] = None,
|
|
604
|
+
pat_policy: Optional[pulumi.Input[Union['AuthenticationPolicyPatPolicyArgs', 'AuthenticationPolicyPatPolicyArgsDict']]] = None,
|
|
495
605
|
schema: Optional[pulumi.Input[_builtins.str]] = None,
|
|
496
606
|
security_integrations: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
497
|
-
show_outputs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AuthenticationPolicyShowOutputArgs', 'AuthenticationPolicyShowOutputArgsDict']]]]] = None
|
|
607
|
+
show_outputs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AuthenticationPolicyShowOutputArgs', 'AuthenticationPolicyShowOutputArgsDict']]]]] = None,
|
|
608
|
+
workload_identity_policy: Optional[pulumi.Input[Union['AuthenticationPolicyWorkloadIdentityPolicyArgs', 'AuthenticationPolicyWorkloadIdentityPolicyArgsDict']]] = None) -> 'AuthenticationPolicy':
|
|
498
609
|
"""
|
|
499
610
|
Get an existing AuthenticationPolicy resource's state with the given name, id, and optional extra
|
|
500
611
|
properties used to qualify the lookup.
|
|
@@ -502,18 +613,21 @@ class AuthenticationPolicy(pulumi.CustomResource):
|
|
|
502
613
|
:param str resource_name: The unique name of the resulting resource.
|
|
503
614
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
|
504
615
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
|
505
|
-
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] authentication_methods: A list of authentication methods that are allowed during login.
|
|
506
|
-
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] client_types: A list of clients that can authenticate with Snowflake. If a client tries to connect, and the client is not one of the valid
|
|
616
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] authentication_methods: A list of authentication methods that are allowed during login. Valid values are (case-insensitive): `ALL` | `SAML` | `PASSWORD` | `OAUTH` | `KEYPAIR` | `PROGRAMMATIC_ACCESS_TOKEN` | `WORKLOAD_IDENTITY`.
|
|
617
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] client_types: A list of clients that can authenticate with Snowflake. If a client tries to connect, and the client is not one of the valid `client_types`, then the login attempt fails. Valid values are (case-insensitive): `ALL` | `SNOWFLAKE_UI` | `DRIVERS` | `SNOWSQL` | `SNOWFLAKE_CLI`. The `client_types` property of an authentication policy is a best effort method to block user logins based on specific clients. It should not be used as the sole control to establish a security boundary.
|
|
507
618
|
:param pulumi.Input[_builtins.str] comment: Specifies a comment for the authentication policy.
|
|
508
619
|
:param pulumi.Input[_builtins.str] database: The database in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: `|`, `.`, `"`.
|
|
509
620
|
:param pulumi.Input[Sequence[pulumi.Input[Union['AuthenticationPolicyDescribeOutputArgs', 'AuthenticationPolicyDescribeOutputArgsDict']]]] describe_outputs: Outputs the result of `DESCRIBE AUTHENTICATION POLICY` for the given policy.
|
|
510
621
|
:param pulumi.Input[_builtins.str] fully_qualified_name: Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
|
|
511
622
|
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] mfa_authentication_methods: A list of authentication methods that enforce multi-factor authentication (MFA) during login. Authentication methods not listed in this parameter do not prompt for multi-factor authentication. Allowed values are `ALL` | `SAML` | `PASSWORD`.
|
|
512
|
-
:param pulumi.Input[_builtins.str] mfa_enrollment:
|
|
623
|
+
:param pulumi.Input[_builtins.str] mfa_enrollment: Determines whether a user must enroll in multi-factor authentication. Valid values are (case-insensitive): `REQUIRED` | `REQUIRED_PASSWORD_ONLY` | `OPTIONAL`. When REQUIRED is specified, Enforces users to enroll in MFA. If this value is used, then the `client_types` parameter must include `snowflake_ui`, because Snowsight is the only place users can enroll in multi-factor authentication (MFA).
|
|
624
|
+
:param pulumi.Input[Union['AuthenticationPolicyMfaPolicyArgs', 'AuthenticationPolicyMfaPolicyArgsDict']] mfa_policy: Specifies the multi-factor authentication (MFA) methods that users can use as a second factor of authentication.
