@pierskarsenbarg/sdm

import * as outputs from "../types/output"; export interface AccountService { /** * CreatedAt is the timestamp when the user was created */ createdAt: string; /** * Unique human-readable name of the Service. */ name: string; /** * The Service's suspended state. */ suspended?: boolean; /** * Tags is a map of key, value pairs. */ tags?: { [key: string]: string; }; token: string; } export interface AccountUser { /** * CreatedAt is the timestamp when the user was created */ createdAt: string; /** * The User's email address. Must be unique. */ email: string; /** * Internal employee ID used to identify the user. */ employeeNumber?: string; /** * External ID is an alternative unique ID this user is represented by within an external service. */ externalId?: string; /** * The User's first name. */ firstName: string; /** * The User's last name. */ lastName: string; /** * Managed By is a read only field for what service manages this user, e.g. StrongDM, Okta, Azure. */ managedBy: string; /** * Manager ID is the ID of the user's manager. This field is empty when the user has no manager. */ managerId?: string; /** * PermissionLevel is the user's permission level e.g. admin, DBA, user. */ permissionLevel: string; /** * Resolved Manager ID is the ID of the user's manager derived from the manager_id, if present, or from the SCIM metadata. This is a read-only field that's only populated for get and list. */ resolvedManagerId: string; /** * SCIM contains the raw SCIM metadata for the user. This is a read-only field. */ scim: string; /** * The Service's suspended state. */ suspended: boolean; /** * Tags is a map of key, value pairs. */ tags?: { [key: string]: string; }; } export interface ApprovalWorkflowApprovalStep { /** * The approvers for this approval step */ approvers: outputs.ApprovalWorkflowApprovalStepApprover[]; /** * Whether any or all approvers are required to approve for this approval step (optional, defaults to any) */ quantifier?: string; /** * Duration after which this approval step will be skipped if no approval is given (optional, if not provided this step must be manually approved) */ skipAfter?: string; } export interface ApprovalWorkflowApprovalStepApprover { /** * The account id of the approver (only one of account_id, role_id, group id, or reference may be present for one approver) */ accountId?: string; /** * The group id of the approver (only one of account_id, role_id, group id, or reference may be present for one approver) */ groupId?: string; /** * A reference to an approver: 'manager-of-requester' or 'manager-of-manager-of-requester' (only one of account_id, role_id, group id, or reference may be present for one approver) */ reference?: string; /** * The role id of the approver (only one of account_id, role_id, group id, or reference may be present for one approver) */ roleId?: string; } export interface ConnectorAws { /** * AccountIds is the list of AWS Accounts to scan */ accountIds?: string[]; /** * Description of the Connector. */ description?: string; /** * ExcludeTags filters out discovered resources that have the tag and value. We do allow duplicate tag names for ExcludeTags to support multiple excluded values for the tag. */ excludeTags?: outputs.ConnectorAwsExcludeTag[]; /** * IncludeTags only discovers cloud resources that have one of the included tags. We do not allow duplicate tag names for IncludeTags */ includeTags?: outputs.ConnectorAwsIncludeTag[]; /** * Unique human-readable name of the Connector. */ name: string; /** * RoleName is the Role we're assuming into for an account */ roleName?: string; /** * ScanPeriod identifies which remote system this Connector discovers */ scanPeriod?: string; /** * Services is a list of services this connector should scan. */ services?: string[]; } export interface ConnectorAwsExcludeTag { /** * Unique human-readable name of the Connector. */ name?: string; /** * The value of this tag. */ value?: string; } export interface ConnectorAwsIncludeTag { /** * Unique human-readable name of the Connector. */ name?: string; /** * The value of this tag. */ value?: string; } export interface ConnectorAzure { /** * ClientId is the ID of the Application / Service Account we're acting as */ clientId?: string; /** * Description of the Connector. */ description?: string; /** * ExcludeTags filters out discovered resources that have the tag and value. We do allow duplicate tag names for ExcludeTags to support multiple excluded values for the tag. */ excludeTags?: outputs.ConnectorAzureExcludeTag[]; /** * IncludeTags only discovers cloud resources that have one of the included tags. We do not allow duplicate tag names for IncludeTags */ includeTags?: outputs.ConnectorAzureIncludeTag[]; /** * Unique human-readable name of the Connector. */ name: string; /** * ScanPeriod identifies which remote system this Connector discovers */ scanPeriod?: string; /** * Services is a list of services this connector should scan. */ services?: string[]; /** * SubscriptionIds are the targets of