@dotzen/dotzen 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,66 @@
1
+ "use strict";
2
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
+ if (k2 === undefined) k2 = k;
4
+ var desc = Object.getOwnPropertyDescriptor(m, k);
5
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
+ desc = { enumerable: true, get: function() { return m[k]; } };
7
+ }
8
+ Object.defineProperty(o, k2, desc);
9
+ }) : (function(o, m, k, k2) {
10
+ if (k2 === undefined) k2 = k;
11
+ o[k2] = m[k];
12
+ }));
13
+ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
14
+ Object.defineProperty(o, "default", { enumerable: true, value: v });
15
+ }) : function(o, v) {
16
+ o["default"] = v;
17
+ });
18
+ var __importStar = (this && this.__importStar) || (function () {
19
+ var ownKeys = function(o) {
20
+ ownKeys = Object.getOwnPropertyNames || function (o) {
21
+ var ar = [];
22
+ for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
23
+ return ar;
24
+ };
25
+ return ownKeys(o);
26
+ };
27
+ return function (mod) {
28
+ if (mod && mod.__esModule) return mod;
29
+ var result = {};
30
+ if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
31
+ __setModuleDefault(result, mod);
32
+ return result;
33
+ };
34
+ })();
35
+ Object.defineProperty(exports, "__esModule", { value: true });
36
+ exports.readDotzenJson = readDotzenJson;
37
+ exports.enforceVersion = enforceVersion;
38
+ const fs = __importStar(require("fs"));
39
+ const path = __importStar(require("path"));
40
+ const result_1 = require("../result/result");
41
+ const CANDIDATES = ['dotzen.json', path.join('.zen', 'dotzen.json')];
42
+ function readDotzenJson(cwd) {
43
+ for (const rel of CANDIDATES) {
44
+ const p = path.join(cwd, rel);
45
+ if (fs.existsSync(p)) {
46
+ const parsed = JSON.parse(fs.readFileSync(p, 'utf8'));
47
+ return (0, result_1.ok)({ config: parsed, baseDir: path.dirname(p) });
48
+ }
49
+ }
50
+ return (0, result_1.err)({ kind: 'ConfigNotFound', path: path.join(cwd, 'dotzen.json') });
51
+ }
52
+ /**
53
+ * The first thing the CLI does. Refuse to run on a version mismatch
54
+ * (doc 03 / engine-dev skill). No pin configured => proceed.
55
+ */
56
+ function enforceVersion(config, running) {
57
+ if (!config.version)
58
+ return (0, result_1.ok)(config);
59
+ if (config.version === running)
60
+ return (0, result_1.ok)(config);
61
+ return (0, result_1.err)({
62
+ kind: 'VersionMismatch',
63
+ required: config.version,
64
+ running,
65
+ });
66
+ }
@@ -0,0 +1,63 @@
1
+ /**
2
+ * Azure (azurerm) vocabulary. Kept in its own provider module — not merged
3
+ * into the AWS `AwsResource`/`AwsAttribute` enums — so each cloud's `spec.ts`
4
+ * reads in its own idiom and the enums stay small ("Prose as Code"). The
5
+ * shared `AnyResource`/`AnyAttribute` unions (in ./index) let the
6
+ * cloud-neutral engine accept every provider's vocabulary.