|
|
513
625
|
:param pulumi.Input[_builtins.str] name: Specifies the identifier for the authentication policy. Due to technical limitations (read more here), avoid using the following characters: `|`, `.`, `"`.
|
|
626
|
+
:param pulumi.Input[Union['AuthenticationPolicyPatPolicyArgs', 'AuthenticationPolicyPatPolicyArgsDict']] pat_policy: Specifies the policy for programmatic access tokens.
|
|
514
627
|
:param pulumi.Input[_builtins.str] schema: The schema in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: `|`, `.`, `"`.
|
|
515
|
-
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] security_integrations: A list of security integrations the authentication policy is associated with. This parameter has no effect when
|
|
628
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] security_integrations: A list of security integrations the authentication policy is associated with. This parameter has no effect when `saml` or `oauth` are not in the `authentication_methods` list. All values in the `security_integrations` list must be compatible with the values in the `authentication_methods` list. For example, if `security_integrations` contains a SAML security integration, and `authentication_methods` contains OAUTH, then you cannot create the authentication policy. To allow all security integrations use `ALL` as parameter.
|
|
516
629
|
:param pulumi.Input[Sequence[pulumi.Input[Union['AuthenticationPolicyShowOutputArgs', 'AuthenticationPolicyShowOutputArgsDict']]]] show_outputs: Outputs the result of `SHOW AUTHENTICATION POLICIES` for the given policy.
|
|
630
|
+
:param pulumi.Input[Union['AuthenticationPolicyWorkloadIdentityPolicyArgs', 'AuthenticationPolicyWorkloadIdentityPolicyArgsDict']] workload_identity_policy: Specifies the policy for workload identity federation.
|
|
517
631
|
"""
|
|
518
632
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
|
519
633
|
|
|
@@ -527,17 +641,20 @@ class AuthenticationPolicy(pulumi.CustomResource):
|
|
|
527
641
|
__props__.__dict__["fully_qualified_name"] = fully_qualified_name
|
|
528
642
|
__props__.__dict__["mfa_authentication_methods"] = mfa_authentication_methods
|
|
529
643
|
__props__.__dict__["mfa_enrollment"] = mfa_enrollment
|
|
644
|
+
__props__.__dict__["mfa_policy"] = mfa_policy
|
|
530
645
|
__props__.__dict__["name"] = name
|
|
646
|
+
__props__.__dict__["pat_policy"] = pat_policy
|
|
531
647
|
__props__.__dict__["schema"] = schema
|
|
532
648
|
__props__.__dict__["security_integrations"] = security_integrations
|
|
533
649
|
__props__.__dict__["show_outputs"] = show_outputs
|
|
650
|
+
__props__.__dict__["workload_identity_policy"] = workload_identity_policy
|
|
534
651
|
return AuthenticationPolicy(resource_name, opts=opts, __props__=__props__)
|
|
535
652
|
|
|
536
653
|
@_builtins.property
|
|
537
654
|
@pulumi.getter(name="authenticationMethods")
|
|
538
655
|
def authentication_methods(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
|
|
539
656
|
"""
|
|
540
|
-
A list of authentication methods that are allowed during login.
|
|
657
|
+
A list of authentication methods that are allowed during login. Valid values are (case-insensitive): `ALL` | `SAML` | `PASSWORD` | `OAUTH` | `KEYPAIR` | `PROGRAMMATIC_ACCESS_TOKEN` | `WORKLOAD_IDENTITY`.
|
|
541
658
|
"""
|
|
542
659
|
return pulumi.get(self, "authentication_methods")
|
|
543
660
|
|
|
@@ -545,7 +662,7 @@ class AuthenticationPolicy(pulumi.CustomResource):
|
|
|
545
662
|
@pulumi.getter(name="clientTypes")
|
|
546
663
|
def client_types(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
|
|
547
664
|
"""
|
|
548
|
-
A list of clients that can authenticate with Snowflake. If a client tries to connect, and the client is not one of the valid
|
|
665
|
+
A list of clients that can authenticate with Snowflake. If a client tries to connect, and the client is not one of the valid `client_types`, then the login attempt fails. Valid values are (case-insensitive): `ALL` | `SNOWFLAKE_UI` | `DRIVERS` | `SNOWSQL` | `SNOWFLAKE_CLI`. The `client_types` property of an authentication policy is a best effort method to block user logins based on specific clients. It should not be used as the sole control to establish a security boundary.
