@pierskarsenbarg/sdm
Version:
A Pulumi package for creating and managing StrongDM cloud resources.
1,143 lines • 354 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
export interface AccountService {
/**
* CreatedAt is the timestamp when the user was created
*/
createdAt?: pulumi.Input<string | undefined>;
/**
* Unique human-readable name of the Service.
*/
name: pulumi.Input<string>;
/**
* The Service's suspended state.
*/
suspended?: pulumi.Input<boolean | undefined>;
/**
* Tags is a map of key, value pairs.
*/
tags?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
} | undefined>;
token?: pulumi.Input<string | undefined>;
}
export interface AccountUser {
/**
* CreatedAt is the timestamp when the user was created
*/
createdAt?: pulumi.Input<string | undefined>;
/**
* The User's email address. Must be unique.
*/
email: pulumi.Input<string>;
/**
* Internal employee ID used to identify the user.
*/
employeeNumber?: pulumi.Input<string | undefined>;
/**
* External ID is an alternative unique ID this user is represented by within an external service.
*/
externalId?: pulumi.Input<string | undefined>;
/**
* The User's first name.
*/
firstName: pulumi.Input<string>;
/**
* The User's last name.
*/
lastName: pulumi.Input<string>;
/**
* Managed By is a read only field for what service manages this user, e.g. StrongDM, Okta, Azure.
*/
managedBy?: pulumi.Input<string | undefined>;
/**
* Manager ID is the ID of the user's manager. This field is empty when the user has no manager.
*/
managerId?: pulumi.Input<string | undefined>;
/**
* PermissionLevel is the user's permission level e.g. admin, DBA, user.
*/
permissionLevel?: pulumi.Input<string | undefined>;
/**
* Resolved Manager ID is the ID of the user's manager derived from the manager_id, if present, or from the SCIM metadata. This is a read-only field that's only populated for get and list.
*/
resolvedManagerId?: pulumi.Input<string | undefined>;
/**
* SCIM contains the raw SCIM metadata for the user. This is a read-only field.
*/
scim?: pulumi.Input<string | undefined>;
/**
* The Service's suspended state.
*/
suspended?: pulumi.Input<boolean | undefined>;
/**
* Tags is a map of key, value pairs.
*/
tags?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
} | undefined>;
}
export interface ApprovalWorkflowApprovalStep {
/**
* The approvers for this approval step
*/
approvers: pulumi.Input<pulumi.Input<inputs.ApprovalWorkflowApprovalStepApprover>[]>;
/**
* Whether any or all approvers are required to approve for this approval step (optional, defaults to any)
*/
quantifier?: pulumi.Input<string | undefined>;
/**
* Duration after which this approval step will be skipped if no approval is given (optional, if not provided this step must be manually approved)
*/
skipAfter?: pulumi.Input<string | undefined>;
}
export interface ApprovalWorkflowApprovalStepApprover {
/**
* The account id of the approver (only one of account_id, role_id, group id, or reference may be present for one approver)
*/
accountId?: pulumi.Input<string | undefined>;
/**
* The group id of the approver (only one of account_id, role_id, group id, or reference may be present for one approver)
*/
groupId?: pulumi.Input<string | undefined>;
/**
* A reference to an approver: 'manager-of-requester' or 'manager-of-manager-of-requester' (only one of account_id, role_id, group id, or reference may be present for one approver)
*/
reference?: pulumi.Input<string | undefined>;
/**
* The role id of the approver (only one of account_id, role_id, group id, or reference may be present for one approver)
*/
roleId?: pulumi.Input<string | undefined>;
}
export interface ConnectorAws {
/**
* AccountIds is the list of AWS Accounts to scan
*/
accountIds?: pulumi.Input<pulumi.Input<string>[] | undefined>;
/**
* Description of the Connector.
*/
description?: pulumi.Input<string | undefined>;
/**
* ExcludeTags filters out discovered resources that have the tag and value. We do allow duplicate tag names for ExcludeTags to support multiple excluded values for the tag.