7
+ */
8
+ export declare enum AzureResource {
9
+ NetworkSecurityGroup = "azurerm_network_security_group",
10
+ NetworkSecurityRule = "azurerm_network_security_rule",
11
+ StorageAccount = "azurerm_storage_account",
12
+ MssqlServer = "azurerm_mssql_server",
13
+ KeyVault = "azurerm_key_vault",
14
+ KubernetesCluster = "azurerm_kubernetes_cluster",
15
+ LinuxWebApp = "azurerm_linux_web_app",
16
+ WindowsWebApp = "azurerm_windows_web_app",
17
+ PostgresqlServer = "azurerm_postgresql_server",
18
+ MysqlServer = "azurerm_mysql_server",
19
+ ContainerRegistry = "azurerm_container_registry",
20
+ CosmosdbAccount = "azurerm_cosmosdb_account",
21
+ RoleDefinition = "azurerm_role_definition",
22
+ RoleAssignment = "azurerm_role_assignment",
23
+ ManagedDisk = "azurerm_managed_disk",
24
+ MonitorDiagnosticSetting = "azurerm_monitor_diagnostic_setting",
25
+ ApiManagement = "azurerm_api_management"
26
+ }
27
+ export declare enum AzureAttribute {
28
+ AllowNestedItemsToBePublic = "allow_nested_items_to_be_public",
29
+ MinTlsVersion = "min_tls_version",
30
+ PublicNetworkAccessEnabled = "public_network_access_enabled",
31
+ MinimumTlsVersion = "minimum_tls_version",
32
+ AdministratorLoginPassword = "administrator_login_password",
33
+ PurgeProtectionEnabled = "purge_protection_enabled",
34
+ PrivateClusterEnabled = "private_cluster_enabled",
35
+ LocalAccountDisabled = "local_account_disabled",
36
+ HttpsOnly = "https_only",
37
+ SslEnforcementEnabled = "ssl_enforcement_enabled",
38
+ AdminEnabled = "admin_enabled",
39
+ RoleActions = "permissions.actions",
40
+ RoleDefinitionName = "role_definition_name",
41
+ NetworkRulesDefaultAction = "network_rules.default_action",
42
+ NetworkAclsDefaultAction = "network_acls.default_action",
43
+ DiskEncryptionSetId = "disk_encryption_set_id",
44
+ TargetResourceId = "target_resource_id",
45
+ EnableFrontendTls10 = "security.enable_frontend_tls10",
46
+ EnableFrontendTls11 = "security.enable_frontend_tls11",
47
+ EnableBackendSsl30 = "security.enable_backend_ssl30"
48
+ }
49
+ export declare enum BuiltInRole {
50
+ Owner = "Owner",
51
+ Contributor = "Contributor"
52
+ }
53
+ export declare enum NetworkDefaultAction {
54
+ Deny = "Deny"
55
+ }
56
+ export declare enum StorageTlsVersion {
57
+ Tls12 = "TLS1_2"
58
+ }
59
+ export declare enum SqlTlsVersion {
60
+ V10 = "1.0",
61
+ V11 = "1.1",
62
+ V12 = "1.2"
63
+ }
@@ -0,0 +1,88 @@
1
+ "use strict";
2
+ /**
3
+ * Azure (azurerm) vocabulary. Kept in its own provider module — not merged
4
+ * into the AWS `AwsResource`/`AwsAttribute` enums — so each cloud's `spec.ts`
5
+ * reads in its own idiom and the enums stay small ("Prose as Code"). The
6
+ * shared `AnyResource`/`AnyAttribute` unions (in ./index) let the
7
+ * cloud-neutral engine accept every provider's vocabulary.
8
+ */
9
+ Object.defineProperty(exports, "__esModule", { value: true });
10
+ exports.SqlTlsVersion = exports.StorageTlsVersion = exports.NetworkDefaultAction = exports.BuiltInRole = exports.AzureAttribute = exports.AzureResource = void 0;
11
+ var AzureResource;
12
+ (function (AzureResource) {
13
+ AzureResource["NetworkSecurityGroup"] = "azurerm_network_security_group";
14
+ // Standalone NSG rule (the decomposed form of an inline `security_rule`).
