@pierskarsenbarg/sdm 1.26.0 → 1.28.0

package/types/output.d.ts

@@ -37,10 +37,22 @@ export interface AccountUser {
      * Managed By is a read only field for what service manages this user, e.g. StrongDM, Okta, Azure.
      */
     managedBy: string;
+    /**
+     * Manager ID is the ID of the user's manager. This field is empty when the user has no manager.
+     */
+    managerId?: string;
     /**
      * PermissionLevel is the user's permission level e.g. admin, DBA, user.
      */
     permissionLevel: string;
+    /**
+     * Resolved Manager ID is the ID of the user's manager derived from the manager_id, if present, or from the SCIM metadata. This is a read-only field that's only populated for get and list.
+     */
+    resolvedManagerId: string;
+    /**
+     * SCIM contains the raw SCIM metadata for the user. This is a read-only field.
+     */
+    scim: string;
     /**
      * The Service's suspended state.
      */
@@ -52,6 +64,34 @@ export interface AccountUser {
         [key: string]: string;
     };
 }
+export interface ApprovalWorkflowApprovalStep {
+    /**
+     * The approvers for this approval step
+     */
+    approvers: outputs.ApprovalWorkflowApprovalStepApprover[];
+    /**
+     * Whether any or all approvers are required to approve for this approval step (optional, defaults to any)
+     */
+    quantifier?: string;
+    /**
+     * Duration after which this approval step will be skipped if no approval is given (optional, if not provided this step must be manually approved)
+     */
+    skipAfter?: string;
+}
+export interface ApprovalWorkflowApprovalStepApprover {
+    /**
+     * The account id of the approver (only one of account_id, role_id, or reference may be present for one approver)
+     */
+    accountId?: string;
+    /**
+     * A reference to an approver: 'manager-of-requester' or 'manager-of-manager-of-requester' (only one of account_id, role_id, or reference may be present for one approver)
+     */
+    reference?: string;
+    /**
+     * The role id of the approver (only one of account_id, role_id, or reference may be present for one approver)
+     */
+    roleId?: string;
+}
 export interface GetAccountAccount {
     /**
      * A Service is a service account that can connect to resources they are granted directly, or granted via roles. Services are typically automated jobs.
@@ -151,10 +191,22 @@ export interface GetAccountAccountUser {
      * Managed By is a read only field for what service manages this user, e.g. StrongDM, Okta, Azure.
      */
     managedBy: string;
+    /**
+     * Manager ID is the ID of the user's manager. This field is empty when the user has no manager.
+     */
+    managerId?: string;
     /**
      * PermissionLevel is the user's permission level e.g. admin, DBA, user.
      */
     permissionLevel?: string;
+    /**
+     * Resolved Manager ID is the ID of the user's manager derived from the manager_id, if present, or from the SCIM metadata. This is a read-only field that's only populated for get and list.
+     */
+    resolvedManagerId: string;
+    /**
+     * SCIM contains the raw SCIM metadata for the user. This is a read-only field.
+     */
+    scim: string;
     /**
      * Reserved for future use.  Always false for tokens.
      */
@@ -180,11 +232,43 @@ export interface GetAccountAttachmentAccountAttachment {
      */
     roleId?: string;
 }
+export interface GetApprovalWorkflowApprovalStep {
+    /**
+     * The approvers for this approval step
+     */
+    approvers: outputs.GetApprovalWorkflowApprovalStepApprover[];
+    /**
+     * Whether any or all approvers are required to approve for this approval step (optional, defaults to any)
+     */
+    quantifier?: string;
+    /**
+     * Duration after which this approval step will be skipped if no approval is given (optional, if not provided this step must be manually approved)
+     */
+    skipAfter?: string;
+}
+export interface GetApprovalWorkflowApprovalStepApprover {
+    /**
+     * The account id of the approver (only one of account_id, role_id, or reference may be present for one approver)
+     */
+    accountId?: string;
+    /**
+     * A reference to an approver: 'manager-of-requester' or 'manager-of-manager-of-requester' (only one of account_id, role_id, or reference may be present for one approver)
+     */
+    reference?: string;
+    /**
+     * The role id of the approver (only one of account_id, role_id, or reference may be present for one approver)
+     */
+    roleId?: string;
+}
 export interface GetApprovalWorkflowApprovalWorkflow {
     /**
      * Approval mode of the ApprovalWorkflow
      */
     approvalMode?: string;
+    /**
+     * The approval steps of this approval workflow
+     */
+    approvalSteps?: outputs.GetApprovalWorkflowApprovalWorkflowApprovalStep[];
     /**
      * Optional description of the ApprovalWorkflow.
