@pulumi/ns1

import * as pulumi from "@pulumi/pulumi"; import * as inputs from "./types/input"; import * as outputs from "./types/output"; /** * Provides a NS1 Api Key resource. This can be used to create, modify, and delete api keys. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as ns1 from "@pulumi/ns1"; * * const example = new ns1.Team("example", {name: "Example team"}); * const exampleAPIKey = new ns1.APIKey("example", { * name: "Example key", * teams: [example.id], * ipWhitelists: [ * "1.1.1.1", * "2.2.2.2", * ], * dnsViewZones: false, * accountManageUsers: false, * }); * ``` * * ## Permissions * * An API key will inherit permissions from the teams it is assigned to. * If a key is assigned to a team and also has individual permissions set on the key, the individual permissions * will be overridden by the inherited team permissions. * In a future release, setting permissions on a key that is part of a team will be explicitly disabled. * * When a key is removed from all teams completely, it will inherit whatever permissions it had previously. * If a key is removed from all it's teams, it will probably be necessary to run `pulumi up` a second time * to update the keys permissions from it's old team permissions to new key-specific permissions. * * See [the NS1 API docs](https://ns1.com/api#getget-all-account-users) for an overview of permission semantics or for [more details](https://help.ns1.com/hc/en-us/articles/360024409034-Managing-user-permissions) about the individual permission flags. * * ## NS1 Documentation * * [ApiKeys Api Doc](https://ns1.com/api#api-key) * * ## Import * * -> Imported keys will not have their key stored in the state file. * * ```sh * $ pulumi import ns1:index/aPIKey:APIKey `ns1_apikey` * ``` * * So for the example above: * * ```sh * $ pulumi import ns1:index/aPIKey:APIKey example <ID>` * ``` */ export declare class APIKey extends pulumi.CustomResource { /** * Get an existing APIKey resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: APIKeyState, opts?: pulumi.CustomResourceOptions): APIKey; /** * Returns true if the given object is an instance of APIKey. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is APIKey; /** * Whether the apikey can modify account settings. */ readonly accountManageAccountSettings: pulumi.Output<boolean | undefined>; /** * Whether the apikey can modify account apikeys. */ readonly accountManageApikeys: pulumi.Output<boolean | undefined>; /** * Whether the apikey can manage ip whitelist. */ readonly accountManageIpWhitelist: pulumi.Output<boolean | undefined>; /** * Whether the apikey can modify account payment methods. */ readonly accountManagePaymentMethods: pulumi.Output<boolean | undefined>; /** * No longer in use. * * @deprecated obsolete, should no longer be used */ readonly accountManagePlan: pulumi.Output<boolean | undefined>; /** * Whether the apikey can modify other teams in the account. */ readonly accountManageTeams: pulumi.Output<boolean | undefined>; /** * Whether the apikey can modify account users. */ readonly accountManageUsers: pulumi.Output<boolean | undefined>; /** * Whether the apikey can view activity logs. */ readonly accountViewActivityLog: pulumi.Output<boolean | undefined>; /** * Whether the apikey can view invoices. */ readonly accountViewInvoices: pulumi.Output<boolean | undefined>; /** * Whether the apikey can modify data feeds. */ readonly dataManageDatafeeds: pulumi.Output<boolean | undefined>; /** * Whether the apikey can modify data sources. */ readonly dataManageDatasources: pulumi.Output<boolean | undefined>; /** * Whether the apikey can publish to data feeds. */ readonly dataPushToDatafeeds: pulumi.Output<boolean | undefined>; /** * Whether the apikey can modify the accounts zones. */ readonly dnsManageZones: pulumi.Output<boolean | undefined>; /** * List of records that the apikey may access. */ readonly dnsRecordsAllows: pulumi.Output<outputs.APIKeyDnsRecordsAllow[] | undefined>; /** * List of records that the apikey may not access. */ readonly dnsRecordsDenies: pulumi.Output<outputs.APIKeyDnsRecordsDeny[] | undefined>; /** * Whether the apikey can view the accounts zones. */ readonly dnsViewZones: pulumi.Output<boolean | undefined>; /** * If true, enable the `dnsZonesAllow` list, otherwise enable the `dnsZonesDeny` list. */ readonly dnsZonesAllowByDefault: pulumi.Output<boolean | undefined>; /** * List of zones that the apikey may access. */ readonly dnsZonesAllows: pulumi.Output<string[] | undefined>; /** * List of zones that the apikey may not access. */ readonly dnsZonesDenies: pulumi.Output<string[] | undefined>; /** * Set to true to restrict access to only those IP addresses and networks listed in the **ip_whitelist** field. */ readonly ipWhitelistStrict: pulumi.Output<boolean | undefined>; /** * Array of IP addresses/networks to which to grant the API key access. */ readonly ipWhitelists: pulumi.Output<string[] | undefined>; /** * (Computed) The apikeys authentication token. */ readonly key: pulumi.Output<string>; /** * Whether the user can create monitoring jobs when manageJobs is not set to true. */ readonly monitoringCreateJobs: pulumi.Output<boolean | undefined>; /** * Whether the user can delete monitoring jobs when manageJobs is not set to true. */ readonly monitoringDeleteJobs: pulumi.Output<boolean | undefined>; /** * Whether the user can create, update, and delete monitoring jobs. */ readonly monitoringManageJobs: pulumi.Output<boolean | undefined>; /** * Whether the apikey can modify notification lists. */ readonly monitoringManageLists: pulumi.Output<boolean | undefined>; /** * Whether the user can update monitoring jobs when manageJobs is not set to true. */ readonly monitoringUpdateJobs: pulumi.Output<boolean | undefined>; /** * Whether the apikey can view monitoring jobs. */ readonly monitoringViewJobs: pulumi.Output<boolean | undefined>; /** * The free form name of the apikey. */ readonly name: pulumi.Output<string>; /** * Whether the user can manage redirects. * Only relevant for the DDI product. */ readonly redirectsManageRedirects: pulumi.Output<boolean | undefined>; /** * Whether the apikey can manage global active directory. */ readonly securityManageActiveDirectory: pulumi.Output<boolean | undefined>; /** * Whether the apikey can manage global two factor authentication. */ readonly securityManageGlobal2fa: pulumi.Output<boolean | undefined>; /** * The teams that the apikey belongs to. */ readonly teams: pulumi.Output<string[] | undefined>; /** * Create a APIKey resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args?: APIKeyArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering APIKey resources. */ export interface APIKeyState { /** * Whether the apikey can modify account settings. */ accountManageAccountSettings?: pulumi.Input<boolean>; /** * Whether the apikey can modify account apikeys. */ accountManageApikeys?: pulumi.Input<boolean>; /** * Whether the apikey can manage ip whitelist. */ accountManageIpWhitelist?: pulumi.Input<boolean>; /** * Whether the apikey can modify account payment methods. */ accountManagePaymentMethods?: pulumi.Input<boolean>; /** * No longer in use. * * @deprecated obsolete, should no longer be used */ accountManagePlan?: pulumi.Input<boolean>; /** * Whether the apikey can modify other teams in the account. */ accountManageTeams?: pulumi.Input<boolean>; /** * Whether the apikey can modify account users. */ accountManageUsers?: pulumi.Input<boolean>; /** * Whether the apikey can view activity logs. */ accountViewActivityLog?: pulumi.Input<boolean>; /** * Whether the apikey can view invoices. */ accountViewInvoices?: pulumi.Input<boolean>; /** * Whether the apikey can modify data feeds. */ dataManageDatafeeds?: pulumi.Input<boolean>; /** * Whether the apikey can modify data sources. */ dataManageDatasources?: pulumi.Input<boolean>; /** * Whether the apikey can publish to data feeds. */ dataPushToDatafeeds?: pulumi.Input<boolean>; /** * Whether the apikey can modify the accounts zones. */ dnsManageZones?: pulumi.Input<boolean>; /** * List of records that the apikey may access. */ dnsRecordsAllows?: pulumi.Input<pulumi.Input<inputs.APIKeyDnsRecordsAllow>[]>; /** * List of records that the apikey may not access. */ dnsRecordsDenies?: pulumi.Input<pulumi.Input<inputs.APIKeyDnsRecordsDeny>[]>; /** * Whether the apikey can view the accounts zones. */ dnsViewZones?: pulumi.Input<boolean>; /** * If true, enable the `dnsZonesAllow` list, otherwise enable the `dnsZonesDeny` list. */ dnsZonesAllowByDefault?: pulumi.Input<boolean>; /** * List of zones that the apikey may access. */ dnsZonesAllows?: pulumi.Input<pulumi.Input<string>[]>; /** * List of zones that the apikey may not access. */ dnsZonesDenies?: pulumi.Input<pulumi.Input<string>[]>; /** * Set to true to restrict access to only those IP addresses and networks listed in the **ip_whitelist** field. */ ipWhitelistStrict?: pulumi.Input<boolean>; /** * Array of IP addresses/networks to which to grant the API key access. */ ipWhitelists?: pulumi.Input<pulumi.Input<string>[]>; /** * (Computed) The apikeys authentication token. */ key?: pulumi.Input<string>; /** * Whether the user can create monitoring jobs when manageJobs is not set to true. */ monitoringCreateJobs?: pulumi.Input<boolean>; /** * Whether the user can delete monitoring jobs when manageJobs is not set to true. */ monitoringDeleteJobs?: pulumi.Input<boolean>; /** * Whether