@pierskarsenbarg/sdm

import * as outputs from "../types/output"; export interface AccountService { /** * Unique human-readable name of the Service. */ name: string; /** * The Service's suspended state. */ suspended?: boolean; /** * Tags is a map of key, value pairs. */ tags?: { [key: string]: string; }; token: string; } export interface AccountUser { /** * The User's email address. Must be unique. */ email: string; /** * External ID is an alternative unique ID this user is represented by within an external service. */ externalId?: string; /** * The User's first name. */ firstName: string; /** * The User's last name. */ lastName: string; /** * Managed By is a read only field for what service manages this user, e.g. StrongDM, Okta, Azure. */ managedBy: string; /** * Manager ID is the ID of the user's manager. This field is empty when the user has no manager. */ managerId?: string; /** * PermissionLevel is the user's permission level e.g. admin, DBA, user. */ permissionLevel: string; /** * Resolved Manager ID is the ID of the user's manager derived from the manager_id, if present, or from the SCIM metadata. This is a read-only field that's only populated for get and list. */ resolvedManagerId: string; /** * SCIM contains the raw SCIM metadata for the user. This is a read-only field. */ scim: string; /** * The Service's suspended state. */ suspended: boolean; /** * Tags is a map of key, value pairs. */ tags?: { [key: string]: string; }; } export interface ApprovalWorkflowApprovalStep { /** * The approvers for this approval step */ approvers: outputs.ApprovalWorkflowApprovalStepApprover[]; /** * Whether any or all approvers are required to approve for this approval step (optional, defaults to any) */ quantifier?: string; /** * Duration after which this approval step will be skipped if no approval is given (optional, if not provided this step must be manually approved) */ skipAfter?: string; } export interface ApprovalWorkflowApprovalStepApprover { /** * The account id of the approver (only one of account_id, role_id, or reference may be present for one approver) */ accountId?: string; /** * A reference to an approver: 'manager-of-requester' or 'manager-of-manager-of-requester' (only one of account_id, role_id, or reference may be present for one approver) */ reference?: string; /** * The role id of the approver (only one of account_id, role_id, or reference may be present for one approver) */ roleId?: string; } export interface GetAccountAccount { /** * A Service is a service account that can connect to resources they are granted directly, or granted via roles. Services are typically automated jobs. */ services: outputs.GetAccountAccountService[]; /** * A Token is an account providing tokenized access for automation or integration use. Tokens include admin tokens, API keys, and SCIM tokens. */ tokens: outputs.GetAccountAccountToken[]; /** * A User can connect to resources they are granted directly, or granted via roles. */ users: outputs.GetAccountAccountUser[]; } export interface GetAccountAccountService { /** * Unique identifier of the User. */ id?: string; /** * Unique human-readable name of the Token. */ name?: string; /** * Reserved for future use. Always false for tokens. */ suspended?: boolean; /** * Tags is a map of key, value pairs. */ tags?: { [key: string]: string; }; } export interface GetAccountAccountToken { /** * Corresponds to the type of token, e.g. api or admin-token. */ accountType?: string; /** * The timestamp when the Token will expire. */ deadline?: string; /** * Duration from token creation to expiration. */ duration?: string; /** * Unique identifier of the User. */ id?: string; /** * Unique human-readable name of the Token. */ name?: string; /** * Permissions assigned to the token, e.g. role:create. */ permissions?: string[]; /** * The timestamp when the Token was last rekeyed. */ rekeyed?: string; /** * Reserved for future use. Always false for tokens. */ suspended?: boolean; /** * Tags is a map of key, value pairs. */ tags?: { [key: string]: string; }; } export interface GetAccountAccountUser { /** * The User's email address. Must be unique. */ email?: string; /** * External ID is an alternative unique ID this user is represented by within an external service. */ externalId?: string; /** * The User's first name. */ firstName?: string; /** * Unique identifier of the User. */ id?: string; /** * The User's last name. */ lastName?: string; /** * Managed By is a read only field for what service manages this user, e.g. StrongDM, Okta, Azure. */ managedBy: string; /** * Manager ID is the ID of the user's manager. This field is empty when the user has no manager. */ managerId?: string; /** * PermissionLevel is the user's permission level e.g. admin, DBA, user. */ permissionLevel?: string; /** * Resolved Manager ID is the ID of the user's manager derived from the manager_id, if present, or from the SCIM metadata. This is a read-only field