@pulumi/pulumiservice
Version:
[](https://slack.pulumi.com) [](https://www.npmjs.com/package/@pulumi/pulumiservice) [![Python version](https://badge.fury.io
491 lines • 13.8 kB
TypeScript
import * as outputs from "../types/output";
import * as enums from "../types/enums";
export interface AWSOIDCConfiguration {
/**
* Duration of the assume-role session in “XhYmZs” format
*/
duration?: string;
/**
* Optional set of IAM policy ARNs that further restrict the assume-role session
*/
policyARNs?: string[];
/**
* The ARN of the role to assume using the OIDC token.
*/
roleARN: string;
/**
* The name of the assume-role session.
*/
sessionName: string;
}
export interface ApprovalRuleConfig {
/**
* Whether self-approval is allowed.
*/
allowSelfApproval: boolean;
/**
* List of eligible approvers.
*/
eligibleApprovers: outputs.EligibleApprover[];
/**
* Number of approvals required.
*/
numApprovalsRequired: number;
/**
* Whether reapproval is required on changes.
*/
requireReapprovalOnChange: boolean;
}
export interface AuthPolicyDefinition {
/**
* The permission level for organization tokens.
*/
authorizedPermissions?: enums.AuthPolicyPermissionLevel[];
/**
* The rule type of this policy definition
*/
decision: enums.AuthPolicyDecision;
/**
* OIDC rules to set for this policy.
*/
rules: {
[key: string]: string;
};
/**
* The runner ID for deployment runner tokens.
*/
runnerID?: string;
/**
* The team name for team tokens.
*/
teamName?: string;
/**
* The token type for this policy definition
*/
tokenType: enums.AuthPolicyTokenType;
/**
* The user login for personal tokens.
*/
userLogin?: string;
}
export interface AzureOIDCConfiguration {
/**
* The client ID of the federated workload identity.
*/
clientId: string;
/**
* The subscription ID of the federated workload identity.
*/
subscriptionId: string;
/**
* The tenant ID of the federated workload identity.
*/
tenantId: string;
}
/**
* Dependency cache settings for the deployment
*/
export interface DeploymentSettingsCacheOptions {
/**
* Enable dependency caching
*/
enable?: boolean;
}
/**
* deploymentSettingsCacheOptionsProvideDefaults sets the appropriate defaults for DeploymentSettingsCacheOptions
*/
export declare function deploymentSettingsCacheOptionsProvideDefaults(val: DeploymentSettingsCacheOptions): DeploymentSettingsCacheOptions;
/**
* The executor context defines information about the executor where the deployment is executed. If unspecified, the default 'pulumi/pulumi' image is used.
*/
export interface DeploymentSettingsExecutorContext {
/**
* Allows overriding the default executor image with a custom image. E.g. 'pulumi/pulumi-nodejs:latest'
*/
executorImage: string;
}
/**
* Git source settings for a deployment.
*/
export interface DeploymentSettingsGitAuthBasicAuth {
/**
* Password for git basic authentication.
*/
password: string;
/**
* User name for git basic authentication.
*/
username: string;
}
/**
* Git source settings for a deployment.
*/
export interface DeploymentSettingsGitAuthSSHAuth {
/**
* Optional password for SSH authentication.
*/
password?: string;
/**
* SSH private key.
*/
sshPrivateKey: string;
}
/**
* Git source settings for a deployment.
*/
export interface DeploymentSettingsGitSource {
/**
* The branch to deploy. One of either `branch` or `commit` must be specified.
*/
branch?: string;
/**
* The commit to deploy. One of either `branch` or `commit` must be specified.
*/
commit?: string;
/**
* Git authentication configuration for this deployment. Should not be specified if there are `gitHub` settings for this deployment.
*/
gitAuth?: outputs.DeploymentSettingsGitSourceGitAuth;
/**
* The directory within the repository where the Pulumi.yaml is located.
*/
repoDir?: string;
/**
* The repository URL to use for git settings. Should not be specified if there are `gitHub` settings for this deployment.
*/
repoUrl?: string;
}
/**
* Git source settings for a deployment.
*/
export interface DeploymentSettingsGitSourceGitAuth {
/**
* Basic auth for git authentication. Only one of `personalAccessToken`, `sshAuth`, or `basicAuth` must be defined.
