Snowflake-Labs · alldoami · Mar 5, 2022 · Mar 1, 2022 · Mar 1, 2022 · Mar 4, 2022
diff --git a/docs/resources/external_oauth_integration.md b/docs/resources/external_oauth_integration.md
@@ -0,0 +1,63 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "snowflake_external_oauth_integration Resource - terraform-provider-snowflake"
+subcategory: ""
+description: |-
+
+---
+
+# snowflake_external_oauth_integration (Resource)
+
+
+
+## Example Usage
+
+```terraform
+resource "snowflake_external_oauth_integration" "azure" {
+  name = "AZURE_POWERBI"
+  type = "AZURE"
+  enabled = true
+  issuer = "https://sts.windows.net/00000000-0000-0000-0000-000000000000"
+  snowflake_user_mapping_attribute = "LOGIN_NAME"
+  jws_keys_urls	= ["https://login.windows.net/common/discovery/keys"]
+  audience_urls	= ["https://analysis.windows.net/powerbi/connector/Snowflake"]
+  token_user_mapping_claims = ["upn"]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- **enabled** (Boolean) Specifies whether to initiate operation of the integration or suspend it.
+- **issuer** (String) Specifies the URL to define the OAuth 2.0 authorization server.
+- **name** (String) Specifies the name of the External Oath integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
+- **snowflake_user_mapping_attribute** (String) Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
+- **token_user_mapping_claims** (Set of String) Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
+- **type** (String) Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
+
+### Optional
+
+- **allowed_roles** (Set of String) Specifies the list of roles that the client can set as the primary role.
+- **any_role_mode** (String) Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
+- **audience_urls** (Set of String) Specifies additional values that can be used for the access token's audience validation on top of using the Customer's Snowflake Account URL
+- **blocked_roles** (Set of String) Specifies the list of roles that a client cannot set as the primary role. Do not include ACCOUNTADMIN, ORGADMIN or SECURITYADMIN as they are already implicitly enforced and will cause in-place updates.
+- **comment** (String) Specifies a comment for the OAuth integration.
+- **id** (String) The ID of this resource.
+- **jws_keys_urls** (Set of String) Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
+- **rsa_public_key** (String) Specifies a Base64-encoded RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers.
+- **rsa_public_key_2** (String) Specifies a second RSA public key, without the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers. Used for key rotation.
+- **scope_delimiter** (String) Specifies the scope delimiter in the authorization token.
+
+### Read-Only
+
+- **created_on** (String) Date and time when the External OAUTH integration was created.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import snowflake_external_oauth_integration.example name
+```
diff --git a/examples/resources/snowflake_external_oauth_integration/import.sh b/examples/resources/snowflake_external_oauth_integration/import.sh
@@ -0,0 +1 @@
+terraform import snowflake_external_oauth_integration.example name
diff --git a/examples/resources/snowflake_external_oauth_integration/resource.tf b/examples/resources/snowflake_external_oauth_integration/resource.tf
@@ -0,0 +1,10 @@
+resource "snowflake_external_oauth_integration" "azure" {
+  name = "AZURE_POWERBI"
+  type = "AZURE"
+  enabled = true
+  issuer = "https://sts.windows.net/00000000-0000-0000-0000-000000000000"
+  snowflake_user_mapping_attribute = "LOGIN_NAME"
+  jws_keys_urls	= ["https://login.windows.net/common/discovery/keys"]
+  audience_urls	= ["https://analysis.windows.net/powerbi/connector/Snowflake"]
+  token_user_mapping_claims = ["upn"]
+}
diff --git a/pkg/provider/provider.go b/pkg/provider/provider.go
@@ -167,40 +167,41 @@ func GetGrantResources() resources.TerraformGrantResources {
 func getResources() map[string]*schema.Resource {
 	// NOTE(): do not add grant resources here
 	others := map[string]*schema.Resource{
-		"snowflake_api_integration":           resources.APIIntegration(),
-		"snowflake_database":                  resources.Database(),
-		"snowflake_external_function":         resources.ExternalFunction(),
-		"snowflake_file_format":               resources.FileFormat(),
