UNPKG

@pulumiverse/grafana

Version:

A Pulumi package for creating and managing grafana.

grafana.com

pulumiverse/pulumi-grafana

216 lines (215 loc) 9.4 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
import * as pulumi from "@pulumi/pulumi"; /** * * [Official documentation](https://grafana.com/docs/grafana-cloud/security-and-account-management/authentication-and-permissions/access-policies/) * * [API documentation](https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#create-a-token) * * Required access policy scopes: * * * accesspolicies:read * * accesspolicies:write * * accesspolicies:delete * * This is similar to the grafana.cloud.AccessPolicyToken resource, but it represents a token that will be rotated automatically over time. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as grafana from "@pulumiverse/grafana"; * * const current = grafana.cloud.getOrganization({ * slug: "<your org slug>", * }); * const test = new grafana.cloud.AccessPolicy("test", { * region: "prod-us-east-0", * name: "my-policy", * displayName: "My Policy", * scopes: [ * "metrics:read", * "logs:read", * ], * realms: [{ * type: "org", * identifier: current.then(current => current.id), * labelPolicies: [{ * selector: "{namespace=\"default\"}", * }], * }], * }); * const testAccessPolicyRotatingToken = new grafana.cloud.AccessPolicyRotatingToken("test", { * region: "prod-us-east-0", * accessPolicyId: test.policyId, * namePrefix: "my-policy-rotating-token", * displayName: "My Policy Rotating Token", * expireAfter: "720h", * earlyRotationWindow: "24h", * }); * ``` * * ## Import * * ```sh * terraform import grafana_cloud_access_policy_rotating_token.name "{{ region }}:{{ tokenId }}" * ``` */ export declare class AccessPolicyRotatingToken extends pulumi.CustomResource { /** * Get an existing AccessPolicyRotatingToken resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AccessPolicyRotatingTokenState, opts?: pulumi.CustomResourceOptions): AccessPolicyRotatingToken; /** * Returns true if the given object is an instance of AccessPolicyRotatingToken. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is AccessPolicyRotatingToken; /** * ID of the access policy for which to create a token. */ readonly accessPolicyId: pulumi.Output<string>; /** * Creation date of the access policy token. */ readonly createdAt: pulumi.Output<string>; /** * Deletes the token in Grafana Cloud when the resource is destroyed in Terraform, instead of leaving it to expire at its `expiresAt` time. Use it with `lifecycle { createBeforeDestroy = true }` to make sure that the new token is created before the old one is deleted. Defaults to `false`. */ readonly deleteOnDestroy: pulumi.Output<boolean | undefined>; /** * Display name of the access policy token. Defaults to the name. */ readonly displayName: pulumi.Output<string | undefined>; /** * Duration of the window before expiring where the token can be rotated (e.g. '24h', '30m', '1h30m'). Valid units are 's' (seconds), 'm' (minutes) and 'h' (hours). */ readonly earlyRotationWindow: pulumi.Output<string>; /** * Duration after which the token will expire (e.g. '24h', '30m', '1h30m'). Valid units are 's' (seconds), 'm' (minutes) and 'h' (hours). */ readonly expireAfter: pulumi.Output<string>; /** * Expiration date of the access policy token. */ readonly expiresAt: pulumi.Output<string>; /** * Name of the access policy token. */ readonly name: pulumi.Output<string>; /** * Prefix for the name of the access policy token. The actual name will be stored in the computed field `name`, which will be in the format '\n\n-\n\n' */ readonly namePrefix: pulumi.Output<string>; /** * Signals that the token is either expired or within the period to be early rotated. */ readonly readyForRotation: pulumi.Output<boolean>; /** * Region of the access policy. Should be set to the same region as the access policy. Use the region list API to get the list of available regions: https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#list-regions. */ readonly region: pulumi.Output<string>; readonly token: pulumi.Output<string>; /** * Last update date of the access policy token. */ readonly updatedAt: pulumi.Output<string>; /** * Create a AccessPolicyRotatingToken resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: AccessPolicyRotatingTokenArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering AccessPolicyRotatingToken resources. */ export interface AccessPolicyRotatingTokenState { /** * ID of the access policy for which to create a token. */ accessPolicyId?: pulumi.Input<string>; /** * Creation date of the access policy token. */ createdAt?: pulumi.Input<string>; /** * Deletes the token in Grafana Cloud when the resource is destroyed in Terraform, instead of leaving it to expire at its `expiresAt` time. Use it with `lifecycle { createBeforeDestroy = true }` to make sure that the new token is created before the old one is deleted. Defaults to `false`. */ deleteOnDestroy?: pulumi.Input<boolean>; /** * Display name of the access policy token. Defaults to the name. */ displayName?: pulumi.Input<string>; /** * Duration of the window before expiring where the token can be rotated (e.g. '24h', '30m', '1h30m'). Valid units are 's' (seconds), 'm' (minutes) and 'h' (hours). */ earlyRotationWindow?: pulumi.Input<string>; /** * Duration after which the token will expire (e.g. '24h', '30m', '1h30m'). Valid units are 's' (seconds), 'm' (minutes) and 'h' (hours). */ expireAfter?: pulumi.Input<string>; /** * Expiration date of the access policy token. */ expiresAt?: pulumi.Input<string>; /** * Name of the access policy token. */ name?: pulumi.Input<string>; /** * Prefix for the name of the access policy token. The actual name will be stored in the computed field `name`, which will be in the format '\n\n-\n\n' */ namePrefix?: pulumi.Input<string>; /** * Signals that the token is either expired or within the period to be early rotated. */ readyForRotation?: pulumi.Input<boolean>; /** * Region of the access policy. Should be set to the same region as the access policy. Use the region list API to get the list of available regions: https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#list-regions. */ region?: pulumi.Input<string>; token?: pulumi.Input<string>; /** * Last update date of the access policy token. */ updatedAt?: pulumi.Input<string>; } /** * The set of arguments for constructing a AccessPolicyRotatingToken resource. */ export interface AccessPolicyRotatingTokenArgs { /** * ID of the access policy for which to create a token. */ accessPolicyId: pulumi.Input<string>; /** * Deletes the token in Grafana Cloud when the resource is destroyed in Terraform, instead of leaving it to expire at its `expiresAt` time. Use it with `lifecycle { createBeforeDestroy = true }` to make sure that the new token is created before the old one is deleted. Defaults to `false`. */ deleteOnDestroy?: pulumi.Input<boolean>; /** * Display name of the access policy token. Defaults to the name. */ displayName?: pulumi.Input<string>; /** * Duration of the window before expiring where the token can be rotated (e.g. '24h', '30m', '1h30m'). Valid units are 's' (seconds), 'm' (minutes) and 'h' (hours). */ earlyRotationWindow: pulumi.Input<string>; /** * Duration after which the token will expire (e.g. '24h', '30m', '1h30m'). Valid units are 's' (seconds), 'm' (minutes) and 'h' (hours). */ expireAfter: pulumi.Input<string>; /** * Prefix for the name of the access policy token. The actual name will be stored in the computed field `name`, which will be in the format '\n\n-\n\n' */ namePrefix: pulumi.Input<string>; /** * Region of the access policy. Should be set to the same region as the access policy. Use the region list API to get the list of available regions: https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#list-regions. */ region: pulumi.Input<string>; }