@pulumi/datadog 5.8.0-alpha.1783234616 → 5.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/types/output.d.ts CHANGED
@@ -63725,6 +63725,7 @@ export interface GetRumRetentionFiltersRetentionFilter {
63725
63725
  sampleRate: number;
63726
63726
  }
63727
63727
  export interface GetSecurityMonitoringCriticalAssetsCriticalAsset {
63728
+ description: string;
63728
63729
  enabled: boolean;
63729
63730
  id: string;
63730
63731
  query: string;
@@ -64550,9 +64551,13 @@ export interface LogsArchiveGcsArchive {
64550
64551
  }
64551
64552
  export interface LogsArchiveS3Archive {
64552
64553
  /**
64553
- * Your AWS account id.
64554
+ * Your AWS access key id, used as an alternative to `accountId`/`roleName`.
64554
64555
  */
64555
- accountId: string;
64556
+ accessKeyId?: string;
64557
+ /**
64558
+ * Your AWS account id. Required with `roleName`; mutually exclusive with `accessKeyId`.
64559
+ */
64560
+ accountId?: string;
64556
64561
  /**
64557
64562
  * Name of your s3 bucket.
64558
64563
  */
@@ -64570,9 +64575,9 @@ export interface LogsArchiveS3Archive {
64570
64575
  */
64571
64576
  path?: string;
64572
64577
  /**
64573
- * Your AWS role name
64578
+ * Your AWS role name. Required with `accountId`; mutually exclusive with `accessKeyId`.
64574
64579
  */
64575
- roleName: string;
64580
+ roleName?: string;
64576
64581
  /**
64577
64582
  * The AWS S3 storage class used to upload the logs. Valid values are `STANDARD`, `STANDARD_IA`, `ONEZONE_IA`, `INTELLIGENT_TIERING`, `GLACIER_IR`. Defaults to `"STANDARD"`.
64578
64583
  */
@@ -67391,6 +67396,10 @@ export interface ObservabilityPipelineConfigDestination {
67391
67396
  * The `azureStorage` destination forwards logs to an Azure Blob Storage container.
67392
67397
  */
67393
67398
  azureStorages?: outputs.ObservabilityPipelineConfigDestinationAzureStorage[];
67399
+ /**
67400
+ * The `clickhouse` destination forwards logs to a ClickHouse server via HTTP.
67401
+ */
67402
+ clickhouse?: outputs.ObservabilityPipelineConfigDestinationClickhouse;
67394
67403
  /**
67395
67404
  * The `cloudPrem` destination sends logs to Datadog CloudPrem.
67396
67405
  */
@@ -67881,6 +67890,152 @@ export interface ObservabilityPipelineConfigDestinationAzureStorageBufferMemory
67881
67890
  */
67882
67891
  whenFull: string;
67883
67892
  }
67893
+ export interface ObservabilityPipelineConfigDestinationClickhouse {
67894
+ /**
67895
+ * Authentication strategy for ClickHouse HTTP requests. Only `basic` strategy is supported.
67896
+ */
67897
+ auth?: outputs.ObservabilityPipelineConfigDestinationClickhouseAuth;
67898
+ /**
67899
+ * Batching configuration for ClickHouse inserts.
67900
+ */
67901
+ batch?: outputs.ObservabilityPipelineConfigDestinationClickhouseBatch;
67902
+ /**
67903
+ * Batch encoding configuration. Required when `format` is `arrowStream`.
67904
+ */
67905
+ batchEncoding?: outputs.ObservabilityPipelineConfigDestinationClickhouseBatchEncoding;
67906
+ /**
67907
+ * Configuration for buffer settings on destination components. Exactly one of `disk` or `memory` must be specified.
67908
+ */
67909
+ buffer?: outputs.ObservabilityPipelineConfigDestinationClickhouseBuffer;
67910
+ /**
67911
+ * Compression for outbound HTTP requests. Use `algorithm = "gzip"` or `algorithm = "none"`.
67912
+ */
67913
+ compression?: outputs.ObservabilityPipelineConfigDestinationClickhouseCompression;
67914
+ /**
67915
+ * Optional name of the ClickHouse database to write to. When omitted, the user's default database is used.
67916
+ */
67917
+ database?: string;
67918
+ /**
67919
+ * If `true`, enables flexible DateTime parsing on the server side.
