Add in main tf

Sage-Bionetworks · Sep 25, 2023 · 0994e4a · 0994e4a
1 parent dc8d981
commit 0994e4a
Showing 1 changed file with 41 additions and 0 deletions.
diff --git a/admin/main.tf b/admin/main.tf
@@ -31,6 +31,24 @@ variable "snowflake_account" {
   sensitive   = true
 }
 
+variable "saml2_issuer" {
+  description = "Google SAML issuer"
+  type        = string
+  sensitive   = true
+}
+
+variable "saml2_sso_url" {
+  description = "Google SAML SSO URL"
+  type        = string
+  sensitive   = true
+}
+
+variable "saml2_x509_cert" {
+  description = "Google SAML x509 certificate"
+  type        = string
+  sensitive   = true
+}
+
 provider "snowflake" {
   account = var.snowflake_account
   username = var.snowflake_user
@@ -46,6 +64,14 @@ provider "snowflake" {
   role = "USERADMIN"
 }
 
+provider "snowflake" {
+  alias = "accountadmin"
+  account = var.snowflake_account
+  username = var.snowflake_user
+  password = var.snowflake_pwd
+  role = "ACCOUNTADMIN"
+}
+
 resource "snowflake_warehouse" "warehouse" {
   name           = "COMPUTE_ORG"
   warehouse_size = "XSMALL"
@@ -166,3 +192,18 @@ resource "snowflake_user" "vbaham" {
   name         = "[email protected]"
   login_name   = "[email protected]"
 }
+
+resource "snowflake_saml_integration" "google_saml" {
+  provider = snowflake.accountadmin
+  name            = "GOOGLE_SSO"
+  saml2_provider  = "Custom"
+  saml2_issuer    = var.saml2_issuer
+  saml2_sso_url   = var.saml2_sso_url
+  saml2_x509_cert = var.saml2_x509_cert
+  saml2_snowflake_acs_url = "https://mqzfhld-vp00034.snowflakecomputing.com/fed/login"
+  saml2_snowflake_issuer_url = "https://mqzfhld-vp00034.snowflakecomputing.com"
+  enabled         = true
+  saml2_sp_initiated_login_page_label = "GOOGLE_SSO"
+  saml2_enable_sp_initiated = true
+  saml2_sign_request = true
+}