*/
excludeTags?: pulumi.Input<pulumi.Input<inputs.ConnectorAwsExcludeTag>[] | undefined>;
/**
* IncludeTags only discovers cloud resources that have one of the included tags. We do not allow duplicate tag names for IncludeTags
*/
includeTags?: pulumi.Input<pulumi.Input<inputs.ConnectorAwsIncludeTag>[] | undefined>;
/**
* Unique human-readable name of the Connector.
*/
name: pulumi.Input<string>;
/**
* RoleName is the Role we're assuming into for an account
*/
roleName?: pulumi.Input<string | undefined>;
/**
* ScanPeriod identifies which remote system this Connector discovers
*/
scanPeriod?: pulumi.Input<string | undefined>;
/**
* Services is a list of services this connector should scan.
*/
services?: pulumi.Input<pulumi.Input<string>[] | undefined>;
}
export interface ConnectorAwsExcludeTag {
/**
* Unique human-readable name of the Connector.
*/
name?: pulumi.Input<string | undefined>;
/**
* The value of this tag.
*/
value?: pulumi.Input<string | undefined>;
}
export interface ConnectorAwsIncludeTag {
/**
* Unique human-readable name of the Connector.
*/
name?: pulumi.Input<string | undefined>;
/**
* The value of this tag.
*/
value?: pulumi.Input<string | undefined>;
}
export interface ConnectorAzure {
/**
* ClientId is the ID of the Application / Service Account we're acting as
*/
clientId?: pulumi.Input<string | undefined>;
/**
* Description of the Connector.
*/
description?: pulumi.Input<string | undefined>;
/**
* ExcludeTags filters out discovered resources that have the tag and value. We do allow duplicate tag names for ExcludeTags to support multiple excluded values for the tag.
*/
excludeTags?: pulumi.Input<pulumi.Input<inputs.ConnectorAzureExcludeTag>[] | undefined>;
/**
* IncludeTags only discovers cloud resources that have one of the included tags. We do not allow duplicate tag names for IncludeTags
*/
includeTags?: pulumi.Input<pulumi.Input<inputs.ConnectorAzureIncludeTag>[] | undefined>;
/**
* Unique human-readable name of the Connector.
*/
name: pulumi.Input<string>;
/**
* ScanPeriod identifies which remote system this Connector discovers
*/
scanPeriod?: pulumi.Input<string | undefined>;
/**
* Services is a list of services this connector should scan.
*/
services?: pulumi.Input<pulumi.Input<string>[] | undefined>;
/**
* SubscriptionIds are the targets of discovery.
*/
subscriptionIds?: pulumi.Input<pulumi.Input<string>[] | undefined>;
/**
* TenantId is the Azure Tenant we're discovering in
* * gcp:
*/
tenantId?: pulumi.Input<string | undefined>;
}
export interface ConnectorAzureExcludeTag {
/**
* Unique human-readable name of the Connector.
*/
name?: pulumi.Input<string | undefined>;
/**
* The value of this tag.
*/
value?: pulumi.Input<string | undefined>;
}
export interface ConnectorAzureIncludeTag {
/**
* Unique human-readable name of the Connector.
*/
name?: pulumi.Input<string | undefined>;
/**
* The value of this tag.
*/
value?: pulumi.Input<string | undefined>;
}
export interface ConnectorGcp {
/**
* Description of the Connector.
*/
description?: pulumi.Input<string | undefined>;
/**
* ExcludeTags filters out discovered resources that have the tag and value. We do allow duplicate tag names for ExcludeTags to support multiple excluded values for the tag.
*/
excludeTags?: pulumi.Input<pulumi.Input<inputs.ConnectorGcpExcludeTag>[] | undefined>;
/**
* IncludeTags only discovers cloud resources that have one of the included tags. We do not allow duplicate tag names for IncludeTags
*/
includeTags?: pulumi.Input<pulumi.Input<inputs.ConnectorGcpIncludeTag>[] | undefined>;
/**
* Unique human-readable name of the Connector.