      */
@@ -198,37 +282,33 @@ export interface GetApprovalWorkflowApprovalWorkflow {
      */
     name?: string;
 }
-export interface GetApprovalWorkflowApproverApprovalWorkflowApprover {
-    /**
-     * The approver account id.
-     */
-    accountId?: string;
+export interface GetApprovalWorkflowApprovalWorkflowApprovalStep {
     /**
-     * The approval flow id specified the approval workflow that this approver belongs to
+     * The approvers for this approval step
      */
-    approvalFlowId?: string;
+    approvers: outputs.GetApprovalWorkflowApprovalWorkflowApprovalStepApprover[];
     /**
-     * The approval step id specified the approval flow step that this approver belongs to
+     * Whether any or all approvers are required to approve for this approval step (optional, defaults to any)
      */
-    approvalStepId?: string;
+    quantifier?: string;
     /**
-     * Unique identifier of the ApprovalWorkflowApprover.
+     * Duration after which this approval step will be skipped if no approval is given (optional, if not provided this step must be manually approved)
      */
-    id?: string;
+    skipAfter?: string;
+}
+export interface GetApprovalWorkflowApprovalWorkflowApprovalStepApprover {
     /**
-     * The approver role id
+     * The account id of the approver (only one of account_id, role_id, or reference may be present for one approver)
      */
-    roleId?: string;
-}
-export interface GetApprovalWorkflowStepApprovalWorkflowStep {
+    accountId?: string;
     /**
-     * The approval flow id specified the approval workfflow that this step belongs to
+     * A reference to an approver: 'manager-of-requester' or 'manager-of-manager-of-requester' (only one of account_id, role_id, or reference may be present for one approver)
      */
-    approvalFlowId?: string;
+    reference?: string;
     /**
-     * Unique identifier of the ApprovalWorkflowStep.
+     * The role id of the approver (only one of account_id, role_id, or reference may be present for one approver)
      */
-    id?: string;
+    roleId?: string;
 }
 export interface GetIdentityAliasIdentityAlias {
     /**
@@ -258,6 +338,46 @@ export interface GetIdentitySetIdentitySet {
      */
     name?: string;
 }
+export interface GetManagedSecretManagedSecret {
+    /**
+     * public part of the secret value
+     */
+    config: string;
+    /**
+     * Timestamp of when secret is going to be rotated
+     */
+    expiresAt: string;
+    /**
+     * Unique identifier of the Managed Secret.
+     */
+    id?: string;
+    /**
+     * Timestamp of when secret was last rotated
+     */
+    lastRotatedAt: string;
+    /**
+     * Unique human-readable name of the Managed Secret.
+     */
+    name?: string;
+    /**
+     * An ID of a Secret Engine linked with the Managed Secret.
+     */
+    secretEngineId?: string;
+    /**
+     * Path in a secret store.
+     */
+    secretStorePath: string;
+    /**
+     * Tags is a map of key, value pairs.
+     */
+    tags?: {
+        [key: string]: string;
+    };
+    /**
+     * Sensitive value of the secret.
+     */
+    value?: string;
+}
 export interface GetNodeNode {
     /**
      * Gateway represents a StrongDM CLI installation running in gateway mode.
