@rulebricks/cli 2.1.6 → 2.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -7,6 +7,28 @@ export type DnsProvider = "route53" | "cloudflare" | "google" | "azure" | "other
7
7
  export declare const SUPPORTED_DNS_PROVIDERS: DnsProvider[];
8
8
  export type LoggingSink = "console" | "pending" | "s3" | "azure-blob" | "gcs" | "datadog" | "splunk" | "elasticsearch" | "loki" | "newrelic" | "axiom";
9
9
  export type LoggingSinkCategory = "cloud-storage" | "logging-platform";
10
+ export type MonitoringDestination = "local-grafana" | "aws-amp" | "azure-monitor" | "grafana-cloud" | "generic";
11
+ export type RemoteWriteDestination = "aws-amp" | "azure-monitor" | "grafana-cloud" | "generic";
12
+ export type RemoteWriteAuthType = "none" | "managed-identity" | "workload-identity" | "oauth" | "basic" | "bearer";
13
+ export interface SecretKeyRef {
14
+ name: string;
15
+ key: string;
16
+ }
17
+ export interface RemoteWriteConfig {
18
+ destination: RemoteWriteDestination;
19
+ url: string;
20
+ authType?: RemoteWriteAuthType;
21
+ awsRegion?: string;
22
+ awsRoleArn?: string;
23
+ azureCloud?: "AzurePublic" | "AzureChina" | "AzureGovernment";
24
+ clientId?: string;
25
+ tenantId?: string;
26
+ clientSecretRef?: SecretKeyRef;
27
+ usernameSecretRef?: SecretKeyRef;
28
+ passwordSecretRef?: SecretKeyRef;
29
+ bearerTokenSecretRef?: SecretKeyRef;
30
+ }
31
+ export type CloudLoggingAuthMode = "workload-identity" | "secret";
10
32
  export declare const LOGGING_SINK_CATEGORIES: Record<Exclude<LoggingSink, "console" | "pending">, LoggingSinkCategory>;
11
33
  export declare const CLOUD_REGIONS: Record<CloudProvider, string[]>;
12
34
  export declare const TIER_CONFIGS: Record<PerformanceTier, TierConfig>;
@@ -233,39 +255,230 @@ export declare const DeploymentConfigSchema: z.ZodObject<{
233
255
  clientSecret: z.ZodOptional<z.ZodString>;
234
256
  }, "strip", z.ZodTypeAny, {
235
257
  enabled: boolean;
236
- provider?: "azure" | "google" | "okta" | "keycloak" | "ory" | "other" | undefined;
237
258
  url?: string | undefined;
238
259
  clientId?: string | undefined;
260
+ provider?: "azure" | "google" | "okta" | "keycloak" | "ory" | "other" | undefined;
239
261
  clientSecret?: string | undefined;
240
262
  }, {
241
263
  enabled: boolean;
242
- provider?: "azure" | "google" | "okta" | "keycloak" | "ory" | "other" | undefined;
243
264
  url?: string | undefined;
244
265
  clientId?: string | undefined;
266
+ provider?: "azure" | "google" | "okta" | "keycloak" | "ory" | "other" | undefined;
245
267
  clientSecret?: string | undefined;
246
268
  }>;
247
269
  monitoring: z.ZodObject<{
248
270
  enabled: z.ZodBoolean;
271
+ destination: z.ZodOptional<z.ZodEnum<["local-grafana", "aws-amp", "azure-monitor", "grafana-cloud", "generic"]>>;
249
272
  remoteWriteUrl: z.ZodOptional<z.ZodString>;
273
+ remoteWrite: z.ZodOptional<z.ZodObject<{
274
+ destination: z.ZodEnum<["aws-amp", "azure-monitor", "grafana-cloud", "generic"]>;
275
+ url: z.ZodString;
276
+ authType: z.ZodOptional<z.ZodEnum<["none", "managed-identity", "workload-identity", "oauth", "basic", "bearer"]>>;
277
+ awsRegion: z.ZodOptional<z.ZodString>;
278
+ awsRoleArn: z.ZodOptional<z.ZodString>;
