service_principal_federation_policy
Creates, updates, deletes, gets or lists a service_principal_federation_policy resource.
Overview
| Name | service_principal_federation_policy |
| Type | Resource |
| Id | databricks_account.oauth2.service_principal_federation_policy |
Fields
The following fields are returned by SELECT queries:
- service_principal_federation_policy_get
- service_principal_federation_policy_list
| Name | Datatype | Description |
|---|---|---|
name | string | Resource name for the federation policy. Example values include `accounts/<account-id>/federationPolicies/my-federation-policy` for Account Federation Policies, and `accounts/<account-id>/servicePrincipals/<service-principal-id>/federationPolicies/my-federation-policy` for Service Principal Federation Policies. Typically an output parameter, which does not need to be specified in create or update requests. If specified in a request, must match the value in the request URL. |
policy_id | string | The ID of the federation policy. Output only. |
service_principal_id | integer | The service principal ID that this federation policy applies to. Output only. Only set for service principal federation policies. |
create_time | string | |
description | string | Description of the federation policy. |
oidc_policy | object | Specifies the policy to use for validating OIDC claims in your federated tokens. |
uid | string | Unique, immutable id of the federation policy. |
update_time | string | Last update time of the federation policy. |
| Name | Datatype | Description |
|---|---|---|
name | string | Resource name for the federation policy. Example values include `accounts/<account-id>/federationPolicies/my-federation-policy` for Account Federation Policies, and `accounts/<account-id>/servicePrincipals/<service-principal-id>/federationPolicies/my-federation-policy` for Service Principal Federation Policies. Typically an output parameter, which does not need to be specified in create or update requests. If specified in a request, must match the value in the request URL. |
policy_id | string | The ID of the federation policy. Output only. |
service_principal_id | integer | The service principal ID that this federation policy applies to. Output only. Only set for service principal federation policies. |
create_time | string | |
description | string | Description of the federation policy. |
oidc_policy | object | Specifies the policy to use for validating OIDC claims in your federated tokens. |
uid | string | Unique, immutable id of the federation policy. |
update_time | string | Last update time of the federation policy. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
service_principal_federation_policy_get | select | account_id, service_principal_id, policy_id | Get account federation policy. | |
service_principal_federation_policy_list | select | account_id, service_principal_id | page_size, page_token | List account federation policies. |
service_principal_federation_policy_create | insert | account_id, service_principal_id, policy | policy_id | Create account federation policy. |
service_principal_federation_policy_update | update | account_id, service_principal_id, policy_id, policy | update_mask | Update account federation policy. |
service_principal_federation_policy_delete | delete | account_id, service_principal_id, policy_id | Delete account federation policy. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
account_id | string | |
policy_id | string | The identifier for the federation policy. |
service_principal_id | integer | The service principal id for the federation policy. |
page_size | integer | :param page_token: str (optional) |
page_token | string | |
policy_id | string | |
update_mask | string |
SELECT examples
- service_principal_federation_policy_get
- service_principal_federation_policy_list
Get account federation policy.
SELECT
name,
policy_id,
service_principal_id,
create_time,
description,
oidc_policy,
uid,
update_time
FROM databricks_account.oauth2.service_principal_federation_policy
WHERE account_id = '{{ account_id }}' -- required
AND service_principal_id = '{{ service_principal_id }}' -- required
AND policy_id = '{{ policy_id }}' -- required
;
List account federation policies.
SELECT
name,
policy_id,
service_principal_id,
create_time,
description,
oidc_policy,
uid,
update_time
FROM databricks_account.oauth2.service_principal_federation_policy
WHERE account_id = '{{ account_id }}' -- required
AND service_principal_id = '{{ service_principal_id }}' -- required
AND page_size = '{{ page_size }}'
AND page_token = '{{ page_token }}'
;
INSERT examples
- service_principal_federation_policy_create
- Manifest
Create account federation policy.
INSERT INTO databricks_account.oauth2.service_principal_federation_policy (
policy,
account_id,
service_principal_id,
policy_id
)
SELECT
'{{ policy }}' /* required */,
'{{ account_id }}',
'{{ service_principal_id }}',
'{{ policy_id }}'
RETURNING
name,
policy_id,
service_principal_id,
create_time,
description,
oidc_policy,
uid,
update_time
;
# Description fields are for documentation purposes
- name: service_principal_federation_policy
props:
- name: account_id
value: "{{ account_id }}"
description: Required parameter for the service_principal_federation_policy resource.
- name: service_principal_id
value: {{ service_principal_id }}
description: Required parameter for the service_principal_federation_policy resource.
- name: policy
description: |
:param policy_id: str (optional) The identifier for the federation policy. The identifier must contain only lowercase alphanumeric characters, numbers, hyphens, and slashes. If unspecified, the id will be assigned by Databricks.
value:
create_time: "{{ create_time }}"
description: "{{ description }}"
name: "{{ name }}"
oidc_policy:
audiences:
- "{{ audiences }}"
issuer: "{{ issuer }}"
jwks_json: "{{ jwks_json }}"
jwks_uri: "{{ jwks_uri }}"
subject: "{{ subject }}"
subject_claim: "{{ subject_claim }}"
policy_id: "{{ policy_id }}"
service_principal_id: {{ service_principal_id }}
uid: "{{ uid }}"
update_time: "{{ update_time }}"
- name: policy_id
value: "{{ policy_id }}"
UPDATE examples
- service_principal_federation_policy_update
Update account federation policy.
UPDATE databricks_account.oauth2.service_principal_federation_policy
SET
policy = '{{ policy }}'
WHERE
account_id = '{{ account_id }}' --required
AND service_principal_id = '{{ service_principal_id }}' --required
AND policy_id = '{{ policy_id }}' --required
AND policy = '{{ policy }}' --required
AND update_mask = '{{ update_mask}}'
RETURNING
name,
policy_id,
service_principal_id,
create_time,
description,
oidc_policy,
uid,
update_time;
DELETE examples
- service_principal_federation_policy_delete
Delete account federation policy.
DELETE FROM databricks_account.oauth2.service_principal_federation_policy
WHERE account_id = '{{ account_id }}' --required
AND service_principal_id = '{{ service_principal_id }}' --required
AND policy_id = '{{ policy_id }}' --required
;