15
+ AzureResource["NetworkSecurityRule"] = "azurerm_network_security_rule";
16
+ AzureResource["StorageAccount"] = "azurerm_storage_account";
17
+ AzureResource["MssqlServer"] = "azurerm_mssql_server";
18
+ AzureResource["KeyVault"] = "azurerm_key_vault";
19
+ AzureResource["KubernetesCluster"] = "azurerm_kubernetes_cluster";
20
+ AzureResource["LinuxWebApp"] = "azurerm_linux_web_app";
21
+ AzureResource["WindowsWebApp"] = "azurerm_windows_web_app";
22
+ AzureResource["PostgresqlServer"] = "azurerm_postgresql_server";
23
+ AzureResource["MysqlServer"] = "azurerm_mysql_server";
24
+ AzureResource["ContainerRegistry"] = "azurerm_container_registry";
25
+ AzureResource["CosmosdbAccount"] = "azurerm_cosmosdb_account";
26
+ AzureResource["RoleDefinition"] = "azurerm_role_definition";
27
+ AzureResource["RoleAssignment"] = "azurerm_role_assignment";
28
+ AzureResource["ManagedDisk"] = "azurerm_managed_disk";
29
+ AzureResource["MonitorDiagnosticSetting"] = "azurerm_monitor_diagnostic_setting";
30
+ AzureResource["ApiManagement"] = "azurerm_api_management";
31
+ })(AzureResource || (exports.AzureResource = AzureResource = {}));
32
+ var AzureAttribute;
33
+ (function (AzureAttribute) {
34
+ // Storage account
35
+ AzureAttribute["AllowNestedItemsToBePublic"] = "allow_nested_items_to_be_public";
36
+ AzureAttribute["MinTlsVersion"] = "min_tls_version";
37
+ AzureAttribute["PublicNetworkAccessEnabled"] = "public_network_access_enabled";
38
+ // MSSQL server
39
+ AzureAttribute["MinimumTlsVersion"] = "minimum_tls_version";
40
+ AzureAttribute["AdministratorLoginPassword"] = "administrator_login_password";
41
+ // Key Vault
42
+ AzureAttribute["PurgeProtectionEnabled"] = "purge_protection_enabled";
43
+ // AKS
44
+ AzureAttribute["PrivateClusterEnabled"] = "private_cluster_enabled";
45
+ AzureAttribute["LocalAccountDisabled"] = "local_account_disabled";
46
+ // App Service (Linux/Windows web app)
47
+ AzureAttribute["HttpsOnly"] = "https_only";
48
+ // PostgreSQL / MySQL single server
49
+ AzureAttribute["SslEnforcementEnabled"] = "ssl_enforcement_enabled";
50
+ // Container Registry
51
+ AzureAttribute["AdminEnabled"] = "admin_enabled";
52
+ // RBAC (role_definition permissions block flattens to a list)
53
+ AzureAttribute["RoleActions"] = "permissions.actions";
54
+ AzureAttribute["RoleDefinitionName"] = "role_definition_name";
55
+ // Network default-deny (nested) + CMK + diagnostic association
56
+ AzureAttribute["NetworkRulesDefaultAction"] = "network_rules.default_action";
57
+ AzureAttribute["NetworkAclsDefaultAction"] = "network_acls.default_action";
58
+ AzureAttribute["DiskEncryptionSetId"] = "disk_encryption_set_id";
59
+ AzureAttribute["TargetResourceId"] = "target_resource_id";
60
+ // API Management legacy protocol toggles (nested under `security`)
61
+ AzureAttribute["EnableFrontendTls10"] = "security.enable_frontend_tls10";
62
+ AzureAttribute["EnableFrontendTls11"] = "security.enable_frontend_tls11";
63
+ AzureAttribute["EnableBackendSsl30"] = "security.enable_backend_ssl30";
64
+ })(AzureAttribute || (exports.AzureAttribute = AzureAttribute = {}));
65
+ // Built-in Azure roles that grant broad control (for denyValue on an
66
+ // azurerm_role_assignment).
67
+ var BuiltInRole;
68
+ (function (BuiltInRole) {
69
+ BuiltInRole["Owner"] = "Owner";
70
+ BuiltInRole["Contributor"] = "Contributor";
71
+ })(BuiltInRole || (exports.BuiltInRole = BuiltInRole = {}));
72
+ // The secure default_action for storage/key-vault network rules.