67920
+ */
67921
+ dateTimeBestEffort?: boolean;
67922
+ /**
67923
+ * Name of the environment variable or secret that holds the ClickHouse HTTP endpoint URL. Defaults to `DESTINATION_CLICKHOUSE_ENDPOINT_URL`.
67924
+ */
67925
+ endpointUrlKey?: string;
67926
+ /**
67927
+ * Insert format for events. `jsonEachRow` maps event fields to columns by name. `jsonAsObject` and `jsonAsString` insert each event into a single JSON or String column. `arrowStream` batches events with Apache Arrow IPC streaming and requires `batchEncoding`. Valid values are `jsonEachRow`, `jsonAsObject`, `jsonAsString`, `arrowStream`.
67928
+ */
67929
+ format?: string;
67930
+ /**
67931
+ * If `true`, fields not present in the target table schema are dropped instead of causing insert errors. When unset, the ClickHouse server's own `inputFormatSkipUnknownFields` setting applies.
67932
+ */
67933
+ skipUnknownFields?: boolean;
67934
+ /**
67935
+ * Target ClickHouse table name.
67936
+ */
67937
+ table: string;
67938
+ /**
67939
+ * Configuration for enabling TLS encryption between the pipeline component and external services.
67940
+ */
67941
+ tls?: outputs.ObservabilityPipelineConfigDestinationClickhouseTls;
67942
+ }
67943
+ export interface ObservabilityPipelineConfigDestinationClickhouseAuth {
67944
+ /**
67945
+ * Name of the environment variable or secret that holds the ClickHouse password. Defaults to `DESTINATION_CLICKHOUSE_PASSWORD`.
67946
+ */
67947
+ passwordKey?: string;
67948
+ /**
67949
+ * Authentication strategy. Must be `basic`. Valid values are `basic`.
67950
+ */
67951
+ strategy: string;
67952
+ /**
67953
+ * Name of the environment variable or secret that holds the ClickHouse username. Defaults to `DESTINATION_CLICKHOUSE_USERNAME`.
67954
+ */
67955
+ usernameKey?: string;
67956
+ }
67957
+ export interface ObservabilityPipelineConfigDestinationClickhouseBatch {
67958
+ /**
67959
+ * Maximum number of events per batch. Value must be at least 1.
67960
+ */
67961
+ maxEvents?: number;
67962
+ /**
67963
+ * Maximum time in seconds before a partial batch is flushed. Value must be between 1 and 65535.
67964
+ */
67965
+ timeoutSecs?: number;
67966
+ }
67967
+ export interface ObservabilityPipelineConfigDestinationClickhouseBatchEncoding {
67968
+ /**
67969
+ * If `true`, allows null values for non-nullable fields in the ClickHouse schema. Defaults to `false`.
67970
+ */
67971
+ allowNullableFields?: boolean;
67972
+ /**
67973
+ * Batch encoding codec. Must be `arrowStream`. Valid values are `arrowStream`.
67974
+ */
67975
+ codec: string;
67976
+ }
67977
+ export interface ObservabilityPipelineConfigDestinationClickhouseBuffer {
67978
+ /**
67979
+ * Options for configuring a disk buffer. Cannot be used with `memory`.
67980
+ */
67981
+ disk?: outputs.ObservabilityPipelineConfigDestinationClickhouseBufferDisk;
67982
+ /**
67983
+ * Options for configuring a memory buffer. Cannot be used with `disk`.
67984
+ */
67985
+ memory?: outputs.ObservabilityPipelineConfigDestinationClickhouseBufferMemory;
67986
+ }
67987
+ export interface ObservabilityPipelineConfigDestinationClickhouseBufferDisk {
67988
+ /**
67989
+ * Maximum size of the disk buffer (in bytes).
67990
+ */
67991
+ maxSize?: number;
67992
+ /**
67993
+ * Behavior when the buffer is full. Valid values are `block` or `dropNewest`. Defaults to `"block"`.
67994
+ */
67995
+ whenFull: string;
67996
+ }
67997
+ export interface ObservabilityPipelineConfigDestinationClickhouseBufferMemory {
67998
+ /**
67999
+ * Maximum events for the memory buffer.
68000
+ */
68001
+ maxEvents?: number;
68002
+ /**
68003
+ * Maximum size of the memory buffer (in bytes).
68004
+ */
68005
+ maxSize?: number;
68006
+ /**
68007
+ * Behavior when the buffer is full. Valid values are `block` or `dropNewest`. Defaults to `"block"`.
