@pulumi/tailscale 0.24.0 → 0.25.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/acl.d.ts +3 -3
- package/acl.js +3 -3
- package/awsExternalId.d.ts +51 -0
- package/awsExternalId.js +51 -0
- package/awsExternalId.js.map +1 -1
- package/getDevice.d.ts +56 -0
- package/getDevice.js.map +1 -1
- package/getUsers.d.ts +6 -6
- package/logstreamConfiguration.d.ts +80 -12
- package/logstreamConfiguration.js +28 -0
- package/logstreamConfiguration.js.map +1 -1
- package/package.json +2 -2
- package/postureIntegration.d.ts +3 -3
- package/postureIntegration.js +3 -1
- package/postureIntegration.js.map +1 -1
- package/types/output.d.ts +56 -0
- package/webhook.d.ts +6 -6
package/acl.d.ts
CHANGED
|
@@ -24,9 +24,9 @@ import * as pulumi from "@pulumi/pulumi";
|
|
|
24
24
|
* \\"grants\\": [
|
|
25
25
|
* {
|
|
26
26
|
* // Allow all users access to all ports.
|
|
27
|
-
* \\"src\\"
|
|
28
|
-
* \\"dst\\"
|
|
29
|
-
* \\"ip\\"
|
|
27
|
+
* \\"src\\": [\\"*\\"],
|
|
28
|
+
* \\"dst\\": [\\"*\\"],
|
|
29
|
+
* \\"ip\\": [\\"*\\"],
|
|
30
30
|
* },
|
|
31
31
|
* ],
|
|
32
32
|
* }
|
package/acl.js
CHANGED
|
@@ -30,9 +30,9 @@ const utilities = require("./utilities");
|
|
|
30
30
|
* \\"grants\\": [
|
|
31
31
|
* {
|
|
32
32
|
* // Allow all users access to all ports.
|
|
33
|
-
* \\"src\\"
|
|
34
|
-
* \\"dst\\"
|
|
35
|
-
* \\"ip\\"
|
|
33
|
+
* \\"src\\": [\\"*\\"],
|
|
34
|
+
* \\"dst\\": [\\"*\\"],
|
|
35
|
+
* \\"ip\\": [\\"*\\"],
|
|
36
36
|
* },
|
|
37
37
|
* ],
|
|
38
38
|
* }
|
package/awsExternalId.d.ts
CHANGED
|
@@ -1,6 +1,57 @@
|
|
|
1
1
|
import * as pulumi from "@pulumi/pulumi";
|
|
2
2
|
/**
|
|
3
3
|
* The awsExternalId resource allows you to mint an AWS External ID that Tailscale can use to assume an AWS IAM role that you create for the purposes of allowing Tailscale to stream logs to your S3 bucket. See the logstreamConfiguration resource for more details.
|
|
4
|
+
*
|
|
5
|
+
* ## Example Usage
|
|
6
|
+
*
|
|
7
|
+
* ```typescript
|
|
8
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
9
|
+
* import * as aws from "@pulumi/aws";
|
|
10
|
+
* import * as tailscale from "@pulumi/tailscale";
|
|
11
|
+
*
|
|
12
|
+
* const prod = new tailscale.AwsExternalId("prod", {});
|
|
13
|
+
* const tailscaleAssumeRole = aws.index.IamPolicyDocument({
|
|
14
|
+
* statement: [{
|
|
15
|
+
* actions: ["sts:AssumeRole"],
|
|
16
|
+
* principals: [{
|
|
17
|
+
* type: "AWS",
|
|
18
|
+
* identifiers: [prod.tailscaleAwsAccountId],
|
|
19
|
+
* }],
|
|
20
|
+
* condition: [{
|
|
21
|
+
* test: "StringEquals",
|
|
22
|
+
* variable: "sts:ExternalId",
|
|
23
|
+
* values: [prod.externalId],
|
|
24
|
+
* }],
|
|
25
|
+
* }],
|
|
26
|
+
* });
|
|
27
|
+
* const logsWriterIamRole = new aws.index.IamRole("logs_writer", {
|
|
28
|
+
* name: "logs-writer",
|
|
29
|
+
* assumeRolePolicy: tailscaleAssumeRole.json,
|
|
30
|
+
* });
|
|
31
|
+
* const configurationLogs = new tailscale.LogstreamConfiguration("configuration_logs", {
|
|
32
|
+
* logType: "configuration",
|
|
33
|
+
* destinationType: "s3",
|
|
34
|
+
* s3Bucket: tailscaleLogs.id,
|
|
35
|
+
* s3Region: "us-west-2",
|
|
36
|
+
* s3AuthenticationType: "rolearn",
|
|
37
|
+
* s3RoleArn: logsWriterIamRole.arn,
|
|
38
|
+
* s3ExternalId: prod.externalId,
|
|
39
|
+
* });
|
|
40
|
+
* const logsWriter = aws.index.IamPolicyDocument({
|
|
41
|
+
* statement: [{
|
|
42
|
+
* effect: "Allow",
|
|
43
|
+
* actions: ["s3:*"],
|
|
44
|
+
* resources: [
|
|
45
|
+
* "arn:aws:s3:::example-bucket",
|
|
46
|
+
* "arn:aws:s3:::example-bucket/*",
|
|
47
|
+
* ],
|
|
48
|
+
* }],
|
|
49
|
+
* });
|
|
50
|
+
* const logsWriterIamRolePolicy = new aws.index.IamRolePolicy("logs_writer", {
|
|
51
|
+
* role: logsWriterIamRole.id,
|
|
52
|
+
* policy: logsWriter.json,
|
|
53
|
+
* });
|
|
54
|
+
* ```
|
|
4
55
|
*/
|
|
5
56
|
export declare class AwsExternalId extends pulumi.CustomResource {
|
|
6
57
|
/**
|
package/awsExternalId.js
CHANGED
|
@@ -7,6 +7,57 @@ const pulumi = require("@pulumi/pulumi");
|
|
|
7
7
|
const utilities = require("./utilities");
|
|
8
8
|
/**
|
|
9
9
|
* The awsExternalId resource allows you to mint an AWS External ID that Tailscale can use to assume an AWS IAM role that you create for the purposes of allowing Tailscale to stream logs to your S3 bucket. See the logstreamConfiguration resource for more details.