73
+ var NetworkDefaultAction;
74
+ (function (NetworkDefaultAction) {
75
+ NetworkDefaultAction["Deny"] = "Deny";
76
+ })(NetworkDefaultAction || (exports.NetworkDefaultAction = NetworkDefaultAction = {}));
77
+ // Storage account TLS floor (note the storage-specific `TLS1_2` spelling).
78
+ var StorageTlsVersion;
79
+ (function (StorageTlsVersion) {
80
+ StorageTlsVersion["Tls12"] = "TLS1_2";
81
+ })(StorageTlsVersion || (exports.StorageTlsVersion = StorageTlsVersion = {}));
82
+ // MSSQL server TLS versions (a bare numeric string, unlike storage).
83
+ var SqlTlsVersion;
84
+ (function (SqlTlsVersion) {
85
+ SqlTlsVersion["V10"] = "1.0";
86
+ SqlTlsVersion["V11"] = "1.1";
87
+ SqlTlsVersion["V12"] = "1.2";
88
+ })(SqlTlsVersion || (exports.SqlTlsVersion = SqlTlsVersion = {}));
@@ -0,0 +1,57 @@
1
+ /**
2
+ * GCP (google) vocabulary. Its own provider module, like Azure's — behind
3
+ * the shared `AnyResource`/`AnyAttribute` unions in ./index. Members drop
4
+ * the provider prefix (`GcpResource.StorageBucket`), matching AWS/Azure.
5
+ *
6
+ * Note the concept-not-parity mapping: GCP's public-exposure and
7
+ * over-permission risks live in IAM *members* (`allUsers`) and *primitive
8
+ * roles* (`roles/owner`), which are the analog of an AWS `Action:"*"`
9
+ * wildcard — expressed here with the generic `denyValue` condition.
10
+ */
11
+ export declare enum GcpResource {
12
+ ComputeFirewall = "google_compute_firewall",
13
+ StorageBucket = "google_storage_bucket",
14
+ StorageBucketIamMember = "google_storage_bucket_iam_member",
15
+ ProjectIamMember = "google_project_iam_member",
16
+ ComputeInstance = "google_compute_instance",
17
+ SqlDatabaseInstance = "google_sql_database_instance",
18
+ ContainerCluster = "google_container_cluster",
19
+ KmsCryptoKey = "google_kms_crypto_key",
20
+ ComputeSubnetwork = "google_compute_subnetwork"
21
+ }
22
+ export declare enum GcpAttribute {
23
+ PublicAccessPrevention = "public_access_prevention",
24
+ UniformBucketLevelAccess = "uniform_bucket_level_access",
25
+ Member = "member",
26
+ Role = "role",
27
+ ServiceAccountScopes = "service_account.scopes",
28
+ RootPassword = "root_password",
29
+ Ipv4Enabled = "settings.ip_configuration.ipv4_enabled",
30
+ SslMode = "settings.ip_configuration.ssl_mode",
31
+ CanIpForward = "can_ip_forward",
32
+ EnableSecureBoot = "shielded_instance_config.enable_secure_boot",
33
+ EnableLegacyAbac = "enable_legacy_abac",
34
+ EnablePrivateNodes = "private_cluster_config.enable_private_nodes",
35
+ NetworkPolicyEnabled = "network_policy.enabled",
36
+ RotationPeriod = "rotation_period",
37
+ VersioningEnabled = "versioning.enabled"
38
+ }
39
+ export declare enum PublicAccessPreventionMode {
40
+ Enforced = "enforced"
41
+ }
42
+ export declare enum IamMember {
43
+ AllUsers = "allUsers",
44
+ AllAuthenticatedUsers = "allAuthenticatedUsers"
45
+ }
46
+ export declare enum PrimitiveRole {
47
+ Owner = "roles/owner",
48
+ Editor = "roles/editor"
49
+ }
50
+ export declare enum OauthScope {
51
+ CloudPlatform = "https://www.googleapis.com/auth/cloud-platform",
52
+ CloudPlatformAlias = "cloud-platform"
53
+ }
54
+ export declare enum SqlSslMode {
55
+ EncryptedOnly = "ENCRYPTED_ONLY",
56
+ TrustedClientCertRequired = "TRUSTED_CLIENT_CERTIFICATE_REQUIRED"
57
+ }
@@ -0,0 +1,80 @@
1
+ "use strict";
2
+ /**
3
+ * GCP (google) vocabulary. Its own provider module, like Azure's — behind
4
+ * the shared `AnyResource`/`AnyAttribute` unions in ./index. Members drop
5
+ * the provider prefix (`GcpResource.StorageBucket`), matching AWS/Azure.
