Attribute | Description | Accepted values |
---|---|---|
Attribute | Description | Accepted values |
---|---|---|
connectionKey string
A unique name for the host connection.
connection.technology string
The technology backing the new host.
Snowflake
connection.hostname string
The URL of your Snowflake account. This is the same as host
.
connection.port integer
The port to use when connecting to your Snowflake account host. Defaults to 443
.
connection.warehouse string
The default pool of compute resources the Immuta system user will use to run queries and perform other Snowflake operations.
connection.role string
The privileged Snowflake role used by the Immuta system account when configuring the Snowflake host. It must be able to see the data that Immuta will govern.
connection.authenticationType string
The authentication type to connect to the host. Make sure this auth type is the same used when requesting the script.
keyPair
oAuthClientCredentials
userPassword
connection.username string
The username of the system account that can act on Snowflake objects and configure the host. Required if using keyPair
or userPassword
.
connection.password string
The password of the system account that can act on Snowflake objects and configure the host. Required if using userPassword
.
connection.privateKeyPassword string
The Snowflake private key password. Required if using keyPair
and the private key is encrypted.
connection.privateKey.keyName string
The Immuta-given name of your private key. Required if using keyPair
.
This must be PRIV_KEY_FILE
.
connection.privateKey.userFilename string
The name of the private key file on your machine. Required if using keyPair
.
connection.privateKey.content string
The private key. Replace new lines in the private key with a backslash before the new line character: "\n". If you are using another means of configuration, such as a Python script, the "\n" should not be added. Required if using keyPair
.
In the integrations API, this is the config.privateKey
attribute.
connection.oAuthClientConfig.useCertificate boolean
Specifies whether or not to use a certificate and private key for authenticating with OAuth. Required if using oAuthClientCredentials
.
true
false
connection.oAuthClientConfig.clientId string
The client identifier of your registered application. Required if using oAuthClientCredentials
.
connection.oAuthClientConfig.authorityUrl string
Authority URL of your identity provider. Required if using oAuthClientCredentials
.
connection.oAuthClientConfig.scope string
The scope limits the operations and roles allowed in Snowflake by the access token. Required if using oAuthClientCredentials
.
This must be session:role-any
.
connection.oAuthClientConfig.resource string
An optional resource to pass to the token provider.
connection.oAuthClientConfig.publicCertificateThumbprint string
Your certificate thumbprint. Required if using oAuthClientCredentials
and useCertificate
is true
.
connection.oAuthClientConfig.oauthPrivateKey.keyName string
The Immuta-given name of your private key. Required if using oAuthClientCredentials
and useCertificate
is true
.
This must be oauth client certificate
.
connection.oAuthClientConfig.oauthPrivateKey.userFilename string
The name of your private key file on your machine. Required if using oAuthClientCredentials
and useCertificate
is true
.
connection.oAuthClientConfig.oauthPrivateKey.content string
The private key. Replace new lines in the private key with a backslash before the new line character: "\n". If you are using another means of configuration, such as a Python script, the "\n" should not be added. Required if using oAuthClientCredentials
and useCertificate
is true
.
In the integrations API, this is the config.oauthPrivateKey
attribute.
connection.oAuthClientConfig.clientSecret string
Client secret of the application. Required if using oAuthClientCredentials
and useCertificate
is false
.
settings.isActive boolean
When false
, data objects will be inactive by default when created in Immuta.
options.forceRecursiveCrawl boolean
When true
, both active and inactive objects will be found by object sync.
nativeIntegration object
Configuration attributes that should match the values used when getting the script from the integration endpoint.
nativeIntegration.type string
The type of technology.
Snowflake
nativeIntegration.autoBootstrap boolean
When false
, you must set up your environment manually before configuring the host with the API.
This must be false
.
nativeIntegration.config.authenticationType string
The authentication type to connect to the host. Make sure this auth type is the same used when requesting the script.
keyPair
oAuthClientCredentials
userPassword
nativeIntegration.config.username string
The username of the system account that can act on Snowflake objects and configure the host. Required if using keyPair
or userPassword
.
nativeIntegration.config.password string
The password of the system account that can act on Snowflake objects and configure the host. Required if using userPassword
.
nativeIntegration.config.privateKeyPassword string
The Snowflake private key password. Required if using keyPair
and the private key is encrypted.
nativeIntegration.config.keyName string
The Immuta-given name of your private key. Required if using keyPair
.
This must be PRIV_KEY_FILE
.
nativeIntegration.config.userFilename string
The name of the private key file on your machine. Required if using keyPair
.
nativeIntegration.config.content string
The private key. Replace new lines in the private key with a backslash before the new line character: "\n". If you are using another means of configuration, such as a Python script, the "\n" should not be added. Required if using keyPair
.