discovery. */ subscriptionIds?: string[]; /** * TenantId is the Azure Tenant we're discovering in * * gcp: */ tenantId?: string; } export interface ConnectorAzureExcludeTag { /** * Unique human-readable name of the Connector. */ name?: string; /** * The value of this tag. */ value?: string; } export interface ConnectorAzureIncludeTag { /** * Unique human-readable name of the Connector. */ name?: string; /** * The value of this tag. */ value?: string; } export interface ConnectorGcp { /** * Description of the Connector. */ description?: string; /** * ExcludeTags filters out discovered resources that have the tag and value. We do allow duplicate tag names for ExcludeTags to support multiple excluded values for the tag. */ excludeTags?: outputs.ConnectorGcpExcludeTag[]; /** * IncludeTags only discovers cloud resources that have one of the included tags. We do not allow duplicate tag names for IncludeTags */ includeTags?: outputs.ConnectorGcpIncludeTag[]; /** * Unique human-readable name of the Connector. */ name: string; /** * ProjectIds is the list of GCP Projects the connector will scan */ projectIds?: string[]; /** * ScanPeriod identifies which remote system this Connector discovers */ scanPeriod?: string; /** * Services is a list of services this connector should scan. */ services?: string[]; /** * WorkloadPoolId is the GCP Workload Pool Identifier used to authenticate our JWT */ workloadPoolId?: string; /** * WorkloadProjectId is the GCP Project ID where the Workload Pool is defined */ workloadProjectId?: string; /** * WorkloadProjectNumber is the GCP Project Number where the Workload Pool is defined */ workloadProjectNumber?: string; /** * WorkloadProviderId is the GCP Workload Provider Identifier used to authenticate our JWT */ workloadProviderId?: string; } export interface ConnectorGcpExcludeTag { /** * Unique human-readable name of the Connector. */ name?: string; /** * The value of this tag. */ value?: string; } export interface ConnectorGcpIncludeTag { /** * Unique human-readable name of the Connector. */ name?: string; /** * The value of this tag. */ value?: string; } export interface GetAccountAccount { /** * A Service is a service account that can connect to resources they are granted directly, or granted via roles. Services are typically automated jobs. */ services: outputs.GetAccountAccountService[]; /** * A Token is an account providing tokenized access for automation or integration use. Tokens include admin tokens, API keys, and SCIM tokens. */ tokens: outputs.GetAccountAccountToken[]; /** * A User can connect to resources they are granted directly, or granted via roles. */ users: outputs.GetAccountAccountUser[]; } export interface GetAccountAccountService { /** * CreatedAt is the timestamp when the user was created */ createdAt: string; /** * Unique identifier of the User. */ id?: string; /** * Unique human-readable name of the Token. */ name?: string; /** * Reserved for future use. Always false for tokens. */ suspended?: boolean; /** * Tags is a map of key, value pairs. */ tags?: { [key: string]: string; }; } export interface GetAccountAccountToken { /** * Corresponds to the type of token, e.g. api or admin-token. */ accountType?: string; /** * CreatedAt is the timestamp when the user was created */ createdAt: string; /** * The timestamp when the Token will expire. */ deadline?: string; /** * Duration from token creation to expiration. */ duration?: string; /** * Unique identifier of the User. */ id?: string; /** * Unique human-readable name of the Token. */ name?: string; /** * Permissions assigned to the token, e.g. role:create. */ permissions?: string[]; /** * The timestamp when the Token was last rekeyed. */ rekeyed?: string; /** * Reserved for future use. Always false for tokens. */ suspended?: boolean; /** * Tags is a map of key, value pairs. */ tags?: { [key: string]: string; }; } export interface GetAccountAccountUser { /** * CreatedAt is the timestamp when the user was created */ createdAt: string; /** * The User's email address. Must be unique. */ email?: string; /** * Internal employee ID used to identify the user. */ employeeNumber?: string; /** * External ID is an alternative unique ID this user is represented by within an external service. */ externalId?: string; /** * The User's first name. */ firstName?: string; /** * Unique identifier of the User. */ id?: string; /** * The User's last name. */ lastName?: string; /** * Managed By is a read only field for what service manages this user, e.g. StrongDM, Okta, Azure. */ managedBy: string; /** * Manager ID is the ID of the user's manager. This field is empty when the user has no manager. */ managerId?: string; /** * PermissionLevel is the user's permission level e.g. admin, DBA, user. */ permissionLevel?: string; /** * Resolved Manager ID is the ID of the user's manager derived from the manager_id, if present, or from the SCIM metadata. This is a read-only field that's only populated for get and list. */ resolvedManagerId: string; /** * SCIM contains the raw SCIM