*/
name: pulumi.Input<string>;
/**
* ProjectIds is the list of GCP Projects the connector will scan
*/
projectIds?: pulumi.Input<pulumi.Input<string>[] | undefined>;
/**
* ScanPeriod identifies which remote system this Connector discovers
*/
scanPeriod?: pulumi.Input<string | undefined>;
/**
* Services is a list of services this connector should scan.
*/
services?: pulumi.Input<pulumi.Input<string>[] | undefined>;
/**
* WorkloadPoolId is the GCP Workload Pool Identifier used to authenticate our JWT
*/
workloadPoolId?: pulumi.Input<string | undefined>;
/**
* WorkloadProjectId is the GCP Project ID where the Workload Pool is defined
*/
workloadProjectId?: pulumi.Input<string | undefined>;
/**
* WorkloadProjectNumber is the GCP Project Number where the Workload Pool is defined
*/
workloadProjectNumber?: pulumi.Input<string | undefined>;
/**
* WorkloadProviderId is the GCP Workload Provider Identifier used to authenticate our JWT
*/
workloadProviderId?: pulumi.Input<string | undefined>;
}
export interface ConnectorGcpExcludeTag {
/**
* Unique human-readable name of the Connector.
*/
name?: pulumi.Input<string | undefined>;
/**
* The value of this tag.
*/
value?: pulumi.Input<string | undefined>;
}
export interface ConnectorGcpIncludeTag {
/**
* Unique human-readable name of the Connector.
*/
name?: pulumi.Input<string | undefined>;
/**
* The value of this tag.
*/
value?: pulumi.Input<string | undefined>;
}
export interface GetApprovalWorkflowApprovalStep {
/**
* The approvers for this approval step
*/
approvers: inputs.GetApprovalWorkflowApprovalStepApprover[];
/**
* Whether any or all approvers are required to approve for this approval step (optional, defaults to any)
*/
quantifier?: string;
/**
* Duration after which this approval step will be skipped if no approval is given (optional, if not provided this step must be manually approved)
*/
skipAfter?: string;
}
export interface GetApprovalWorkflowApprovalStepArgs {
/**
* The approvers for this approval step
*/
approvers: pulumi.Input<pulumi.Input<inputs.GetApprovalWorkflowApprovalStepApproverArgs>[]>;
/**
* Whether any or all approvers are required to approve for this approval step (optional, defaults to any)
*/
quantifier?: pulumi.Input<string | undefined>;
/**
* Duration after which this approval step will be skipped if no approval is given (optional, if not provided this step must be manually approved)
*/
skipAfter?: pulumi.Input<string | undefined>;
}
export interface GetApprovalWorkflowApprovalStepApprover {
/**
* The account id of the approver (only one of account_id, role_id, group id, or reference may be present for one approver)
*/
accountId?: string;
/**
* The group id of the approver (only one of account_id, role_id, group id, or reference may be present for one approver)
*/
groupId?: string;
/**
* A reference to an approver: 'manager-of-requester' or 'manager-of-manager-of-requester' (only one of account_id, role_id, group id, or reference may be present for one approver)
*/
reference?: string;
/**
* The role id of the approver (only one of account_id, role_id, group id, or reference may be present for one approver)
*/
roleId?: string;
}
export interface GetApprovalWorkflowApprovalStepApproverArgs {
/**
* The account id of the approver (only one of account_id, role_id, group id, or reference may be present for one approver)
*/
accountId?: pulumi.Input<string | undefined>;
/**
* The group id of the approver (only one of account_id, role_id, group id, or reference may be present for one approver)
*/
groupId?: pulumi.Input<string | undefined>;
/**
* A reference to an approver: 'manager-of-requester' or 'manager-of-manager-of-requester' (only one of account_id, role_id, group id, or reference may be present for one approver)
*/
reference?: pulumi.Input<string | undefined>;
/**
* The role id of the approver (only one of account_id, role_id, group id, or reference may be present for one approver)
*/
roleId?: pulumi.Input<string | undefined>;
}
export interface NodeGateway {
/**
* The hostname/port tuple which the gateway daemon will bind to. If not provided on create, set to "0.0.0.0:listen_address_port".