|
|
549
666
|
"""
|
|
550
667
|
return pulumi.get(self, "client_types")
|
|
551
668
|
|
|
@@ -594,10 +711,18 @@ class AuthenticationPolicy(pulumi.CustomResource):
|
|
|
594
711
|
@pulumi.getter(name="mfaEnrollment")
|
|
595
712
|
def mfa_enrollment(self) -> pulumi.Output[Optional[_builtins.str]]:
|
|
596
713
|
"""
|
|
597
|
-
|
|
714
|
+
Determines whether a user must enroll in multi-factor authentication. Valid values are (case-insensitive): `REQUIRED` | `REQUIRED_PASSWORD_ONLY` | `OPTIONAL`. When REQUIRED is specified, Enforces users to enroll in MFA. If this value is used, then the `client_types` parameter must include `snowflake_ui`, because Snowsight is the only place users can enroll in multi-factor authentication (MFA).
|
|
598
715
|
"""
|
|
599
716
|
return pulumi.get(self, "mfa_enrollment")
|
|
600
717
|
|
|
718
|
+
@_builtins.property
|
|
719
|
+
@pulumi.getter(name="mfaPolicy")
|
|
720
|
+
def mfa_policy(self) -> pulumi.Output[Optional['outputs.AuthenticationPolicyMfaPolicy']]:
|
|
721
|
+
"""
|
|
722
|
+
Specifies the multi-factor authentication (MFA) methods that users can use as a second factor of authentication.
|
|
723
|
+
"""
|
|
724
|
+
return pulumi.get(self, "mfa_policy")
|
|
725
|
+
|
|
601
726
|
@_builtins.property
|
|
602
727
|
@pulumi.getter
|
|
603
728
|
def name(self) -> pulumi.Output[_builtins.str]:
|
|
@@ -606,6 +731,14 @@ class AuthenticationPolicy(pulumi.CustomResource):
|
|
|
606
731
|
"""
|
|
607
732
|
return pulumi.get(self, "name")
|
|
608
733
|
|
|
734
|
+
@_builtins.property
|
|
735
|
+
@pulumi.getter(name="patPolicy")
|
|
736
|
+
def pat_policy(self) -> pulumi.Output[Optional['outputs.AuthenticationPolicyPatPolicy']]:
|
|
737
|
+
"""
|
|
738
|
+
Specifies the policy for programmatic access tokens.
|
|
739
|
+
"""
|
|
740
|
+
return pulumi.get(self, "pat_policy")
|
|
741
|
+
|
|
609
742
|
@_builtins.property
|
|
610
743
|
@pulumi.getter
|
|
611
744
|
def schema(self) -> pulumi.Output[_builtins.str]:
|
|
@@ -618,7 +751,7 @@ class AuthenticationPolicy(pulumi.CustomResource):
|
|
|
618
751
|
@pulumi.getter(name="securityIntegrations")
|
|
619
752
|
def security_integrations(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
|
|
620
753
|
"""
|
|
621
|
-
A list of security integrations the authentication policy is associated with. This parameter has no effect when
|
|
754
|
+
A list of security integrations the authentication policy is associated with. This parameter has no effect when `saml` or `oauth` are not in the `authentication_methods` list. All values in the `security_integrations` list must be compatible with the values in the `authentication_methods` list. For example, if `security_integrations` contains a SAML security integration, and `authentication_methods` contains OAUTH, then you cannot create the authentication policy. To allow all security integrations use `ALL` as parameter.
|
|
622
755
|
"""
|
|
623
756
|
return pulumi.get(self, "security_integrations")
|
|
624
757
|
|
|
@@ -630,3 +763,11 @@ class AuthenticationPolicy(pulumi.CustomResource):
|
|
|
630
763
|
"""
|
|
631
764
|
return pulumi.get(self, "show_outputs")
|
|
632
765
|
|
|
766
|
+
@_builtins.property
|
|
767
|
+
@pulumi.getter(name="workloadIdentityPolicy")
|
|
768
|
+
def workload_identity_policy(self) -> pulumi.Output[Optional['outputs.AuthenticationPolicyWorkloadIdentityPolicy']]:
|
|
769
|
+
"""
|
|
770
|
+
Specifies the policy for workload identity federation.
