@pierskarsenbarg/sdm 1.26.0 → 1.27.0

package/types/output.d.ts

@@ -52,6 +52,30 @@ export interface AccountUser {
         [key: string]: string;
     };
 }
+export interface ApprovalWorkflowApprovalStep {
+    /**
+     * The approvers for this approval step
+     */
+    approvers: outputs.ApprovalWorkflowApprovalStepApprover[];
+    /**
+     * Whether any or all approvers are required to approve for this approval step (optional, defaults to any)
+     */
+    quantifier?: string;
+    /**
+     * Duration after which this approval step will be skipped if no approval is given (optional, if not provided this step must be manually approved)
+     */
+    skipAfter?: string;
+}
+export interface ApprovalWorkflowApprovalStepApprover {
+    /**
+     * The account id of the approver (only an accountId OR a roleId may be present for one approver)
+     */
+    accountId?: string;
+    /**
+     * The role id of the approver (only an accountId OR a roleId may be present for one approver)
+     */
+    roleId?: string;
+}
 export interface GetAccountAccount {
     /**
      * A Service is a service account that can connect to resources they are granted directly, or granted via roles. Services are typically automated jobs.
@@ -180,11 +204,39 @@ export interface GetAccountAttachmentAccountAttachment {
      */
     roleId?: string;
 }
+export interface GetApprovalWorkflowApprovalStep {
+    /**
+     * The approvers for this approval step
+     */
+    approvers: outputs.GetApprovalWorkflowApprovalStepApprover[];
+    /**
+     * Whether any or all approvers are required to approve for this approval step (optional, defaults to any)
+     */
+    quantifier?: string;
+    /**
+     * Duration after which this approval step will be skipped if no approval is given (optional, if not provided this step must be manually approved)
+     */
+    skipAfter?: string;
+}
+export interface GetApprovalWorkflowApprovalStepApprover {
+    /**
+     * The account id of the approver (only an accountId OR a roleId may be present for one approver)
+     */
+    accountId?: string;
+    /**
+     * The role id of the approver (only an accountId OR a roleId may be present for one approver)
+     */
+    roleId?: string;
+}
 export interface GetApprovalWorkflowApprovalWorkflow {
     /**
      * Approval mode of the ApprovalWorkflow
      */
     approvalMode?: string;
+    /**
+     * The approval steps of this approval workflow
+     */
+    approvalSteps?: outputs.GetApprovalWorkflowApprovalWorkflowApprovalStep[];
     /**
      * Optional description of the ApprovalWorkflow.
      */
@@ -198,37 +250,29 @@ export interface GetApprovalWorkflowApprovalWorkflow {
      */
     name?: string;
 }
-export interface GetApprovalWorkflowApproverApprovalWorkflowApprover {
-    /**
-     * The approver account id.
-     */
-    accountId?: string;
-    /**
-     * The approval flow id specified the approval workflow that this approver belongs to
-     */
-    approvalFlowId?: string;
+export interface GetApprovalWorkflowApprovalWorkflowApprovalStep {
     /**
-     * The approval step id specified the approval flow step that this approver belongs to
+     * The approvers for this approval step
      */
-    approvalStepId?: string;
+    approvers: outputs.GetApprovalWorkflowApprovalWorkflowApprovalStepApprover[];
     /**
-     * Unique identifier of the ApprovalWorkflowApprover.
+     * Whether any or all approvers are required to approve for this approval step (optional, defaults to any)
      */
-    id?: string;
+    quantifier?: string;
     /**
-     * The approver role id
+     * Duration after which this approval step will be skipped if no approval is given (optional, if not provided this step must be manually approved)
      */
-    roleId?: string;
+    skipAfter?: string;
 }
-export interface GetApprovalWorkflowStepApprovalWorkflowStep {
+export interface GetApprovalWorkflowApprovalWorkflowApprovalStepApprover {
     /**
-     * The approval flow id specified the approval workfflow that this step belongs to
+     * The account id of the approver (only an accountId OR a roleId may be present for one approver)
      */
-    approvalFlowId?: string;
+    accountId?: string;
     /**
-     * Unique identifier of the ApprovalWorkflowStep.