|
|
10
|
+
*
|
|
11
|
+
* ## Example Usage
|
|
12
|
+
*
|
|
13
|
+
* ```typescript
|
|
14
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
15
|
+
* import * as aws from "@pulumi/aws";
|
|
16
|
+
* import * as tailscale from "@pulumi/tailscale";
|
|
17
|
+
*
|
|
18
|
+
* const prod = new tailscale.AwsExternalId("prod", {});
|
|
19
|
+
* const tailscaleAssumeRole = aws.index.IamPolicyDocument({
|
|
20
|
+
* statement: [{
|
|
21
|
+
* actions: ["sts:AssumeRole"],
|
|
22
|
+
* principals: [{
|
|
23
|
+
* type: "AWS",
|
|
24
|
+
* identifiers: [prod.tailscaleAwsAccountId],
|
|
25
|
+
* }],
|
|
26
|
+
* condition: [{
|
|
27
|
+
* test: "StringEquals",
|
|
28
|
+
* variable: "sts:ExternalId",
|
|
29
|
+
* values: [prod.externalId],
|
|
30
|
+
* }],
|
|
31
|
+
* }],
|
|
32
|
+
* });
|
|
33
|
+
* const logsWriterIamRole = new aws.index.IamRole("logs_writer", {
|
|
34
|
+
* name: "logs-writer",
|
|
35
|
+
* assumeRolePolicy: tailscaleAssumeRole.json,
|
|
36
|
+
* });
|
|
37
|
+
* const configurationLogs = new tailscale.LogstreamConfiguration("configuration_logs", {
|
|
38
|
+
* logType: "configuration",
|
|
39
|
+
* destinationType: "s3",
|
|
40
|
+
* s3Bucket: tailscaleLogs.id,
|
|
41
|
+
* s3Region: "us-west-2",
|
|
42
|
+
* s3AuthenticationType: "rolearn",
|
|
43
|
+
* s3RoleArn: logsWriterIamRole.arn,
|
|
44
|
+
* s3ExternalId: prod.externalId,
|
|
45
|
+
* });
|
|
46
|
+
* const logsWriter = aws.index.IamPolicyDocument({
|
|
47
|
+
* statement: [{
|
|
48
|
+
* effect: "Allow",
|
|
49
|
+
* actions: ["s3:*"],
|
|
50
|
+
* resources: [
|
|
51
|
+
* "arn:aws:s3:::example-bucket",
|
|
52
|
+
* "arn:aws:s3:::example-bucket/*",
|
|
53
|
+
* ],
|
|
54
|
+
* }],
|
|
55
|
+
* });
|
|
56
|
+
* const logsWriterIamRolePolicy = new aws.index.IamRolePolicy("logs_writer", {
|
|
57
|
+
* role: logsWriterIamRole.id,
|
|
58
|
+
* policy: logsWriter.json,
|
|
59
|
+
* });
|
|
60
|
+
* ```
|
|
10
61
|
*/
|
|
11
62
|
class AwsExternalId extends pulumi.CustomResource {
|
|
12
63
|
/**
|
package/awsExternalId.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"awsExternalId.js","sourceRoot":"","sources":["../awsExternalId.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC
|
|
1
|
+
{"version":3,"file":"awsExternalId.js","sourceRoot":"","sources":["../awsExternalId.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqDG;AACH,MAAa,aAAc,SAAQ,MAAM,CAAC,cAAc;IACpD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAA0B,EAAE,IAAmC;QACxH,OAAO,IAAI,aAAa,CAAC,IAAI,EAAO,KAAK,EAAE,EAAE,GAAG,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IACpE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,aAAa,CAAC,YAAY,CAAC;IAC9D,CAAC;IAmBD,YAAY,IAAY,EAAE,WAAoD,EAAE,IAAmC;QAC/G,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAA6C,CAAC;YAC5D,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,EAAE,UAAU,CAAC;YACjD,cAAc,CAAC,uBAAuB,CAAC,GAAG,KAAK,EAAE,qBAAqB,CAAC;SAC1E;aAAM;YACH,MAAM,IAAI,GAAG,WAA4C,CAAC;YAC1D,cAAc,CAAC,YAAY,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACjD,cAAc,CAAC,uBAAuB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SAC/D;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,aAAa,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAClE,CAAC;;AA3DL,sCA4DC;AA9CG,gBAAgB;AACO,0BAAY,GAAG,6CAA6C,CAAC"}
|
package/getDevice.d.ts
CHANGED
|
@@ -44,6 +44,26 @@ export interface GetDeviceResult {
|
|
|
44
44
|
* The list of device's IPs
|
|
45
45
|
*/
|
|
46
46
|
readonly addresses: string[];
|
|
47
|
+
/**
|
|
48
|
+
* Whether the device is authorized to access the tailnet
|
|
49
|
+
*/
|
|
50
|
+
readonly authorized: boolean;
|
|
51
|
+
/**
|
|
52
|
+
* Whether the device blocks incoming connections
|
|
53
|
+
*/
|
|
54
|
+
readonly blocksIncomingConnections: boolean;
|
|
55
|
+
/**
|
|
56
|
+
* The Tailscale client version running on the device
|
|
57
|
+
*/
|
|
58
|
+
readonly clientVersion: string;
|
|
59
|
+
/**
|
|
60
|
+
* The creation time of the device
|
|
61
|
+
*/
|
|
62
|
+
readonly created: string;
|
|
63
|
+
/**
|
|
64
|
+
* The expiry time of the device's key
|
|
65
|
+
*/
|
|
66
|
+
readonly expires: string;
|
|
47
67
|
/**
|
|
48
68
|
* The short hostname of the device
|
|
49
69
|
*/
|
|
@@ -52,6 +72,22 @@ export interface GetDeviceResult {
|
|
|
52
72
|
* The provider-assigned unique ID for this managed resource.
|
|
53
73
|
*/
|
|
54
74
|
readonly id: string;
|
|
75
|
+
/**
|
|
76
|
+
* Whether the device is marked as external
|
|
77
|
+
*/
|
|
78
|
+
readonly isExternal: boolean;
|
|
79
|
+
/**
|
|
80
|
+
* Whether the device's key expiry is disabled
|
|
81
|
+
*/
|
|
82
|
+
readonly keyExpiryDisabled: boolean;
|
|
83
|
+
/**
|
|
84
|
+
* The last seen time of the device
|
|
85
|
+
*/
|
|
86
|
+
readonly lastSeen: string;
|
|
87
|
+
/**
|
|
88
|
+
* The machine key of the device
|
|
89
|
+
*/
|
|
90
|
+
readonly machineKey: string;
|
|
55
91
|
/**
|
|
56
92
|
* The full name of the device (e.g. `hostname.domain.ts.net`)
|
|
57
93
|
*/
|
|
@@ -60,10 +96,30 @@ export interface GetDeviceResult {
|
|
|
60
96
|
* The preferred indentifier for a device.