|
|
771
|
+
"""
|
|
772
|
+
return pulumi.get(self, "workload_identity_policy")
|
|
773
|
+
|
pulumi_snowflake/compute_pool.py
CHANGED
|
@@ -32,7 +32,7 @@ class ComputePoolArgs:
|
|
|
32
32
|
name: Optional[pulumi.Input[_builtins.str]] = None):
|
|
33
33
|
"""
|
|
34
34
|
The set of arguments for constructing a ComputePool resource.
|
|
35
|
-
:param pulumi.Input[_builtins.str] instance_family: Identifies the type of machine you want to provision for the nodes in the compute pool. Valid values are (case-insensitive): `CPU_X64_XS` | `CPU_X64_S` | `CPU_X64_M` | `CPU_X64_L` | `HIGHMEM_X64_S` | `HIGHMEM_X64_M` | `HIGHMEM_X64_L` | `HIGHMEM_X64_SL` | `GPU_NV_S` | `GPU_NV_M` | `GPU_NV_L` | `GPU_NV_XS` | `GPU_NV_SM` | `GPU_NV_2M` | `GPU_NV_3M` | `GPU_NV_SL`.
|
|
35
|
+
:param pulumi.Input[_builtins.str] instance_family: Identifies the type of machine you want to provision for the nodes in the compute pool. Valid values are (case-insensitive): `CPU_X64_XS` | `CPU_X64_S` | `CPU_X64_M` | `CPU_X64_SL` | `CPU_X64_L` | `HIGHMEM_X64_S` | `HIGHMEM_X64_M` | `HIGHMEM_X64_L` | `HIGHMEM_X64_SL` | `GPU_NV_S` | `GPU_NV_M` | `GPU_NV_L` | `GPU_NV_XS` | `GPU_NV_SM` | `GPU_NV_2M` | `GPU_NV_3M` | `GPU_NV_SL` | `GPU_GCP_NV_L4_1_24G` | `GPU_GCP_NV_L4_4_24G` | `GPU_GCP_NV_A100_8_40G`. Not all instance families are supported in all regions. Run `SHOW COMPUTE POOL INSTANCE FAMILIES` to see the list of supported instance families in your region.
|
|
36
36
|
:param pulumi.Input[_builtins.int] max_nodes: Specifies the maximum number of nodes for the compute pool.
|
|
37
37
|
:param pulumi.Input[_builtins.int] min_nodes: Specifies the minimum number of nodes for the compute pool.
|
|
38
38
|
:param pulumi.Input[_builtins.str] auto_resume: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (`default`)) Specifies whether to automatically resume a compute pool when a service or job is submitted to it. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.
|
|
@@ -62,7 +62,7 @@ class ComputePoolArgs:
|
|
|
62
62
|
@pulumi.getter(name="instanceFamily")
|
|
63
63
|
def instance_family(self) -> pulumi.Input[_builtins.str]:
|
|
64
64
|
"""
|
|
65
|
-
Identifies the type of machine you want to provision for the nodes in the compute pool. Valid values are (case-insensitive): `CPU_X64_XS` | `CPU_X64_S` | `CPU_X64_M` | `CPU_X64_L` | `HIGHMEM_X64_S` | `HIGHMEM_X64_M` | `HIGHMEM_X64_L` | `HIGHMEM_X64_SL` | `GPU_NV_S` | `GPU_NV_M` | `GPU_NV_L` | `GPU_NV_XS` | `GPU_NV_SM` | `GPU_NV_2M` | `GPU_NV_3M` | `GPU_NV_SL`.
|
|
65
|
+
Identifies the type of machine you want to provision for the nodes in the compute pool. Valid values are (case-insensitive): `CPU_X64_XS` | `CPU_X64_S` | `CPU_X64_M` | `CPU_X64_SL` | `CPU_X64_L` | `HIGHMEM_X64_S` | `HIGHMEM_X64_M` | `HIGHMEM_X64_L` | `HIGHMEM_X64_SL` | `GPU_NV_S` | `GPU_NV_M` | `GPU_NV_L` | `GPU_NV_XS` | `GPU_NV_SM` | `GPU_NV_2M` | `GPU_NV_3M` | `GPU_NV_SL` | `GPU_GCP_NV_L4_1_24G` | `GPU_GCP_NV_L4_4_24G` | `GPU_GCP_NV_A100_8_40G`. Not all instance families are supported in all regions. Run `SHOW COMPUTE POOL INSTANCE FAMILIES` to see the list of supported instance families in your region.