279
+ azureCloud: z.ZodOptional<z.ZodEnum<["AzurePublic", "AzureChina", "AzureGovernment"]>>;
280
+ clientId: z.ZodOptional<z.ZodString>;
281
+ tenantId: z.ZodOptional<z.ZodString>;
282
+ clientSecretRef: z.ZodOptional<z.ZodObject<{
283
+ name: z.ZodString;
284
+ key: z.ZodString;
285
+ }, "strip", z.ZodTypeAny, {
286
+ name: string;
287
+ key: string;
288
+ }, {
289
+ name: string;
290
+ key: string;
291
+ }>>;
292
+ usernameSecretRef: z.ZodOptional<z.ZodObject<{
293
+ name: z.ZodString;
294
+ key: z.ZodString;
295
+ }, "strip", z.ZodTypeAny, {
296
+ name: string;
297
+ key: string;
298
+ }, {
299
+ name: string;
300
+ key: string;
301
+ }>>;
302
+ passwordSecretRef: z.ZodOptional<z.ZodObject<{
303
+ name: z.ZodString;
304
+ key: z.ZodString;
305
+ }, "strip", z.ZodTypeAny, {
306
+ name: string;
307
+ key: string;
308
+ }, {
309
+ name: string;
310
+ key: string;
311
+ }>>;
312
+ bearerTokenSecretRef: z.ZodOptional<z.ZodObject<{
313
+ name: z.ZodString;
314
+ key: z.ZodString;
315
+ }, "strip", z.ZodTypeAny, {
316
+ name: string;
317
+ key: string;
318
+ }, {
319
+ name: string;
320
+ key: string;
321
+ }>>;
322
+ }, "strip", z.ZodTypeAny, {
323
+ destination: "aws-amp" | "azure-monitor" | "grafana-cloud" | "generic";
324
+ url: string;
325
+ authType?: "none" | "managed-identity" | "workload-identity" | "oauth" | "basic" | "bearer" | undefined;
326
+ awsRegion?: string | undefined;
327
+ awsRoleArn?: string | undefined;
328
+ azureCloud?: "AzurePublic" | "AzureChina" | "AzureGovernment" | undefined;
329
+ clientId?: string | undefined;
330
+ tenantId?: string | undefined;
331
+ clientSecretRef?: {
332
+ name: string;
333
+ key: string;
334
+ } | undefined;
335
+ usernameSecretRef?: {
336
+ name: string;
337
+ key: string;
338
+ } | undefined;
339
+ passwordSecretRef?: {
340
+ name: string;
341
+ key: string;
342
+ } | undefined;
343
+ bearerTokenSecretRef?: {
344
+ name: string;
345
+ key: string;
346
+ } | undefined;
347
+ }, {
348
+ destination: "aws-amp" | "azure-monitor" | "grafana-cloud" | "generic";
349
+ url: string;
350
+ authType?: "none" | "managed-identity" | "workload-identity" | "oauth" | "basic" | "bearer" | undefined;
351
+ awsRegion?: string | undefined;
352
+ awsRoleArn?: string | undefined;
353
+ azureCloud?: "AzurePublic" | "AzureChina" | "AzureGovernment" | undefined;
354
+ clientId?: string | undefined;
355
+ tenantId?: string | undefined;
356
+ clientSecretRef?: {
357
+ name: string;
358
+ key: string;
359
+ } | undefined;
360
+ usernameSecretRef?: {
361
+ name: string;
362
+ key: string;
363
+ } | undefined;
364
+ passwordSecretRef?: {
365
+ name: string;
366
+ key: string;
367
+ } | undefined;
368
+ bearerTokenSecretRef?: {
369
+ name: string;
370
+ key: string;
371
+ } | undefined;
372
+ }>>;
250
373
  }, "strip", z.ZodTypeAny, {
251
374
  enabled: boolean;
375
+ destination?: "local-grafana" | "aws-amp" | "azure-monitor" | "grafana-cloud" | "generic" | undefined;
252
376
  remoteWriteUrl?: string | undefined;
377
+ remoteWrite?: {
378
+ destination: "aws-amp" | "azure-monitor" | "grafana-cloud" | "generic";
379
+ url: string;
380
+ authType?: "none" | "managed-identity" | "workload-identity" | "oauth" | "basic" | "bearer" | undefined;