metadata for the user. This is a read-only field. */ scim: string; /** * Reserved for future use. Always false for tokens. */ suspended: boolean; /** * Tags is a map of key, value pairs. */ tags?: { [key: string]: string; }; } export interface GetAccountAttachmentAccountAttachment { /** * The id of the account of this AccountAttachment. */ accountId?: string; /** * Unique identifier of the AccountAttachment. */ id?: string; /** * The id of the attached role of this AccountAttachment. */ roleId?: string; } export interface GetAccountGroupAccountsGroup { /** * Unique identifier of the Account. */ accountId?: string; /** * Unique identifier of the Group. */ groupId?: string; /** * Unique identifier of the AccountGroup. */ id?: string; } export interface GetApprovalWorkflowApprovalStep { /** * The approvers for this approval step */ approvers: outputs.GetApprovalWorkflowApprovalStepApprover[]; /** * Whether any or all approvers are required to approve for this approval step (optional, defaults to any) */ quantifier?: string; /** * Duration after which this approval step will be skipped if no approval is given (optional, if not provided this step must be manually approved) */ skipAfter?: string; } export interface GetApprovalWorkflowApprovalStepApprover { /** * The account id of the approver (only one of account_id, role_id, group id, or reference may be present for one approver) */ accountId?: string; /** * The group id of the approver (only one of account_id, role_id, group id, or reference may be present for one approver) */ groupId?: string; /** * A reference to an approver: 'manager-of-requester' or 'manager-of-manager-of-requester' (only one of account_id, role_id, group id, or reference may be present for one approver) */ reference?: string; /** * The role id of the approver (only one of account_id, role_id, group id, or reference may be present for one approver) */ roleId?: string; } export interface GetApprovalWorkflowApprovalWorkflow { /** * Approval mode of the ApprovalWorkflow */ approvalMode?: string; /** * The approval steps of this approval workflow */ approvalSteps?: outputs.GetApprovalWorkflowApprovalWorkflowApprovalStep[]; /** * Optional description of the ApprovalWorkflow. */ description?: string; /** * Unique identifier of the ApprovalWorkflow. */ id?: string; /** * Unique human-readable name of the ApprovalWorkflow. */ name?: string; } export interface GetApprovalWorkflowApprovalWorkflowApprovalStep { /** * The approvers for this approval step */ approvers: outputs.GetApprovalWorkflowApprovalWorkflowApprovalStepApprover[]; /** * Whether any or all approvers are required to approve for this approval step (optional, defaults to any) */ quantifier?: string; /** * Duration after which this approval step will be skipped if no approval is given (optional, if not provided this step must be manually approved) */ skipAfter?: string; } export interface GetApprovalWorkflowApprovalWorkflowApprovalStepApprover { /** * The account id of the approver (only one of account_id, role_id, group id, or reference may be present for one approver) */ accountId?: string; /** * The group id of the approver (only one of account_id, role_id, group id, or reference may be present for one approver) */ groupId?: string; /** * A reference to an approver: 'manager-of-requester' or 'manager-of-manager-of-requester' (only one of account_id, role_id, group id, or reference may be present for one approver) */ reference?: string; /** * The role id of the approver (only one of account_id, role_id, group id, or reference may be present for one approver) */ roleId?: string; } export interface GetConnectorDiscoveryConnector { aws: outputs.GetConnectorDiscoveryConnectorAw[]; azures: outputs.GetConnectorDiscoveryConnectorAzure[]; gcps: outputs.GetConnectorDiscoveryConnectorGcp[]; } export interface GetConnectorDiscoveryConnectorAw { /** * AccountIds is the list of AWS Accounts to scan */ accountIds?: string[]; /** * Description of the Connector. */ description?: string; /** * Unique identifier of the Connector. */ id?: string; /** * Unique human-readable name of the Connector. */ name?: string; /** * RoleName is the Role we're assuming into for an account */ roleName?: string; /** * ScanPeriod identifies which remote system this Connector discovers */ scanPeriod?: string; /** * Services is a list of services this connector should scan. */ services?: string[]; } export interface GetConnectorDiscoveryConnectorAzure { /** * ClientId is the ID of the Application / Service Account we're acting as */ clientId?: string; /** * Description of the Connector. */ description?: string; /** * Unique identifier of the Connector. */ id?: string; /** * Unique human-readable name of the Connector. */ name?: string; /** * ScanPeriod identifies which remote system this Connector discovers */ scanPeriod?: string; /** * Services is a list of services this connector should scan. */ services?: string[]; /** * SubscriptionIds are the targets of discovery. */ subscriptionIds?: string[]; /** * TenantId