In the integrations API, this is the config.privateKey
attribute.
nativeIntegration.config.oAuthClientConfig.useCertificate boolean
Specifies whether or not to use a certificate and private key for authenticating with OAuth. Required if using oAuthClientCredentials
.
nativeIntegration.config.oAuthClientConfig.clientId string
The client identifier of your registered application. Required if using oAuthClientCredentials
.
nativeIntegration.config.oAuthClientConfig.authorityUrl string
Authority URL of your identity provider. Required if using oAuthClientCredentials
.
nativeIntegration.config.oAuthClientConfig.scope string
The scope limits the operations and roles allowed in Snowflake by the access token. Required if using oAuthClientCredentials
.
This must be session:role-any
.
nativeIntegration.config.oAuthClientConfig.resource string
An optional resource to pass to the token provider.
nativeIntegration.config.oAuthClientConfig.oauthPrivateKey.keyName string
The Immuta-given name of your private key. Required if using oAuthClientCredentials
and useCertificate
is true
.
This must be oauth client certificate
.
nativeIntegration.config.oAuthClientConfig.oauthPrivateKey.userFiles string
The name of your private key file on your machine. Required if using oAuthClientCredentials
and useCertificate
is true
.
nativeIntegration.config.oAuthClientConfig.oauthPrivateKey.content string
The private key. Replace new lines in the private key with a backslash before the new line character: "\n". If you are using another means of configuration, such as a Python script, the "\n" should not be added. Required if using oAuthClientCredentials and useCertificate
is true
.
In the integrations API, this is the config.oauthPrivateKey
attribute.
connection.oAuthClientConfig.clientSecret string
Client secret of the application. Required if using oAuthClientCredentials and useCertificate
is false
.
nativeIntegration.config.host string
The URL of your Snowflake account.
nativeIntegration.config.port integer
The port to use when connecting to your Snowflake account host. Defaults to 443
.
nativeIntegration.config.warehouse string
The default pool of compute resources the Immuta system user will use to run queries and perform other Snowflake operations.
nativeIntegration.config.database string
Name of a new empty database that the Immuta system user will manage and store metadata in.
nativeIntegration.config.impersonation object
Enables user impersonation. User impersonation is not currently supported with this connection.
This must be enabled: false
.
nativeIntegration.config.audit object
This object enables Snowflake query audit.
This must be enabled: true
.
nativeIntegration.config.workspaces object
This object represents an Immuta project workspace configured for Snowflake. Project workspaces are not currently supported with this connection.
This must be enabled: false
.
nativeIntegration.config.lineage object
Enables Snowflake lineage ingestion so that Immuta can apply tags added to Snowflake tables to their descendant data source columns. Lineage is not currently supported with this connection.
This must be enabled: false
.
nativeIntegration.config.userRolePattern object
This object excludes roles and users from authorization checks. Excluded roles and users are not currently supported with this connection.
This must be exclude: []
.
connectionKey string
A unique name for the host connection.
connection.technology string
The technology backing the new host.
Databricks
connection.hostname string
Your Databricks workspace URL. This is the same as host
and workspaceURL.
connection.port integer
The port to use when connecting to your Databricks account host. Defaults to 443
.
connection.httpPath string
The HTTP path of your Databricks cluster or SQL warehouse.
connection.authenticationType string
The authentication type to connect to the host. Make sure this auth type is the same used when requesting the script.
token
connection.token string
The Databricks personal access token for the service principal created for Immuta.
settings.isActive boolean
When false
, data objects will be inactive by default when created in Immuta.
This must be false
.
options.forceRecursiveCrawl boolean
When true
, both active and inactive objects will be found by object sync.
This must be true
.
nativeIntegration object
Configuration attributes that should match the values used when getting the script from the integration endpoint.
nativeIntegration.type string
The type of technology.
Databricks
nativeIntegration.autoBootstrap boolean
When false
, you must set up your environment manually before configuring the host with the API.
This must be false
.
nativeIntegration.unityCatalog boolean
When true
, the integration is for Databricks Unity Catalog.
This must be true
.
nativeIntegration.config.authenticationType string
The authentication type to connect to the host. Make sure this auth type is the same used when requesting the script.
token
nativeIntegration.config.token string
The Databricks personal access token for the service principal created for Immuta.
nativeIntegration.config.host string
Your Databricks workspace URL. This is the same as hostname
and workspaceURL.
nativeIntegration.config.port integer
The port to use when connecting to your Databricks account host. Defaults to 443
.
nativeIntegration.config.httpPath string
The HTTP path of your Databricks cluster or SQL warehouse.
nativeIntegration.config.catalog string
The name of the Databricks catalog Immuta will create to store internal entitlements and other user data specific to Immuta. This catalog will only be readable for the Immuta service principal and should not be granted to other users. The catalog name may only contain letters, numbers, and underscores and cannot start with a number.
nativeIntegration.config.audit boolean
This object enables Snowflake query audit.
This must be true
.
nativeIntegration.config.enableNativeQueryParsing boolean
If true
, native query parsing is enabled.
This must be false
.
nativeIntegration.config.jobConfig.workspaceDirectoryPath string
The file path of the workspace directory.
This must be /Workspace/ImmutaArtifacts
.
nativeIntegration.config.jobConfig.jobClusterId string
The ID of the job cluster.
This must be undefined
.