68008
+ */
68009
+ whenFull: string;
68010
+ }
68011
+ export interface ObservabilityPipelineConfigDestinationClickhouseCompression {
68012
+ /**
68013
+ * Compression algorithm. Valid values are `gzip` and `none`. Valid values are `gzip`, `none`.
68014
+ */
68015
+ algorithm: string;
68016
+ /**
68017
+ * Compression level (1–9). Only valid when `algorithm` is `gzip`. Value must be between 1 and 9.
68018
+ */
68019
+ level?: number;
68020
+ }
68021
+ export interface ObservabilityPipelineConfigDestinationClickhouseTls {
68022
+ /**
68023
+ * Path to the Certificate Authority (CA) file used to validate the server's TLS certificate.
68024
+ */
68025
+ caFile?: string;
68026
+ /**
68027
+ * Path to the TLS client certificate file used to authenticate the pipeline component with upstream or downstream services.
68028
+ */
68029
+ crtFile: string;
68030
+ /**
68031
+ * Path to the private key file associated with the TLS client certificate. Used for mutual TLS authentication.
68032
+ */
68033
+ keyFile?: string;
68034
+ /**
68035
+ * Name of the environment variable or secret that holds the passphrase for the private key file.
68036
+ */
68037
+ keyPassKey?: string;
68038
+ }
67884
68039
  export interface ObservabilityPipelineConfigDestinationCloudPrem {
67885
68040
  /**
67886
68041
  * Configuration for buffer settings on destination components. Exactly one of `disk` or `memory` must be specified.
@@ -70052,17 +70207,59 @@ export interface ObservabilityPipelineConfigProcessorGroupProcessorOcsfMapperMap
70052
70207
  }
70053
70208
  export interface ObservabilityPipelineConfigProcessorGroupProcessorParseGrok {
70054
70209
  /**
70055
- * If set to `true`, disables the default Grok rules provided by Datadog.
70210
+ * If set to `true`, disables the default Grok rules provided by Datadog. Defaults to `false`.
70056
70211
  */
70057
- disableLibraryRules?: boolean;
70212
+ disableLibraryRules: boolean;
70213
+ /**
70214
+ * The log field to parse with the Grok rules. Defaults to `"message"`.
70215
+ */
70216
+ field: string;
70217
+ /**
70218
+ * A Grok parsing rule that targets logs matching a Datadog search query.
70219
+ */
70220
+ includeRules?: outputs.ObservabilityPipelineConfigProcessorGroupProcessorParseGrokIncludeRule[];
70058
70221
  /**
70059
70222
  * The list of Grok parsing rules. If multiple parsing rules are provided, they are evaluated in order. The first successful match is applied.
70060
70223
  */
70061
- rules: outputs.ObservabilityPipelineConfigProcessorGroupProcessorParseGrokRule[];
70224
+ rules?: outputs.ObservabilityPipelineConfigProcessorGroupProcessorParseGrokRule[];
70225
+ }
70226
+ export interface ObservabilityPipelineConfigProcessorGroupProcessorParseGrokIncludeRule {
70227
+ /**
70228
+ * A Datadog search query used to determine which logs this Grok rule targets.
70229
+ */
70230
+ include: string;
70231
+ /**
70232
+ * A list of Grok parsing rules that define how to extract fields. Each rule must contain a name and a valid Grok pattern.
70233
+ */
70234
+ matchRules: outputs.ObservabilityPipelineConfigProcessorGroupProcessorParseGrokIncludeRuleMatchRule[];
70235
+ /**
70236
+ * A list of helper Grok rules that can be referenced by the parsing rules.
70237
+ */
70238
+ supportRules?: outputs.ObservabilityPipelineConfigProcessorGroupProcessorParseGrokIncludeRuleSupportRule[];
70239
+ }
70240
+ export interface ObservabilityPipelineConfigProcessorGroupProcessorParseGrokIncludeRuleMatchRule {
70241
+ /**
70242
+ * The name of the rule.
70243
+ */
70244
+ name: string;
70245
+ /**
70246
+ * The definition of the Grok rule.
70247
+ */
70248
+ rule: string;
70249
+ }
70250
+ export interface ObservabilityPipelineConfigProcessorGroupProcessorParseGrokIncludeRuleSupportRule {
70251
+ /**
70252
+ * The name of the helper Grok rule.
70253
+ */
70254
+ name: string;
70255
+ /**
70256
+ * The definition of the helper Grok rule.