*/
basicAuth?: outputs.DeploymentSettingsGitAuthBasicAuth;
/**
* SSH auth for git authentication. Only one of `personalAccessToken`, `sshAuth`, or `basicAuth` must be defined.
*/
sshAuth?: outputs.DeploymentSettingsGitAuthSSHAuth;
}
/**
* GitHub settings for the deployment.
*/
export interface DeploymentSettingsGithub {
/**
* Trigger a deployment running `pulumi up` on commit.
*/
deployCommits?: boolean;
/**
* The paths within the repo that deployments should be filtered to.
*/
paths?: string[];
/**
* Trigger a deployment running `pulumi preview` when a PR is opened.
*/
previewPullRequests?: boolean;
/**
* Use this stack as a template for pull request review stacks.
*/
pullRequestTemplate?: boolean;
/**
* The GitHub repository in the format org/repo.
*/
repository?: string;
}
/**
* deploymentSettingsGithubProvideDefaults sets the appropriate defaults for DeploymentSettingsGithub
*/
export declare function deploymentSettingsGithubProvideDefaults(val: DeploymentSettingsGithub): DeploymentSettingsGithub;
/**
* Settings related to the Pulumi operation environment during the deployment.
*/
export interface DeploymentSettingsOperationContext {
/**
* Environment variables to set for the deployment.
*/
environmentVariables?: {
[key: string]: string;
};
/**
* OIDC configuration to use during the deployment.
*/
oidc?: outputs.OperationContextOIDC;
/**
* Options to override default behavior during the deployment.
*/
options?: outputs.OperationContextOptions;
/**
* Shell commands to run before the Pulumi operation executes.
*/
preRunCommands?: string[];
}
/**
* Settings related to the source of the deployment.
*/
export interface DeploymentSettingsSourceContext {
/**
* Git source settings for a deployment.
*/
git?: outputs.DeploymentSettingsGitSource;
}
/**
* VCS settings for the deployment, supporting multiple VCS providers.
*/
export interface DeploymentSettingsVcs {
/**
* Trigger a deployment running `pulumi up` on commit.
*/
deployCommits?: boolean;
/**
* Deploy a specific pull request number.
*/
deployPullRequest?: number;
/**
* The VCS integration installation ID. Use to disambiguate when an organization has multiple integrations of the same provider type (e.g., two GitHub Apps). If omitted, the API resolves the integration automatically from `provider` and `repository`.
*/
installationId?: string;
/**
* The paths within the repo that deployments should be filtered to.
*/
paths?: string[];
/**
* Trigger a deployment running `pulumi preview` when a PR is opened.
*/
previewPullRequests?: boolean;
/**
* The VCS provider type.
*/
provider: string;
/**
* Use this stack as a template for pull request review stacks.
*/
pullRequestTemplate?: boolean;
/**
* The repository identifier (e.g., 'ProjectName/RepoName' for Azure DevOps, 'org/repo' for GitHub).
*/
repository?: string;
}
/**
* deploymentSettingsVcsProvideDefaults sets the appropriate defaults for DeploymentSettingsVcs
*/
export declare function deploymentSettingsVcsProvideDefaults(val: DeploymentSettingsVcs): DeploymentSettingsVcs;
export interface EligibleApprover {
/**
* RBAC permission that gives right to approve.
*/
rbacPermission?: enums.RbacPermission;
/**
* Name of the team that can approve.
*/
teamName?: string;
/**
* Login of the user that can approve.
*/
user?: string;
}
export interface EnvironmentIdentifier {
/**
* The environment name.
*/
name: string;
/**
* The organization name.
*/
organization: string;
/**
* The project name.
*/
project: string;
}
export interface GCPOIDCConfiguration {
/**
* The numerical ID of the GCP project.
*/
projectId: string;
/**
* The ID of the identity provider associated with the workload pool.
*/
providerId: string;
/**
* The region of the GCP project.
*/
region?: string;
/**
* The email address of the service account to use.
*/
serviceAccount: string;
/**
* The lifetime of the temporary credentials in “XhYmZs” format.
*/
tokenLifetime?: string;
/**
* The ID of the workload pool to use.
*/
workloadPoolId: string;
}
export interface InsightsAccountState {
/**
* Name of the insights account.