-		"snowflake_function":                  resources.Function(),
-		"snowflake_managed_account":           resources.ManagedAccount(),
-		"snowflake_masking_policy":            resources.MaskingPolicy(),
-		"snowflake_materialized_view":         resources.MaterializedView(),
-		"snowflake_network_policy_attachment": resources.NetworkPolicyAttachment(),
-		"snowflake_network_policy":            resources.NetworkPolicy(),
-		"snowflake_oauth_integration":         resources.OAuthIntegration(),
-		"snowflake_pipe":                      resources.Pipe(),
-		"snowflake_procedure":                 resources.Procedure(),
-		"snowflake_resource_monitor":          resources.ResourceMonitor(),
-		"snowflake_role":                      resources.Role(),
-		"snowflake_role_grants":               resources.RoleGrants(),
-		"snowflake_row_access_policy":         resources.RowAccessPolicy(),
-		"snowflake_saml_integration":          resources.SAMLIntegration(),
-		"snowflake_schema":                    resources.Schema(),
-		"snowflake_scim_integration":          resources.SCIMIntegration(),
-		"snowflake_sequence":                  resources.Sequence(),
-		"snowflake_share":                     resources.Share(),
-		"snowflake_stage":                     resources.Stage(),
-		"snowflake_storage_integration":       resources.StorageIntegration(),
-		"snowflake_notification_integration":  resources.NotificationIntegration(),
-		"snowflake_stream":                    resources.Stream(),
-		"snowflake_table":                     resources.Table(),
-		"snowflake_external_table":            resources.ExternalTable(),
-		"snowflake_tag":                       resources.Tag(),
-		"snowflake_task":                      resources.Task(),
-		"snowflake_user":                      resources.User(),
-		"snowflake_user_public_keys":          resources.UserPublicKeys(),
-		"snowflake_view":                      resources.View(),
-		"snowflake_warehouse":                 resources.Warehouse(),
+		"snowflake_api_integration":            resources.APIIntegration(),
+		"snowflake_database":                   resources.Database(),
+		"snowflake_external_function":          resources.ExternalFunction(),
+		"snowflake_file_format":                resources.FileFormat(),
+		"snowflake_function":                   resources.Function(),
+		"snowflake_managed_account":            resources.ManagedAccount(),
+		"snowflake_masking_policy":             resources.MaskingPolicy(),
+		"snowflake_materialized_view":          resources.MaterializedView(),
+		"snowflake_network_policy_attachment":  resources.NetworkPolicyAttachment(),
+		"snowflake_network_policy":             resources.NetworkPolicy(),
+		"snowflake_oauth_integration":          resources.OAuthIntegration(),
+		"snowflake_external_oauth_integration": resources.ExternalOauthIntegration(),
+		"snowflake_pipe":                       resources.Pipe(),
+		"snowflake_procedure":                  resources.Procedure(),
+		"snowflake_resource_monitor":           resources.ResourceMonitor(),
+		"snowflake_role":                       resources.Role(),
+		"snowflake_role_grants":                resources.RoleGrants(),
+		"snowflake_row_access_policy":          resources.RowAccessPolicy(),
+		"snowflake_saml_integration":           resources.SAMLIntegration(),
+		"snowflake_schema":                     resources.Schema(),
+		"snowflake_scim_integration":           resources.SCIMIntegration(),
+		"snowflake_sequence":                   resources.Sequence(),
+		"snowflake_share":                      resources.Share(),
+		"snowflake_stage":                      resources.Stage(),
+		"snowflake_storage_integration":        resources.StorageIntegration(),
+		"snowflake_notification_integration":   resources.NotificationIntegration(),
+		"snowflake_stream":                     resources.Stream(),
+		"snowflake_table":                      resources.Table(),
+		"snowflake_external_table":             resources.ExternalTable(),
+		"snowflake_tag":                        resources.Tag(),
+		"snowflake_task":                       resources.Task(),
+		"snowflake_user":                       resources.User(),
+		"snowflake_user_public_keys":           resources.UserPublicKeys(),
+		"snowflake_view":                       resources.View(),
+		"snowflake_warehouse":                  resources.Warehouse(),
 	}
 
 	return mergeSchemas(