381
+ awsRegion?: string | undefined;
382
+ awsRoleArn?: string | undefined;
383
+ azureCloud?: "AzurePublic" | "AzureChina" | "AzureGovernment" | undefined;
384
+ clientId?: string | undefined;
385
+ tenantId?: string | undefined;
386
+ clientSecretRef?: {
387
+ name: string;
388
+ key: string;
389
+ } | undefined;
390
+ usernameSecretRef?: {
391
+ name: string;
392
+ key: string;
393
+ } | undefined;
394
+ passwordSecretRef?: {
395
+ name: string;
396
+ key: string;
397
+ } | undefined;
398
+ bearerTokenSecretRef?: {
399
+ name: string;
400
+ key: string;
401
+ } | undefined;
402
+ } | undefined;
253
403
  }, {
254
404
  enabled: boolean;
405
+ destination?: "local-grafana" | "aws-amp" | "azure-monitor" | "grafana-cloud" | "generic" | undefined;
255
406
  remoteWriteUrl?: string | undefined;
407
+ remoteWrite?: {
408
+ destination: "aws-amp" | "azure-monitor" | "grafana-cloud" | "generic";
409
+ url: string;
410
+ authType?: "none" | "managed-identity" | "workload-identity" | "oauth" | "basic" | "bearer" | undefined;
411
+ awsRegion?: string | undefined;
412
+ awsRoleArn?: string | undefined;
413
+ azureCloud?: "AzurePublic" | "AzureChina" | "AzureGovernment" | undefined;
414
+ clientId?: string | undefined;
415
+ tenantId?: string | undefined;
416
+ clientSecretRef?: {
417
+ name: string;
418
+ key: string;
419
+ } | undefined;
420
+ usernameSecretRef?: {
421
+ name: string;
422
+ key: string;
423
+ } | undefined;
424
+ passwordSecretRef?: {
425
+ name: string;
426
+ key: string;
427
+ } | undefined;
428
+ bearerTokenSecretRef?: {
429
+ name: string;
430
+ key: string;
431
+ } | undefined;
432
+ } | undefined;
256
433
  }>;
257
434
  logging: z.ZodObject<{
258
435
  sink: z.ZodEnum<["console", "pending", "s3", "azure-blob", "gcs", "datadog", "splunk", "elasticsearch", "loki", "newrelic", "axiom"]>;
259
436
  bucket: z.ZodOptional<z.ZodString>;
260
437
  region: z.ZodOptional<z.ZodString>;
438
+ cloudAuthMode: z.ZodOptional<z.ZodEnum<["workload-identity", "secret"]>>;
439
+ awsIamRoleArn: z.ZodOptional<z.ZodString>;
440
+ azureBlobContainer: z.ZodOptional<z.ZodString>;
441
+ azureBlobClientId: z.ZodOptional<z.ZodString>;
442
+ azureBlobTenantId: z.ZodOptional<z.ZodString>;
443
+ azureBlobConnectionStringSecretRef: z.ZodOptional<z.ZodObject<{
444
+ name: z.ZodString;
445
+ key: z.ZodString;
446
+ }, "strip", z.ZodTypeAny, {
447
+ name: string;
448
+ key: string;
449
+ }, {
450
+ name: string;
451
+ key: string;
452
+ }>>;
453
+ gcpServiceAccountEmail: z.ZodOptional<z.ZodString>;
261
454
  }, "strip", z.ZodTypeAny, {
262
455
  sink: "console" | "pending" | "s3" | "azure-blob" | "gcs" | "datadog" | "splunk" | "elasticsearch" | "loki" | "newrelic" | "axiom";
263
456
  region?: string | undefined;
264
457
  bucket?: string | undefined;
458
+ cloudAuthMode?: "workload-identity" | "secret" | undefined;
459
+ awsIamRoleArn?: string | undefined;
460
+ azureBlobContainer?: string | undefined;
461
+ azureBlobClientId?: string | undefined;
462
+ azureBlobTenantId?: string | undefined;
463
+ azureBlobConnectionStringSecretRef?: {
464
+ name: string;
465
+ key: string;
466
+ } | undefined;
467