@@ -497,6 +617,7 @@ export interface GetRemoteIdentityRemoteIdentity {
     username?: string;
 }
 export interface GetResourceResource {
+    aerospikes: outputs.GetResourceResourceAerospike[];
     aks: outputs.GetResourceResourceAk[];
     aksBasicAuths: outputs.GetResourceResourceAksBasicAuth[];
     aksServiceAccountUserImpersonations: outputs.GetResourceResourceAksServiceAccountUserImpersonation[];
@@ -538,6 +659,7 @@ export interface GetResourceResource {
     db2Luws: outputs.GetResourceResourceDb2Luw[];
     documentDbHostIams: outputs.GetResourceResourceDocumentDbHostIam[];
     documentDbHosts: outputs.GetResourceResourceDocumentDbHost[];
+    documentDbReplicaSetIams: outputs.GetResourceResourceDocumentDbReplicaSetIam[];
     documentDbReplicaSets: outputs.GetResourceResourceDocumentDbReplicaSet[];
     druids: outputs.GetResourceResourceDruid[];
     dynamoDbiams: outputs.GetResourceResourceDynamoDbiam[];
@@ -572,6 +694,7 @@ export interface GetResourceResource {
     mysqls: outputs.GetResourceResourceMysql[];
     neptuneIams: outputs.GetResourceResourceNeptuneIam[];
     neptunes: outputs.GetResourceResourceNeptune[];
+    oracleNnes: outputs.GetResourceResourceOracleNne[];
     oracles: outputs.GetResourceResourceOracle[];
     postgres: outputs.GetResourceResourcePostgre[];
     prestos: outputs.GetResourceResourcePresto[];
@@ -581,6 +704,7 @@ export interface GetResourceResource {
     rdps: outputs.GetResourceResourceRdp[];
     rdsPostgresIams: outputs.GetResourceResourceRdsPostgresIam[];
     redis: outputs.GetResourceResourceRedi[];
+    redisClusters: outputs.GetResourceResourceRedisCluster[];
     redshiftIams: outputs.GetResourceResourceRedshiftIam[];
     redshiftServerlessIams: outputs.GetResourceResourceRedshiftServerlessIam[];
     redshifts: outputs.GetResourceResourceRedshift[];
@@ -598,6 +722,63 @@ export interface GetResourceResource {
     sybases: outputs.GetResourceResourceSybase[];
     teradatas: outputs.GetResourceResourceTeradata[];
     trinos: outputs.GetResourceResourceTrino[];
+    verticas: outputs.GetResourceResourceVertica[];
+}
+export interface GetResourceResourceAerospike {
+    /**
+     * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
+     */
+    bindInterface?: string;
+    /**
+     * A filter applied to the routing logic to pin datasource to nodes.
+     */
+    egressFilter?: string;
+    /**
+     * The host to dial to initiate a connection from the egress node to this resource.
+     */
+    hostname?: string;
+    /**
+     * Unique identifier of the Resource.
+     */
+    id?: string;
+    /**
+     * Unique human-readable name of the Resource.
+     */
+    name?: string;
+    /**
+     * The password to authenticate with.
+     */
+    password?: string;
+    /**
+     * The port to dial to initiate a connection from the egress node to this resource.
+     */
+    port?: number;
+    /**
+     * The local port used by clients to connect to this resource.
+     */
+    portOverride?: number;
+    /**
+     * ID of the proxy cluster for this resource, if any.
+     */
+    proxyClusterId?: string;
+    /**
+     * ID of the secret store containing credentials for this resource, if any.
+     */
+    secretStoreId?: string;
+    /**
+     * Subdomain is the local DNS address.  (e.g. app-prod1 turns into app-prod1.your-org-name.sdm.network)
+     */
+    subdomain?: string;
+    /**
+     * Tags is a map of key, value pairs.
+     */
+    tags?: {
+        [key: string]: string;
+    };
+    /**
+     * The username to authenticate with.
+     */
+    username?: string;
 }
 export interface GetResourceResourceAk {
     /**
@@ -3305,6 +3486,58 @@ export interface GetResourceResourceDocumentDbReplicaSet {
      */
     username?: string;
 }
+export interface GetResourceResourceDocumentDbReplicaSetIam {
+    /**
+     * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
+     */
+    bindInterface?: string;
+    /**
+     * Set to connect to a replica instead of the primary node.
+     */
+    connectToReplica?: boolean;
+    /**
+     * A filter applied to the routing logic to pin datasource to nodes.
+     */
+    egressFilter?: string;
+    /**
+     * The host to dial to initiate a connection from the egress node to this resource.
+     */
+    hostname?: string;
+    /**
+     * Unique identifier of the Resource.
+     */
+    id?: string;
+    /**
+     * Unique human-readable name of the Resource.
+     */
+    name?: string;
+    /**
+     * The local port used by clients to connect to this resource.
+     */
+    portOverride?: number;
+    /**
+     * ID of the proxy cluster for this resource, if any.
+     */
+    proxyClusterId?: string;
+    /**
+     * The AWS region to connect to.
+     */
+    region?: string;
+    /**
+     * ID of the secret store containing credentials for this resource, if any.
+     */
+    secretStoreId?: string;
+    /**
+     * Subdomain is the local DNS address.  (e.g. app-prod1 turns into app-prod1.your-org-name.sdm.network)
+     */
+    subdomain?: string;
+    /**
+     * Tags is a map of key, value pairs.