|
|
61
97
|
*/
|
|
62
98
|
readonly nodeId: string;
|
|
99
|
+
/**
|
|
100
|
+
* The node key of the device
|
|
101
|
+
*/
|
|
102
|
+
readonly nodeKey: string;
|
|
103
|
+
/**
|
|
104
|
+
* The operating system of the device
|
|
105
|
+
*/
|
|
106
|
+
readonly os: string;
|
|
63
107
|
/**
|
|
64
108
|
* The tags applied to the device
|
|
65
109
|
*/
|
|
66
110
|
readonly tags: string[];
|
|
111
|
+
/**
|
|
112
|
+
* The tailnet lock error for the device, if any
|
|
113
|
+
*/
|
|
114
|
+
readonly tailnetLockError: string;
|
|
115
|
+
/**
|
|
116
|
+
* The tailnet lock key for the device, if any
|
|
117
|
+
*/
|
|
118
|
+
readonly tailnetLockKey: string;
|
|
119
|
+
/**
|
|
120
|
+
* Whether an update is available for the device
|
|
121
|
+
*/
|
|
122
|
+
readonly updateAvailable: boolean;
|
|
67
123
|
/**
|
|
68
124
|
* The user associated with the device
|
|
69
125
|
*/
|
package/getDevice.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"getDevice.js","sourceRoot":"","sources":["../getDevice.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;GAkBG;AACH,SAAgB,SAAS,CAAC,IAAoB,EAAE,IAA2B;IACvE,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;IAClB,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;IACzE,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,qCAAqC,EAAE;QAChE,UAAU,EAAE,IAAI,CAAC,QAAQ;QACzB,MAAM,EAAE,IAAI,CAAC,IAAI;QACjB,SAAS,EAAE,IAAI,CAAC,OAAO;KAC1B,EAAE,IAAI,CAAC,CAAC;AACb,CAAC;AARD,8BAQC;
|
|
1
|
+
{"version":3,"file":"getDevice.js","sourceRoot":"","sources":["../getDevice.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;GAkBG;AACH,SAAgB,SAAS,CAAC,IAAoB,EAAE,IAA2B;IACvE,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;IAClB,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;IACzE,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,qCAAqC,EAAE;QAChE,UAAU,EAAE,IAAI,CAAC,QAAQ;QACzB,MAAM,EAAE,IAAI,CAAC,IAAI;QACjB,SAAS,EAAE,IAAI,CAAC,OAAO;KAC1B,EAAE,IAAI,CAAC,CAAC;AACb,CAAC;AARD,8BAQC;AAiHD;;;;;;;;;;;;;;;;;;GAkBG;AACH,SAAgB,eAAe,CAAC,IAA0B,EAAE,IAAiC;IACzF,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;IAClB,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;IACzE,OAAO,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,qCAAqC,EAAE;QACtE,UAAU,EAAE,IAAI,CAAC,QAAQ;QACzB,MAAM,EAAE,IAAI,CAAC,IAAI;QACjB,SAAS,EAAE,IAAI,CAAC,OAAO;KAC1B,EAAE,IAAI,CAAC,CAAC;AACb,CAAC;AARD,0CAQC"}
|
package/getUsers.d.ts
CHANGED
|
@@ -18,11 +18,11 @@ export declare function getUsers(args?: GetUsersArgs, opts?: pulumi.InvokeOption
|
|
|
18
18
|
*/
|
|
19
19
|
export interface GetUsersArgs {
|
|
20
20
|
/**
|
|
21
|
-
*
|
|
21
|
+
* Filter the results to only include users with a specific role. Valid values are `owner`, `member`, `admin`, `it-admin`, `network-admin`, `billing-admin`, and `auditor`.
|
|
22
22
|
*/
|
|
23
23
|
role?: string;
|
|
24
24
|
/**
|
|
25
|
-
*
|
|
25
|
+
* Filter the results to only include users of a specific type. Valid values are `member` or `shared`.
|
|
26
26
|
*/
|
|
27
27
|
type?: string;
|
|
28
28
|
}
|
|
@@ -35,11 +35,11 @@ export interface GetUsersResult {
|
|
|
35
35
|
*/
|
|
36
36
|
readonly id: string;
|
|
37
37
|
/**
|
|
38
|
-
*
|
|
38
|
+
* Filter the results to only include users with a specific role. Valid values are `owner`, `member`, `admin`, `it-admin`, `network-admin`, `billing-admin`, and `auditor`.
|
|
39
39
|
*/
|
|
40
40
|
readonly role?: string;
|
|
41
41
|
/**
|
|
42
|
-
*
|
|
42
|
+
* Filter the results to only include users of a specific type. Valid values are `member` or `shared`.
|
|
43
43
|
*/
|
|
44
44
|
readonly type?: string;
|
|
45
45
|
/**
|
|
@@ -65,11 +65,11 @@ export declare function getUsersOutput(args?: GetUsersOutputArgs, opts?: pulumi.
|
|
|
65
65
|
*/
|
|
66
66
|
export interface GetUsersOutputArgs {
|
|
67
67
|
/**
|
|
68
|
-
*
|
|
68
|
+
* Filter the results to only include users with a specific role. Valid values are `owner`, `member`, `admin`, `it-admin`, `network-admin`, `billing-admin`, and `auditor`.
|
|
69
69
|
*/
|
|
70
70
|
role?: pulumi.Input<string>;
|
|
71
71
|
/**
|
|
72
|
-
*
|
|
72
|
+
* Filter the results to only include users of a specific type. Valid values are `member` or `shared`.
