@pulumi/digitalocean

import * as pulumi from "@pulumi/pulumi"; /** * Provides a DigitalOcean database logsink resource allowing you to forward logs from a managed database cluster to an external rsyslog server. * * This resource supports the following DigitalOcean managed database engines: * * * PostgreSQL * * MySQL * * Kafka * * Valkey * * **Note**: MongoDB databases use a different log forwarding mechanism and require Datadog logsinks (not currently available in this provider). * * ## Example Usage * * ### Basic rsyslog configuration * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as digitalocean from "@pulumi/digitalocean"; * * const postgres_example = new digitalocean.DatabaseCluster("postgres-example", { * name: "example-postgres-cluster", * engine: "pg", * version: "15", * size: digitalocean.DatabaseSlug.DB_1VPCU1GB, * region: digitalocean.Region.NYC1, * nodeCount: 1, * }); * const example = new digitalocean.DatabaseLogsinkRsyslog("example", { * clusterId: postgres_example.id, * name: "rsyslog-prod", * server: "192.0.2.10", * port: 514, * format: "rfc5424", * }); * ``` * * ### TLS-enabled rsyslog configuration * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as digitalocean from "@pulumi/digitalocean"; * import * as std from "@pulumi/std"; * * const example_tls = new digitalocean.DatabaseLogsinkRsyslog("example-tls", { * clusterId: postgres_example.id, * name: "rsyslog-secure", * server: "logs.example.com", * port: 6514, * tls: true, * format: "rfc5424", * caCert: std.file({ * input: "/path/to/ca.pem", * }).then(invoke => invoke.result), * }); * ``` * * ### mTLS (mutual TLS) configuration * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as digitalocean from "@pulumi/digitalocean"; * import * as std from "@pulumi/std"; * * const example_mtls = new digitalocean.DatabaseLogsinkRsyslog("example-mtls", { * clusterId: postgres_example.id, * name: "rsyslog-mtls", * server: "secure-logs.example.com", * port: 6514, * tls: true, * format: "rfc5424", * caCert: std.file({ * input: "/path/to/ca.pem", * }).then(invoke => invoke.result), * clientCert: std.file({ * input: "/path/to/client.crt", * }).then(invoke => invoke.result), * clientKey: std.file({ * input: "/path/to/client.key", * }).then(invoke => invoke.result), * }); * ``` * * ### Custom format configuration * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as digitalocean from "@pulumi/digitalocean"; * * const example_custom = new digitalocean.DatabaseLogsinkRsyslog("example-custom", { * clusterId: postgres_example.id, * name: "rsyslog-custom", * server: "192.0.2.10", * port: 514, * format: "custom", * logline: "<%pri%>%timestamp:::date-rfc3339% %HOSTNAME% %app-name% %msg%", * structuredData: "[example@41058 iut=\"3\"]", * }); * ``` * * ## Import * * Database logsink rsyslog resources can be imported using the composite ID format `cluster_id,logsink_id`. For example: * * ```sh * $ pulumi import digitalocean:index/databaseLogsinkRsyslog:DatabaseLogsinkRsyslog example 245bcfd0-7f31-4ce6-a2bc-475a116cca97,f38db7c8-1f31-4ce6-a2bc-475a116cca97 * ``` * * **Note**: The cluster ID and logsink ID must be separated by a comma. */ export declare class DatabaseLogsinkRsyslog extends pulumi.CustomResource { /** * Get an existing DatabaseLogsinkRsyslog resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DatabaseLogsinkRsyslogState, opts?: pulumi.CustomResourceOptions): DatabaseLogsinkRsyslog; /** * Returns true if the given object is an instance of DatabaseLogsinkRsyslog. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is DatabaseLogsinkRsyslog; /** * CA certificate for TLS verification in PEM format. Can be specified using `file()` function. */ readonly caCert: pulumi.Output<string | undefined>; /** * Client certificate for mutual TLS authentication in PEM format. **Note**: Requires `tls` to be `true`. */ readonly clientCert: pulumi.Output<string | undefined>; /** * Client private key for mutual TLS authentication in PEM format. **Note**: Requires `tls` to be `true`. This field is marked as sensitive. */ readonly clientKey: pulumi.Output<string | undefined>; /** * UUID of the source database cluster that will forward logs. */ readonly clusterId: pulumi.Output<string>; /** * Log format to use. Must be one of `rfc5424` (default), `rfc3164`, or `custom`. */ readonly format: pulumi.Output<string | undefined>; /** * Custom logline template. **Required** when `format` is set to `custom`. Supports rsyslog-style templating with the following tokens: `%HOSTNAME%`, `%app-name%`, `%msg%`, `%msgid%`, `%pri%`, `%procid%`, `%structured-data%`, `%timestamp%`, and `%timestamp:::date-rfc3339%`. */ readonly logline: pulumi.Output<string | undefined>; /** * The unique identifier for the logsink as returned by the DigitalOcean API. */ readonly logsinkId: pulumi.Output<string>; /** * Display name for the logsink. **Note**: This is immutable; changing it will force recreation of the resource. */ readonly name: pulumi.Output<string>; /** * Port number for the rsyslog server. Must be between 1 and 65535. */ readonly port: pulumi.Output<number>; /** * Hostname or IP address of the rsyslog server. */ readonly server: pulumi.Output<string>; /** * Content of the structured data block for RFC5424 messages. */ readonly structuredData: pulumi.Output<string | undefined>; /** * Enable TLS encryption for the rsyslog connection. Defaults to `false`. **Note**: It is highly recommended to enable TLS as log messages may contain sensitive information. */ readonly tls: pulumi.Output<boolean | undefined>; /** * Create a DatabaseLogsinkRsyslog resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: DatabaseLogsinkRsyslogArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering DatabaseLogsinkRsyslog resources. */ export interface DatabaseLogsinkRsyslogState { /** * CA certificate for TLS verification in PEM format. Can be specified using `file()` function. */ caCert?: pulumi.Input<string>; /** * Client certificate for mutual TLS authentication in PEM format. **Note**: Requires `tls` to be `true`. */ clientCert?: pulumi.Input<string>; /** * Client private key for mutual TLS authentication in PEM format. **Note**: Requires `tls` to be `true`. This field is marked as sensitive. */ clientKey?: pulumi.Input<string>; /** * UUID of the source database cluster that will forward logs. */ clusterId?: pulumi.Input<string>; /** * Log format to use. Must be one of `rfc5424` (default), `rfc3164`, or `custom`. */ format?: pulumi.Input<string>; /** * Custom logline template. **Required** when `format` is set to `custom`. Supports rsyslog-style templating with the following tokens: `%HOSTNAME%`, `%app-name%`, `%msg%`, `%msgid%`, `%pri%`, `%procid%`, `%structured-data%`, `%timestamp%`, and `%timestamp:::date-rfc3339%`. */ logline?: pulumi.Input<string>; /** * The unique identifier for the logsink as returned by the DigitalOcean API. */ logsinkId?: pulumi.Input<string>; /** * Display name for the logsink. **Note**: This is immutable; changing it will force recreation of the resource. */ name?: pulumi.Input<string>; /** * Port number for the rsyslog server. Must be between 1 and 65535. */ port?: pulumi.Input<number>; /** * Hostname or IP address of the rsyslog server. */ server?: pulumi.Input<string>; /** * Content of the structured data block for RFC5424 messages. */ structuredData?: pulumi.Input<string>; /** * Enable TLS encryption for the rsyslog connection. Defaults to `false`. **Note**: It is highly recommended to enable TLS as log messages may contain sensitive information. */ tls?: pulumi.Input<boolean>; } /** * The set of arguments for constructing a DatabaseLogsinkRsyslog resource. */ export interface DatabaseLogsinkRsyslogArgs { /** * CA certificate for TLS verification in PEM format. Can be specified using `file()` function. */ caCert?: pulumi.Input<string>; /** * Client certificate for mutual TLS authentication in PEM format. **Note**: Requires `tls` to be `true`. */ clientCert?: pulumi.Input<string>; /** * Client private key for mutual TLS authentication in PEM format. **Note**: Requires `tls` to be `true`. This field is marked as sensitive. */ clientKey?: pulumi.Input<string>; /** * UUID of the source database cluster that will forward logs. */ clusterId: pulumi.Input<string>; /** * Log format to use. Must be one of `rfc5424` (default), `rfc3164`, or `custom`. */ format?: pulumi.Input<string>; /** * Custom logline template. **Required** when `format` is set to `custom`. Supports rsyslog-style templating with the following tokens: `%HOSTNAME%`, `%app-name%`, `%msg%`, `%msgid%`, `%pri%`, `%procid%`, `%structured-data%`, `%timestamp%`, and `%timestamp:::date-rfc3339%`. */ logline?: pulumi.Input<string>; /** * Display name for the logsink. **Note**: This is immutable; changing it will force recreation of the resource. */ name?: pulumi.Input<string>; /** * Port number for the rsyslog server. Must be between 1 and 65535. */ port: pulumi.Input<number>; /** * Hostname or IP address of the rsyslog server. */ server: pulumi.Input<string>; /** * Content of the structured data block for RFC5424 messages. */ structuredData?: pulumi.Input<string>; /** * Enable TLS encryption for the rsyslog connection. Defaults to `false`. **Note**: It is highly recommended to enable TLS as log messages may contain sensitive information. */ tls?: pulumi.Input<boolean>; }