+ gcpServiceAccountEmail?: string | undefined;
265
468
  }, {
266
469
  sink: "console" | "pending" | "s3" | "azure-blob" | "gcs" | "datadog" | "splunk" | "elasticsearch" | "loki" | "newrelic" | "axiom";
267
470
  region?: string | undefined;
268
471
  bucket?: string | undefined;
472
+ cloudAuthMode?: "workload-identity" | "secret" | undefined;
473
+ awsIamRoleArn?: string | undefined;
474
+ azureBlobContainer?: string | undefined;
475
+ azureBlobClientId?: string | undefined;
476
+ azureBlobTenantId?: string | undefined;
477
+ azureBlobConnectionStringSecretRef?: {
478
+ name: string;
479
+ key: string;
480
+ } | undefined;
481
+ gcpServiceAccountEmail?: string | undefined;
269
482
  }>;
270
483
  customEmails: z.ZodOptional<z.ZodObject<{
271
484
  enabled: z.ZodBoolean;
@@ -337,19 +550,56 @@ export declare const DeploymentConfigSchema: z.ZodObject<{
337
550
  };
338
551
  sso: {
339
552
  enabled: boolean;
340
- provider?: "azure" | "google" | "okta" | "keycloak" | "ory" | "other" | undefined;
341
553
  url?: string | undefined;
342
554
  clientId?: string | undefined;
555
+ provider?: "azure" | "google" | "okta" | "keycloak" | "ory" | "other" | undefined;
343
556
  clientSecret?: string | undefined;
344
557
  };
345
558
  monitoring: {
346
559
  enabled: boolean;
560
+ destination?: "local-grafana" | "aws-amp" | "azure-monitor" | "grafana-cloud" | "generic" | undefined;
347
561
  remoteWriteUrl?: string | undefined;
562
+ remoteWrite?: {
563
+ destination: "aws-amp" | "azure-monitor" | "grafana-cloud" | "generic";
564
+ url: string;
565
+ authType?: "none" | "managed-identity" | "workload-identity" | "oauth" | "basic" | "bearer" | undefined;
566
+ awsRegion?: string | undefined;
567
+ awsRoleArn?: string | undefined;
568
+ azureCloud?: "AzurePublic" | "AzureChina" | "AzureGovernment" | undefined;
569
+ clientId?: string | undefined;
570
+ tenantId?: string | undefined;
571
+ clientSecretRef?: {
572
+ name: string;
573
+ key: string;
574
+ } | undefined;
575
+ usernameSecretRef?: {
576
+ name: string;
577
+ key: string;
578
+ } | undefined;
579
+ passwordSecretRef?: {
580
+ name: string;
581
+ key: string;
582
+ } | undefined;
583
+ bearerTokenSecretRef?: {
584
+ name: string;
585
+ key: string;
586
+ } | undefined;
587
+ } | undefined;
348
588
  };
349
589
  logging: {
350
590
  sink: "console" | "pending" | "s3" | "azure-blob" | "gcs" | "datadog" | "splunk" | "elasticsearch" | "loki" | "newrelic" | "axiom";
351
591
  region?: string | undefined;
352
592
  bucket?: string | undefined;
593
+ cloudAuthMode?: "workload-identity" | "secret" | undefined;
594
+ awsIamRoleArn?: string | undefined;
595
+ azureBlobContainer?: string | undefined;
596
+ azureBlobClientId?: string | undefined;
597
+ azureBlobTenantId?: string | undefined;
598
+ azureBlobConnectionStringSecretRef?: {
599
+ name: string;
600
+ key: string;
601
+ } | undefined;
602
+ gcpServiceAccountEmail?: string | undefined;
353
603
  };
354
604
  customEmails?: {
355
605
  enabled: boolean;
@@ -373,19 +623,56 @@ export declare const DeploymentConfigSchema: z.ZodObject<{
373
623
  };
374
624
  sso: {
375
625
  enabled: boolean;
376