*/
bindAddress?: pulumi.Input<string | undefined>;
/**
* Device is a read only device name uploaded by the gateway process when it comes online.
*/
device?: pulumi.Input<string | undefined>;
/**
* GatewayFilter can be used to restrict the peering between relays and gateways. Deprecated.
*/
gatewayFilter?: pulumi.Input<string | undefined>;
/**
* The public hostname/port tuple at which the gateway will be accessible to clients.
*/
listenAddress: pulumi.Input<string>;
/**
* Location is a read only network location uploaded by the gateway process when it comes online.
*/
location?: pulumi.Input<string | undefined>;
/**
* Maintenance Windows define when this node is allowed to restart. If a node is requested to restart, it will check each window to determine if any of them permit it to restart, and if any do, it will. This check is repeated per window until the restart is successfully completed. If not set here, may be set on the command line or via an environment variable on the process itself; any server setting will take precedence over local settings. This setting is ineffective for nodes below version 38.44.0. If this setting is not applied via this remote configuration or via local configuration, the default setting is used: always allow restarts if serving no connections, and allow a restart even if serving connections between 7-8 UTC, any day.
*/
maintenanceWindows?: pulumi.Input<pulumi.Input<inputs.NodeGatewayMaintenanceWindow>[] | undefined>;
/**
* Unique human-readable name of the Relay. Node names must include only letters, numbers, and hyphens (no spaces, underscores, or other special characters). Generated if not provided on create.
*/
name?: pulumi.Input<string | undefined>;
/**
* Tags is a map of key, value pairs.
*/
tags?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
} | undefined>;
token?: pulumi.Input<string | undefined>;
/**
* Version is a read only sdm binary version uploaded by the gateway process when it comes online.
*/
version?: pulumi.Input<string | undefined>;
}
export interface NodeGatewayMaintenanceWindow {
cronSchedule: pulumi.Input<string>;
requireIdleness: pulumi.Input<boolean>;
}
export interface NodeProxyCluster {
/**
* The public hostname/port tuple at which the proxy cluster will be accessible to clients.
*/
address: pulumi.Input<string>;
/**
* Maintenance Windows define when this node is allowed to restart. If a node is requested to restart, it will check each window to determine if any of them permit it to restart, and if any do, it will. This check is repeated per window until the restart is successfully completed. If not set here, may be set on the command line or via an environment variable on the process itself; any server setting will take precedence over local settings. This setting is ineffective for nodes below version 38.44.0. If this setting is not applied via this remote configuration or via local configuration, the default setting is used: always allow restarts if serving no connections, and allow a restart even if serving connections between 7-8 UTC, any day.
*/
maintenanceWindows?: pulumi.Input<pulumi.Input<inputs.NodeProxyClusterMaintenanceWindow>[] | undefined>;
/**
* Unique human-readable name of the Relay. Node names must include only letters, numbers, and hyphens (no spaces, underscores, or other special characters). Generated if not provided on create.
*/
name?: pulumi.Input<string | undefined>;
/**
* Tags is a map of key, value pairs.
*/
tags?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
} | undefined>;
}
export interface NodeProxyClusterMaintenanceWindow {
cronSchedule: pulumi.Input<string>;
requireIdleness: pulumi.Input<boolean>;
}
export interface NodeRelay {
/**
* Device is a read only device name uploaded by the gateway process when it comes online.
*/
device?: pulumi.Input<string | undefined>;
/**
* GatewayFilter can be used to restrict the peering between relays and gateways. Deprecated.
*/
gatewayFilter?: pulumi.Input<string | undefined>;
/**
* Location is a read only network location uploaded by the gateway process when it comes online.