|
|
73
73
|
*/
|
|
74
74
|
type?: pulumi.Input<string>;
|
|
75
75
|
}
|
|
@@ -36,6 +36,26 @@ import * as pulumi from "@pulumi/pulumi";
|
|
|
36
36
|
* s3AccessKeyId: "some-access-key",
|
|
37
37
|
* s3SecretAccessKey: "some-secret-key",
|
|
38
38
|
* });
|
|
39
|
+
* // Example configuration for a GCS logstreaming endpoint using workload identity
|
|
40
|
+
* const sampleLogstreamConfigurationGcsWif = new tailscale.LogstreamConfiguration("sample_logstream_configuration_gcs_wif", {
|
|
41
|
+
* logType: "configuration",
|
|
42
|
+
* destinationType: "gcs",
|
|
43
|
+
* gcsBucket: "example-gcs-bucket",
|
|
44
|
+
* gcsCredentials: JSON.stringify({
|
|
45
|
+
* type: "external_account",
|
|
46
|
+
* audience: "//iam.googleapis.com/projects/12345678/locations/global/workloadIdentityPools/example-pool/providers/example-provider",
|
|
47
|
+
* subject_token_type: "urn:ietf:params:aws:token-type:aws4_request",
|
|
48
|
+
* service_account_impersonation_url: "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/example@example.iam.gserviceaccount.com:generateAccessToken",
|
|
49
|
+
* token_url: "https://sts.googleapis.com/v1/token",
|
|
50
|
+
* credential_source: {
|
|
51
|
+
* environment_id: "aws1",
|
|
52
|
+
* region_url: "http://169.254.169.254/latest/meta-data/placement/availability-zone",
|
|
53
|
+
* url: "http://169.254.169.254/latest/meta-data/iam/security-credentials",
|
|
54
|
+
* regional_cred_verification_url: "https://sts.{region}.amazonaws.com?Action=GetCallerIdentity&Version=2011-06-15",
|
|
55
|
+
* imdsv2_session_token_url: "http://169.254.169.254/latest/api/token",
|
|
56
|
+
* },
|
|
57
|
+
* }),
|
|
58
|
+
* });
|
|
39
59
|
* ```
|
|
40
60
|
*
|
|
41
61
|
* ## Import
|
|
@@ -65,15 +85,31 @@ export declare class LogstreamConfiguration extends pulumi.CustomResource {
|
|
|
65
85
|
*/
|
|
66
86
|
static isInstance(obj: any): obj is LogstreamConfiguration;
|
|
67
87
|
/**
|
|
68
|
-
* The compression algorithm
|
|
88
|
+
* The compression algorithm used for logs. Valid values are `none`, `zstd` or `gzip`. Defaults to `none`.
|
|
69
89
|
*/
|
|
70
90
|
readonly compressionFormat: pulumi.Output<string | undefined>;
|
|
71
91
|
/**
|
|
72
|
-
* The type of
|
|
92
|
+
* The type of SIEM platform to stream to. Valid values are `axiom`, `cribl`, `datadog`, `elastic`, `gcs`, `panther`, `splunk`, and `s3`.
|
|
73
93
|
*/
|
|
74
94
|
readonly destinationType: pulumi.Output<string>;
|
|
75
95
|
/**
|
|
76
|
-
* The
|
|
96
|
+
* The name of the GCS bucket
|
|
97
|
+
*/
|
|
98
|
+
readonly gcsBucket: pulumi.Output<string | undefined>;
|
|
99
|
+
/**
|
|
100
|
+
* The encoded string of JSON that is used to authenticate for workload identity in GCS
|
|
101
|
+
*/
|
|
102
|
+
readonly gcsCredentials: pulumi.Output<string | undefined>;
|
|
103
|
+
/**
|
|
104
|
+
* The GCS key prefix for the bucket
|
|
105
|
+
*/
|
|
106
|
+
readonly gcsKeyPrefix: pulumi.Output<string | undefined>;
|
|
107
|
+
/**
|
|
108
|
+
* The GCS scopes needed to be able to write in the bucket
|
|
109
|
+
*/
|
|
110
|
+
readonly gcsScopes: pulumi.Output<string[] | undefined>;
|
|
111
|
+
/**
|
|
112
|
+
* The type of logs to stream. Valid values are `configuration` (configuration audit logs) and `network` (network flow logs).
|
|
77
113
|
*/
|
|
78
114
|
readonly logType: pulumi.Output<string>;
|
|
79
115
|
/**
|
|
@@ -81,7 +117,7 @@ export declare class LogstreamConfiguration extends pulumi.CustomResource {
|
|
|
81
117
|
*/
|
|
82
118
|
readonly s3AccessKeyId: pulumi.Output<string | undefined>;
|
|
83
119
|
/**
|
|
84
|
-
*
|
|
120
|
+
* The type of authentication to use for S3. Required if destinationType is `s3`. Valid values are `accesskey` and `rolearn`. Tailscale recommends using `rolearn`.
|
|
85
121
|
*/
|
|
86
122
|
readonly s3AuthenticationType: pulumi.Output<string | undefined>;
|
|
87
123
|
/**
|
|
@@ -138,15 +174,31 @@ export declare class LogstreamConfiguration extends pulumi.CustomResource {
|
|
|
138
174
|
*/
|
|
139
175
|
export interface LogstreamConfigurationState {
|
|
140
176
|
/**
|
|
141
|
-
* The compression algorithm
|
|
177
|
+
* The compression algorithm used for logs. Valid values are `none`, `zstd` or `gzip`. Defaults to `none`.
|
|
142
178
|
*/
|
|
143
179
|
compressionFormat?: pulumi.Input<string>;
|
|
144
180
|
/**
|
|
145
|
-
* The type of
|
|
181
|
+
* The type of SIEM platform to stream to. Valid values are `axiom`, `cribl`, `datadog`, `elastic`, `gcs`, `panther`, `splunk`, and `s3`.
|
|
146
182
|
*/
|
|
147
183
|
destinationType?: pulumi.Input<string>;
|
|
148
184
|
/**
|
|
149
|
-
* The
|
|
185
|
+
* The name of the GCS bucket
|
|
186
|
+
*/
|
|
187
|
+
gcsBucket?: pulumi.Input<string>;
|
|
188
|
+
/**
|
|
189
|
+
* The encoded string of JSON that is used to authenticate for workload identity in GCS
|
|
190
|
+
*/
|
|
191
|
+
gcsCredentials?: pulumi.Input<string>;
|
|
192
|
+
/**
|
|
193
|
+
* The GCS key prefix for the bucket
|
|
194
|
+
*/
|
|
195
|
+
gcsKeyPrefix?: pulumi.Input<string>;
|
|
196
|
+
/**
|
|
197
|
+
* The GCS scopes needed to be able to write in the bucket
|
|
198
|
+
*/
|
|
199
|
+
gcsScopes?: pulumi.Input<pulumi.Input<string>[]>;
|
|
200
|
+
/**
|
|
201
|
+
* The type of logs to stream. Valid values are `configuration` (configuration audit logs) and `network` (network flow logs).