+     */
+    tags?: {
+        [key: string]: string;
+    };
+}
 export interface GetResourceResourceDruid {
     /**
      * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
@@ -5488,6 +5721,66 @@ export interface GetResourceResourceOracle {
      */
     username?: string;
 }
+export interface GetResourceResourceOracleNne {
+    /**
+     * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
+     */
+    bindInterface?: string;
+    /**
+     * The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
+     */
+    database?: string;
+    /**
+     * A filter applied to the routing logic to pin datasource to nodes.
+     */
+    egressFilter?: string;
+    /**
+     * The host to dial to initiate a connection from the egress node to this resource.
+     */
+    hostname?: string;
+    /**
+     * Unique identifier of the Resource.
+     */
+    id?: string;
+    /**
+     * Unique human-readable name of the Resource.
+     */
+    name?: string;
+    /**
+     * The password to authenticate with.
+     */
+    password?: string;
+    /**
+     * The port to dial to initiate a connection from the egress node to this resource.
+     */
+    port?: number;
+    /**
+     * The local port used by clients to connect to this resource.
+     */
+    portOverride?: number;
+    /**
+     * ID of the proxy cluster for this resource, if any.
+     */
+    proxyClusterId?: string;
+    /**
+     * ID of the secret store containing credentials for this resource, if any.
+     */
+    secretStoreId?: string;
+    /**
+     * Subdomain is the local DNS address.  (e.g. app-prod1 turns into app-prod1.your-org-name.sdm.network)
+     */
+    subdomain?: string;
+    /**
+     * Tags is a map of key, value pairs.
+     */
+    tags?: {
+        [key: string]: string;
+    };
+    /**
+     * The username to authenticate with.
+     */
+    username?: string;
+}
 export interface GetResourceResourcePostgre {
     /**
      * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
@@ -5980,15 +6273,11 @@ export interface GetResourceResourceRedi {
      */
     username?: string;
 }
-export interface GetResourceResourceRedshift {
+export interface GetResourceResourceRedisCluster {
     /**
      * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
      */
     bindInterface?: string;
-    /**
-     * The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
-     */
-    database?: string;
     /**
      * A filter applied to the routing logic to pin datasource to nodes.
      */
@@ -6006,7 +6295,71 @@ export interface GetResourceResourceRedshift {
      */
     name?: string;
     /**
-     * If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
+     * The password to authenticate with.
+     */
+    password?: string;
+    /**
+     * The port to dial to initiate a connection from the egress node to this resource.
+     */
+    port?: number;
+    /**
+     * The local port used by clients to connect to this resource.
+     */
+    portOverride?: number;
+    /**
+     * ID of the proxy cluster for this resource, if any.
+     */
+    proxyClusterId?: string;
+    /**
+     * ID of the secret store containing credentials for this resource, if any.
+     */
+    secretStoreId?: string;
+    /**
+     * Subdomain is the local DNS address.  (e.g. app-prod1 turns into app-prod1.your-org-name.sdm.network)
+     */
+    subdomain?: string;
+    /**
+     * Tags is a map of key, value pairs.
+     */
+    tags?: {
+        [key: string]: string;
+    };
+    /**
+     * If set, TLS must be used to connect to this resource.
+     */
+    tlsRequired?: boolean;
+    /**
+     * The username to authenticate with.
+     */
+    username?: string;
+}
+export interface GetResourceResourceRedshift {
+    /**
+     * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
+     */
+    bindInterface?: string;
+    /**
+     * The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
+     */
+    database?: string;
+    /**
+     * A filter applied to the routing logic to pin datasource to nodes.
+     */
+    egressFilter?: string;
+    /**
+     * The host to dial to initiate a connection from the egress node to this resource.
+     */
+    hostname?: string;
+    /**
+     * Unique identifier of the Resource.
+     */
+    id?: string;
+    /**
+     * Unique human-readable name of the Resource.
+     */
+    name?: string;
+    /**
+     * If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
      */
     overrideDatabase?: boolean;
     /**
@@ -6751,6 +7104,14 @@ export interface GetResourceResourceSshCustomerKey {
      * Unique identifier of the Resource.
      */
     id?: string;
+    /**
+     * The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
+     */
+    identityAliasHealthcheckUsername?: string;
+    /**
+     * The ID of the identity set to use for identity connections.
+     */
+    identitySetId?: string;
     /**
      * Unique human-readable name of the Resource.