that's only populated for get and list. */ resolvedManagerId: string; /** * SCIM contains the raw SCIM metadata for the user. This is a read-only field. */ scim: string; /** * Reserved for future use. Always false for tokens. */ suspended: boolean; /** * Tags is a map of key, value pairs. */ tags?: { [key: string]: string; }; } export interface GetAccountAttachmentAccountAttachment { /** * The id of the account of this AccountAttachment. */ accountId?: string; /** * Unique identifier of the AccountAttachment. */ id?: string; /** * The id of the attached role of this AccountAttachment. */ roleId?: string; } export interface GetApprovalWorkflowApprovalStep { /** * The approvers for this approval step */ approvers: outputs.GetApprovalWorkflowApprovalStepApprover[]; /** * Whether any or all approvers are required to approve for this approval step (optional, defaults to any) */ quantifier?: string; /** * Duration after which this approval step will be skipped if no approval is given (optional, if not provided this step must be manually approved) */ skipAfter?: string; } export interface GetApprovalWorkflowApprovalStepApprover { /** * The account id of the approver (only one of account_id, role_id, or reference may be present for one approver) */ accountId?: string; /** * A reference to an approver: 'manager-of-requester' or 'manager-of-manager-of-requester' (only one of account_id, role_id, or reference may be present for one approver) */ reference?: string; /** * The role id of the approver (only one of account_id, role_id, or reference may be present for one approver) */ roleId?: string; } export interface GetApprovalWorkflowApprovalWorkflow { /** * Approval mode of the ApprovalWorkflow */ approvalMode?: string; /** * The approval steps of this approval workflow */ approvalSteps?: outputs.GetApprovalWorkflowApprovalWorkflowApprovalStep[]; /** * Optional description of the ApprovalWorkflow. */ description?: string; /** * Unique identifier of the ApprovalWorkflow. */ id?: string; /** * Unique human-readable name of the ApprovalWorkflow. */ name?: string; } export interface GetApprovalWorkflowApprovalWorkflowApprovalStep { /** * The approvers for this approval step */ approvers: outputs.GetApprovalWorkflowApprovalWorkflowApprovalStepApprover[]; /** * Whether any or all approvers are required to approve for this approval step (optional, defaults to any) */ quantifier?: string; /** * Duration after which this approval step will be skipped if no approval is given (optional, if not provided this step must be manually approved) */ skipAfter?: string; } export interface GetApprovalWorkflowApprovalWorkflowApprovalStepApprover { /** * The account id of the approver (only one of account_id, role_id, or reference may be present for one approver) */ accountId?: string; /** * A reference to an approver: 'manager-of-requester' or 'manager-of-manager-of-requester' (only one of account_id, role_id, or reference may be present for one approver) */ reference?: string; /** * The role id of the approver (only one of account_id, role_id, or reference may be present for one approver) */ roleId?: string; } export interface GetIdentityAliasIdentityAlias { /** * The account for this identity alias. */ accountId?: string; /** * Unique identifier of the IdentityAlias. */ id?: string; /** * The identity set. */ identitySetId?: string; /** * The username to be used as the identity alias for this account. */ username?: string; } export interface GetIdentitySetIdentitySet { /** * Unique identifier of the IdentitySet. */ id?: string; /** * Unique human-readable name of the IdentitySet. */ name?: string; } export interface GetManagedSecretManagedSecret { /** * public part of the secret value */ config: string; /** * Timestamp of when secret is going to be rotated */ expiresAt: string; /** * Unique identifier of the Managed Secret. */ id?: string; /** * Timestamp of when secret was last rotated */ lastRotatedAt: string; /** * Unique human-readable name of the Managed Secret. */ name?: string; /** * An ID of a Secret Engine linked with the Managed Secret. */ secretEngineId?: string; /** * Path in a secret store. */ secretStorePath: string; /** * Tags is a map of key, value pairs. */ tags?: { [key: string]: string; }; /** * Sensitive value of the secret. */ value?: string; } export interface GetNodeNode { /** * Gateway represents a StrongDM CLI installation running in gateway mode. */ gateways: outputs.GetNodeNodeGateway[]; /** * ProxyCluster represents a cluster of StrongDM proxies. */ proxyClusters: outputs.GetNodeNodeProxyCluster[]; /** * Relay represents a StrongDM CLI installation running in relay mode. */ relays: outputs.GetNodeNodeRelay[]; } export interface GetNodeNodeGateway { /** * The hostname/port tuple which the gateway daemon will bind to. If not provided on create, set to "0.0.0.0:listen_address_port". */ bindAddress?: string; /** * Device is a read only device name uploaded