is the Azure Tenant we're discovering in */ tenantId?: string; } export interface GetConnectorDiscoveryConnectorGcp { /** * Description of the Connector. */ description?: string; /** * Unique identifier of the Connector. */ id?: string; /** * Unique human-readable name of the Connector. */ name?: string; /** * ProjectIds is the list of GCP Projects the connector will scan */ projectIds?: string[]; /** * ScanPeriod identifies which remote system this Connector discovers */ scanPeriod?: string; /** * Services is a list of services this connector should scan. */ services?: string[]; /** * WorkloadPoolId is the GCP Workload Pool Identifier used to authenticate our JWT */ workloadPoolId?: string; /** * WorkloadProjectId is the GCP Project ID where the Workload Pool is defined */ workloadProjectId?: string; /** * WorkloadProjectNumber is the GCP Project Number where the Workload Pool is defined */ workloadProjectNumber?: string; /** * WorkloadProviderId is the GCP Workload Provider Identifier used to authenticate our JWT */ workloadProviderId?: string; } export interface GetGroupGroup { /** * Description of the Group. */ description?: string; /** * Unique identifier of the Group. */ id?: string; /** * Unique human-readable name of the Group. */ name?: string; /** * Source is a read only field for what service manages this group, e.g. StrongDM, Okta, Azure. */ source: string; /** * Tags is a map of key/value pairs that can be attached to a Group. */ tags?: { [key: string]: string; }; } export interface GetGroupRoleGroupsRole { /** * The assigned Group ID. */ groupId?: string; /** * Unique identifier of the GroupRole. */ id?: string; /** * The assigned Role ID. */ roleId?: string; } export interface GetIdentityAliasIdentityAlias { /** * The account for this identity alias. */ accountId?: string; /** * Unique identifier of the IdentityAlias. */ id?: string; /** * The identity set. */ identitySetId?: string; /** * The username to be used as the identity alias for this account. */ username?: string; } export interface GetIdentitySetIdentitySet { /** * Unique identifier of the IdentitySet. */ id?: string; /** * Unique human-readable name of the IdentitySet. */ name?: string; } export interface GetManagedSecretManagedSecret { /** * public part of the secret value */ config: string; /** * Timestamp of when secret is going to be rotated */ expiresAt: string; /** * Unique identifier of the Managed Secret. */ id?: string; /** * Timestamp of when secret was last rotated */ lastRotatedAt: string; /** * Whether the secret requires a lock to access */ lockRequired?: boolean; /** * Unique human-readable name of the Managed Secret. */ name?: string; /** * An ID of a Secret Engine linked with the Managed Secret. */ secretEngineId?: string; /** * Path in a secret store. */ secretStorePath: string; /** * Tags is a map of key, value pairs. */ tags?: { [key: string]: string; }; /** * Sensitive value of the secret. */ value?: string; } export interface GetNodeNode { /** * Gateway represents a StrongDM CLI installation running in gateway mode. */ gateways: outputs.GetNodeNodeGateway[]; /** * ProxyCluster represents a cluster of StrongDM proxies. */ proxyClusters: outputs.GetNodeNodeProxyCluster[]; /** * Relay represents a StrongDM CLI installation running in relay mode. */ relays: outputs.GetNodeNodeRelay[]; } export interface GetNodeNodeGateway { /** * The hostname/port tuple which the gateway daemon will bind to. If not provided on create, set to "0.0.0.0:listen_address_port". */ bindAddress?: string; /** * Device is a read only device name uploaded by the gateway process when it comes online. */ device: string; /** * GatewayFilter can be used to restrict the peering between relays and gateways. Deprecated. */ gatewayFilter?: string; /** * Unique identifier of the Relay. */ id?: string; /** * The public hostname/port tuple at which the gateway will be accessible to clients. */ listenAddress?: string; /** * Location is a read only network location uploaded by the gateway process when it comes online. */ location: string; /** * Maintenance Windows define when this node is allowed to restart. If a node is requested to restart, it will check each window to determine if any of them permit it to restart, and if any do, it will. This check is repeated per window until the restart is successfully completed. If not set here, may be set on the command line or via an environment variable on the process itself; any server setting will take precedence over local settings. This setting is ineffective for nodes below version 38.44.0. If this setting is not applied via this remote configuration or via local configuration, the default setting is used: always allow restarts if serving no connections, and allow a restart even if serving connections between 7-8 UTC, any day. */ maintenanceWindows?: outputs.GetNodeNodeGatewayMaintenanceWindow[]; /** * Unique human-readable name of the Relay. Node names must include only letters, numbers, and hyphens (no spaces, underscores, or other