      */
@@ -7027,6 +7388,62 @@ export interface GetResourceResourceTeradata {
     username?: string;
 }
 export interface GetResourceResourceTrino {
+    /**
+     * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
+     */
+    bindInterface?: string;
+    /**
+     * A filter applied to the routing logic to pin datasource to nodes.
+     */
+    egressFilter?: string;
+    /**
+     * The host to dial to initiate a connection from the egress node to this resource.
+     */
+    hostname?: string;
+    /**
+     * Unique identifier of the Resource.
+     */
+    id?: string;
+    /**
+     * Unique human-readable name of the Resource.
+     */
+    name?: string;
+    /**
+     * The password to authenticate with.
+     */
+    password?: string;
+    /**
+     * The port to dial to initiate a connection from the egress node to this resource.
+     */
+    port?: number;
+    /**
+     * The local port used by clients to connect to this resource.
+     */
+    portOverride?: number;
+    /**
+     * ID of the proxy cluster for this resource, if any.
+     */
+    proxyClusterId?: string;
+    /**
+     * ID of the secret store containing credentials for this resource, if any.
+     */
+    secretStoreId?: string;
+    /**
+     * Subdomain is the local DNS address.  (e.g. app-prod1 turns into app-prod1.your-org-name.sdm.network)
+     */
+    subdomain?: string;
+    /**
+     * Tags is a map of key, value pairs.
+     */
+    tags?: {
+        [key: string]: string;
+    };
+    /**
+     * The username to authenticate with.
+     */
+    username?: string;
+}
+export interface GetResourceResourceVertica {
     /**
      * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
      */
@@ -7110,6 +7527,130 @@ export interface GetRoleRole {
         [key: string]: string;
     };
 }
+export interface GetSecretEngineSecretEngine {
+    activeDirectories: outputs.GetSecretEngineSecretEngineActiveDirectory[];
+    keyValues: outputs.GetSecretEngineSecretEngineKeyValue[];
+}
+export interface GetSecretEngineSecretEngineActiveDirectory {
+    /**
+     * The default time-to-live duration of the password after it's read. Once the ttl has passed, a password will be rotated.
+     */
+    afterReadTtl?: string;
+    /**
+     * Distinguished name of object to bind when performing user and group search. Example: cn=vault,ou=Users,dc=example,dc=com
+     */
+    binddn?: string;
+    /**
+     * Password to use along with binddn when performing user search.
+     */
+    bindpass?: string;
+    /**
+     * CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded.
+     */
+    certificate?: string;
+    /**
+     * Timeout, in seconds, when attempting to connect to the LDAP server before trying the next URL in the configuration.
+     */
+    connectionTimeout?: number;
+    /**
+     * If set to true this will prevent password change timestamp validation in Active Directory when validating credentials
+     */
+    doNotValidateTimestamps?: boolean;
+    /**
+     * Unique identifier of the Secret Engine.
+     */
+    id?: string;
+    /**
+     * If true, skips LDAP server SSL certificate verification - insecure, use with caution!
+     */
+    insecureTls?: boolean;
+    /**
+     * An interval of public/private key rotation for secret engine in days
+     */
+    keyRotationIntervalDays?: number;
+    /**
+     * The maximum retry duration in case of automatic failure. On failed ttl rotation attempt it will be retried in an increasing intervals until it reaches max_backoff_duration
+     */
+    maxBackoffDuration?: string;
+    /**
+     * Unique human-readable name of the Secret Engine.
+     */
+    name?: string;
+    /**
+     * Public key linked with a secret engine
+     */
+    publicKey: string;
+    /**
+     * Timeout, in seconds, for the connection when making requests against the server before returning back an error.
+     */
+    requestTimeout?: number;
+    /**
+     * Backing secret store identifier
+     */
+    secretStoreId?: string;
+    /**
+     * Backing Secret Store root path where managed secrets are going to be stored
+     */
+    secretStoreRootPath?: string;
+    /**
+     * If true, issues a StartTLS command after establishing an unencrypted connection.
+     */
+    startTls?: boolean;
+    /**
+     * Tags is a map of key, value pairs.
+     */
+    tags?: {
+        [key: string]: string;
+    };
+    /**
+     * The default password time-to-live duration. Once the ttl has passed, a password will be rotated the next time it's requested.
+     */
+    ttl?: string;
+    /**
+     * The domain (userPrincipalDomain) used to construct a UPN string for authentication.