*/
location?: pulumi.Input<string | undefined>;
/**
* Maintenance Windows define when this node is allowed to restart. If a node is requested to restart, it will check each window to determine if any of them permit it to restart, and if any do, it will. This check is repeated per window until the restart is successfully completed. If not set here, may be set on the command line or via an environment variable on the process itself; any server setting will take precedence over local settings. This setting is ineffective for nodes below version 38.44.0. If this setting is not applied via this remote configuration or via local configuration, the default setting is used: always allow restarts if serving no connections, and allow a restart even if serving connections between 7-8 UTC, any day.
*/
maintenanceWindows?: pulumi.Input<pulumi.Input<inputs.NodeRelayMaintenanceWindow>[] | undefined>;
/**
* Unique human-readable name of the Relay. Node names must include only letters, numbers, and hyphens (no spaces, underscores, or other special characters). Generated if not provided on create.
*/
name?: pulumi.Input<string | undefined>;
/**
* Tags is a map of key, value pairs.
*/
tags?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
} | undefined>;
token?: pulumi.Input<string | undefined>;
/**
* Version is a read only sdm binary version uploaded by the gateway process when it comes online.
*/
version?: pulumi.Input<string | undefined>;
}
export interface NodeRelayMaintenanceWindow {
cronSchedule: pulumi.Input<string>;
requireIdleness: pulumi.Input<boolean>;
}
export interface ResourceAerospike {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: pulumi.Input<string | undefined>;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: pulumi.Input<string | undefined>;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: pulumi.Input<string>;
/**
* Unique human-readable name of the Resource.
*/
name: pulumi.Input<string>;
/**
* The password to authenticate with.
*/
password?: pulumi.Input<string | undefined>;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: pulumi.Input<number | undefined>;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: pulumi.Input<number | undefined>;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: pulumi.Input<string | undefined>;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: pulumi.Input<string | undefined>;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: pulumi.Input<string | undefined>;
/**
* Tags is a map of key, value pairs.
*/
tags?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
} | undefined>;
/**
* If true, uses UseServicesAlternates directive for Aerospike connection
*/
useServicesAlternate?: pulumi.Input<boolean | undefined>;
/**
* The username to authenticate with.
*/
username?: pulumi.Input<string | undefined>;
}
export interface ResourceAks {
/**
* If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided.
*/
allowResourceRoleBypass?: pulumi.Input<boolean | undefined>;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: pulumi.Input<string | undefined>;
/**
* The CA to authenticate TLS connections with.
*/
certificateAuthority?: pulumi.Input<string | undefined>;
/**
* The certificate to authenticate TLS connections with.
*/
clientCertificate?: pulumi.Input<string | undefined>;
/**
* The key to authenticate TLS connections with.
*/
clientKey?: pulumi.Input<string | undefined>;
/**
* If true, configures discovery of the Okta org to be run from a node.
*/
discoveryEnabled?: pulumi.Input<boolean | undefined>;
/**
* If a cluster is configured for user impersonation, this is the user to impersonate when running discovery.
*/
discoveryUsername?: pulumi.Input<string | undefined>;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: pulumi.Input<string | undefined>;
/**
* The path used to check the health of your connection. Defaults to <span pulumi-lang-nodejs="`default`" pulumi-lang-dotnet="`Default`" pulumi-lang-go="`default`" pulumi-lang-python="`default`" pulumi-lang-yaml="`default`" pulumi-lang-java="`default`">`default`</span>. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace?: pulumi.Input<string | undefined>;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: pulumi.Input<string>;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: pulumi.Input<string | undefined>;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: pulumi.Input<string | undefined>;
/**
* Unique human-readable name of the Resource.
*/
name: pulumi.Input<string>;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port: pulumi.Input<number>;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: pulumi.Input<number | undefined>;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: pulumi.Input<string | undefined>;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: pulumi.Input<string | undefined>;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: pulumi.Input<string | undefined>;
/**
* Tags is a map of key, value pairs.