|
|
66
66
|
"""
|
|
67
67
|
return pulumi.get(self, "instance_family")
|
|
68
68
|
|
|
@@ -191,7 +191,7 @@ class _ComputePoolState:
|
|
|
191
191
|
:param pulumi.Input[_builtins.str] for_application: Specifies the Snowflake Native App name.
|
|
192
192
|
:param pulumi.Input[_builtins.str] fully_qualified_name: Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
|
|
193
193
|
:param pulumi.Input[_builtins.str] initially_suspended: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (`default`)) Specifies whether the compute pool is created initially in the suspended state. This field is used only when creating a compute pool. Changes on this field are ignored after creation.
|
|
194
|
-
:param pulumi.Input[_builtins.str] instance_family: Identifies the type of machine you want to provision for the nodes in the compute pool. Valid values are (case-insensitive): `CPU_X64_XS` | `CPU_X64_S` | `CPU_X64_M` | `CPU_X64_L` | `HIGHMEM_X64_S` | `HIGHMEM_X64_M` | `HIGHMEM_X64_L` | `HIGHMEM_X64_SL` | `GPU_NV_S` | `GPU_NV_M` | `GPU_NV_L` | `GPU_NV_XS` | `GPU_NV_SM` | `GPU_NV_2M` | `GPU_NV_3M` | `GPU_NV_SL`.
|
|
194
|
+
:param pulumi.Input[_builtins.str] instance_family: Identifies the type of machine you want to provision for the nodes in the compute pool. Valid values are (case-insensitive): `CPU_X64_XS` | `CPU_X64_S` | `CPU_X64_M` | `CPU_X64_SL` | `CPU_X64_L` | `HIGHMEM_X64_S` | `HIGHMEM_X64_M` | `HIGHMEM_X64_L` | `HIGHMEM_X64_SL` | `GPU_NV_S` | `GPU_NV_M` | `GPU_NV_L` | `GPU_NV_XS` | `GPU_NV_SM` | `GPU_NV_2M` | `GPU_NV_3M` | `GPU_NV_SL` | `GPU_GCP_NV_L4_1_24G` | `GPU_GCP_NV_L4_4_24G` | `GPU_GCP_NV_A100_8_40G`. Not all instance families are supported in all regions. Run `SHOW COMPUTE POOL INSTANCE FAMILIES` to see the list of supported instance families in your region.
|
|
195
195
|
:param pulumi.Input[_builtins.int] max_nodes: Specifies the maximum number of nodes for the compute pool.
|
|
196
196
|
:param pulumi.Input[_builtins.int] min_nodes: Specifies the minimum number of nodes for the compute pool.
|
|
197
197
|
:param pulumi.Input[_builtins.str] name: Specifies the identifier for the compute pool; must be unique for the account. Due to technical limitations (read more here), avoid using the following characters: `|`, `.`, `"`.
|
|
@@ -310,7 +310,7 @@ class _ComputePoolState:
|
|
|
310
310
|
@pulumi.getter(name="instanceFamily")
|
|
311
311
|
def instance_family(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
312
312
|
"""
|
|
313
|
-
Identifies the type of machine you want to provision for the nodes in the compute pool. Valid values are (case-insensitive): `CPU_X64_XS` | `CPU_X64_S` | `CPU_X64_M` | `CPU_X64_L` | `HIGHMEM_X64_S` | `HIGHMEM_X64_M` | `HIGHMEM_X64_L` | `HIGHMEM_X64_SL` | `GPU_NV_S` | `GPU_NV_M` | `GPU_NV_L` | `GPU_NV_XS` | `GPU_NV_SM` | `GPU_NV_2M` | `GPU_NV_3M` | `GPU_NV_SL`.