+     */
+    upndomain?: string;
+    /**
+     * The LDAP server to connect to.
+     */
+    url?: string;
+    /**
+     * Base DN under which to perform user search. Example: ou=Users,dc=example,dc=com
+     */
+    userdn?: string;
+}
+export interface GetSecretEngineSecretEngineKeyValue {
+    /**
+     * Unique identifier of the Secret Engine.
+     */
+    id?: string;
+    /**
+     * An interval of public/private key rotation for secret engine in days
+     */
+    keyRotationIntervalDays?: number;
+    /**
+     * Unique human-readable name of the Secret Engine.
+     */
+    name?: string;
+    /**
+     * Public key linked with a secret engine
+     */
+    publicKey: string;
+    /**
+     * Backing secret store identifier
+     */
+    secretStoreId?: string;
+    /**
+     * Backing Secret Store root path where managed secrets are going to be stored
+     */
+    secretStoreRootPath?: string;
+    /**
+     * Tags is a map of key, value pairs.
+     */
+    tags?: {
+        [key: string]: string;
+    };
+}
 export interface GetSecretStoreSecretStore {
     activeDirectoryStores: outputs.GetSecretStoreSecretStoreActiveDirectoryStore[];
     aws: outputs.GetSecretStoreSecretStoreAw[];
@@ -7900,6 +8441,8 @@ export interface GetWorkflowWorkflow {
     approvalFlowId?: string;
     /**
      * Optional auto grant setting to automatically approve requests or not, defaults to false.
+     *
+     * @deprecated auto_grant is deprecated, see docs for more info
      */
     autoGrant?: boolean;
     /**
@@ -8029,6 +8572,58 @@ export interface NodeRelayMaintenanceWindow {
     cronSchedule: string;
     requireIdleness: boolean;
 }
+export interface ResourceAerospike {
+    /**
+     * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
+     */
+    bindInterface: string;
+    /**
+     * A filter applied to the routing logic to pin datasource to nodes.
+     */
+    egressFilter?: string;
+    /**
+     * The host to dial to initiate a connection from the egress node to this resource.
+     */
+    hostname: string;
+    /**
+     * Unique human-readable name of the Resource.
+     */
+    name: string;
+    /**
+     * The password to authenticate with.
+     */
+    password?: string;
+    /**
+     * The port to dial to initiate a connection from the egress node to this resource.
+     */
+    port?: number;
+    /**
+     * The local port used by clients to connect to this resource.
+     */
+    portOverride: number;
+    /**
+     * ID of the proxy cluster for this resource, if any.
+     */
+    proxyClusterId?: string;
+    /**
+     * ID of the secret store containing credentials for this resource, if any.
+     */
+    secretStoreId?: string;
+    /**
+     * Subdomain is the local DNS address.  (e.g. app-prod1 turns into app-prod1.your-org-name.sdm.network)
+     */
+    subdomain: string;
+    /**
+     * Tags is a map of key, value pairs.
+     */
+    tags?: {
+        [key: string]: string;
+    };
+    /**
+     * The username to authenticate with.
+     */
+    username?: string;
+}
 export interface ResourceAks {
     /**
      * If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided.
@@ -10567,7 +11162,55 @@ export interface ResourceDocumentDbReplicaSet {
      */
     username?: string;
 }
-export interface ResourceDruid {
+export interface ResourceDocumentDbReplicaSetIam {
+    /**
+     * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
+     */
+    bindInterface: string;
+    /**
+     * Set to connect to a replica instead of the primary node.
+     */
+    connectToReplica?: boolean;
+    /**
+     * A filter applied to the routing logic to pin datasource to nodes.
+     */
+    egressFilter?: string;
+    /**
+     * The host to dial to initiate a connection from the egress node to this resource.
+     */
+    hostname: string;
+    /**
+     * Unique human-readable name of the Resource.
+     */
+    name: string;
+    /**
+     * The local port used by clients to connect to this resource.
+     */
+    portOverride: number;
+    /**
+     * ID of the proxy cluster for this resource, if any.
+     */
+    proxyClusterId?: string;
+    /**
+     * The AWS region to connect to.
+     */
+    region: string;
+    /**
+     * ID of the secret store containing credentials for this resource, if any.