by the gateway process when it comes online. */ device: string; /** * GatewayFilter can be used to restrict the peering between relays and gateways. Deprecated. */ gatewayFilter?: string; /** * Unique identifier of the Relay. */ id?: string; /** * The public hostname/port tuple at which the gateway will be accessible to clients. */ listenAddress?: string; /** * Location is a read only network location uploaded by the gateway process when it comes online. */ location: string; /** * Maintenance Windows define when this node is allowed to restart. If a node is requested to restart, it will check each window to determine if any of them permit it to restart, and if any do, it will. This check is repeated per window until the restart is successfully completed. If not set here, may be set on the command line or via an environment variable on the process itself; any server setting will take precedence over local settings. This setting is ineffective for nodes below version 38.44.0. If this setting is not applied via this remote configuration or via local configuration, the default setting is used: always allow restarts if serving no connections, and allow a restart even if serving connections between 7-8 UTC, any day. */ maintenanceWindows?: outputs.GetNodeNodeGatewayMaintenanceWindow[]; /** * Unique human-readable name of the Relay. Node names must include only letters, numbers, and hyphens (no spaces, underscores, or other special characters). Generated if not provided on create. */ name?: string; /** * Tags is a map of key, value pairs. */ tags?: { [key: string]: string; }; /** * Version is a read only sdm binary version uploaded by the gateway process when it comes online. */ version: string; } export interface GetNodeNodeGatewayMaintenanceWindow { cronSchedule: string; requireIdleness: boolean; } export interface GetNodeNodeProxyCluster { /** * The public hostname/port tuple at which the proxy cluster will be accessible to clients. */ address?: string; /** * Unique identifier of the Relay. */ id?: string; /** * Maintenance Windows define when this node is allowed to restart. If a node is requested to restart, it will check each window to determine if any of them permit it to restart, and if any do, it will. This check is repeated per window until the restart is successfully completed. If not set here, may be set on the command line or via an environment variable on the process itself; any server setting will take precedence over local settings. This setting is ineffective for nodes below version 38.44.0. If this setting is not applied via this remote configuration or via local configuration, the default setting is used: always allow restarts if serving no connections, and allow a restart even if serving connections between 7-8 UTC, any day. */ maintenanceWindows?: outputs.GetNodeNodeProxyClusterMaintenanceWindow[]; /** * Unique human-readable name of the Relay. Node names must include only letters, numbers, and hyphens (no spaces, underscores, or other special characters). Generated if not provided on create. */ name?: string; /** * Tags is a map of key, value pairs. */ tags?: { [key: string]: string; }; } export interface GetNodeNodeProxyClusterMaintenanceWindow { cronSchedule: string; requireIdleness: boolean; } export interface GetNodeNodeRelay { /** * Device is a read only device name uploaded by the gateway process when it comes online. */ device: string; /** * GatewayFilter can be used to restrict the peering between relays and gateways. Deprecated. */ gatewayFilter?: string; /** * Unique identifier of the Relay. */ id?: string; /** * Location is a read only network location uploaded by the gateway process when it comes online. */ location: string; /** * Maintenance Windows define when this node is allowed to restart. If a node is requested to restart, it will check each window to determine if any of them permit it to restart, and if any do, it will. This check is repeated per window until the restart is successfully completed. If not set here, may be set on the command line or via an environment variable on the process itself; any server setting will take precedence over local settings. This setting is ineffective for nodes below version 38.44.0. If this setting is not applied via this remote configuration or via local configuration, the default setting is used: always allow restarts if serving no connections, and allow a restart even if serving connections between 7-8 UTC, any day. */ maintenanceWindows?: outputs.GetNodeNodeRelayMaintenanceWindow[]; /** * Unique human-readable name of the Relay. Node names must include only letters, numbers, and hyphens (no spaces, underscores, or other special characters). Generated if not provided on create. */ name?: string; /** * Tags is a map of key, value pairs. */ tags?: { [key: string]: string; }; /** * Version is a read only sdm binary version uploaded by the gateway process when it comes online. */ version: string; } export interface GetNodeNodeRelayMaintenanceWindow { cronSchedule: string; requireIdleness: boolean; } export interface GetPeeringGroupNodePeeringGroupNode { /** * Peering Group ID to which the node will be attached to. */ groupId?: string; /** * Unique identifier of the Attachment. */ id?: string; /** * Node ID to be attached. */ nodeId?: string; } export interface GetPeeringGroupPeerPeeringGroupPeer { /** * Group ID from which the link will originate. */ groupId?: string; /** * Unique identifier of the Attachment. */ id?: string; /** * Peering Group ID to which Group ID will link. */ peersWithGroupId?: string; } export interface GetPeeringGroupPeeringGroup { /** * Unique identifier of the PeeringGroup. */ id?: string; /** * Unique human-readable name of the PeeringGroup. */ name?: string; } export interface GetPeeringGroupResourcePeeringGroupResource { /** * Peering Group ID to which the resource will be attached to. */ groupId?: string; /** * Unique identifier of the Attachment. */ id?: string; /** * Resource ID to be attached. */ resourceId?: string; } export interface GetPolicyPolicy { /** * Optional description of the Policy. */ description?: string; /** * Unique identifier of the Policy. */ id?: string; /** * Unique human-readable name of the Policy. */ name?: string; /** * The content of the Policy, in Cedar policy language. */ policy?: string; } export interface GetProxyClusterKeyProxyClusterKey { /** * Unique identifier of the Relay. */ id?: string; /** * The ID of the proxy cluster which this key authenticates to. */ proxyClusterId?: string; } export interface GetRemoteIdentityGroupRemoteIdentityGroup { /** * Unique identifier of the RemoteIdentityGroup. */ id?: string; /** * Unique human-readable name of the RemoteIdentityGroup. */ name?: string; } export interface GetRemoteIdentityRemoteIdentity { /** * The account for this remote identity. */ accountId?: string; /** * Unique identifier of the RemoteIdentity. */ id?: string; /** * The remote identity group. */ remoteIdentityGroupId?: string; /** * The username to be used as the remote identity for this account. */ username?: string; } export interface GetResourceResource { aerospikes: outputs.GetResourceResourceAerospike[]; aks: outputs.GetResourceResourceAk[]; aksBasicAuths: outputs.GetResourceResourceAksBasicAuth[]; /** * @deprecated aks_service_account_user_impersonation is deprecated, see docs for more info */ aksServiceAccountUserImpersonations: outputs.GetResourceResourceAksServiceAccountUserImpersonation[]; aksServiceAccounts: outputs.GetResourceResourceAksServiceAccount[]; /** * @deprecated aks_user_impersonation is deprecated, see docs for more info */ aksUserImpersonations: outputs.GetResourceResourceAksUserImpersonation[]; amazonEks: outputs.GetResourceResourceAmazonEk[]; /** * @deprecated amazon_eks_instance_profile_user_impersonation is deprecated, see docs for more info */ amazonEksInstanceProfileUserImpersonations: outputs.GetResourceResourceAmazonEksInstanceProfileUserImpersonation[]; amazonEksInstanceProfiles: outputs.GetResourceResourceAmazonEksInstanceProfile[]; /** * @deprecated amazon_eks_user_impersonation is deprecated, see docs for more info */ amazonEksUserImpersonations: outputs.GetResourceResourceAmazonEksUserImpersonation[]; amazonEs: outputs.GetResourceResourceAmazonE[]; amazonEsiams: outputs.GetResourceResourceAmazonEsiam[]; amazonmqAmqp091s: outputs.GetResourceResourceAmazonmqAmqp091[]; amazonmqAmqps: outputs.GetResourceResourceAmazonmqAmqp[]; athenaIams: outputs.GetResourceResourceAthenaIam[]; athenas: outputs.GetResourceResourceAthena[]; auroraMysqlIams: outputs.GetResourceResourceAuroraMysqlIam[]; auroraMysqls: outputs.GetResourceResourceAuroraMysql[]; auroraPostgres: outputs.GetResourceResourceAuroraPostgre[]; auroraPostgresIams: outputs.GetResourceResourceAuroraPostgresIam[]; aws: outputs.GetResourceResourceAw[]; awsConsoleStaticKeyPairs: outputs.GetResourceResourceAwsConsoleStaticKeyPair[]; awsConsoles: outputs.GetResourceResourceAwsConsole[]; awsInstanceProfiles: outputs.GetResourceResourceAwsInstanceProfile[]; azureCertificates: outputs.GetResourceResourceAzureCertificate[]; azureMysqlManagedIdentities: outputs.GetResourceResourceAzureMysqlManagedIdentity[]; azureMysqls: outputs.GetResourceResourceAzureMysql[]; azurePostgres: outputs.GetResourceResourceAzurePostgre[]; azurePostgresManagedIdentities: outputs.GetResourceResourceAzurePostgresManagedIdentity[]; azures: outputs.GetResourceResourceAzure[]; bigQueries: outputs.GetResourceResourceBigQuery[]; cassandras: outputs.GetResourceResourceCassandra[]; cituses: outputs.GetResourceResourceCitus[]; clickHouseHttps: outputs.GetResourceResourceClickHouseHttp[]; clickHouseMySqls: outputs.GetResourceResourceClickHouseMySql[]; clickHouseTcps: outputs.GetResourceResourceClickHouseTcp[]; clustrixes: outputs.GetResourceResourceClustrix[]; cockroaches: outputs.GetResourceResourceCockroach[]; couchbaseDatabases: outputs.GetResourceResourceCouchbaseDatabase[]; couchbaseWebUis: outputs.GetResourceResourceCouchbaseWebUi[]; db2Is: outputs.GetResourceResourceDb2I[]; db2Luws: outputs.GetResourceResourceDb2Luw[]; documentDbHostIams: outputs.GetResourceResourceDocumentDbHostIam[]; documentDbHosts: outputs.GetResourceResourceDocumentDbHost[]; documentDbReplicaSetIams: outputs.GetResourceResourceDocumentDbReplicaSetIam[]; documentDbReplicaSets: outputs.GetResourceResourceDocumentDbReplicaSet[]; druids: outputs.GetResourceResourceDruid[]; dynamoDbiams: outputs.GetResourceResourceDynamoDbiam[]; dynamoDbs: outputs.GetResourceResourceDynamoDb[]; elasticacheRedis: outputs.GetResourceResourceElasticacheRedi[]; elastics: outputs.GetResourceResourceElastic[]; entraIds: outputs.GetResourceResourceEntraId[]; gcpConsoles: outputs.GetResourceResourceGcpConsole[]; gcps: outputs.GetResourceResourceGcp[]; gcpwifs: outputs.GetResourceResourceGcpwif[]; /** * @deprecated google_gke_user_impersonation is deprecated, see docs for more info */ googleGkeUserImpersonations: outputs.GetResourceResourceGoogleGkeUserImpersonation[]; googleGkes: outputs.GetResourceResourceGoogleGke[]; greenplums: outputs.GetResourceResourceGreenplum[]; httpAuths: outputs.GetResourceResourceHttpAuth[]; httpBasicAuths: outputs.GetResourceResourceHttpBasicAuth[]; httpNoAuths: outputs.GetResourceResourceHttpNoAuth[]; kubernetes: outputs.GetResourceResourceKubernete[]; kubernetesBasicAuths: outputs.GetResourceResourceKubernetesBasicAuth[]; kubernetesPodIdentities: outputs.GetResourceResourceKubernetesPodIdentity[]; /** * @deprecated kubernetes_service_account_user_impersonation is deprecated, see docs for more info */ kubernetesServiceAccountUserImpersonations: outputs.GetResourceResourceKubernetesServiceAccountUserImpersonation[]; kubernetesServiceAccounts: outputs.GetResourceResourceKubernetesServiceAccount[]; /** * @deprecated kubernetes_user_impersonation is deprecated, see docs for more info */ kubernetesUserImpersonations: outputs.GetResourceResourceKubernetesUserImpersonation[]; marias: outputs.GetResourceResourceMaria[]; memcacheds: outputs.GetResourceResourceMemcached[]; memsqls: outputs.GetResourceResourceMemsql[]; mongoHosts: outputs.GetResourceResourceMongoHost[]; mongoLegacyHosts: outputs.GetResourceResourceMongoLegacyHost[]; mongoLegacyReplicasets: outputs.GetResourceResourceMongoLegacyReplicaset[]; mongoReplicaSets: outputs.GetResourceResourceMongoReplicaSet[]; mongoShardedClusters: outputs.GetResourceResourceMongoShardedCluster[]; mtlsMysqls: outputs.GetResourceResourceMtlsMysql[]; mtlsPostgres: outputs.GetResourceResourceMtlsPostgre[]; mysqls: outputs.GetResourceResourceMysql[]; neptuneIams: outputs.GetResourceResourceNeptuneIam[]; neptunes: outputs.GetResourceResourceNeptune[]; oracleNnes: outputs.GetResourceResourceOracleNne[]; oracles: outputs.GetResourceResourceOracle[]; postgres: outputs.GetResourceResourcePostgre[]; prestos: outputs.GetResourceResourcePresto[]; rabbitmqAmqp091s: outputs.GetResourceResourceRabbitmqAmqp091[]; rawTcps: outputs.GetResourceResourceRawTcp[]; rdpCerts: outputs.GetResourceResourceRdpCert[]; rdps: outputs.GetResourceResourceRdp[]; rdsPostgresIams: outputs.GetResourceResourceRdsPostgresIam[]; redis: outputs.GetResourceResourceRedi[]; redisClusters: outputs.GetResourceResourceRedisCluster[]; redshiftIams: outputs.GetResourceResourceRedshiftIam[]; redshiftServerlessIams: outputs.GetResourceResourceRedshiftServerlessIam[]; redshifts: outputs.GetResourceResourceRedshift[]; singleStores: outputs.GetResourceResourceSingleStore[]; snowflakes: outputs.GetResourceResourceSnowflake[]; snowsights: outputs.GetResourceResourceSnowsight[]; sqlServerAzureAds: outputs.GetResourceResourceSqlServerAzureAd[]; sqlServerKerberosAds: outputs.GetResourceResourceSqlServerKerberosAd[]; sqlServers: outputs.GetResourceResourceSqlServer[]; sshCerts: outputs.GetResourceResourceSshCert[]; sshCustomerKeys: outputs.GetResourceResourceSshCustomerKey[]; sshPasswords: outputs.GetResourceResourceSshPassword[]; sshes: outputs.GetResourceResourceSsh[]; sybaseIqs: outputs.GetResourceResourceSybaseIq[]; sybases: outputs.GetResourceResourceSybase[]; teradatas: outputs.GetResourceResourceTeradata[]; trinos: outputs.GetResourceResourceTrino[]; verticas: outputs.GetResourceResourceVertica[]; } export interface GetResourceResourceAerospike { /** * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation. */ bindInterface?: string; /** * A filter applied to the routing logic to pin datasource to nodes. */ egressFilter?: string; /** * The host to dial to initiate a connection from the egress node to this resource. */ hostname?: string; /** * Unique identifier of the Resource. */ id?: string; /** * Unique human-readable name of the Resource. */ name?: string; /** * The password to authenticate with. */ password?: string; /** * The port to dial to initiate a connection from the egress node to this resource. */ port?: number; /** * The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1. */ portOverride?: number; /** * ID of the proxy cluster for this resource, if any. */ proxyClusterId?: string; /** * ID of the secret store containing credentials for this resource, if any. */ secretStoreId?: string; /** * Subdomain is the local DNS address. (e.g. app-prod1 turns into app-prod1.your-org-name.sdm.network) */ subdomain?: string; /** * Tags is a map of key, value pairs. */ tags?: { [key: string]: string; }; /** * If true, uses UseServicesAlternates directive for Aerospike connection */ useServicesAlternate?: boolean; /** * The username to authenticate with. */ username?: string; } export interface GetResourceResourceAk { /** * If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided. */ allowResourceRoleBypass?: boolean; /** * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation. */ bindInterface?: string; /** * The CA to authenticate TLS connections with. */ certificateAuthority?: string; /** * The certificate to authenticate TLS connections with. */ clientCertificate?: string; /** * The key to authenticate TLS connections with. */ clientKey?: string; /** * If true, configures discovery of a cluster to be run from a node. */ discoveryEnabled?: boolean; /** * If a cluster is configured for user impersonation, this is the user to impersonate when running discovery. */ discoveryUsername?: string; /** * A filter applied to the routing logic to pin datasource to nodes. */ egressFilter?: string; /** * The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility. */ healthcheckNamespace?: string; /** * The host to dial to initiate a connection from the egress node to this resource. */ hostname?: string; /** * Unique identifier of the Resource. */ id?: string; /** * The username to use for healthchecks, when clients otherwise connect with their own identity alias username. */ identityAliasHealthcheckUsername?: string; /** * The ID of the identity set to use for identity connections. */ identitySetId?: string; /** * Unique human-readable name of the Resource. */ name?: string; /** * The port to dial to initiate a connection from the egress node to this resource. */ port?: number; /** * The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1. */ portOverride?: number; /** * ID of the proxy cluster for this resource, if any. */ proxyClusterId?: string; /** * ID of the secret store containing credentials for this resource, if any. */ secretStoreId?: string; /** * Subdomain is the local DNS address. (e.g. app-prod1 turns into app-prod1.your-org-name.sdm.network) */ subdomain?: string; /** * Tags is a map of key, value pairs. */ tags?: { [key: string]: string; }; } export interface GetResourceResourceAksBasicAuth { /** * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation. */ bindInterface?: string; /** * A filter applied to the routing logic to pin datasource to nodes. */ egressFilter?: string; /** * The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility. */ healthcheckNamespace?: string; /** * The host to dial to initiate a connection from the egress node to this resource. */ hostname?: string; /** * Unique identifier of the Resource. */ id?: string; /** * Unique human-readable name of the Resource. */ name?: string; /** * The password to authenticate with. */ password?: string; /** * The port to dial to initiate a connection from the egress node to this resource. */ port?: number; /** * The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1. */ portOverride?: number; /** * ID of the proxy cluster for this resource, if any. */ proxyClusterId?: string; /** * ID of the secret store containing credentials for this resource, if any. */ secretStoreId?: string; /** * Subdomain is the local DNS address. (e.g. app-prod1 turns into app-prod1.your-org-name.sdm.network) */ subdomain?: string; /** * Tags is a map of key, value pairs. */ tags?: { [key: string]: string; }; /** * The username to authenticate with. */ username?: string; } export interface GetResourceResourceAksServiceAccount { /** * If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided. */ allowResourceRoleBypass?: boolean; /** * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation. */ bindInterface?: string; /** * If true, configures discovery of a cluster to be run from a node. */ discoveryEnabled?: boolean; /** * If a cluster is configured for user impersonation, this is the user to impersonate when running discovery. */ discoveryUsername?: string; /** * A filter applied to the routing logic to pin datasource to nodes. */ egressFilter?: string; /** * The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility. */ healthcheckNamespace?: string; /** * The host to dial to initiate a connection from the egress node to this resource. */ hostname?: string; /** * Unique identifier of the Resource. */ id?: string; /** * The username to use for healthchecks, when clients otherwise