|
|
150
202
|
*/
|
|
151
203
|
logType?: pulumi.Input<string>;
|
|
152
204
|
/**
|
|
@@ -154,7 +206,7 @@ export interface LogstreamConfigurationState {
|
|
|
154
206
|
*/
|
|
155
207
|
s3AccessKeyId?: pulumi.Input<string>;
|
|
156
208
|
/**
|
|
157
|
-
*
|
|
209
|
+
* The type of authentication to use for S3. Required if destinationType is `s3`. Valid values are `accesskey` and `rolearn`. Tailscale recommends using `rolearn`.
|
|
158
210
|
*/
|
|
159
211
|
s3AuthenticationType?: pulumi.Input<string>;
|
|
160
212
|
/**
|
|
@@ -203,15 +255,31 @@ export interface LogstreamConfigurationState {
|
|
|
203
255
|
*/
|
|
204
256
|
export interface LogstreamConfigurationArgs {
|
|
205
257
|
/**
|
|
206
|
-
* The compression algorithm
|
|
258
|
+
* The compression algorithm used for logs. Valid values are `none`, `zstd` or `gzip`. Defaults to `none`.
|
|
207
259
|
*/
|
|
208
260
|
compressionFormat?: pulumi.Input<string>;
|
|
209
261
|
/**
|
|
210
|
-
* The type of
|
|
262
|
+
* The type of SIEM platform to stream to. Valid values are `axiom`, `cribl`, `datadog`, `elastic`, `gcs`, `panther`, `splunk`, and `s3`.
|
|
211
263
|
*/
|
|
212
264
|
destinationType: pulumi.Input<string>;
|
|
213
265
|
/**
|
|
214
|
-
* The
|
|
266
|
+
* The name of the GCS bucket
|
|
267
|
+
*/
|
|
268
|
+
gcsBucket?: pulumi.Input<string>;
|
|
269
|
+
/**
|
|
270
|
+
* The encoded string of JSON that is used to authenticate for workload identity in GCS
|
|
271
|
+
*/
|
|
272
|
+
gcsCredentials?: pulumi.Input<string>;
|
|
273
|
+
/**
|
|
274
|
+
* The GCS key prefix for the bucket
|
|
275
|
+
*/
|
|
276
|
+
gcsKeyPrefix?: pulumi.Input<string>;
|
|
277
|
+
/**
|
|
278
|
+
* The GCS scopes needed to be able to write in the bucket
|
|
279
|
+
*/
|
|
280
|
+
gcsScopes?: pulumi.Input<pulumi.Input<string>[]>;
|
|
281
|
+
/**
|
|
282
|
+
* The type of logs to stream. Valid values are `configuration` (configuration audit logs) and `network` (network flow logs).
|
|
215
283
|
*/
|
|
216
284
|
logType: pulumi.Input<string>;
|
|
217
285
|
/**
|
|
@@ -219,7 +287,7 @@ export interface LogstreamConfigurationArgs {
|
|
|
219
287
|
*/
|
|
220
288
|
s3AccessKeyId?: pulumi.Input<string>;
|
|
221
289
|
/**
|
|
222
|
-
*
|
|
290
|
+
* The type of authentication to use for S3. Required if destinationType is `s3`. Valid values are `accesskey` and `rolearn`. Tailscale recommends using `rolearn`.
|
|
223
291
|
*/
|
|
224
292
|
s3AuthenticationType?: pulumi.Input<string>;
|
|
225
293
|
/**
|
|
@@ -42,6 +42,26 @@ const utilities = require("./utilities");
|
|
|
42
42
|
* s3AccessKeyId: "some-access-key",
|
|
43
43
|
* s3SecretAccessKey: "some-secret-key",
|
|
44
44
|
* });
|
|
45
|
+
* // Example configuration for a GCS logstreaming endpoint using workload identity
|
|
46
|
+
* const sampleLogstreamConfigurationGcsWif = new tailscale.LogstreamConfiguration("sample_logstream_configuration_gcs_wif", {
|
|
47
|
+
* logType: "configuration",
|
|
48
|
+
* destinationType: "gcs",
|
|
49
|
+
* gcsBucket: "example-gcs-bucket",
|
|
50
|
+
* gcsCredentials: JSON.stringify({
|
|
51
|
+
* type: "external_account",
|
|
52
|
+
* audience: "//iam.googleapis.com/projects/12345678/locations/global/workloadIdentityPools/example-pool/providers/example-provider",
|
|
53
|
+
* subject_token_type: "urn:ietf:params:aws:token-type:aws4_request",
|
|
54
|
+
* service_account_impersonation_url: "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/example@example.iam.gserviceaccount.com:generateAccessToken",
|
|
55
|
+
* token_url: "https://sts.googleapis.com/v1/token",
|
|
56
|
+
* credential_source: {
|
|
57
|
+
* environment_id: "aws1",
|
|
58
|
+
* region_url: "http://169.254.169.254/latest/meta-data/placement/availability-zone",
|
|
59
|
+
* url: "http://169.254.169.254/latest/meta-data/iam/security-credentials",
|
|
60
|
+
* regional_cred_verification_url: "https://sts.{region}.amazonaws.com?Action=GetCallerIdentity&Version=2011-06-15",
|
|
61
|
+
* imdsv2_session_token_url: "http://169.254.169.254/latest/api/token",
|
|
62
|
+
* },
|
|
63
|
+
* }),
|
|
64
|
+
* });
|
|
45
65
|
* ```
|
|
46
66
|
*
|
|
47
67
|
* ## Import
|
|
@@ -84,6 +104,10 @@ class LogstreamConfiguration extends pulumi.CustomResource {
|
|
|
84
104
|
const state = argsOrState;
|
|
85
105
|
resourceInputs["compressionFormat"] = state?.compressionFormat;
|
|
86
106
|
resourceInputs["destinationType"] = state?.destinationType;
|
|
107
|
+
resourceInputs["gcsBucket"] = state?.gcsBucket;
|
|
108
|
+
resourceInputs["gcsCredentials"] = state?.gcsCredentials;
|
|
109
|
+
resourceInputs["gcsKeyPrefix"] = state?.gcsKeyPrefix;
|
|
110
|
+
resourceInputs["gcsScopes"] = state?.gcsScopes;
|
|
87
111
|
resourceInputs["logType"] = state?.logType;
|
|
88
112
|
resourceInputs["s3AccessKeyId"] = state?.s3AccessKeyId;
|
|
89
113
|
resourceInputs["s3AuthenticationType"] = state?.s3AuthenticationType;
|
|
@@ -108,6 +132,10 @@ class LogstreamConfiguration extends pulumi.CustomResource {
|
|
|
108
132
|
}
|
|
109
133
|
resourceInputs["compressionFormat"] = args?.compressionFormat;
|
|
110
134
|
resourceInputs["destinationType"] = args?.destinationType;
|
|
135
|
+
resourceInputs["gcsBucket"] = args?.gcsBucket;
|
|
136
|
+
resourceInputs["gcsCredentials"] = args?.gcsCredentials;
|
|
137
|
+
resourceInputs["gcsKeyPrefix"] = args?.gcsKeyPrefix;