6
+ *
7
+ * Note the concept-not-parity mapping: GCP's public-exposure and
8
+ * over-permission risks live in IAM *members* (`allUsers`) and *primitive
9
+ * roles* (`roles/owner`), which are the analog of an AWS `Action:"*"`
10
+ * wildcard — expressed here with the generic `denyValue` condition.
11
+ */
12
+ Object.defineProperty(exports, "__esModule", { value: true });
13
+ exports.SqlSslMode = exports.OauthScope = exports.PrimitiveRole = exports.IamMember = exports.PublicAccessPreventionMode = exports.GcpAttribute = exports.GcpResource = void 0;
14
+ var GcpResource;
15
+ (function (GcpResource) {
16
+ GcpResource["ComputeFirewall"] = "google_compute_firewall";
17
+ GcpResource["StorageBucket"] = "google_storage_bucket";
18
+ GcpResource["StorageBucketIamMember"] = "google_storage_bucket_iam_member";
19
+ GcpResource["ProjectIamMember"] = "google_project_iam_member";
20
+ GcpResource["ComputeInstance"] = "google_compute_instance";
21
+ GcpResource["SqlDatabaseInstance"] = "google_sql_database_instance";
22
+ GcpResource["ContainerCluster"] = "google_container_cluster";
23
+ GcpResource["KmsCryptoKey"] = "google_kms_crypto_key";
24
+ GcpResource["ComputeSubnetwork"] = "google_compute_subnetwork";
25
+ })(GcpResource || (exports.GcpResource = GcpResource = {}));
26
+ var GcpAttribute;
27
+ (function (GcpAttribute) {
28
+ // Storage bucket
29
+ GcpAttribute["PublicAccessPrevention"] = "public_access_prevention";
30
+ GcpAttribute["UniformBucketLevelAccess"] = "uniform_bucket_level_access";
31
+ // IAM member (bucket + project)
32
+ GcpAttribute["Member"] = "member";
33
+ GcpAttribute["Role"] = "role";
34
+ // Compute instance (nested → dotted)
35
+ GcpAttribute["ServiceAccountScopes"] = "service_account.scopes";
36
+ // Cloud SQL
37
+ GcpAttribute["RootPassword"] = "root_password";
38
+ GcpAttribute["Ipv4Enabled"] = "settings.ip_configuration.ipv4_enabled";
39
+ GcpAttribute["SslMode"] = "settings.ip_configuration.ssl_mode";
40
+ // Compute instance hardening
41
+ GcpAttribute["CanIpForward"] = "can_ip_forward";
42
+ GcpAttribute["EnableSecureBoot"] = "shielded_instance_config.enable_secure_boot";
43
+ // GKE (google_container_cluster)
44
+ GcpAttribute["EnableLegacyAbac"] = "enable_legacy_abac";
45
+ GcpAttribute["EnablePrivateNodes"] = "private_cluster_config.enable_private_nodes";
46
+ GcpAttribute["NetworkPolicyEnabled"] = "network_policy.enabled";
47
+ // KMS
48
+ GcpAttribute["RotationPeriod"] = "rotation_period";
49
+ // Storage bucket hardening
50
+ GcpAttribute["VersioningEnabled"] = "versioning.enabled";
51
+ })(GcpAttribute || (exports.GcpAttribute = GcpAttribute = {}));
52
+ var PublicAccessPreventionMode;
53
+ (function (PublicAccessPreventionMode) {
54
+ PublicAccessPreventionMode["Enforced"] = "enforced";
55
+ })(PublicAccessPreventionMode || (exports.PublicAccessPreventionMode = PublicAccessPreventionMode = {}));
56
+ // Public IAM principals — the GCP "public exposure" anti-pattern.