connect with their own identity alias username. */ identityAliasHealthcheckUsername?: string; /** * The ID of the identity set to use for identity connections. */ identitySetId?: string; /** * Unique human-readable name of the Resource. */ name?: string; /** * The port to dial to initiate a connection from the egress node to this resource. */ port?: number; /** * The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1. */ portOverride?: number; /** * ID of the proxy cluster for this resource, if any. */ proxyClusterId?: string; /** * ID of the secret store containing credentials for this resource, if any. */ secretStoreId?: string; /** * Subdomain is the local DNS address. (e.g. app-prod1 turns into app-prod1.your-org-name.sdm.network) */ subdomain?: string; /** * Tags is a map of key, value pairs. */ tags?: { [key: string]: string; }; /** * The API token to authenticate with. * * kubernetes_user_impersonation: */ token?: string; } export interface GetResourceResourceAksServiceAccountUserImpersonation { /** * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation. */ bindInterface?: string; /** * A filter applied to the routing logic to pin datasource to nodes. */ egressFilter?: string; /** * The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility. */ healthcheckNamespace?: string; /** * The host to dial to initiate a connection from the egress node to this resource. */ hostname?: string; /** * Unique identifier of the Resource. */ id?: string; /** * Unique human-readable name of the Resource. */ name?: string; /** * The port to dial to initiate a connection from the egress node to this resource. */ port?: number; /** * The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1. */ portOverride?: number; /** * ID of the proxy cluster for this resource, if any. */ proxyClusterId?: string; /** * ID of the secret store containing credentials for this resource, if any. */ secretStoreId?: string; /** * Subdomain is the local DNS address. (e.g. app-prod1 turns into app-prod1.your-org-name.sdm.network) */ subdomain?: string; /** * Tags is a map of key, value pairs. */ tags?: { [key: string]: string; }; /** * The API token to authenticate with. * * kubernetes_user_impersonation: */ token?: string; } export interface GetResourceResourceAksUserImpersonation { /** * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation. */ bindInterface?: string; /** * The CA to authenticate TLS connections with. */ certificateAuthority?: string; /** * The certificate to authenticate TLS connections with. */ clientCertificate?: string; /** * The key to authenticate TLS connections with. */ clientKey?: string; /** * A filter applied to the routing logic to pin datasource to nodes. */ egressFilter?: string; /** * The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility. */ healthcheckNamespace?: string; /** * The host to dial to initiate a connection from the egress node to this resource. */ hostname?: string; /** * Unique identifier of the Resource. */ id?: string; /** * Unique human-readable name of the Resource. */ name?: string; /** * The port to dial to initiate a connection from the egress node to this resource. */ port?: number; /** * The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1. */ portOverride?: number; /** * ID of the proxy cluster for this resource, if any. */ proxyClusterId?: string; /** * ID of the secret store containing credentials for this resource, if any. */ secretStoreId?: string; /** * Subdomain is the local DNS address. (e.g. app-prod1 turns into app-prod1.your-org-name.sdm.network) */ subdomain?: string; /** * Tags is a map of key, value pairs. */ tags?: { [key: string]: string; }; } export interface GetResourceResourceAmazonE { /** * The Access Key ID to use to authenticate. */ accessKey?: string; /** * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation. */ bindInterface?: string; /** * A filter applied to the routing logic to pin datasource to nodes. */ egressFilter?: string; /** * The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com */ endpoint?: string; /** * Unique identifier of the Resource. */ id?: string; /** * Unique human-readable name of the Resource. */ name?: string; /** * The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1. */ portOverride?: number; /** * ID of the proxy cluster for this resource, if any. */ proxyClusterId?: string; /** * The AWS region to connect to. */ region?: string; /** * The role to assume after logging in. */ roleArn?: string; /** * The external ID to associate with assume role requests. Does nothing if a role ARN is not provided. */ roleExternalId?: string; /** * The Secret Access Key to use to authenticate. */ secretAccessKey?: string; /** * ID of the secret store containing credentials for this resource, if any. */ secretStoreId?: string; /** * Subdomain is the local DNS address. (e.g. app-prod1 turns into app-prod1.your-org-name.sdm.network) */ subdomain?: string; /** * Tags is a map of key, value pairs. */ tags?: { [key: string]: string; }; } export interface GetResourceResourceAmazonEk { /** * The Access Key ID to use to authenticate. */ accessKey?: string; /** * If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided. */ allowResourceRoleBypass?: boolean; /** * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation. */ bindInterface?: string; /** * The CA to authenticate TLS connections with. */ certificateAuthority?: string; /** * The name of the cluster to connect to. */ clusterName?: string; /** * If true, configures discovery of a cluster to be run from a node. */ discoveryEnabled?: boolean; /** * If a cluster is configured for user impersonation, this is the user to impersonate when running discovery. */ discoveryUsername?: string; /** * A filter applied to the routing logic to pin datasource to nodes. */ egressFilter?: string; /** * The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com */ endpoint?: string; /** * The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility. */ healthcheckNamespace?: string; /** * Unique identifier of the Resource. */ id?: string; /** * The username to use for healthchecks, when clients otherwise connect with their own identity alias username. */ identityAliasHealthcheckUsername?: string; /** * The ID of the identity set to use for identity connections. */ identitySetId?: string; /** * Unique human-readable name of the Resource. */ name?: string; /** * The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1. */ portOverride?: number; /** * ID of the proxy cluster for this resource, if any. */ proxyClusterId?: string; /** * The AWS region to connect to. */ region?: string; /** * The role to assume after logging in. */ roleArn?: string; /** * The external ID to associate with assume role requests. Does nothing if a role ARN is not provided. */ roleExternalId?: string; /** * The Secret Access Key to use to authenticate. */ secretAccessKey?: string; /** * ID of the secret store containing credentials for this resource, if any. */ secretStoreId?: string; /** * Subdomain is the local DNS address. (e.g. app-prod1 turns into app-prod1.your-org-name.sdm.network) */ subdomain?: string; /** * Tags is a map of key, value pairs. */ tags?: { [key: string]: string; }; } export interface GetResourceResourceAmazonEksInstanceProfile { /** * If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided. */ allowResourceRoleBypass?: boolean; /** * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation. */ bindInterface?: string; /** * The CA to authenticate TLS connections with. */ certificateAuthority?: string; /** * The name of the cluster to connect to. */ clusterName?: string; /** * If true, configures discovery of a cluster to be run from a node. */ discoveryEnabled?: boolean; /** * If a cluster is configured for user impersonation, this is the user to impersonate when running discovery. */ discoveryUsername?: string; /** * A filter applied to the routing logic to pin datasource to nodes. */ egressFilter?: string; /** * The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com */ endpoint?: string; /** * The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility. */ healthcheckNamespace?: string; /** * Unique identifier of the Resource. */ id?: string; /** * The username to use for healthchecks, when clients otherwise connect with their own identity alias username. */ identityAliasHealthcheckUsername?: string; /** * The ID of the identity set to use for identity connections. */ identitySetId?: string; /** * Unique human-readable name of the Resource. */ name?: string; /** * The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1. */ portOverride?: number; /** * ID of the proxy cluster for this resource, if any. */ proxyClusterId?: string; /** * The AWS region to connect to. */ region?: string; /** * The role to assume after logging in. */ roleArn?: string; /** * The external ID to associate with assume role requests. Does nothing if a role ARN is not provided. */ roleExternalId?: string; /** * ID of the secret store containing credentials for this resource, if any. */ secretStoreId?: string; /** * Subdomain is the local DNS address. (e.g. app-prod1 turns into app-prod1.your-org-name.sdm.network) */ subdomain?: string; /** * Tags is a map of key, value pairs. */ tags?: { [key: string]: string; }; } export interface GetResourceResourceAmazonEksInstanceProfileUserImpersonation { /** * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation. */ bindInterface?: string; /** * The CA to authenticate TLS connections with. */ certificateAuthority?: string; /** * The name of the cluster to connect to. */ clusterName?: string; /** * A filter applied to the routing logic to pin datasource to nodes. */ egressFilter?: string; /** * The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com */ endpoint?: string; /** * The path used to check the health of your connection. Def