70257
+ */
70258
+ rule: string;
70062
70259
  }
70063
70260
  export interface ObservabilityPipelineConfigProcessorGroupProcessorParseGrokRule {
70064
70261
  /**
70065
- * A list of Grok parsing rules that define how to extract fields from the source field. Each rule must contain a name and a valid Grok pattern.
70262
+ * A list of Grok parsing rules that define how to extract fields. Each rule must contain a name and a valid Grok pattern.
70066
70263
  */
70067
70264
  matchRules: outputs.ObservabilityPipelineConfigProcessorGroupProcessorParseGrokRuleMatchRule[];
70068
70265
  /**
@@ -70561,6 +70758,10 @@ export interface ObservabilityPipelineConfigSource {
70561
70758
  * The `syslogNg` source listens for logs over TCP or UDP from a `syslog-ng` server using the syslog protocol.
70562
70759
  */
70563
70760
  syslogNgs?: outputs.ObservabilityPipelineConfigSourceSyslogNg[];
70761
+ /**
70762
+ * The `websocket` source establishes a persistent WebSocket connection to a remote endpoint and ingests log events as they are pushed by the server.
70763
+ */
70764
+ websocket?: outputs.ObservabilityPipelineConfigSourceWebsocket;
70564
70765
  }
70565
70766
  export interface ObservabilityPipelineConfigSourceAmazonDataFirehose {
70566
70767
  /**
@@ -71316,6 +71517,62 @@ export interface ObservabilityPipelineConfigSourceSyslogNgTls {
71316
71517
  */
71317
71518
  verifyCertificate?: boolean;
71318
71519
  }
71520
+ export interface ObservabilityPipelineConfigSourceWebsocket {
71521
+ /**
71522
+ * The authentication strategy used when connecting to the WebSocket server. Valid values are `none`, `basic`, `bearer`, `custom`.
71523
+ */
71524
+ authStrategy: string;
71525
+ /**
71526
+ * Name of the environment variable or secret that holds a custom header value. Used when `authStrategy` is `custom`.
71527
+ */
71528
+ customKey?: string;
71529
+ /**
71530
+ * The decoding format used to interpret incoming log events. Valid values are `bytes`, `gelf`, `json`, `syslog`.
71531
+ */
71532
+ decoding: string;
71533
+ /**
71534
+ * Name of the environment variable or secret that holds the password. Used when `authStrategy` is `basic`.
71535
+ */
71536
+ passwordKey?: string;
71537
+ /**
71538
+ * TLS configuration for the WebSocket connection. Set `mode` to `enabled` for server-certificate validation only, or `withClientCert` to additionally present a client certificate.
71539
+ */
71540
+ tls?: outputs.ObservabilityPipelineConfigSourceWebsocketTls;
71541
+ /**
71542
+ * Name of the environment variable or secret that holds the bearer token. Used when `authStrategy` is `bearer`.
71543
+ */
71544
+ tokenKey?: string;
71545
+ /**
71546
+ * Name of the environment variable or secret that holds the WebSocket URI to connect to.
71547
+ */
71548
+ uriKey?: string;
71549
+ /**
71550
+ * Name of the environment variable or secret that holds the username. Used when `authStrategy` is `basic`.
71551
+ */
71552
+ usernameKey?: string;
71553
+ }
71554
+ export interface ObservabilityPipelineConfigSourceWebsocketTls {
71555
+ /**
71556
+ * Path to the Certificate Authority (CA) file used to validate the server's TLS certificate.
71557
+ */
71558
+ caFile?: string;
71559
+ /**
71560
+ * Path to the client certificate file. Required when `mode` is `withClientCert`.
71561
+ */
71562
+ crtFile?: string;
71563
+ /**
71564
+ * Path to the private key file associated with the client certificate.
71565
+ */
71566
+ keyFile?: string;
71567
+ /**
71568
+ * Name of the environment variable or secret that holds the passphrase for the private key file.
71569
+ */
71570
+ keyPassKey?: string;
71571
+ /**
71572
+ * The TLS mode. Use `enabled` for server-only TLS, or `withClientCert` for mutual TLS with a client certificate. Valid values are `enabled`, `withClientCert`.
71573
+ */
71574
+ mode: string;
71575
+ }
71319
71576
  export interface OnCallEscalationPolicyStep {
71320
71577
  /**
71321
71578
  * Specifies how this escalation step will assign targets. Can be `default` (page all targets at once) or `round-robin`. Valid values are `default`, `round-robin`. Defaults to `"default"`.