*/
tags?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
} | undefined>;
}
export interface ResourceAksBasicAuth {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: pulumi.Input<string | undefined>;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: pulumi.Input<string | undefined>;
/**
* The path used to check the health of your connection. Defaults to <span pulumi-lang-nodejs="`default`" pulumi-lang-dotnet="`Default`" pulumi-lang-go="`default`" pulumi-lang-python="`default`" pulumi-lang-yaml="`default`" pulumi-lang-java="`default`">`default`</span>. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace?: pulumi.Input<string | undefined>;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: pulumi.Input<string>;
/**
* Unique human-readable name of the Resource.
*/
name: pulumi.Input<string>;
/**
* The password to authenticate with.
*/
password?: pulumi.Input<string | undefined>;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port: pulumi.Input<number>;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: pulumi.Input<number | undefined>;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: pulumi.Input<string | undefined>;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: pulumi.Input<string | undefined>;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: pulumi.Input<string | undefined>;
/**
* Tags is a map of key, value pairs.
*/
tags?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
} | undefined>;
/**
* The username to authenticate with.
*/
username?: pulumi.Input<string | undefined>;
}
export interface ResourceAksServiceAccount {
/**
* If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided.
*/
allowResourceRoleBypass?: pulumi.Input<boolean | undefined>;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: pulumi.Input<string | undefined>;
/**
* If true, configures discovery of the Okta org to be run from a node.
*/
discoveryEnabled?: pulumi.Input<boolean | undefined>;
/**
* If a cluster is configured for user impersonation, this is the user to impersonate when running discovery.
*/
discoveryUsername?: pulumi.Input<string | undefined>;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: pulumi.Input<string | undefined>;
/**
* The path used to check the health of your connection. Defaults to <span pulumi-lang-nodejs="`default`" pulumi-lang-dotnet="`Default`" pulumi-lang-go="`default`" pulumi-lang-python="`default`" pulumi-lang-yaml="`default`" pulumi-lang-java="`default`">`default`</span>. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace?: pulumi.Input<string | undefined>;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: pulumi.Input<string>;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: pulumi.Input<string | undefined>;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: pulumi.Input<string | undefined>;
/**
* Unique human-readable name of the Resource.
*/
name: pulumi.Input<string>;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port: pulumi.Input<number>;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: pulumi.Input<number | undefined>;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: pulumi.Input<string | undefined>;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: pulumi.Input<string | undefined>;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: pulumi.Input<string | undefined>;
/**
* Tags is a map of key, value pairs.
*/
tags?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
} | undefined>;
/**
* The API token to authenticate with.
* * kubernetes_user_impersonation:
*/
token?: pulumi.Input<string | undefined>;
}
export interface ResourceAksServiceAccountUserImpersonation {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: pulumi.Input<string | undefined>;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: pulumi.Input<string | undefined>;
/**
* The path used to check the health of your connection. Defaults to <span pulumi-lang-nodejs="`default`" pulumi-lang-dotnet="`Default`" pulumi-lang-go="`default`" pulumi-lang-python="`default`" pulumi-lang-yaml="`default`" pulumi-lang-java="`default`">`default`</span>. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace?: pulumi.Input<string | undefined>;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: pulumi.Input<string>;
/**
* Unique human-readable name of the Resource.
*/
name: pulumi.Input<string>;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port: pulumi.Input<number>;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: pulumi.Input<number | undefined>;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: pulumi.Input<string | undefined>;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: pulumi.Input<string | undefined>;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: pulumi.Input<string | undefined>;
/**
* Tags is a map of key, value pairs.
*/
tags?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
} | undefined>;
/**
* The API token to authenticate with.
* * kubernetes_user_impersonation:
*/
token?: pulumi.Input<string | undefined>;
}
export interface ResourceAksUserImpersonation {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: pulumi.Input<string | undefined>;
/**
* The CA to authenticate TLS connections with.