- provider?: "azure" | "google" | "okta" | "keycloak" | "ory" | "other" | undefined;
377
626
  url?: string | undefined;
378
627
  clientId?: string | undefined;
628
+ provider?: "azure" | "google" | "okta" | "keycloak" | "ory" | "other" | undefined;
379
629
  clientSecret?: string | undefined;
380
630
  };
381
631
  monitoring: {
382
632
  enabled: boolean;
633
+ destination?: "local-grafana" | "aws-amp" | "azure-monitor" | "grafana-cloud" | "generic" | undefined;
383
634
  remoteWriteUrl?: string | undefined;
635
+ remoteWrite?: {
636
+ destination: "aws-amp" | "azure-monitor" | "grafana-cloud" | "generic";
637
+ url: string;
638
+ authType?: "none" | "managed-identity" | "workload-identity" | "oauth" | "basic" | "bearer" | undefined;
639
+ awsRegion?: string | undefined;
640
+ awsRoleArn?: string | undefined;
641
+ azureCloud?: "AzurePublic" | "AzureChina" | "AzureGovernment" | undefined;
642
+ clientId?: string | undefined;
643
+ tenantId?: string | undefined;
644
+ clientSecretRef?: {
645
+ name: string;
646
+ key: string;
647
+ } | undefined;
648
+ usernameSecretRef?: {
649
+ name: string;
650
+ key: string;
651
+ } | undefined;
652
+ passwordSecretRef?: {
653
+ name: string;
654
+ key: string;
655
+ } | undefined;
656
+ bearerTokenSecretRef?: {
657
+ name: string;
658
+ key: string;
659
+ } | undefined;
660
+ } | undefined;
384
661
  };
385
662
  logging: {
386
663
  sink: "console" | "pending" | "s3" | "azure-blob" | "gcs" | "datadog" | "splunk" | "elasticsearch" | "loki" | "newrelic" | "axiom";
387
664
  region?: string | undefined;
388
665
  bucket?: string | undefined;
666
+ cloudAuthMode?: "workload-identity" | "secret" | undefined;
667
+ awsIamRoleArn?: string | undefined;
668
+ azureBlobContainer?: string | undefined;
669
+ azureBlobClientId?: string | undefined;
670
+ azureBlobTenantId?: string | undefined;
671
+ azureBlobConnectionStringSecretRef?: {
672
+ name: string;
673
+ key: string;
674
+ } | undefined;
675
+ gcpServiceAccountEmail?: string | undefined;
389
676
  };
390
677
  customEmails?: {
391
678
  enabled: boolean;
@@ -453,19 +740,56 @@ export declare const DeploymentConfigSchema: z.ZodObject<{
453
740
  };
454
741
  sso: {
455
742
  enabled: boolean;
456
- provider?: "azure" | "google" | "okta" | "keycloak" | "ory" | "other" | undefined;
457
743
  url?: string | undefined;
458
744
  clientId?: string | undefined;
745
+ provider?: "azure" | "google" | "okta" | "keycloak" | "ory" | "other" | undefined;
459
746
  clientSecret?: string | undefined;
460
747
  };
461
748
  monitoring: {
462
749
  enabled: boolean;
750
+ destination?: "local-grafana" | "aws-amp" | "azure-monitor" | "grafana-cloud" | "generic" | undefined;
463
751
  remoteWriteUrl?: string | undefined;
752
+ remoteWrite?: {
753
+ destination: "aws-amp" | "azure-monitor" | "grafana-cloud" | "generic";
754
+ url: string;
755
+ authType?: "none" | "managed-identity" | "workload-identity" | "oauth" | "basic" | "bearer" | undefined;
756
+ awsRegion?: string | undefined;
757
+ awsRoleArn?: string | undefined;
758
+ azureCloud?: "AzurePublic" | "AzureChina" | "AzureGovernment" | undefined;
759
+ clientId?: string | undefined;
760
+ tenantId?: string | undefined;
761
+ clientSecretRef?: {