57
+ var IamMember;
58
+ (function (IamMember) {
59
+ IamMember["AllUsers"] = "allUsers";
60
+ IamMember["AllAuthenticatedUsers"] = "allAuthenticatedUsers";
61
+ })(IamMember || (exports.IamMember = IamMember = {}));
62
+ // Primitive roles — the GCP over-permission anti-pattern (analog of `*`).
63
+ var PrimitiveRole;
64
+ (function (PrimitiveRole) {
65
+ PrimitiveRole["Owner"] = "roles/owner";
66
+ PrimitiveRole["Editor"] = "roles/editor";
67
+ })(PrimitiveRole || (exports.PrimitiveRole = PrimitiveRole = {}));
68
+ // Broad OAuth scopes on an instance service account (both alias + full URL).
69
+ var OauthScope;
70
+ (function (OauthScope) {
71
+ OauthScope["CloudPlatform"] = "https://www.googleapis.com/auth/cloud-platform";
72
+ OauthScope["CloudPlatformAlias"] = "cloud-platform";
73
+ })(OauthScope || (exports.OauthScope = OauthScope = {}));
74
+ // Cloud SQL SSL modes considered secure (the insecure default is
75
+ // ALLOW_UNENCRYPTED_AND_ENCRYPTED). Use with `mustBeOneOf`.
76
+ var SqlSslMode;
77
+ (function (SqlSslMode) {
78
+ SqlSslMode["EncryptedOnly"] = "ENCRYPTED_ONLY";
79
+ SqlSslMode["TrustedClientCertRequired"] = "TRUSTED_CLIENT_CERTIFICATE_REQUIRED";
80
+ })(SqlSslMode || (exports.SqlSslMode = SqlSslMode = {}));
@@ -0,0 +1,174 @@
1
+ import { AzureResource, AzureAttribute } from './azure';
2
+ import { GcpResource, GcpAttribute } from './gcp';
3
+ /**
4
+ * Closed vocabulary for every domain value (doc 02). No bare strings.
5
+ *
6
+ * NOTE: doc 02 specifies `const enum`. We use regular `enum` here because
7
+ * `const enum` cannot be inlined across files by the esbuild/Vitest
8
+ * transpiler under `isolatedModules`. Regular `enum` gives the identical
9
+ * typo-safety (a misspelled member is a compile error); only cross-file
10
+ * inlining differs, which is irrelevant here. See doc 02 note.