*/
certificateAuthority?: pulumi.Input<string | undefined>;
/**
* The certificate to authenticate TLS connections with.
*/
clientCertificate?: pulumi.Input<string | undefined>;
/**
* The key to authenticate TLS connections with.
*/
clientKey?: pulumi.Input<string | undefined>;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: pulumi.Input<string | undefined>;
/**
* The path used to check the health of your connection. Defaults to <span pulumi-lang-nodejs="`default`" pulumi-lang-dotnet="`Default`" pulumi-lang-go="`default`" pulumi-lang-python="`default`" pulumi-lang-yaml="`default`" pulumi-lang-java="`default`">`default`</span>. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace?: pulumi.Input<string | undefined>;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: pulumi.Input<string>;
/**
* Unique human-readable name of the Resource.
*/
name: pulumi.Input<string>;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port: pulumi.Input<number>;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: pulumi.Input<number | undefined>;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: pulumi.Input<string | undefined>;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: pulumi.Input<string | undefined>;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: pulumi.Input<string | undefined>;
/**
* Tags is a map of key, value pairs.
*/
tags?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
} | undefined>;
}
export interface ResourceAmazonEks {
/**
* The Access Key ID to use to authenticate.
*/
accessKey?: pulumi.Input<string | undefined>;
/**
* If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided.
*/
allowResourceRoleBypass?: pulumi.Input<boolean | undefined>;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: pulumi.Input<string | undefined>;
/**
* The CA to authenticate TLS connections with.
*/
certificateAuthority?: pulumi.Input<string | undefined>;
/**
* The name of the cluster to connect to.
*/
clusterName: pulumi.Input<string>;
/**
* If true, configures discovery of the Okta org to be run from a node.
*/
discoveryEnabled?: pulumi.Input<boolean | undefined>;
/**
* If a cluster is configured for user impersonation, this is the user to impersonate when running discovery.
*/
discoveryUsername?: pulumi.Input<string | undefined>;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: pulumi.Input<string | undefined>;
/**
* The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com
*/
endpoint: pulumi.Input<string>;
/**
* The path used to check the health of your connection. Defaults to <span pulumi-lang-nodejs="`default`" pulumi-lang-dotnet="`Default`" pulumi-lang-go="`default`" pulumi-lang-python="`default`" pulumi-lang-yaml="`default`" pulumi-lang-java="`default`">`default`</span>. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace?: pulumi.Input<string | undefined>;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: pulumi.Input<string | undefined>;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: pulumi.Input<string | undefined>;
/**
* Unique human-readable name of the Resource.
*/
name: pulumi.Input<string>;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: pulumi.Input<number | undefined>;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: pulumi.Input<string | undefined>;
/**
* The AWS region to connect to.
*/
region: pulumi.Input<string>;
/**
* The role to assume after logging in.
*/
roleArn?: pulumi.Input<string | undefined>;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: pulumi.Input<string | undefined>;
/**
* The Secret Access Key to use to authenticate.
*/
secretAccessKey?: pulumi.Input<string | undefined>;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: pulumi.Input<string | undefined>;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: pulumi.Input<string | undefined>;
/**
* Tags is a map of key, value pairs.
*/
tags?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
} | undefined>;
}
export interface ResourceAmazonEksInstanceProfile {
/**
* If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided.
*/
allowResourceRoleBypass?: pulumi.Input<boolean | undefined>;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: pulumi.Input<string | undefined>;
/**
* The CA to authenticate TLS connections with.
*/
certificateAuthority?: pulumi.Input<string | undefined>;
/**
* The name of the cluster to connect to.
*/
clusterName: pulumi.Input<string>;
/**
* If true, configures discovery of the Okta org to be run from a node.
*/
discoveryEnabled?: pulumi.Input<boolean | undefined>;
/**
* If a cluster is configured for user impersonation, this is the user to impersonate when running discovery.