+     * The role id of the approver (only an accountId OR a roleId may be present for one approver)
      */
-    id?: string;
+    roleId?: string;
 }
 export interface GetIdentityAliasIdentityAlias {
     /**
@@ -258,6 +302,46 @@ export interface GetIdentitySetIdentitySet {
      */
     name?: string;
 }
+export interface GetManagedSecretManagedSecret {
+    /**
+     * public part of the secret value
+     */
+    config: string;
+    /**
+     * Timestamp of when secret is going to be rotated
+     */
+    expiresAt: string;
+    /**
+     * Unique identifier of the Managed Secret.
+     */
+    id?: string;
+    /**
+     * Timestamp of when secret was last rotated
+     */
+    lastRotatedAt: string;
+    /**
+     * Unique human-readable name of the Managed Secret.
+     */
+    name?: string;
+    /**
+     * An ID of a Secret Engine linked with the Managed Secret.
+     */
+    secretEngineId?: string;
+    /**
+     * Path in a secret store.
+     */
+    secretStorePath: string;
+    /**
+     * Tags is a map of key, value pairs.
+     */
+    tags?: {
+        [key: string]: string;
+    };
+    /**
+     * Sensitive value of the secret.
+     */
+    value?: string;
+}
 export interface GetNodeNode {
     /**
      * Gateway represents a StrongDM CLI installation running in gateway mode.
@@ -581,6 +665,7 @@ export interface GetResourceResource {
     rdps: outputs.GetResourceResourceRdp[];
     rdsPostgresIams: outputs.GetResourceResourceRdsPostgresIam[];
     redis: outputs.GetResourceResourceRedi[];
+    redisClusters: outputs.GetResourceResourceRedisCluster[];
     redshiftIams: outputs.GetResourceResourceRedshiftIam[];
     redshiftServerlessIams: outputs.GetResourceResourceRedshiftServerlessIam[];
     redshifts: outputs.GetResourceResourceRedshift[];
@@ -598,6 +683,7 @@ export interface GetResourceResource {
     sybases: outputs.GetResourceResourceSybase[];
     teradatas: outputs.GetResourceResourceTeradata[];
     trinos: outputs.GetResourceResourceTrino[];
+    verticas: outputs.GetResourceResourceVertica[];
 }
 export interface GetResourceResourceAk {
     /**
@@ -5980,6 +6066,66 @@ export interface GetResourceResourceRedi {
      */
     username?: string;
 }
+export interface GetResourceResourceRedisCluster {
+    /**
+     * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
+     */
+    bindInterface?: string;
+    /**
+     * A filter applied to the routing logic to pin datasource to nodes.
+     */
+    egressFilter?: string;
+    /**
+     * The host to dial to initiate a connection from the egress node to this resource.
+     */
+    hostname?: string;
+    /**
+     * Unique identifier of the Resource.
+     */
+    id?: string;
+    /**
+     * Unique human-readable name of the Resource.
+     */
+    name?: string;
+    /**
+     * The password to authenticate with.
+     */
+    password?: string;
+    /**
+     * The port to dial to initiate a connection from the egress node to this resource.
+     */
+    port?: number;
+    /**
+     * The local port used by clients to connect to this resource.
+     */
+    portOverride?: number;
+    /**
+     * ID of the proxy cluster for this resource, if any.
+     */
+    proxyClusterId?: string;
+    /**
+     * ID of the secret store containing credentials for this resource, if any.
+     */
+    secretStoreId?: string;
+    /**
+     * Subdomain is the local DNS address.  (e.g. app-prod1 turns into app-prod1.your-org-name.sdm.network)
+     */
+    subdomain?: string;
+    /**
+     * Tags is a map of key, value pairs.
+     */
+    tags?: {
+        [key: string]: string;
+    };
+    /**
+     * If set, TLS must be used to connect to this resource.
+     */
+    tlsRequired?: boolean;
+    /**
+     * The username to authenticate with.
+     */
+    username?: string;
+}
 export interface GetResourceResourceRedshift {
     /**
      * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
@@ -6751,6 +6897,14 @@ export interface GetResourceResourceSshCustomerKey {
      * Unique identifier of the Resource.
      */
     id?: string;
+    /**
+     * The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
+     */
+    identityAliasHealthcheckUsername?: string;
+    /**
+     * The ID of the identity set to use for identity connections.
