account_federation_policy
Creates, updates, deletes, gets or lists an account_federation_policy resource.
Overview
| Name | account_federation_policy |
| Type | Resource |
| Id | databricks_account.oauth2.account_federation_policy |
Fields
The following fields are returned by SELECT queries:
- account_federation_policy_get
- account_federation_policy_list
| Name | Datatype | Description |
|---|---|---|
name | string | Resource name for the federation policy. Example values include `accounts/<account-id>/federationPolicies/my-federation-policy` for Account Federation Policies, and `accounts/<account-id>/servicePrincipals/<service-principal-id>/federationPolicies/my-federation-policy` for Service Principal Federation Policies. Typically an output parameter, which does not need to be specified in create or update requests. If specified in a request, must match the value in the request URL. |
policy_id | string | The ID of the federation policy. Output only. |
service_principal_id | integer | The service principal ID that this federation policy applies to. Output only. Only set for service principal federation policies. |
create_time | string | |
description | string | Description of the federation policy. |
oidc_policy | object | Specifies the policy to use for validating OIDC claims in your federated tokens. |
uid | string | Unique, immutable id of the federation policy. |
update_time | string | Last update time of the federation policy. |
| Name | Datatype | Description |
|---|---|---|
name | string | Resource name for the federation policy. Example values include `accounts/<account-id>/federationPolicies/my-federation-policy` for Account Federation Policies, and `accounts/<account-id>/servicePrincipals/<service-principal-id>/federationPolicies/my-federation-policy` for Service Principal Federation Policies. Typically an output parameter, which does not need to be specified in create or update requests. If specified in a request, must match the value in the request URL. |
policy_id | string | The ID of the federation policy. Output only. |
service_principal_id | integer | The service principal ID that this federation policy applies to. Output only. Only set for service principal federation policies. |
create_time | string | |
description | string | Description of the federation policy. |
oidc_policy | object | Specifies the policy to use for validating OIDC claims in your federated tokens. |
uid | string | Unique, immutable id of the federation policy. |
update_time | string | Last update time of the federation policy. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
account_federation_policy_get | select | account_id, policy_id | Get account federation policy. | |
account_federation_policy_list | select | account_id | page_size, page_token | List account federation policies. |
account_federation_policy_create | insert | account_id, policy | policy_id | Create account federation policy. |
account_federation_policy_update | update | account_id, policy_id, policy | update_mask | Update account federation policy. |
account_federation_policy_delete | delete | account_id, policy_id | Delete account federation policy. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
account_id | string | |
policy_id | string | The identifier for the federation policy. |
page_size | integer | |
page_token | string | |
policy_id | string | The identifier for the federation policy. The identifier must contain only lowercase alphanumeric characters, numbers, hyphens, and slashes. If unspecified, the id will be assigned by Databricks. |
update_mask | string | The field mask specifies which fields of the policy to update. To specify multiple fields in the field mask, use comma as the separator (no space). The special value '*' indicates that all fields should be updated (full replacement). If unspecified, all fields that are set in the policy provided in the update request will overwrite the corresponding fields in the existing policy. Example value: 'description,oidc_policy.audiences'. |
SELECT examples
- account_federation_policy_get
- account_federation_policy_list
Get account federation policy.
SELECT
name,
policy_id,
service_principal_id,
create_time,
description,
oidc_policy,
uid,
update_time
FROM databricks_account.oauth2.account_federation_policy
WHERE account_id = '{{ account_id }}' -- required
AND policy_id = '{{ policy_id }}' -- required
;
List account federation policies.
SELECT
name,
policy_id,
service_principal_id,
create_time,
description,
oidc_policy,
uid,
update_time
FROM databricks_account.oauth2.account_federation_policy
WHERE account_id = '{{ account_id }}' -- required
AND page_size = '{{ page_size }}'
AND page_token = '{{ page_token }}'
;
INSERT examples
- account_federation_policy_create
- Manifest
Create account federation policy.
INSERT INTO databricks_account.oauth2.account_federation_policy (
policy,
account_id,
policy_id
)
SELECT
'{{ policy }}' /* required */,
'{{ account_id }}',
'{{ policy_id }}'
RETURNING
name,
policy_id,
service_principal_id,
create_time,
description,
oidc_policy,
uid,
update_time
;
# Description fields are for documentation purposes
- name: account_federation_policy
props:
- name: account_id
value: "{{ account_id }}"
description: Required parameter for the account_federation_policy resource.
- name: policy
value:
create_time: "{{ create_time }}"
description: "{{ description }}"
name: "{{ name }}"
oidc_policy:
audiences:
- "{{ audiences }}"
issuer: "{{ issuer }}"
jwks_json: "{{ jwks_json }}"
jwks_uri: "{{ jwks_uri }}"
subject: "{{ subject }}"
subject_claim: "{{ subject_claim }}"
policy_id: "{{ policy_id }}"
service_principal_id: {{ service_principal_id }}
uid: "{{ uid }}"
update_time: "{{ update_time }}"
- name: policy_id
value: "{{ policy_id }}"
description: The identifier for the federation policy. The identifier must contain only lowercase alphanumeric characters, numbers, hyphens, and slashes. If unspecified, the id will be assigned by Databricks.
UPDATE examples
- account_federation_policy_update
Update account federation policy.
UPDATE databricks_account.oauth2.account_federation_policy
SET
policy = '{{ policy }}'
WHERE
account_id = '{{ account_id }}' --required
AND policy_id = '{{ policy_id }}' --required
AND policy = '{{ policy }}' --required
AND update_mask = '{{ update_mask}}'
RETURNING
name,
policy_id,
service_principal_id,
create_time,
description,
oidc_policy,
uid,
update_time;
DELETE examples
- account_federation_policy_delete
Delete account federation policy.
DELETE FROM databricks_account.oauth2.account_federation_policy
WHERE account_id = '{{ account_id }}' --required
AND policy_id = '{{ policy_id }}' --required
;