11
+ */
12
+ export declare enum AwsResource {
13
+ SecurityGroup = "aws_security_group",
14
+ VpcSecurityGroupIngressRule = "aws_vpc_security_group_ingress_rule",
15
+ DbInstance = "aws_db_instance",
16
+ S3Bucket = "aws_s3_bucket",
17
+ S3BucketAcl = "aws_s3_bucket_acl",
18
+ S3BucketPublicAccessBlock = "aws_s3_bucket_public_access_block",
19
+ S3BucketPolicy = "aws_s3_bucket_policy",
20
+ EbsVolume = "aws_ebs_volume",
21
+ EfsFileSystem = "aws_efs_file_system",
22
+ KmsKey = "aws_kms_key",
23
+ Instance = "aws_instance",
24
+ DynamodbTable = "aws_dynamodb_table",
25
+ EcrRepository = "aws_ecr_repository",
26
+ IamPolicy = "aws_iam_policy",
27
+ IamRolePolicy = "aws_iam_role_policy",
28
+ EcsService = "aws_ecs_service",
29
+ EksCluster = "aws_eks_cluster",
30
+ Lb = "aws_lb",
31
+ LbListener = "aws_lb_listener",
32
+ EcsTaskDefinition = "aws_ecs_task_definition",
33
+ SecretsmanagerSecretVersion = "aws_secretsmanager_secret_version",
34
+ RdsCluster = "aws_rds_cluster",
35
+ RedshiftCluster = "aws_redshift_cluster",
36
+ ElasticacheReplicationGroup = "aws_elasticache_replication_group",
37
+ S3BucketServerSideEncryptionConfiguration = "aws_s3_bucket_server_side_encryption_configuration",
38
+ S3BucketVersioning = "aws_s3_bucket_versioning",
39
+ SecretsmanagerSecret = "aws_secretsmanager_secret",
40
+ SecretsmanagerSecretRotation = "aws_secretsmanager_secret_rotation",
41
+ Vpc = "aws_vpc",
42
+ FlowLog = "aws_flow_log",
43
+ Subnet = "aws_subnet",
44
+ Cloudtrail = "aws_cloudtrail",
45
+ IamAccountPasswordPolicy = "aws_iam_account_password_policy",
46
+ ApiGatewayMethod = "aws_api_gateway_method",
47
+ ApiGatewayStage = "aws_api_gateway_stage",
48
+ Apigatewayv2Stage = "aws_apigatewayv2_stage"
49
+ }
50
+ export declare enum Block {
51
+ EncryptionConfig = "encryption_config",
52
+ NetworkInterfaceAccessConfig = "network_interface.access_config",
53
+ LogConfig = "log_config",
54
+ Logging = "logging",
55
+ AccessLogSettings = "access_log_settings"
56
+ }
57
+ export declare enum Wildcard {
58
+ All = "*"
59
+ }
60
+ export declare enum ApiGatewayAuthorization {
61
+ None = "NONE"
62
+ }
63
+ export { AzureResource, AzureAttribute, StorageTlsVersion, SqlTlsVersion, BuiltInRole, NetworkDefaultAction, } from './azure';
64
+ export { GcpResource, GcpAttribute, PublicAccessPreventionMode, IamMember, PrimitiveRole, OauthScope, SqlSslMode, } from './gcp';
65
+ export type AnyResource = AwsResource | AzureResource | GcpResource;
66
+ export type AnyAttribute = AwsAttribute | AzureAttribute | GcpAttribute;
67
+ export declare enum Port {
68
+ SSH = 22,
69
+ RDP = 3389,
70
+ Postgres = 5432,
71
+ MySQL = 3306
72
+ }
73
+ export declare enum Cidr {
74
+ Internet = "0.0.0.0/0",
75
+ InternetV6 = "::/0"
76
+ }
77
+ export declare enum Effect {
78
+ Block = "block",
79
+ Warn = "warn",
80
+ RequireApproval = "require_approval"
81
+ }
82
+ export declare enum Tag {
83
+ Team = "team",
84
+ CostCenter = "cost_center",
85
+ Environment = "environment",
86
+ DataClassification = "data_classification"
87
+ }
88
+ export declare enum AwsAttribute {
89
+ StorageEncrypted = "storage_encrypted",
90
+ PubliclyAccessible = "publicly_accessible",
91
+ MultiAz = "multi_az",
92
+ DeletionProtection = "deletion_protection",
93
