From 0994e4a5fa2f8d79471bf88aee7370f6990a5663 Mon Sep 17 00:00:00 2001 From: Thomas Yu Date: Sun, 24 Sep 2023 22:05:25 -0700 Subject: [PATCH] Add in main tf --- admin/main.tf | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/admin/main.tf b/admin/main.tf index a2b395ad..4a50858c 100644 --- a/admin/main.tf +++ b/admin/main.tf @@ -31,6 +31,24 @@ variable "snowflake_account" { sensitive = true } +variable "saml2_issuer" { + description = "Google SAML issuer" + type = string + sensitive = true +} + +variable "saml2_sso_url" { + description = "Google SAML SSO URL" + type = string + sensitive = true +} + +variable "saml2_x509_cert" { + description = "Google SAML x509 certificate" + type = string + sensitive = true +} + provider "snowflake" { account = var.snowflake_account username = var.snowflake_user @@ -46,6 +64,14 @@ provider "snowflake" { role = "USERADMIN" } +provider "snowflake" { + alias = "accountadmin" + account = var.snowflake_account + username = var.snowflake_user + password = var.snowflake_pwd + role = "ACCOUNTADMIN" +} + resource "snowflake_warehouse" "warehouse" { name = "COMPUTE_ORG" warehouse_size = "XSMALL" @@ -166,3 +192,18 @@ resource "snowflake_user" "vbaham" { name = "victor.baham@sagebase.org" login_name = "victor.baham@sagebase.org" } + +resource "snowflake_saml_integration" "google_saml" { + provider = snowflake.accountadmin + name = "GOOGLE_SSO" + saml2_provider = "Custom" + saml2_issuer = var.saml2_issuer + saml2_sso_url = var.saml2_sso_url + saml2_x509_cert = var.saml2_x509_cert + saml2_snowflake_acs_url = "https://mqzfhld-vp00034.snowflakecomputing.com/fed/login" + saml2_snowflake_issuer_url = "https://mqzfhld-vp00034.snowflakecomputing.com" + enabled = true + saml2_sp_initiated_login_page_label = "GOOGLE_SSO" + saml2_enable_sp_initiated = true + saml2_sign_request = true +}