|
|
313
|
+
Identifies the type of machine you want to provision for the nodes in the compute pool. Valid values are (case-insensitive): `CPU_X64_XS` | `CPU_X64_S` | `CPU_X64_M` | `CPU_X64_SL` | `CPU_X64_L` | `HIGHMEM_X64_S` | `HIGHMEM_X64_M` | `HIGHMEM_X64_L` | `HIGHMEM_X64_SL` | `GPU_NV_S` | `GPU_NV_M` | `GPU_NV_L` | `GPU_NV_XS` | `GPU_NV_SM` | `GPU_NV_2M` | `GPU_NV_3M` | `GPU_NV_SL` | `GPU_GCP_NV_L4_1_24G` | `GPU_GCP_NV_L4_4_24G` | `GPU_GCP_NV_A100_8_40G`. Not all instance families are supported in all regions. Run `SHOW COMPUTE POOL INSTANCE FAMILIES` to see the list of supported instance families in your region.
|
|
314
314
|
"""
|
|
315
315
|
return pulumi.get(self, "instance_family")
|
|
316
316
|
|
|
@@ -397,7 +397,7 @@ class ComputePool(pulumi.CustomResource):
|
|
|
397
397
|
:param pulumi.Input[_builtins.str] comment: Specifies a comment for the compute pool.
|
|
398
398
|
:param pulumi.Input[_builtins.str] for_application: Specifies the Snowflake Native App name.
|
|
399
399
|
:param pulumi.Input[_builtins.str] initially_suspended: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (`default`)) Specifies whether the compute pool is created initially in the suspended state. This field is used only when creating a compute pool. Changes on this field are ignored after creation.
|
|
400
|
-
:param pulumi.Input[_builtins.str] instance_family: Identifies the type of machine you want to provision for the nodes in the compute pool. Valid values are (case-insensitive): `CPU_X64_XS` | `CPU_X64_S` | `CPU_X64_M` | `CPU_X64_L` | `HIGHMEM_X64_S` | `HIGHMEM_X64_M` | `HIGHMEM_X64_L` | `HIGHMEM_X64_SL` | `GPU_NV_S` | `GPU_NV_M` | `GPU_NV_L` | `GPU_NV_XS` | `GPU_NV_SM` | `GPU_NV_2M` | `GPU_NV_3M` | `GPU_NV_SL`.
|
|
400
|
+
:param pulumi.Input[_builtins.str] instance_family: Identifies the type of machine you want to provision for the nodes in the compute pool. Valid values are (case-insensitive): `CPU_X64_XS` | `CPU_X64_S` | `CPU_X64_M` | `CPU_X64_SL` | `CPU_X64_L` | `HIGHMEM_X64_S` | `HIGHMEM_X64_M` | `HIGHMEM_X64_L` | `HIGHMEM_X64_SL` | `GPU_NV_S` | `GPU_NV_M` | `GPU_NV_L` | `GPU_NV_XS` | `GPU_NV_SM` | `GPU_NV_2M` | `GPU_NV_3M` | `GPU_NV_SL` | `GPU_GCP_NV_L4_1_24G` | `GPU_GCP_NV_L4_4_24G` | `GPU_GCP_NV_A100_8_40G`. Not all instance families are supported in all regions. Run `SHOW COMPUTE POOL INSTANCE FAMILIES` to see the list of supported instance families in your region.
|
|
401
401
|
:param pulumi.Input[_builtins.int] max_nodes: Specifies the maximum number of nodes for the compute pool.
|
|
402
402
|
:param pulumi.Input[_builtins.int] min_nodes: Specifies the minimum number of nodes for the compute pool.
|
|
403
403
|
:param pulumi.Input[_builtins.str] name: Specifies the identifier for the compute pool; must be unique for the account. Due to technical limitations (read more here), avoid using the following characters: `|`, `.`, `"`.
|
|
@@ -502,7 +502,7 @@ class ComputePool(pulumi.CustomResource):
|
|
|
502
502
|
:param pulumi.Input[_builtins.str] for_application: Specifies the Snowflake Native App name.
|
|
503
503
|
:param pulumi.Input[_builtins.str] fully_qualified_name: Fully qualified name of the resource. For more information, see [object name resolution](https://docs.snowflake.com/en/sql-reference/name-resolution).
|
|
504
504
|
:param pulumi.Input[_builtins.str] initially_suspended: (Default: fallback to Snowflake default - uses special value that cannot be set in the configuration manually (`default`)) Specifies whether the compute pool is created initially in the suspended state. This field is used only when creating a compute pool. Changes on this field are ignored after creation.