special characters). Generated if not provided on create. */ name?: string; /** * Tags is a map of key, value pairs. */ tags?: { [key: string]: string; }; /** * Version is a read only sdm binary version uploaded by the gateway process when it comes online. */ version: string; } export interface GetNodeNodeGatewayMaintenanceWindow { cronSchedule: string; requireIdleness: boolean; } export interface GetNodeNodeProxyCluster { /** * The public hostname/port tuple at which the proxy cluster will be accessible to clients. */ address?: string; /** * Unique identifier of the Relay. */ id?: string; /** * Maintenance Windows define when this node is allowed to restart. If a node is requested to restart, it will check each window to determine if any of them permit it to restart, and if any do, it will. This check is repeated per window until the restart is successfully completed. If not set here, may be set on the command line or via an environment variable on the process itself; any server setting will take precedence over local settings. This setting is ineffective for nodes below version 38.44.0. If this setting is not applied via this remote configuration or via local configuration, the default setting is used: always allow restarts if serving no connections, and allow a restart even if serving connections between 7-8 UTC, any day. */ maintenanceWindows?: outputs.GetNodeNodeProxyClusterMaintenanceWindow[]; /** * Unique human-readable name of the Relay. Node names must include only letters, numbers, and hyphens (no spaces, underscores, or other special characters). Generated if not provided on create. */ name?: string; /** * Tags is a map of key, value pairs. */ tags?: { [key: string]: string; }; } export interface GetNodeNodeProxyClusterMaintenanceWindow { cronSchedule: string; requireIdleness: boolean; } export interface GetNodeNodeRelay { /** * Device is a read only device name uploaded by the gateway process when it comes online. */ device: string; /** * GatewayFilter can be used to restrict the peering between relays and gateways. Deprecated. */ gatewayFilter?: string; /** * Unique identifier of the Relay. */ id?: string; /** * Location is a read only network location uploaded by the gateway process when it comes online. */ location: string; /** * Maintenance Windows define when this node is allowed to restart. If a node is requested to restart, it will check each window to determine if any of them permit it to restart, and if any do, it will. This check is repeated per window until the restart is successfully completed. If not set here, may be set on the command line or via an environment variable on the process itself; any server setting will take precedence over local settings. This setting is ineffective for nodes below version 38.44.0. If this setting is not applied via this remote configuration or via local configuration, the default setting is used: always allow restarts if serving no connections, and allow a restart even if serving connections between 7-8 UTC, any day. */ maintenanceWindows?: outputs.GetNodeNodeRelayMaintenanceWindow[]; /** * Unique human-readable name of the Relay. Node names must include only letters, numbers, and hyphens (no spaces, underscores, or other special characters). Generated if not provided on create. */ name?: string; /** * Tags is a map of key, value pairs. */ tags?: { [key: string]: string; }; /** * Version is a read only sdm binary version uploaded by the gateway process when it comes online. */ version: string; } export interface GetNodeNodeRelayMaintenanceWindow { cronSchedule: string; requireIdleness: boolean; } export interface GetPeeringGroupNodePeeringGroupNode { /** * Peering Group ID to which the node will be attached to. */ groupId?: string; /** * Unique identifier of the Attachment. */ id?: string; /** * Node ID to be attached. */ nodeId?: string; } export interface GetPeeringGroupPeerPeeringGroupPeer { /** * Group ID from which the link will originate. */ groupId?: string; /** * Unique identifier of the Attachment. */ id?: string; /** * Peering Group ID to which Group ID will link. */ peersWithGroupId?: string; } export interface GetPeeringGroupPeeringGroup { /** * Unique identifier of the PeeringGroup. */ id?: string; /** * Unique human-readable name of the PeeringGroup. */ name?: string; } export interface GetPeeringGroupResourcePeeringGroupResource { /** * Peering Group ID to which the resource will be attached to. */ groupId?: string; /** * Unique identifier of the Attachment. */ id?: string; /** * Resource ID to be attached. */ resourceId?: string; } export interface GetPolicyPolicy { /** * Optional description of the Policy. */ description?: string; /** * Unique identifier of the Policy. */ id?: string; /** * Unique human-readable name of the Policy. */ name?: string; /** * The content of the Policy, in Cedar policy language. */ policy?: string; } export interface GetProxyClusterKeyProxyClusterKey { /** * Unique identifier of the Relay. */ id?: string; /** * The ID of the proxy cluster which