+     */
+    identitySetId?: string;
     /**
      * Unique human-readable name of the Resource.
      */
@@ -7086,6 +7240,66 @@ export interface GetResourceResourceTrino {
      */
     username?: string;
 }
+export interface GetResourceResourceVertica {
+    /**
+     * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
+     */
+    bindInterface?: string;
+    /**
+     * The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
+     */
+    database?: string;
+    /**
+     * A filter applied to the routing logic to pin datasource to nodes.
+     */
+    egressFilter?: string;
+    /**
+     * The host to dial to initiate a connection from the egress node to this resource.
+     */
+    hostname?: string;
+    /**
+     * Unique identifier of the Resource.
+     */
+    id?: string;
+    /**
+     * Unique human-readable name of the Resource.
+     */
+    name?: string;
+    /**
+     * The password to authenticate with.
+     */
+    password?: string;
+    /**
+     * The port to dial to initiate a connection from the egress node to this resource.
+     */
+    port?: number;
+    /**
+     * The local port used by clients to connect to this resource.
+     */
+    portOverride?: number;
+    /**
+     * ID of the proxy cluster for this resource, if any.
+     */
+    proxyClusterId?: string;
+    /**
+     * ID of the secret store containing credentials for this resource, if any.
+     */
+    secretStoreId?: string;
+    /**
+     * Subdomain is the local DNS address.  (e.g. app-prod1 turns into app-prod1.your-org-name.sdm.network)
+     */
+    subdomain?: string;
+    /**
+     * Tags is a map of key, value pairs.
+     */
+    tags?: {
+        [key: string]: string;
+    };
+    /**
+     * The username to authenticate with.
+     */
+    username?: string;
+}
 export interface GetRoleRole {
     /**
      * AccessRules is a list of access rules defining the resources this Role has access to.
@@ -7110,6 +7324,130 @@ export interface GetRoleRole {
         [key: string]: string;
     };
 }
+export interface GetSecretEngineSecretEngine {
+    activeDirectories: outputs.GetSecretEngineSecretEngineActiveDirectory[];
+    keyValues: outputs.GetSecretEngineSecretEngineKeyValue[];
+}
+export interface GetSecretEngineSecretEngineActiveDirectory {
+    /**
+     * The default time-to-live duration of the password after it's read. Once the ttl has passed, a password will be rotated.
+     */
+    afterReadTtl?: string;
+    /**
+     * Distinguished name of object to bind when performing user and group search. Example: cn=vault,ou=Users,dc=example,dc=com
+     */
+    binddn?: string;
+    /**
+     * Password to use along with binddn when performing user search.
+     */
+    bindpass?: string;
+    /**
+     * CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded.
+     */
+    certificate?: string;
+    /**
+     * Timeout, in seconds, when attempting to connect to the LDAP server before trying the next URL in the configuration.
+     */
+    connectionTimeout?: number;
+    /**
+     * If set to true this will prevent password change timestamp validation in Active Directory when validating credentials
+     */
+    doNotValidateTimestamps?: boolean;
+    /**
+     * Unique identifier of the Secret Engine.
+     */
+    id?: string;
+    /**
+     * If true, skips LDAP server SSL certificate verification - insecure, use with caution!
+     */
+    insecureTls?: boolean;
+    /**
+     * An interval of public/private key rotation for secret engine in days
+     */
+    keyRotationIntervalDays?: number;
+    /**
+     * The maximum retry duration in case of automatic failure. On failed ttl rotation attempt it will be retried in an increasing intervals until it reaches max_backoff_duration
+     */
+    maxBackoffDuration?: string;
+    /**
+     * Unique human-readable name of the Secret Engine.
+     */
+    name?: string;
+    /**
+     * Public key linked with a secret engine
+     */
+    publicKey: string;
+    /**
+     * Timeout, in seconds, for the connection when making requests against the server before returning back an error.
+     */
+    requestTimeout?: number;
+    /**
+     * Backing secret store identifier
+     */
+    secretStoreId?: string;
+    /**
+     * Backing Secret Store root path where managed secrets are going to be stored
+     */
+    secretStoreRootPath?: string;
+    /**
+     * If true, issues a StartTLS command after establishing an unencrypted connection.
+     */
+    startTls?: boolean;
+    /**
+     * Tags is a map of key, value pairs.