*/
accountName: string;
/**
* The ESC environment used for provider credentials. Format: 'project/environment' with optional '@version' suffix (e.g., 'my-project/prod-env' or 'my-project/prod-env@v1.0').
*/
environment: string;
/**
* The insights account identifier.
*/
insightsAccountId: string;
/**
* The organization's name.
*/
organizationName: string;
/**
* The cloud provider for scanning.
*/
provider: enums.CloudProvider;
/**
* Provider-specific configuration as a JSON object. For AWS, specify regions to scan: {"regions": ["us-west-1", "us-west-2"]}.
*/
providerConfig?: {
[key: string]: any;
};
/**
* Schedule for automated scanning. Use 'daily' for daily scans, '12h' for scans every twelve hours, or 'none' to disable scheduled scanning. Defaults to 'none'.
*/
scanSchedule: enums.ScanSchedule;
/**
* Whether scheduled scanning is enabled.
*/
scheduledScanEnabled: boolean;
/**
* Key-value tags to associate with the insights account.
*/
tags?: {
[key: string]: string;
};
}
/**
* insightsAccountStateProvideDefaults sets the appropriate defaults for InsightsAccountState
*/
export declare function insightsAccountStateProvideDefaults(val: InsightsAccountState): InsightsAccountState;
export interface OperationContextOIDC {
/**
* AWS-specific OIDC configuration.
*/
aws?: outputs.AWSOIDCConfiguration;
/**
* Azure-specific OIDC configuration.
*/
azure?: outputs.AzureOIDCConfiguration;
/**
* GCP-specific OIDC configuration.
*/
gcp?: outputs.GCPOIDCConfiguration;
}
export interface OperationContextOptions {
/**
* Whether the stack should be deleted after it is destroyed.
*/
deleteAfterDestroy?: boolean;
/**
* The shell to use to run commands during the deployment. Defaults to 'bash'.
*/
shell?: string;
/**
* Skip the default dependency installation step - use this to customize the dependency installation (e.g. if using yarn or poetry)
*/
skipInstallDependencies?: boolean;
/**
* Skip intermediate deployments (Consolidate multiple deployments of the same type into one deployment)
*/
skipIntermediateDeployments?: boolean;
}
export interface OrganizationMemberInfo {
/**
* The member's built-in role (member, admin, billing-manager). Absent when a custom role is assigned — check `roleId` in that case.
*/
role?: string;
/**
* The custom role ID assigned to this member, if any.
*/
roleId?: string;
/**
* The name of the currently assigned role (custom role name, or built-in role).
*/
roleName?: string;
/**
* The member's Pulumi Cloud username.
*/
username: string;
/**
* Whether this member is an admin in Pulumi Cloud without admin access on the backing identity provider.
*/
virtualAdmin: boolean;
}
/**
* A reference to a policy pack within a policy group.
*/
export interface PolicyGroupPolicyPackReference {
/**
* Optional configuration for the policy pack. The special key `all` sets the default enforcement level for every policy in the pack; per-policy entries override it.
*/
config?: {
[key: string]: any;
};
/**
* The display name of the policy pack.
*/
displayName?: string;
/**
* The name of the policy pack.
*/
name: string;
/**
* The server-derived numeric version of the policy pack. This is output-only; use `versionTag` to pin a specific version.
*/
version?: number;
/**
* The version tag of the policy pack.
*/
versionTag?: string;
}
/**
* A reference to a stack within a policy group.
*/
export interface PolicyGroupStackReference {
/**
* The name of the stack.
*/
name: string;
/**
* The routing project name (also known as project name).
*/
routingProject: string;
}
export interface RoleScopeInfo {
/**
* Human-readable description of what the scope grants.
*/
description: string;
/**
* The scope group label as shown in the Pulumi Cloud console (e.g. `Stacks`).
*/
groupName: string;
/**
* The scope name (e.g. `stack:read`).
*/
name: string;
/**
* The resource-type bucket the scope belongs to (e.g. `stack`, `team`).
*/
resourceType: string;
}
export interface TemplateSourceDestination {
/**
* Destination URL that gets filled in on new project creation.
*/
url?: string;
}
//# sourceMappingURL=output.d.ts.map