762
+ name: string;
763
+ key: string;
764
+ } | undefined;
765
+ usernameSecretRef?: {
766
+ name: string;
767
+ key: string;
768
+ } | undefined;
769
+ passwordSecretRef?: {
770
+ name: string;
771
+ key: string;
772
+ } | undefined;
773
+ bearerTokenSecretRef?: {
774
+ name: string;
775
+ key: string;
776
+ } | undefined;
777
+ } | undefined;
464
778
  };
465
779
  logging: {
466
780
  sink: "console" | "pending" | "s3" | "azure-blob" | "gcs" | "datadog" | "splunk" | "elasticsearch" | "loki" | "newrelic" | "axiom";
467
781
  region?: string | undefined;
468
782
  bucket?: string | undefined;
783
+ cloudAuthMode?: "workload-identity" | "secret" | undefined;
784
+ awsIamRoleArn?: string | undefined;
785
+ azureBlobContainer?: string | undefined;
786
+ azureBlobClientId?: string | undefined;
787
+ azureBlobTenantId?: string | undefined;
788
+ azureBlobConnectionStringSecretRef?: {
789
+ name: string;
790
+ key: string;
791
+ } | undefined;
792
+ gcpServiceAccountEmail?: string | undefined;
469
793
  };
470
794
  customEmails?: {
471
795
  enabled: boolean;
@@ -533,19 +857,56 @@ export declare const DeploymentConfigSchema: z.ZodObject<{
533
857
  };
534
858
  sso: {
535
859
  enabled: boolean;
536
- provider?: "azure" | "google" | "okta" | "keycloak" | "ory" | "other" | undefined;
537
860
  url?: string | undefined;
538
861
  clientId?: string | undefined;
862
+ provider?: "azure" | "google" | "okta" | "keycloak" | "ory" | "other" | undefined;
539
863
  clientSecret?: string | undefined;
540
864
  };
541
865
  monitoring: {
542
866
  enabled: boolean;
867
+ destination?: "local-grafana" | "aws-amp" | "azure-monitor" | "grafana-cloud" | "generic" | undefined;
543
868
  remoteWriteUrl?: string | undefined;
869
+ remoteWrite?: {
870
+ destination: "aws-amp" | "azure-monitor" | "grafana-cloud" | "generic";
871
+ url: string;
872
+ authType?: "none" | "managed-identity" | "workload-identity" | "oauth" | "basic" | "bearer" | undefined;
873
+ awsRegion?: string | undefined;
874
+ awsRoleArn?: string | undefined;
875
+ azureCloud?: "AzurePublic" | "AzureChina" | "AzureGovernment" | undefined;
876
+ clientId?: string | undefined;
877
+ tenantId?: string | undefined;
878
+ clientSecretRef?: {
879
+ name: string;
880
+ key: string;
881
+ } | undefined;
882
+ usernameSecretRef?: {
883
+ name: string;
884
+ key: string;
885
+ } | undefined;
886
+ passwordSecretRef?: {
887
+ name: string;
888
+ key: string;
889
+ } | undefined;
890
+ bearerTokenSecretRef?: {
891
+ name: string;
892
+ key: string;
893
+ } | undefined;
894
+ } | undefined;
544
895
  };
545
896
  logging: {
546
897
  sink: "console" | "pending" | "s3" | "azure-blob" | "gcs" | "datadog" | "splunk" | "elasticsearch" | "loki" | "newrelic" | "axiom";
547
898
  region?: string | undefined;
548
899
  bucket?: string | undefined;
900
+ cloudAuthMode?: "workload-identity" | "secret" | undefined;
901
+ awsIamRoleArn?: string | undefined;
902
+ azureBlobContainer?: string | undefined;
903
+ azureBlobClientId?: string | undefined;
904
+ azureBlobTenantId?: string | undefined;
905
+ azureBlobConnectionStringSecretRef?: {
906
+ name: string;
907
+ key: string;
908
+ } | undefined;
909