+     */
+    tags?: {
+        [key: string]: string;
+    };
+    /**
+     * The default password time-to-live duration. Once the ttl has passed, a password will be rotated the next time it's requested.
+     */
+    ttl?: string;
+    /**
+     * The domain (userPrincipalDomain) used to construct a UPN string for authentication.
+     */
+    upndomain?: string;
+    /**
+     * The LDAP server to connect to.
+     */
+    url?: string;
+    /**
+     * Base DN under which to perform user search. Example: ou=Users,dc=example,dc=com
+     */
+    userdn?: string;
+}
+export interface GetSecretEngineSecretEngineKeyValue {
+    /**
+     * Unique identifier of the Secret Engine.
+     */
+    id?: string;
+    /**
+     * An interval of public/private key rotation for secret engine in days
+     */
+    keyRotationIntervalDays?: number;
+    /**
+     * Unique human-readable name of the Secret Engine.
+     */
+    name?: string;
+    /**
+     * Public key linked with a secret engine
+     */
+    publicKey: string;
+    /**
+     * Backing secret store identifier
+     */
+    secretStoreId?: string;
+    /**
+     * Backing Secret Store root path where managed secrets are going to be stored
+     */
+    secretStoreRootPath?: string;
+    /**
+     * Tags is a map of key, value pairs.
+     */
+    tags?: {
+        [key: string]: string;
+    };
+}
 export interface GetSecretStoreSecretStore {
     activeDirectoryStores: outputs.GetSecretStoreSecretStoreActiveDirectoryStore[];
     aws: outputs.GetSecretStoreSecretStoreAw[];
@@ -13074,6 +13412,62 @@ export interface ResourceRedis {
      */
     username?: string;
 }
+export interface ResourceRedisCluster {
+    /**
+     * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
+     */
+    bindInterface: string;
+    /**
+     * A filter applied to the routing logic to pin datasource to nodes.
+     */
+    egressFilter?: string;
+    /**
+     * The host to dial to initiate a connection from the egress node to this resource.
+     */
+    hostname: string;
+    /**
+     * Unique human-readable name of the Resource.
+     */
+    name: string;
+    /**
+     * The password to authenticate with.
+     */
+    password?: string;
+    /**
+     * The port to dial to initiate a connection from the egress node to this resource.
+     */
+    port?: number;
+    /**
+     * The local port used by clients to connect to this resource.
+     */
+    portOverride: number;
+    /**
+     * ID of the proxy cluster for this resource, if any.
+     */
+    proxyClusterId?: string;
+    /**
+     * ID of the secret store containing credentials for this resource, if any.
+     */
+    secretStoreId?: string;
+    /**
+     * Subdomain is the local DNS address.  (e.g. app-prod1 turns into app-prod1.your-org-name.sdm.network)
+     */
+    subdomain: string;
+    /**
+     * Tags is a map of key, value pairs.
+     */
+    tags?: {
+        [key: string]: string;
+    };
+    /**
+     * If set, TLS must be used to connect to this resource.
+     */
+    tlsRequired?: boolean;
+    /**
+     * The username to authenticate with.
+     */
+    username?: string;
+}
 export interface ResourceRedshift {
     /**
      * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
@@ -13797,6 +14191,14 @@ export interface ResourceSshCustomerKey {
      * The host to dial to initiate a connection from the egress node to this resource.
      */
     hostname: string;
+    /**
+     * The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
+     */
+    identityAliasHealthcheckUsername?: string;
+    /**
+     * The ID of the identity set to use for identity connections.
+     */
+    identitySetId?: string;
     /**
      * Unique human-readable name of the Resource.
      */
@@ -14112,6 +14514,175 @@ export interface ResourceTrino {
      */
     username?: string;
 }
+export interface ResourceVertica {
+    /**
+     * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
+     */
+    bindInterface: string;
+    /**
+     * The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
+     */
+    database: string;
+    /**
+     * A filter applied to the routing logic to pin datasource to nodes.
+     */
+    egressFilter?: string;
+    /**
+     * The host to dial to initiate a connection from the egress node to this resource.
+     */
+    hostname: string;
+    /**
+     * Unique human-readable name of the Resource.
+     */
+    name: string;
+    /**
+     * The password to authenticate with.