+ IamDatabaseAuthenticationEnabled = "iam_database_authentication_enabled",
94
+ Encrypted = "encrypted",
95
+ EnableKeyRotation = "enable_key_rotation",
96
+ BlockPublicAcls = "block_public_acls",
97
+ BlockPublicPolicy = "block_public_policy",
98
+ IgnorePublicAcls = "ignore_public_acls",
99
+ RestrictPublicBuckets = "restrict_public_buckets",
100
+ BackupRetentionPeriod = "backup_retention_period",
101
+ HttpTokens = "metadata_options.http_tokens",
102
+ ServerSideEncryptionEnabled = "server_side_encryption.enabled",
103
+ PointInTimeRecoveryEnabled = "point_in_time_recovery.enabled",
104
+ ImageScanOnPush = "image_scanning_configuration.scan_on_push",
105
+ RootBlockDeviceEncrypted = "root_block_device.encrypted",
106
+ AssociatePublicIpAddress = "associate_public_ip_address",
107
+ AssignPublicIp = "network_configuration.assign_public_ip",
108
+ EndpointPublicAccess = "vpc_config.endpoint_public_access",
109
+ AccessLogsEnabled = "access_logs.enabled",
110
+ DropInvalidHeaderFields = "drop_invalid_header_fields",
111
+ PublicAccessCidrs = "vpc_config.public_access_cidrs",
112
+ EnabledClusterLogTypes = "enabled_cluster_log_types",
113
+ SslPolicy = "ssl_policy",
114
+ Protocol = "protocol",
115
+ SecretString = "secret_string",
116
+ Password = "password",
117
+ MasterPassword = "master_password",
118
+ AuthToken = "auth_token",
119
+ Bucket = "bucket",
120
+ SecretId = "secret_id",
121
+ VpcId = "vpc_id",
122
+ MapPublicIpOnLaunch = "map_public_ip_on_launch",
123
+ AssignIpv6AddressOnCreation = "assign_ipv6_address_on_creation",
124
+ IsMultiRegionTrail = "is_multi_region_trail",
125
+ EnableLogFileValidation = "enable_log_file_validation",
126
+ KmsKeyId = "kms_key_id",
127
+ MinimumPasswordLength = "minimum_password_length",
128
+ RequireSymbols = "require_symbols",
129
+ RequireNumbers = "require_numbers",
130
+ RequireUppercaseCharacters = "require_uppercase_characters",
131
+ RequireLowercaseCharacters = "require_lowercase_characters",
132
+ PasswordReusePrevention = "password_reuse_prevention",
133
+ MaxPasswordAge = "max_password_age",
134
+ Authorization = "authorization",
135
+ XrayTracingEnabled = "xray_tracing_enabled"
136
+ }
137
+ export declare enum TlsPolicy {
138
+ Legacy2015 = "ELBSecurityPolicy-2015-05",
139
+ Tls10 = "ELBSecurityPolicy-TLS-1-0-2015-04",
140
+ Tls11 = "ELBSecurityPolicy-TLS-1-1-2017-01"
141
+ }
142
+ export declare enum Protocol {
143
+ Http = "HTTP",
144
+ Https = "HTTPS",
145
+ Tcp = "TCP",
146
+ Tls = "TLS"
147
+ }
148
+ export declare enum EksLogType {
149
+ Api = "api",
150
+ Audit = "audit",
151
+ Authenticator = "authenticator",
152
+ ControllerManager = "controllerManager",
153
+ Scheduler = "scheduler"
154
+ }
155
+ export declare enum HttpTokens {
156
+ Optional = "optional",
157
+ Required = "required"
158
+ }
159
+ export declare enum Acl {
160
+ Private = "private",
161
+ PublicRead = "public-read",
162
+ PublicReadWrite = "public-read-write"
163
+ }
164
+ export declare enum Environment {
165
+ Development = "development",
166
+ Staging = "staging",
167
+ Production = "production"
168
+ }
169
+ export declare enum Approver {
170
+ PlatformTeam = "platform-team",
171
+ SecurityArchitect = "security-architect",
172
+ FinOps = "finops",
173
+ SRE = "sre"
174
+ }