+     */
+    secretStoreId?: string;
+    /**
+     * Subdomain is the local DNS address.  (e.g. app-prod1 turns into app-prod1.your-org-name.sdm.network)
+     */
+    subdomain: string;
+    /**
+     * Tags is a map of key, value pairs.
+     */
+    tags?: {
+        [key: string]: string;
+    };
+}
+export interface ResourceDruid {
     /**
      * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
      */
@@ -12614,6 +13257,62 @@ export interface ResourceOracle {
      */
     username?: string;
 }
+export interface ResourceOracleNne {
+    /**
+     * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
+     */
+    bindInterface: string;
+    /**
+     * The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
+     */
+    database: string;
+    /**
+     * A filter applied to the routing logic to pin datasource to nodes.
+     */
+    egressFilter?: string;
+    /**
+     * The host to dial to initiate a connection from the egress node to this resource.
+     */
+    hostname: string;
+    /**
+     * Unique human-readable name of the Resource.
+     */
+    name: string;
+    /**
+     * The password to authenticate with.
+     */
+    password?: string;
+    /**
+     * The port to dial to initiate a connection from the egress node to this resource.
+     */
+    port: number;
+    /**
+     * The local port used by clients to connect to this resource.
+     */
+    portOverride: number;
+    /**
+     * ID of the proxy cluster for this resource, if any.
+     */
+    proxyClusterId?: string;
+    /**
+     * ID of the secret store containing credentials for this resource, if any.
+     */
+    secretStoreId?: string;
+    /**
+     * Subdomain is the local DNS address.  (e.g. app-prod1 turns into app-prod1.your-org-name.sdm.network)
+     */
+    subdomain: string;
+    /**
+     * Tags is a map of key, value pairs.
+     */
+    tags?: {
+        [key: string]: string;
+    };
+    /**
+     * The username to authenticate with.
+     */
+    username?: string;
+}
 export interface ResourcePostgres {
     /**
      * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
@@ -13074,6 +13773,62 @@ export interface ResourceRedis {
      */
     username?: string;
 }
+export interface ResourceRedisCluster {
+    /**
+     * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
+     */
+    bindInterface: string;
+    /**
+     * A filter applied to the routing logic to pin datasource to nodes.
+     */
+    egressFilter?: string;
+    /**
+     * The host to dial to initiate a connection from the egress node to this resource.
+     */
+    hostname: string;
+    /**
+     * Unique human-readable name of the Resource.
+     */
+    name: string;
+    /**
+     * The password to authenticate with.
+     */
+    password?: string;
+    /**
+     * The port to dial to initiate a connection from the egress node to this resource.
+     */
+    port?: number;
+    /**
+     * The local port used by clients to connect to this resource.
+     */
+    portOverride: number;
+    /**
+     * ID of the proxy cluster for this resource, if any.
+     */
+    proxyClusterId?: string;
+    /**
+     * ID of the secret store containing credentials for this resource, if any.
+     */
+    secretStoreId?: string;
+    /**
+     * Subdomain is the local DNS address.  (e.g. app-prod1 turns into app-prod1.your-org-name.sdm.network)
+     */
+    subdomain: string;
+    /**
+     * Tags is a map of key, value pairs.
+     */
+    tags?: {
+        [key: string]: string;
+    };
+    /**
+     * If set, TLS must be used to connect to this resource.
+     */
+    tlsRequired?: boolean;
+    /**
+     * The username to authenticate with.
+     */
+    username?: string;
+}
 export interface ResourceRedshift {
     /**
      * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
@@ -13797,6 +14552,14 @@ export interface ResourceSshCustomerKey {
      * The host to dial to initiate a connection from the egress node to this resource.
      */
     hostname: string;
+    /**
+     * The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
+     */
+    identityAliasHealthcheckUsername?: string;
+    /**
+     * The ID of the identity set to use for identity connections.
+     */
+    identitySetId?: string;
     /**
      * Unique human-readable name of the Resource.
      */
@@ -14057,6 +14820,58 @@ export interface ResourceTeradata {
     username?: string;
 }
 export interface ResourceTrino {
+    /**
+     * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
+     */
+    bindInterface: string;
+    /**
+     * A filter applied to the routing logic to pin datasource to nodes.
+     */
+    egressFilter?: string;
+    /**
+     * The host to dial to initiate a connection from the egress node to this resource.
+     */
+    hostname: string;
+    /**
+     * Unique human-readable name of the Resource.
+     */
+    name: string;
+    /**
+     * The password to authenticate with.