|
|
138
|
+
resourceInputs["gcsScopes"] = args?.gcsScopes;
|
|
111
139
|
resourceInputs["logType"] = args?.logType;
|
|
112
140
|
resourceInputs["s3AccessKeyId"] = args?.s3AccessKeyId;
|
|
113
141
|
resourceInputs["s3AuthenticationType"] = args?.s3AuthenticationType;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"logstreamConfiguration.js","sourceRoot":"","sources":["../logstreamConfiguration.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC
|
|
1
|
+
{"version":3,"file":"logstreamConfiguration.js","sourceRoot":"","sources":["../logstreamConfiguration.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoEG;AACH,MAAa,sBAAuB,SAAQ,MAAM,CAAC,cAAc;IAC7D;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAmC,EAAE,IAAmC;QACjI,OAAO,IAAI,sBAAsB,CAAC,IAAI,EAAO,KAAK,EAAE,EAAE,GAAG,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IAC7E,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,sBAAsB,CAAC,YAAY,CAAC;IACvE,CAAC;IAuFD,YAAY,IAAY,EAAE,WAAsE,EAAE,IAAmC;QACjI,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAsD,CAAC;YACrE,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,EAAE,iBAAiB,CAAC;YAC/D,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,EAAE,eAAe,CAAC;YAC3D,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,EAAE,SAAS,CAAC;YAC/C,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,EAAE,cAAc,CAAC;YACzD,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,EAAE,YAAY,CAAC;YACrD,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,EAAE,SAAS,CAAC;YAC/C,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,EAAE,OAAO,CAAC;YAC3C,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,EAAE,aAAa,CAAC;YACvD,cAAc,CAAC,sBAAsB,CAAC,GAAG,KAAK,EAAE,oBAAoB,CAAC;YACrE,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,EAAE,QAAQ,CAAC;YAC7C,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,EAAE,YAAY,CAAC;YACrD,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,EAAE,WAAW,CAAC;YACnD,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,EAAE,QAAQ,CAAC;YAC7C,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,EAAE,SAAS,CAAC;YAC/C,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,EAAE,iBAAiB,CAAC;YAC/D,cAAc,CAAC,OAAO,CAAC,GAAG,KAAK,EAAE,KAAK,CAAC;YACvC,cAAc,CAAC,qBAAqB,CAAC,GAAG,KAAK,EAAE,mBAAmB,CAAC;YACnE,cAAc,CAAC,KAAK,CAAC,GAAG,KAAK,EAAE,GAAG,CAAC;YACnC,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,EAAE,IAAI,CAAC;SACxC;aAAM;YACH,MAAM,IAAI,GAAG,WAAqD,CAAC;YACnE,IAAI,IAAI,EAAE,eAAe,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAClD,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;aAClE;YACD,IAAI,IAAI,EAAE,OAAO,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC1C,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;aAC1D;YACD,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,EAAE,iBAAiB,CAAC;YAC9D,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,EAAE,eAAe,CAAC;YAC1D,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,EAAE,SAAS,CAAC;YAC9C,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,EAAE,cAAc,CAAC;YACxD,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,EAAE,YAAY,CAAC;YACpD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,EAAE,SAAS,CAAC;YAC9C,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC;YAC1C,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,EAAE,aAAa,CAAC;YACtD,cAAc,CAAC,sBAAsB,CAAC,GAAG,IAAI,EAAE,oBAAoB,CAAC;YACpE,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,EAAE,QAAQ,CAAC;YAC5C,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,EAAE,YAAY,CAAC;YACpD,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,EAAE,WAAW,CAAC;YAClD,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,EAAE,QAAQ,CAAC;YAC5C,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,EAAE,SAAS,CAAC;YAC9C,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,EAAE,iBAAiB,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAClH,cAAc,CAAC,OAAO,CAAC,GAAG,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,qBAAqB,CAAC,GAAG,IAAI,EAAE,mBAAmB,CAAC;YAClE,cAAc,CAAC,KAAK,CAAC,GAAG,IAAI,EAAE,GAAG,CAAC;YAClC,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,IAAI,CAAC;SACvC;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,MAAM,UAAU,GAAG,EAAE,uBAAuB,EAAE,CAAC,mBAAmB,EAAE,OAAO,CAAC,EAAE,CAAC;QAC/E,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAC7C,KAAK,CAAC,sBAAsB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC3E,CAAC;;AAzKL,wDA0KC;AA5JG,gBAAgB;AACO,mCAAY,GAAG,+DAA+D,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@pulumi/tailscale",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.25.0",
|
|
4
4
|
"description": "A Pulumi package for creating and managing Tailscale cloud resources.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"pulumi",
|
|
@@ -23,6 +23,6 @@
|
|
|
23
23
|
"pulumi": {
|
|
24
24
|
"resource": true,
|
|
25
25
|
"name": "tailscale",
|
|
26
|
-
"version": "0.
|
|
26
|
+
"version": "0.25.0"
|
|
27
27
|
}
|
|
28
28
|
}
|
package/postureIntegration.d.ts
CHANGED
|
@@ -55,7 +55,7 @@ export declare class PostureIntegration extends pulumi.CustomResource {
|
|
|
55
55
|
*/
|
|
56
56
|
readonly cloudId: pulumi.Output<string | undefined>;
|
|
57
57
|
/**
|
|
58
|
-
* The
|
|
58
|
+
* The third-party provider for posture data. Valid values are `falcon`, `intune`, `jamfpro`, `kandji`, `kolide`, and `sentinelone`.