+     */
+    password?: string;
+    /**
+     * The port to dial to initiate a connection from the egress node to this resource.
+     */
+    port?: number;
+    /**
+     * The local port used by clients to connect to this resource.
+     */
+    portOverride: number;
+    /**
+     * ID of the proxy cluster for this resource, if any.
+     */
+    proxyClusterId?: string;
+    /**
+     * ID of the secret store containing credentials for this resource, if any.
+     */
+    secretStoreId?: string;
+    /**
+     * Subdomain is the local DNS address.  (e.g. app-prod1 turns into app-prod1.your-org-name.sdm.network)
+     */
+    subdomain: string;
+    /**
+     * Tags is a map of key, value pairs.
+     */
+    tags?: {
+        [key: string]: string;
+    };
+    /**
+     * The username to authenticate with.
+     */
+    username?: string;
+}
+export interface SecretEngineActiveDirectory {
+    /**
+     * The default time-to-live duration of the password after it's read. Once the ttl has passed, a password will be rotated.
+     */
+    afterReadTtl?: string;
+    /**
+     * Distinguished name of object to bind when performing user and group search. Example: cn=vault,ou=Users,dc=example,dc=com
+     */
+    binddn: string;
+    /**
+     * Password to use along with binddn when performing user search.
+     */
+    bindpass: string;
+    /**
+     * CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded.
+     */
+    certificate?: string;
+    /**
+     * Timeout, in seconds, when attempting to connect to the LDAP server before trying the next URL in the configuration.
+     */
+    connectionTimeout?: number;
+    /**
+     * If set to true this will prevent password change timestamp validation in Active Directory when validating credentials
+     */
+    doNotValidateTimestamps?: boolean;
+    /**
+     * If true, skips LDAP server SSL certificate verification - insecure, use with caution!
+     */
+    insecureTls?: boolean;
+    /**
+     * An interval of public/private key rotation for secret engine in days
+     */
+    keyRotationIntervalDays?: number;
+    /**
+     * The maximum retry duration in case of automatic failure. On failed ttl rotation attempt it will be retried in an increasing intervals until it reaches max_backoff_duration
+     */
+    maxBackoffDuration?: string;
+    /**
+     * Unique human-readable name of the Secret Engine.
+     */
+    name: string;
+    /**
+     * Public key linked with a secret engine
+     */
+    publicKey: string;
+    /**
+     * Timeout, in seconds, for the connection when making requests against the server before returning back an error.
+     */
+    requestTimeout?: number;
+    /**
+     * Backing secret store identifier
+     */
+    secretStoreId: string;
+    /**
+     * Backing Secret Store root path where managed secrets are going to be stored
+     */
+    secretStoreRootPath: string;
+    /**
+     * If true, issues a StartTLS command after establishing an unencrypted connection.
+     */
+    startTls?: boolean;
+    /**
+     * Tags is a map of key, value pairs.
+     */
+    tags?: {
+        [key: string]: string;
+    };
+    /**
+     * The default password time-to-live duration. Once the ttl has passed, a password will be rotated the next time it's requested.
+     */
+    ttl?: string;
+    /**
+     * The domain (userPrincipalDomain) used to construct a UPN string for authentication.
+     */
+    upndomain?: string;
+    /**
+     * The LDAP server to connect to.
+     */
+    url: string;
+    /**
+     * Base DN under which to perform user search. Example: ou=Users,dc=example,dc=com
+     * * key_value:
+     */
+    userdn?: string;
+}
+export interface SecretEngineKeyValue {
+    /**
+     * An interval of public/private key rotation for secret engine in days
+     */
+    keyRotationIntervalDays?: number;
+    /**
+     * Unique human-readable name of the Secret Engine.
+     */
+    name: string;
+    /**
+     * Public key linked with a secret engine
+     */
+    publicKey: string;
+    /**
+     * Backing secret store identifier
+     */
+    secretStoreId: string;
+    /**
+     * Backing Secret Store root path where managed secrets are going to be stored
+     */
+    secretStoreRootPath: string;
+    /**
+     * Tags is a map of key, value pairs.
+     */
+    tags?: {
+        [key: string]: string;
+    };
+}
 export interface SecretStoreActiveDirectoryStore {
     /**
      * Unique human-readable name of the SecretStore.