this key authenticates to. */ proxyClusterId?: string; } export interface GetRemoteIdentityGroupRemoteIdentityGroup { /** * Unique identifier of the RemoteIdentityGroup. */ id?: string; /** * Unique human-readable name of the RemoteIdentityGroup. */ name?: string; } export interface GetRemoteIdentityRemoteIdentity { /** * The account for this remote identity. */ accountId?: string; /** * Unique identifier of the RemoteIdentity. */ id?: string; /** * The remote identity group. */ remoteIdentityGroupId?: string; /** * The username to be used as the remote identity for this account. */ username?: string; } export interface GetResourceResource { aerospikes: outputs.GetResourceResourceAerospike[]; aks: outputs.GetResourceResourceAk[]; aksBasicAuths: outputs.GetResourceResourceAksBasicAuth[]; /** * @deprecated aks_service_account_user_impersonation is deprecated, see docs for more info */ aksServiceAccountUserImpersonations: outputs.GetResourceResourceAksServiceAccountUserImpersonation[]; aksServiceAccounts: outputs.GetResourceResourceAksServiceAccount[]; /** * @deprecated aks_user_impersonation is deprecated, see docs for more info */ aksUserImpersonations: outputs.GetResourceResourceAksUserImpersonation[]; amazonEks: outputs.GetResourceResourceAmazonEk[]; /** * @deprecated amazon_eks_instance_profile_user_impersonation is deprecated, see docs for more info */ amazonEksInstanceProfileUserImpersonations: outputs.GetResourceResourceAmazonEksInstanceProfileUserImpersonation[]; amazonEksInstanceProfiles: outputs.GetResourceResourceAmazonEksInstanceProfile[]; /** * @deprecated amazon_eks_user_impersonation is deprecated, see docs for more info */ amazonEksUserImpersonations: outputs.GetResourceResourceAmazonEksUserImpersonation[]; amazonEs: outputs.GetResourceResourceAmazonE[]; amazonEsiams: outputs.GetResourceResourceAmazonEsiam[]; amazonmqAmqp091s: outputs.GetResourceResourceAmazonmqAmqp091[]; amazonmqAmqps: outputs.GetResourceResourceAmazonmqAmqp[]; athenaIams: outputs.GetResourceResourceAthenaIam[]; athenas: outputs.GetResourceResourceAthena[]; auroraMysqlIams: outputs.GetResourceResourceAuroraMysqlIam[]; auroraMysqls: outputs.GetResourceResourceAuroraMysql[]; auroraPostgres: outputs.GetResourceResourceAuroraPostgre[]; auroraPostgresIams: outputs.GetResourceResourceAuroraPostgresIam[]; aws: outputs.GetResourceResourceAw[]; awsConsoleStaticKeyPairs: outputs.GetResourceResourceAwsConsoleStaticKeyPair[]; awsConsoles: outputs.GetResourceResourceAwsConsole[]; awsInstanceProfiles: outputs.GetResourceResourceAwsInstanceProfile[]; azureCertificates: outputs.GetResourceResourceAzureCertificate[]; azureMysqlManagedIdentities: outputs.GetResourceResourceAzureMysqlManagedIdentity[]; azureMysqls: outputs.GetResourceResourceAzureMysql[]; azurePostgres: outputs.GetResourceResourceAzurePostgre[]; azurePostgresManagedIdentities: outputs.GetResourceResourceAzurePostgresManagedIdentity[]; azures: outputs.GetResourceResourceAzure[]; bigQueries: outputs.GetResourceResourceBigQuery[]; cassandras: outputs.GetResourceResourceCassandra[]; cituses: outputs.GetResourceResourceCitus[]; clickHouseHttps: outputs.GetResourceResourceClickHouseHttp[]; clickHouseMySqls: outputs.GetResourceResourceClickHouseMySql[]; clickHouseTcps: outputs.GetResourceResourceClickHouseTcp[]; clustrixes: outputs.GetResourceResourceClustrix[]; cockroaches: outputs.GetResourceResourceCockroach[]; couchbaseDatabases: outputs.GetResourceResourceCouchbaseDatabase[]; couchbaseWebUis: outputs.GetResourceResourceCouchbaseWebUi[]; databricks: outputs.GetResourceResourceDatabrick[]; db2Is: outputs.GetResourceResourceDb2I[]; db2Luws: outputs.GetResourceResourceDb2Luw[]; documentDbHostIams: outputs.GetResourceResourceDocumentDbHostIam[]; documentDbHosts: outputs.GetResourceResourceDocumentDbHost[]; documentDbReplicaSetIams: outputs.GetResourceResourceDocumentDbReplicaSetIam[]; documentDbReplicaSets: outputs.GetResourceResourceDocumentDbReplicaSet[]; druids: outputs.GetResourceResourceDruid[]; dynamoDbiams: outputs.GetResourceResourceDynamoDbiam[]; dynamoDbs: outputs.GetResourceResourceDynamoDb[]; elasticacheRedis: outputs.GetResourceResourceElasticacheRedi[]; elasticacheRedisIams: outputs.GetResourceResourceElasticacheRedisIam[]; elastics: outputs.GetResourceResourceElastic[]; entraIds: outputs.GetResourceResourceEntraId[]; gcpConsoles: outputs.GetResourceResourceGcpConsole[]; gcps: outputs.GetResourceResourceGcp[]; gcpwifs: outputs.GetResourceResourceGcpwif[]; /** * @deprecated google_gke_user_impersonation is deprecated, see docs for more info */ googleGkeUserImpersonations: outputs.GetResourceResourceGoogleGkeUserImpersonation[]; googleGkes: outputs.GetResourceResourceGoogleGke[]; googleSpanners: outputs.GetResourceResourceGoogleSpanner[]; greenplums: outputs.GetResourceResourceGreenplum[]; httpAuths: outputs.GetResourceResourceHttpAuth[]; httpBasicAuths: outputs.GetResourceResourceHttpBasicAuth[]; httpNoAuths: outputs.GetResourceResourceHttpNoAuth[]; kubernetes: outputs.GetResourceResourceKubernete[]; kubernetesBasicAuths: outputs.GetResourceResourceKubernetesBasicAuth[]; kubernetesPodIdentities: outputs.GetResourceResourceKubernetesPodIdentity[]; /** * @deprecated kubernetes_service_account_user_impersonation is deprecated, see docs for more info */ kubernetesServiceAccountUserImpersonations: outputs.GetResourceResourceKubernetesServiceAccountUserImpersonation[]; kubernetesServiceAccounts: outputs.GetResourceResourceKubernetesServiceAccount[]; /** * @deprecated kubernetes_user_impersonation is deprecated, see docs for more info */ kubernetesUserImpersonations: outputs.GetResourceResourceKubernetesUserImpersonation[]; marias: outputs.GetResourceResourceMaria[]; mcpGatewayNoAuths: outputs.GetResourceResourceMcpGatewayNoAuth[]; mcpGatewayOAuthDcrs: outputs.GetResourceResourceMcpGatewayOAuthDcr[]; mcpGatewayOAuths: outputs.GetResourceResourceMcpGatewayOAuth[]; mcpGatewayPats: outputs.GetResourceResourceMcpGatewayPat[]; memcacheds: outputs.GetResourceResourceMemcached[]; memsqls: outputs.GetResourceResourceMemsql[]; mongoHosts: outputs.GetResourceResourceMongoHost[]; mongoLegacyHosts: outputs.GetResourceResourceMongoLegacyHost[]; mongoLegacyReplicasets: outputs.GetResourceResourceMongoLegacyReplicaset[]; mongoReplicaSets: outputs.GetResourceResourceMongoReplicaSet[]; mongoShardedClusters: outputs.GetResourceResourceMongoShardedCluster[]; mtlsMysqls: outputs.GetResourceResourceMtlsMysql[]; mtlsPostgres: outputs.GetResourceResourceMtlsPostgre[]; mysqls: outputs.GetResourceResourceMysql[]; neptuneIams: outputs.GetResourceResourceNeptuneIam[]; neptunes: outputs.GetResourceResourceNeptune[]; oktaGroups: outputs.GetResourceResourceOktaGroup[]; oracleNnes: outputs.GetResourceResourceOracleNne[]; oracles: outputs.GetResourceResourceOracle[]; postgres: outputs.GetResourceResourcePostgre[]; prestos: outputs.GetResourceResourcePresto[]; rabbitmqAmqp091s: outputs.GetResourceResourceRabbitmqAmqp091[]; rawTcps: outputs.GetResourceResourceRawTcp[]; rdpCerts: outputs.GetResourceResourceRdpCert[]; rdps: outputs.GetResourceResourceRdp[]; rdsPostgresIams: outputs.GetResourceResourceRdsPostgresIam[]; redis: outputs.GetResourceResourceRedi[]; redisClusters: outputs.GetResourceResourceRedisCluster[]; redshiftIams: outputs.GetResourceResourceRedshiftIam[]; redshiftServerlessIams: outputs.GetResourceResourceRedshiftServerlessIam[]; redshifts: outputs.GetResourceResourceRedshift[]; singleStores: outputs.GetResourceResourceSingleStore[]; snowflakes: outputs.GetResourceResourceSnowflake[]; snowsights: outputs.GetResourceResourceSnowsight[]; sqlServerAzureAds: outputs.GetResourceResourceSqlServerAzureAd[]; sqlServerKerberosAds: outputs.GetResourceResourceSqlServerKerberosAd[]; sqlServers: outputs.GetResourceResourceSqlServer[]; sshCerts: outputs.GetResourceResourceSshCert[]; sshCustomerKeys: outputs.GetResourceResourceSshCustomerKey[]; sshPasswords: outputs.GetResourceResourceSshPassword[]; sshes: outputs.GetResourceResourceSsh[]; sybaseIqs: outputs.GetResourceResourceSybaseIq[]; sybases: outputs.GetResourceResourceSybase[]; teradatas: outputs.GetResourceResourceTeradata[]; trinos: outputs.GetResourceResourceTrino[]; verticas: outputs.GetResourceResourceVertica[]; } export interface GetResourceResourceAerospike { /** * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation. */ bindInterface?: string; /** * A filter applied to the routing logic to pin datasource to nodes. */ egressFilter?: string; /** * The host to dial to initiate a connection from the egress node to this resource. */ hostname?: string; /** * Unique identifier of the Resource. */ id?: string; /** * Unique human-readable name of the Resource. */ name?: string; /** * The password to authenticate with. */ password?: string; /** * The port to dial to initiate a connection from the egress node to this resource. */ port?: number; /** * The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1. */ portOverride?: number; /** * ID of the proxy cluster for this resource, if any. */ proxyClusterId?: string; /** * ID of the secret store containing credentials for this resource, if any. */ secretStoreId?: string; /** * DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode. */ subdomain?: string; /** * Tags is a map of key, value pairs. */ tags?: { [key: string]: string; }; /** * If true, uses UseServicesAlternates directive for Aerospike connection */ useServicesAlternate?: boolean; /** * The username to authenticate with. */ username?: string; } export interface GetResourceResourceAk { /** * If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided. */ allowResourceRoleBypass?: boolean; /** * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation. */ bindInterface?: string; /** * The CA to authenticate TLS connections with. */ certificateAuthority?: string; /** * The certificate to authenticate TLS connections with. */ clientCertificate?: string; /** * The key to authenticate TLS connections with. */ clientKey?: string; /** * If true, configures discovery of the Okta org to be run from a node. */ discoveryEnabled?: boolean; /** * If a cluster is configured for user impersonation, this is the user to impersonate when running discovery. */ discoveryUsername?: string; /** * A filter applied to the routing logic to pin datasource to nodes. */ egressFilter?: string; /** * The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility. */ healthcheckNamespace?: string; /** * The host to dial to initiate a connection from the egress node to this resource. */ hostname?: string; /** * Unique identifier of the Resource. */ id?: string; /** * The username to use for healthchecks, when clients otherwise connect with their own identity alias username. */ identityAliasHealthcheckUsername?: string; /** * The ID of the identity set to use for identity connections. */ identitySetId?: string; /** * Unique human-readable name of the Resource. */ name?: string; /** * The port to dial to initiate a connection from the egress node to this resource. */ port?: number; /** * The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1. */ portOverride?: number; /** * ID of the proxy cluster for this resource, if any. */ proxyClusterId?: string; /** * ID of the secret store containing credentials for this resource, if any. */ secretStoreId?: string; /** * DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode. */ subdomain?: string; /** * Tags is a map of key, value pairs. */ tags?: { [key: string]: string; }; } export interface GetResourceResourceAksBasicAuth { /** * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation. */ bindInterface?: string; /** * A filter applied to the routing logic to pin datasource to nodes. */ egressFilter?: string; /** * The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility. */ healthcheckNamespace?: string; /** * The host to dial to initiate a connection from the egress node to this resource. */ hostname?: string; /** * Unique identifier of the Resource. */ id?: string; /** * Unique human-readable name of the Resource. */ name?: string; /** * The password to authenticate with. */ password?: string; /** * The port to dial to initiate a connection from the egress node to this resource. */ port?: number; /** * The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1. */ portOverride?: number; /** * ID of the proxy cluster for this resource, if any. */ proxyClusterId?: string; /** * ID of the secret store containing credentials for this resource, if any. */ secretStoreId?: string; /** * DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode. */ subdomain?: string; /** * Tags is a map of key, value pairs. */ tags?: { [key: string]: string; }; /** * The username to authenticate with. */ username?: string; } export interface GetResourceResourceAksServiceAccount { /** * If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided. */ allowResourceRoleBypass?: boolean; /** * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation. */ bindInterface?: string; /** * If true, configures discovery of the Okta org to be run from a node. */ discoveryEnabled?: boolean; /** * If a cluster is configured for user impersonation, this is the user to impersonate when running discovery. */ discoveryUsername?: string; /** * A filter applied to the routing logic to pin datasource to nodes. */ egressFilter?: string; /** * The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility. */ healthcheckNamespace?: string; /** * The host to dial to initiate a connection from the egress node to this resource. */ hostname?: string; /** * Unique identifier of the Resource. */ id?: string; /** * The username to use for healthchecks, when clients otherwise connect with their own identity alias username. */ identityAliasHealthcheckUsername?: string; /** * The ID of the identity set to use for identity connections. */ identitySetId?: string; /** * Unique human-readable name of the Resource. */ name?: string; /** * The port to dial to initiate a connection from the egress node to this resource. */ port?: number; /** * The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1. */ portOverride?: number; /** * ID of the proxy cluster for this resource, if any. */ proxyClusterId?: string; /** * ID of the secret store containing credentials for this resource, if any. */ secretStoreId?: string; /** * DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode. */ subdomain?: string; /** * Tags is a map of key, value pairs. */ tags?: { [key: string]: string; }; /** * The API token to authenticate with. * * kubernetes_user_impersonation: */ token?: string; } export interface GetResourceResourceAksServiceAccountUserImpersonation { /** * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation. */ bindInterface?: string; /** * A filter applied to the routing logic to pin datasource to nodes. */ egressFilter?: string; /** * The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility. */ healthcheckNamespace?: string; /** * The host to dial to initiate a connection from the egress node to this resource. */ hostname?: string; /** * Unique identifier of the Resource. */ id?: st