*/
discoveryUsername?: pulumi.Input<string | undefined>;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: pulumi.Input<string | undefined>;
/**
* The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com
*/
endpoint: pulumi.Input<string>;
/**
* The path used to check the health of your connection. Defaults to <span pulumi-lang-nodejs="`default`" pulumi-lang-dotnet="`Default`" pulumi-lang-go="`default`" pulumi-lang-python="`default`" pulumi-lang-yaml="`default`" pulumi-lang-java="`default`">`default`</span>. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace?: pulumi.Input<string | undefined>;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: pulumi.Input<string | undefined>;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: pulumi.Input<string | undefined>;
/**
* Unique human-readable name of the Resource.
*/
name: pulumi.Input<string>;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: pulumi.Input<number | undefined>;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: pulumi.Input<string | undefined>;
/**
* The AWS region to connect to.
*/
region: pulumi.Input<string>;
/**
* The role to assume after logging in.
*/
roleArn?: pulumi.Input<string | undefined>;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: pulumi.Input<string | undefined>;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: pulumi.Input<string | undefined>;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: pulumi.Input<string | undefined>;
/**
* Tags is a map of key, value pairs.
*/
tags?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
} | undefined>;
}
export interface ResourceAmazonEksInstanceProfileUserImpersonation {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: pulumi.Input<string | undefined>;
/**
* The CA to authenticate TLS connections with.
*/
certificateAuthority?: pulumi.Input<string | undefined>;
/**
* The name of the cluster to connect to.
*/
clusterName: pulumi.Input<string>;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: pulumi.Input<string | undefined>;
/**
* The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com
*/
endpoint: pulumi.Input<string>;
/**
* The path used to check the health of your connection. Defaults to <span pulumi-lang-nodejs="`default`" pulumi-lang-dotnet="`Default`" pulumi-lang-go="`default`" pulumi-lang-python="`default`" pulumi-lang-yaml="`default`" pulumi-lang-java="`default`">`default`</span>. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace?: pulumi.Input<string | undefined>;
/**
* Unique human-readable name of the Resource.
*/
name: pulumi.Input<string>;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: pulumi.Input<number | undefined>;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: pulumi.Input<string | undefined>;
/**
* The AWS region to connect to.
*/
region: pulumi.Input<string>;
/**
* The role to assume after logging in.
*/
roleArn?: pulumi.Input<string | undefined>;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: pulumi.Input<string | undefined>;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: pulumi.Input<string | undefined>;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: pulumi.Input<string | undefined>;
/**
* Tags is a map of key, value pairs.
*/
tags?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
} | undefined>;
}
export interface ResourceAmazonEksUserImpersonation {
/**
* The Access Key ID to use to authenticate.
*/
accessKey?: pulumi.Input<string | undefined>;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: pulumi.Input<string | undefined>;
/**
* The CA to authenticate TLS connections with.
*/
certificateAuthority?: pulumi.Input<string | undefined>;
/**
* The name of the cluster to connect to.
*/
clusterName: pulumi.Input<string>;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: pulumi.Input<string | undefined>;
/**
* The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com
*/
endpoint: pulumi.Input<string>;
/**
* The path used to check the health of your connection. Defaults to <span pulumi-lang-nodejs="`default`" pulumi-lang-dotnet="`Default`" pulumi-lang-go="`default`" pulumi-lang-python="`default`" pulumi-lang-yaml="`default`" pulumi-lang-java="`default`">`default`</span>. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace?: pulumi.Input<string | undefined>;
/**
* Unique human-readable name of the Resource.
*/
name: pulumi.Input<string>;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: pulumi.Input<number | undefined>;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: pulumi.Input<string | undefined>;
/**
* The AWS region to connect to.
*/
region: pulumi.Input<string>;
/**
* The role to assume after logging in.
*/
roleArn?: pulumi.Input<string | undefined>;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: pulumi.Input<string | undefined>;
/**
* The Secret Access Key to use to authenticate.
*/
secretAccessKey?: pulumi.Input<string | undefined>;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: pulumi.Input<string | undefined>;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
su