|
|
505
|
-
:param pulumi.Input[_builtins.str] instance_family: Identifies the type of machine you want to provision for the nodes in the compute pool. Valid values are (case-insensitive): `CPU_X64_XS` | `CPU_X64_S` | `CPU_X64_M` | `CPU_X64_L` | `HIGHMEM_X64_S` | `HIGHMEM_X64_M` | `HIGHMEM_X64_L` | `HIGHMEM_X64_SL` | `GPU_NV_S` | `GPU_NV_M` | `GPU_NV_L` | `GPU_NV_XS` | `GPU_NV_SM` | `GPU_NV_2M` | `GPU_NV_3M` | `GPU_NV_SL`.
|
|
505
|
+
:param pulumi.Input[_builtins.str] instance_family: Identifies the type of machine you want to provision for the nodes in the compute pool. Valid values are (case-insensitive): `CPU_X64_XS` | `CPU_X64_S` | `CPU_X64_M` | `CPU_X64_SL` | `CPU_X64_L` | `HIGHMEM_X64_S` | `HIGHMEM_X64_M` | `HIGHMEM_X64_L` | `HIGHMEM_X64_SL` | `GPU_NV_S` | `GPU_NV_M` | `GPU_NV_L` | `GPU_NV_XS` | `GPU_NV_SM` | `GPU_NV_2M` | `GPU_NV_3M` | `GPU_NV_SL` | `GPU_GCP_NV_L4_1_24G` | `GPU_GCP_NV_L4_4_24G` | `GPU_GCP_NV_A100_8_40G`. Not all instance families are supported in all regions. Run `SHOW COMPUTE POOL INSTANCE FAMILIES` to see the list of supported instance families in your region.
|
|
506
506
|
:param pulumi.Input[_builtins.int] max_nodes: Specifies the maximum number of nodes for the compute pool.
|
|
507
507
|
:param pulumi.Input[_builtins.int] min_nodes: Specifies the minimum number of nodes for the compute pool.
|
|
508
508
|
:param pulumi.Input[_builtins.str] name: Specifies the identifier for the compute pool; must be unique for the account. Due to technical limitations (read more here), avoid using the following characters: `|`, `.`, `"`.
|
|
@@ -586,7 +586,7 @@ class ComputePool(pulumi.CustomResource):
|
|
|
586
586
|
@pulumi.getter(name="instanceFamily")
|
|
587
587
|
def instance_family(self) -> pulumi.Output[_builtins.str]:
|
|
588
588
|
"""
|
|
589
|
-
Identifies the type of machine you want to provision for the nodes in the compute pool. Valid values are (case-insensitive): `CPU_X64_XS` | `CPU_X64_S` | `CPU_X64_M` | `CPU_X64_L` | `HIGHMEM_X64_S` | `HIGHMEM_X64_M` | `HIGHMEM_X64_L` | `HIGHMEM_X64_SL` | `GPU_NV_S` | `GPU_NV_M` | `GPU_NV_L` | `GPU_NV_XS` | `GPU_NV_SM` | `GPU_NV_2M` | `GPU_NV_3M` | `GPU_NV_SL`.
|
|
589
|
+
Identifies the type of machine you want to provision for the nodes in the compute pool. Valid values are (case-insensitive): `CPU_X64_XS` | `CPU_X64_S` | `CPU_X64_M` | `CPU_X64_SL` | `CPU_X64_L` | `HIGHMEM_X64_S` | `HIGHMEM_X64_M` | `HIGHMEM_X64_L` | `HIGHMEM_X64_SL` | `GPU_NV_S` | `GPU_NV_M` | `GPU_NV_L` | `GPU_NV_XS` | `GPU_NV_SM` | `GPU_NV_2M` | `GPU_NV_3M` | `GPU_NV_SL` | `GPU_GCP_NV_L4_1_24G` | `GPU_GCP_NV_L4_4_24G` | `GPU_GCP_NV_A100_8_40G`. Not all instance families are supported in all regions. Run `SHOW COMPUTE POOL INSTANCE FAMILIES` to see the list of supported instance families in your region.
|
|
590
590
|
"""
|
|
591
591
|
return pulumi.get(self, "instance_family")
|
|
592
592
|
|