|
|
59
59
|
*/
|
|
60
60
|
readonly postureProvider: pulumi.Output<string>;
|
|
61
61
|
/**
|
|
@@ -88,7 +88,7 @@ export interface PostureIntegrationState {
|
|
|
88
88
|
*/
|
|
89
89
|
cloudId?: pulumi.Input<string>;
|
|
90
90
|
/**
|
|
91
|
-
* The
|
|
91
|
+
* The third-party provider for posture data. Valid values are `falcon`, `intune`, `jamfpro`, `kandji`, `kolide`, and `sentinelone`.
|
|
92
92
|
*/
|
|
93
93
|
postureProvider?: pulumi.Input<string>;
|
|
94
94
|
/**
|
|
@@ -113,7 +113,7 @@ export interface PostureIntegrationArgs {
|
|
|
113
113
|
*/
|
|
114
114
|
cloudId?: pulumi.Input<string>;
|
|
115
115
|
/**
|
|
116
|
-
* The
|
|
116
|
+
* The third-party provider for posture data. Valid values are `falcon`, `intune`, `jamfpro`, `kandji`, `kolide`, and `sentinelone`.
|
|
117
117
|
*/
|
|
118
118
|
postureProvider: pulumi.Input<string>;
|
|
119
119
|
/**
|
package/postureIntegration.js
CHANGED
|
@@ -75,12 +75,14 @@ class PostureIntegration extends pulumi.CustomResource {
|
|
|
75
75
|
throw new Error("Missing required property 'postureProvider'");
|
|
76
76
|
}
|
|
77
77
|
resourceInputs["clientId"] = args?.clientId;
|
|
78
|
-
resourceInputs["clientSecret"] = args?.clientSecret;
|
|
78
|
+
resourceInputs["clientSecret"] = args?.clientSecret ? pulumi.secret(args.clientSecret) : undefined;
|
|
79
79
|
resourceInputs["cloudId"] = args?.cloudId;
|
|
80
80
|
resourceInputs["postureProvider"] = args?.postureProvider;
|
|
81
81
|
resourceInputs["tenantId"] = args?.tenantId;
|
|
82
82
|
}
|
|
83
83
|
opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
|
|
84
|
+
const secretOpts = { additionalSecretOutputs: ["clientSecret"] };
|
|
85
|
+
opts = pulumi.mergeOptions(opts, secretOpts);
|
|
84
86
|
super(PostureIntegration.__pulumiType, name, resourceInputs, opts);
|
|
85
87
|
}
|
|
86
88
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"postureIntegration.js","sourceRoot":"","sources":["../postureIntegration.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,MAAa,kBAAmB,SAAQ,MAAM,CAAC,cAAc;IACzD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAA+B,EAAE,IAAmC;QAC7H,OAAO,IAAI,kBAAkB,CAAC,IAAI,EAAO,KAAK,EAAE,EAAE,GAAG,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IACzE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,kBAAkB,CAAC,YAAY,CAAC;IACnE,CAAC;IA+BD,YAAY,IAAY,EAAE,WAA8D,EAAE,IAAmC;QACzH,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAkD,CAAC;YACjE,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,EAAE,QAAQ,CAAC;YAC7C,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,EAAE,YAAY,CAAC;YACrD,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,EAAE,OAAO,CAAC;YAC3C,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,EAAE,eAAe,CAAC;YAC3D,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,EAAE,QAAQ,CAAC;SAChD;aAAM;YACH,MAAM,IAAI,GAAG,WAAiD,CAAC;YAC/D,IAAI,IAAI,EAAE,YAAY,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC/C,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;aAC/D;YACD,IAAI,IAAI,EAAE,eAAe,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAClD,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;aAClE;YACD,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,EAAE,QAAQ,CAAC;YAC5C,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,EAAE,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"postureIntegration.js","sourceRoot":"","sources":["../postureIntegration.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,MAAa,kBAAmB,SAAQ,MAAM,CAAC,cAAc;IACzD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAA+B,EAAE,IAAmC;QAC7H,OAAO,IAAI,kBAAkB,CAAC,IAAI,EAAO,KAAK,EAAE,EAAE,GAAG,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IACzE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,kBAAkB,CAAC,YAAY,CAAC;IACnE,CAAC;IA+BD,YAAY,IAAY,EAAE,WAA8D,EAAE,IAAmC;QACzH,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAkD,CAAC;YACjE,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,EAAE,QAAQ,CAAC;YAC7C,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,EAAE,YAAY,CAAC;YACrD,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,EAAE,OAAO,CAAC;YAC3C,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,EAAE,eAAe,CAAC;YAC3D,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,EAAE,QAAQ,CAAC;SAChD;aAAM;YACH,MAAM,IAAI,GAAG,WAAiD,CAAC;YAC/D,IAAI,IAAI,EAAE,YAAY,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC/C,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;aAC/D;YACD,IAAI,IAAI,EAAE,eAAe,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAClD,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;aAClE;YACD,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,EAAE,QAAQ,CAAC;YAC5C,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,EAAE,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACnG,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC;YAC1C,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,EAAE,eAAe,CAAC;YAC1D,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,EAAE,QAAQ,CAAC;SAC/C;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,MAAM,UAAU,GAAG,EAAE,uBAAuB,EAAE,CAAC,cAAc,CAAC,EAAE,CAAC;QACjE,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAC7C,KAAK,CAAC,kBAAkB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACvE,CAAC;;AArFL,gDAsFC;AAxEG,gBAAgB;AACO,+BAAY,GAAG,uDAAuD,CAAC"}
|
package/types/output.d.ts
CHANGED
|
@@ -52,6 +52,26 @@ export interface GetDevicesDevice {
|
|
|
52
52
|
* The list of device's IPs
|
|
53
53
|
*/
|
|
54
54
|
addresses: string[];
|
|
55
|
+
/**
|
|
56
|
+
* Whether the device is authorized to access the tailnet
|
|
57
|
+
*/
|
|
58
|
+
authorized: boolean;
|
|
59
|
+
/**
|
|
60
|
+
* Whether the device blocks incoming connections
|
|
61
|
+
*/
|
|
62
|
+
blocksIncomingConnections: boolean;
|
|
63
|
+
/**
|
|
64
|
+
* The Tailscale client version running on the device
|
|
65
|
+
*/
|
|
66
|
+
clientVersion: string;
|
|
67
|
+
/**
|
|
68
|
+
* The creation time of the device
|
|
69
|
+
*/
|
|
70
|
+
created: string;
|
|
71
|
+
/**
|
|
72
|
+
* The expiry time of the device's key
|
|
73
|
+
*/
|
|
74
|
+
expires: string;
|
|
55
75
|
/**
|
|
56
76
|
* The short hostname of the device
|
|
57
77
|
*/
|
|
@@ -60,6 +80,22 @@ export interface GetDevicesDevice {
|
|
|
60
80
|
* The legacy identifier of the device. Use nodeId instead for new resources.