+     */
+    password?: string;
+    /**
+     * The port to dial to initiate a connection from the egress node to this resource.
+     */
+    port?: number;
+    /**
+     * The local port used by clients to connect to this resource.
+     */
+    portOverride: number;
+    /**
+     * ID of the proxy cluster for this resource, if any.
+     */
+    proxyClusterId?: string;
+    /**
+     * ID of the secret store containing credentials for this resource, if any.
+     */
+    secretStoreId?: string;
+    /**
+     * Subdomain is the local DNS address.  (e.g. app-prod1 turns into app-prod1.your-org-name.sdm.network)
+     */
+    subdomain: string;
+    /**
+     * Tags is a map of key, value pairs.
+     */
+    tags?: {
+        [key: string]: string;
+    };
+    /**
+     * The username to authenticate with.
+     */
+    username?: string;
+}
+export interface ResourceVertica {
     /**
      * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
      */
@@ -14112,6 +14927,119 @@ export interface ResourceTrino {
      */
     username?: string;
 }
+export interface SecretEngineActiveDirectory {
+    /**
+     * The default time-to-live duration of the password after it's read. Once the ttl has passed, a password will be rotated.
+     */
+    afterReadTtl?: string;
+    /**
+     * Distinguished name of object to bind when performing user and group search. Example: cn=vault,ou=Users,dc=example,dc=com
+     */
+    binddn: string;
+    /**
+     * Password to use along with binddn when performing user search.
+     */
+    bindpass: string;
+    /**
+     * CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded.
+     */
+    certificate?: string;
+    /**
+     * Timeout, in seconds, when attempting to connect to the LDAP server before trying the next URL in the configuration.
+     */
+    connectionTimeout?: number;
+    /**
+     * If set to true this will prevent password change timestamp validation in Active Directory when validating credentials
+     */
+    doNotValidateTimestamps?: boolean;
+    /**
+     * If true, skips LDAP server SSL certificate verification - insecure, use with caution!
+     */
+    insecureTls?: boolean;
+    /**
+     * An interval of public/private key rotation for secret engine in days
+     */
+    keyRotationIntervalDays?: number;
+    /**
+     * The maximum retry duration in case of automatic failure. On failed ttl rotation attempt it will be retried in an increasing intervals until it reaches max_backoff_duration
+     */
+    maxBackoffDuration?: string;
+    /**
+     * Unique human-readable name of the Secret Engine.
+     */
+    name: string;
+    /**
+     * Public key linked with a secret engine
+     */
+    publicKey: string;
+    /**
+     * Timeout, in seconds, for the connection when making requests against the server before returning back an error.
+     */
+    requestTimeout?: number;
+    /**
+     * Backing secret store identifier
+     */
+    secretStoreId: string;
+    /**
+     * Backing Secret Store root path where managed secrets are going to be stored
+     */
+    secretStoreRootPath: string;
+    /**
+     * If true, issues a StartTLS command after establishing an unencrypted connection.
+     */
+    startTls?: boolean;
+    /**
+     * Tags is a map of key, value pairs.
+     */
+    tags?: {
+        [key: string]: string;
+    };
+    /**
+     * The default password time-to-live duration. Once the ttl has passed, a password will be rotated the next time it's requested.
+     */
+    ttl?: string;
+    /**
+     * The domain (userPrincipalDomain) used to construct a UPN string for authentication.
+     */
+    upndomain?: string;
+    /**
+     * The LDAP server to connect to.
+     */
+    url: string;
+    /**
+     * Base DN under which to perform user search. Example: ou=Users,dc=example,dc=com
+     * * key_value:
+     */
+    userdn?: string;
+}
+export interface SecretEngineKeyValue {
+    /**
+     * An interval of public/private key rotation for secret engine in days
+     */
+    keyRotationIntervalDays?: number;
+    /**
+     * Unique human-readable name of the Secret Engine.
+     */
+    name: string;
+    /**
+     * Public key linked with a secret engine
+     */
+    publicKey: string;
+    /**
+     * Backing secret store identifier
+     */
+    secretStoreId: string;
+    /**
+     * Backing Secret Store root path where managed secrets are going to be stored
+     */
+    secretStoreRootPath: string;
+    /**
+     * Tags is a map of key, value pairs.
+     */
+    tags?: {
+        [key: string]: string;
+    };
+}
 export interface SecretStoreActiveDirectoryStore {
     /**
      * Unique human-readable name of the SecretStore.