+ gcpServiceAccountEmail?: string | undefined;
549
910
  };
550
911
  customEmails?: {
551
912
  enabled: boolean;
@@ -382,6 +382,42 @@ export const LOGGING_DESTINATION_LABELS = {
382
382
  export function getLoggingDestinationLabel(sink) {
383
383
  return LOGGING_DESTINATION_LABELS[sink] || "Console (stdout)";
384
384
  }
385
+ const SecretKeyRefSchema = z.object({
386
+ name: z.string().min(1),
387
+ key: z.string().min(1),
388
+ });
389
+ const RemoteWriteConfigSchema = z.object({
390
+ destination: z.enum(["aws-amp", "azure-monitor", "grafana-cloud", "generic"]),
391
+ url: z.string().url(),
392
+ authType: z
393
+ .enum([
394
+ "none",
395
+ "managed-identity",
396
+ "workload-identity",
397
+ "oauth",
398
+ "basic",
399
+ "bearer",
400
+ ])
401
+ .optional(),
402
+ awsRegion: z.string().optional(),
403
+ awsRoleArn: z.string().optional(),
404
+ azureCloud: z
405
+ .enum(["AzurePublic", "AzureChina", "AzureGovernment"])
406
+ .optional(),
407
+ clientId: z.string().optional(),
408
+ tenantId: z.string().optional(),
409
+ clientSecretRef: SecretKeyRefSchema.optional(),
410
+ usernameSecretRef: SecretKeyRefSchema.optional(),
411
+ passwordSecretRef: SecretKeyRefSchema.optional(),
412
+ bearerTokenSecretRef: SecretKeyRefSchema.optional(),
413
+ });
414
+ const MonitoringDestinationSchema = z.enum([
415
+ "local-grafana",
416
+ "aws-amp",
417
+ "azure-monitor",
418
+ "grafana-cloud",
419
+ "generic",
420
+ ]);
385
421
  // Deployment configuration schema
386
422
  export const DeploymentConfigSchema = z.object({
387
423
  name: z
@@ -454,8 +490,10 @@ export const DeploymentConfigSchema = z.object({
454
490
  }),
455
491
  monitoring: z.object({
456
492
  enabled: z.boolean(),
457
- // Optional: Prometheus remote write URL (Datadog, Grafana Cloud, etc.)
493
+ destination: MonitoringDestinationSchema.optional(),
494
+ // Legacy optional URL retained for existing config files.
458
495
  remoteWriteUrl: z.string().url().optional(),
496
+ remoteWrite: RemoteWriteConfigSchema.optional(),
459
497
  }),
460
498
  logging: z.object({
461
499
  // Logging always happens to console by default
@@ -478,6 +516,13 @@ export const DeploymentConfigSchema = z.object({
478
516
  // For platforms: repurposed for credentials (API key) and extra config
479
517
  bucket: z.string().optional(),
480
518
  region: z.string().optional(),
519
+ cloudAuthMode: z.enum(["workload-identity", "secret"]).optional(),
520
+ awsIamRoleArn: z.string().optional(),
521
+ azureBlobContainer: z.string().optional(),
522
+ azureBlobClientId: z.string().optional(),
523
+ azureBlobTenantId: z.string().optional(),
524
+ azureBlobConnectionStringSecretRef: SecretKeyRefSchema.optional(),
525
+ gcpServiceAccountEmail: z.string().optional(),
481
526
  }),
482
527
  customEmails: z
483
528
  .object({
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@rulebricks/cli",
3
- "version": "2.1.6",
3
+ "version": "2.1.7",
4
4
  "description": "CLI for deploying and managing private Rulebricks instances",
5
5
  "type": "module",
6
6
  "bin": {
@@ -59,6 +59,7 @@
59
59
  "files": [
60
60
  "dist",
61
61
  "terraform",
62
+ "cluster-setup",
62
63
  "templates",
63
64
  "benchmarks"
64
65
  ]