|
|
61
81
|
*/
|
|
62
82
|
id: string;
|
|
83
|
+
/**
|
|
84
|
+
* Whether the device is marked as external
|
|
85
|
+
*/
|
|
86
|
+
isExternal: boolean;
|
|
87
|
+
/**
|
|
88
|
+
* Whether the device's key expiry is disabled
|
|
89
|
+
*/
|
|
90
|
+
keyExpiryDisabled: boolean;
|
|
91
|
+
/**
|
|
92
|
+
* The last seen time of the device
|
|
93
|
+
*/
|
|
94
|
+
lastSeen: string;
|
|
95
|
+
/**
|
|
96
|
+
* The machine key of the device
|
|
97
|
+
*/
|
|
98
|
+
machineKey: string;
|
|
63
99
|
/**
|
|
64
100
|
* The full name of the device (e.g. `hostname.domain.ts.net`)
|
|
65
101
|
*/
|
|
@@ -68,10 +104,30 @@ export interface GetDevicesDevice {
|
|
|
68
104
|
* The preferred indentifier for a device.
|
|
69
105
|
*/
|
|
70
106
|
nodeId: string;
|
|
107
|
+
/**
|
|
108
|
+
* The node key of the device
|
|
109
|
+
*/
|
|
110
|
+
nodeKey: string;
|
|
111
|
+
/**
|
|
112
|
+
* The operating system of the device
|
|
113
|
+
*/
|
|
114
|
+
os: string;
|
|
71
115
|
/**
|
|
72
116
|
* The tags applied to the device
|
|
73
117
|
*/
|
|
74
118
|
tags: string[];
|
|
119
|
+
/**
|
|
120
|
+
* The tailnet lock error for the device, if any
|
|
121
|
+
*/
|
|
122
|
+
tailnetLockError: string;
|
|
123
|
+
/**
|
|
124
|
+
* The tailnet lock key for the device, if any
|
|
125
|
+
*/
|
|
126
|
+
tailnetLockKey: string;
|
|
127
|
+
/**
|
|
128
|
+
* Whether an update is available for the device
|
|
129
|
+
*/
|
|
130
|
+
updateAvailable: boolean;
|
|
75
131
|
/**
|
|
76
132
|
* The user associated with the device
|
|
77
133
|
*/
|
package/webhook.d.ts
CHANGED
|
@@ -49,7 +49,7 @@ export declare class Webhook extends pulumi.CustomResource {
|
|
|
49
49
|
*/
|
|
50
50
|
readonly endpointUrl: pulumi.Output<string>;
|
|
51
51
|
/**
|
|
52
|
-
* The provider type of the endpoint URL.
|
|
52
|
+
* The provider type of the endpoint URL. This determines the payload format sent to the destination. Valid values are `slack`, `mattermost`, `googlechat`, and `discord`.
|
|
53
53
|
*/
|
|
54
54
|
readonly providerType: pulumi.Output<string | undefined>;
|
|
55
55
|
/**
|
|
@@ -57,7 +57,7 @@ export declare class Webhook extends pulumi.CustomResource {
|
|
|
57
57
|
*/
|
|
58
58
|
readonly secret: pulumi.Output<string>;
|
|
59
59
|
/**
|
|
60
|
-
* The
|
|
60
|
+
* The set of events that trigger this webhook. For a full list of event types, see the [webhooks documentation](https://tailscale.com/kb/1213/webhooks#events).
|
|
61
61
|
*/
|
|
62
62
|
readonly subscriptions: pulumi.Output<string[]>;
|
|
63
63
|
/**
|
|
@@ -78,7 +78,7 @@ export interface WebhookState {
|
|
|
78
78
|
*/
|
|
79
79
|
endpointUrl?: pulumi.Input<string>;
|
|
80
80
|
/**
|
|
81
|
-
* The provider type of the endpoint URL.
|
|
81
|
+
* The provider type of the endpoint URL. This determines the payload format sent to the destination. Valid values are `slack`, `mattermost`, `googlechat`, and `discord`.
|
|
82
82
|
*/
|
|
83
83
|
providerType?: pulumi.Input<string>;
|
|
84
84
|
/**
|
|
@@ -86,7 +86,7 @@ export interface WebhookState {
|
|
|
86
86
|
*/
|
|
87
87
|
secret?: pulumi.Input<string>;
|
|
88
88
|
/**
|
|
89
|
-
* The
|
|
89
|
+
* The set of events that trigger this webhook. For a full list of event types, see the [webhooks documentation](https://tailscale.com/kb/1213/webhooks#events).
|
|
90
90
|
*/
|
|
91
91
|
subscriptions?: pulumi.Input<pulumi.Input<string>[]>;
|
|
92
92
|
}
|
|
@@ -99,11 +99,11 @@ export interface WebhookArgs {
|
|
|
99
99
|
*/
|
|
100
100
|
endpointUrl: pulumi.Input<string>;
|
|
101
101
|
/**
|
|
102
|
-
* The provider type of the endpoint URL.
|
|
102
|
+
* The provider type of the endpoint URL. This determines the payload format sent to the destination. Valid values are `slack`, `mattermost`, `googlechat`, and `discord`.
|
|
103
103
|
*/
|
|
104
104
|
providerType?: pulumi.Input<string>;
|
|
105
105
|
/**
|
|
106
|
-
* The
|
|
106
|
+
* The set of events that trigger this webhook. For a full list of event types, see the [webhooks documentation](https://tailscale.com/kb/1213/webhooks#events).
|
|
107
107
|
*/
|
|
108
108
|
subscriptions: pulumi.Input<pulumi.Input<string>[]>;
|
|
109
109
|
}
|