the user can create, update, and delete monitoring jobs. */ monitoringManageJobs?: pulumi.Input<boolean>; /** * Whether the apikey can modify notification lists. */ monitoringManageLists?: pulumi.Input<boolean>; /** * Whether the user can update monitoring jobs when manageJobs is not set to true. */ monitoringUpdateJobs?: pulumi.Input<boolean>; /** * Whether the apikey can view monitoring jobs. */ monitoringViewJobs?: pulumi.Input<boolean>; /** * The free form name of the apikey. */ name?: pulumi.Input<string>; /** * Whether the user can manage redirects. * Only relevant for the DDI product. */ redirectsManageRedirects?: pulumi.Input<boolean>; /** * Whether the apikey can manage global active directory. */ securityManageActiveDirectory?: pulumi.Input<boolean>; /** * Whether the apikey can manage global two factor authentication. */ securityManageGlobal2fa?: pulumi.Input<boolean>; /** * The teams that the apikey belongs to. */ teams?: pulumi.Input<pulumi.Input<string>[]>; } /** * The set of arguments for constructing a APIKey resource. */ export interface APIKeyArgs { /** * Whether the apikey can modify account settings. */ accountManageAccountSettings?: pulumi.Input<boolean>; /** * Whether the apikey can modify account apikeys. */ accountManageApikeys?: pulumi.Input<boolean>; /** * Whether the apikey can manage ip whitelist. */ accountManageIpWhitelist?: pulumi.Input<boolean>; /** * Whether the apikey can modify account payment methods. */ accountManagePaymentMethods?: pulumi.Input<boolean>; /** * No longer in use. * * @deprecated obsolete, should no longer be used */ accountManagePlan?: pulumi.Input<boolean>; /** * Whether the apikey can modify other teams in the account. */ accountManageTeams?: pulumi.Input<boolean>; /** * Whether the apikey can modify account users. */ accountManageUsers?: pulumi.Input<boolean>; /** * Whether the apikey can view activity logs. */ accountViewActivityLog?: pulumi.Input<boolean>; /** * Whether the apikey can view invoices. */ accountViewInvoices?: pulumi.Input<boolean>; /** * Whether the apikey can modify data feeds. */ dataManageDatafeeds?: pulumi.Input<boolean>; /** * Whether the apikey can modify data sources. */ dataManageDatasources?: pulumi.Input<boolean>; /** * Whether the apikey can publish to data feeds. */ dataPushToDatafeeds?: pulumi.Input<boolean>; /** * Whether the apikey can modify the accounts zones. */ dnsManageZones?: pulumi.Input<boolean>; /** * List of records that the apikey may access. */ dnsRecordsAllows?: pulumi.Input<pulumi.Input<inputs.APIKeyDnsRecordsAllow>[]>; /** * List of records that the apikey may not access. */ dnsRecordsDenies?: pulumi.Input<pulumi.Input<inputs.APIKeyDnsRecordsDeny>[]>; /** * Whether the apikey can view the accounts zones. */ dnsViewZones?: pulumi.Input<boolean>; /** * If true, enable the `dnsZonesAllow` list, otherwise enable the `dnsZonesDeny` list. */ dnsZonesAllowByDefault?: pulumi.Input<boolean>; /** * List of zones that the apikey may access. */ dnsZonesAllows?: pulumi.Input<pulumi.Input<string>[]>; /** * List of zones that the apikey may not access. */ dnsZonesDenies?: pulumi.Input<pulumi.Input<string>[]>; /** * Set to true to restrict access to only those IP addresses and networks listed in the **ip_whitelist** field. */ ipWhitelistStrict?: pulumi.Input<boolean>; /** * Array of IP addresses/networks to which to grant the API key access. */ ipWhitelists?: pulumi.Input<pulumi.Input<string>[]>; /** * Whether the user can create monitoring jobs when manageJobs is not set to true. */ monitoringCreateJobs?: pulumi.Input<boolean>; /** * Whether the user can delete monitoring jobs when manageJobs is not set to true. */ monitoringDeleteJobs?: pulumi.Input<boolean>; /** * Whether the user can create, update, and delete monitoring jobs. */ monitoringManageJobs?: pulumi.Input<boolean>; /** * Whether the apikey can modify notification lists. */ monitoringManageLists?: pulumi.Input<boolean>; /** * Whether the user can update monitoring jobs when manageJobs is not set to true. */ monitoringUpdateJobs?: pulumi.Input<boolean>; /** * Whether the apikey can view monitoring jobs. */ monitoringViewJobs?: pulumi.Input<boolean>; /** * The free form name of the apikey. */ name?: pulumi.Input<string>; /** * Whether the user can manage redirects. * Only relevant for the DDI product. */ redirectsManageRedirects?: pulumi.Input<boolean>; /** * Whether the apikey can manage global active directory. */ securityManageActiveDirectory?: pulumi.Input<boolean>; /** * Whether the apikey can manage global two factor authentication. */ securityManageGlobal2fa?: pulumi.Input<boolean>; /** * The teams that the apikey belongs to. */ teams?: pulumi.Input<pulumi.Input<string>[]>; }