cribl-control-plane 0.3.0b2__py3-none-any.whl → 0.3.0b4__py3-none-any.whl

cribl_control_plane/models/inputeventhub.py

@@ -107,6 +107,15 @@ class InputEventhubPq(BaseModel):
     ] = None
 
 
+class InputEventhubAuthTypeAuthenticationMethod(
+    str, Enum, metaclass=utils.OpenEnumMeta
+):
+    r"""Enter password directly, or select a stored secret"""
+
+    MANUAL = "manual"
+    SECRET = "secret"
+
+
 class InputEventhubSASLMechanism(str, Enum, metaclass=utils.OpenEnumMeta):
     # PLAIN
     PLAIN = "plain"
@@ -114,11 +123,57 @@ class InputEventhubSASLMechanism(str, Enum, metaclass=utils.OpenEnumMeta):
     OAUTHBEARER = "oauthbearer"
 
 
+class InputEventhubClientSecretAuthTypeAuthenticationMethod(
+    str, Enum, metaclass=utils.OpenEnumMeta
+):
+    MANUAL = "manual"
+    SECRET = "secret"
+    CERTIFICATE = "certificate"
+
+
+class InputEventhubMicrosoftEntraIDAuthenticationEndpoint(
+    str, Enum, metaclass=utils.OpenEnumMeta
+):
+    r"""Endpoint used to acquire authentication tokens from Azure"""
+
+    HTTPS_LOGIN_MICROSOFTONLINE_COM = "https://login.microsoftonline.com"
+    HTTPS_LOGIN_MICROSOFTONLINE_US = "https://login.microsoftonline.us"
+    HTTPS_LOGIN_PARTNER_MICROSOFTONLINE_CN = "https://login.partner.microsoftonline.cn"
+
+
 class InputEventhubAuthenticationTypedDict(TypedDict):
     r"""Authentication parameters to use when connecting to brokers. Using TLS is highly recommended."""
 
     disabled: NotRequired[bool]
+    auth_type: NotRequired[InputEventhubAuthTypeAuthenticationMethod]
+    r"""Enter password directly, or select a stored secret"""
+    password: NotRequired[str]
+    r"""Connection-string primary key, or connection-string secondary key, from the Event Hubs workspace"""
+    text_secret: NotRequired[str]
+    r"""Select or create a stored text secret"""
     mechanism: NotRequired[InputEventhubSASLMechanism]
+    username: NotRequired[str]
+    r"""The username for authentication. For Event Hubs, this should always be $ConnectionString."""
+    client_secret_auth_type: NotRequired[
+        InputEventhubClientSecretAuthTypeAuthenticationMethod
+    ]
+    client_secret: NotRequired[str]
+    r"""client_secret to pass in the OAuth request parameter"""
+    client_text_secret: NotRequired[str]
+    r"""Select or create a stored text secret"""
+    certificate_name: NotRequired[str]
+    r"""Select or create a stored certificate"""
+    cert_path: NotRequired[str]
+    priv_key_path: NotRequired[str]
+    passphrase: NotRequired[str]
+    oauth_endpoint: NotRequired[InputEventhubMicrosoftEntraIDAuthenticationEndpoint]
+    r"""Endpoint used to acquire authentication tokens from Azure"""
+    client_id: NotRequired[str]
+    r"""client_id to pass in the OAuth request parameter"""
+    tenant_id: NotRequired[str]
+    r"""Directory ID (tenant identifier) in Azure Active Directory"""
+    scope: NotRequired[str]
+    r"""Scope to pass in the OAuth request parameter"""
 
 
 class InputEventhubAuthentication(BaseModel):
@@ -126,10 +181,73 @@ class InputEventhubAuthentication(BaseModel):
 
     disabled: Optional[bool] = False
 
+    auth_type: Annotated[
+        Annotated[
+            Optional[InputEventhubAuthTypeAuthenticationMethod],
+            PlainValidator(validate_open_enum(False)),
+        ],
+        pydantic.Field(alias="authType"),
+    ] = InputEventhubAuthTypeAuthenticationMethod.MANUAL
+    r"""Enter password directly, or select a stored secret"""
+
+    password: Optional[str] = None
+    r"""Connection-string primary key, or connection-string secondary key, from the Event Hubs workspace"""
+
+    text_secret: Annotated[Optional[str], pydantic.Field(alias="textSecret")] = None
+    r"""Select or create a stored text secret"""
+
     mechanism: Annotated[
         Optional[InputEventhubSASLMechanism], PlainValidator(validate_open_enum(False))
     ] = InputEventhubSASLMechanism.PLAIN
 
+    username: Optional[str] = "$ConnectionString"
+    r"""The username for authentication. For Event Hubs, this should always be $ConnectionString."""
+
+    client_secret_auth_type: Annotated[
+        Annotated[
+            Optional[InputEventhubClientSecretAuthTypeAuthenticationMethod],
+            PlainValidator(validate_open_enum(False)),
+        ],
+        pydantic.Field(alias="clientSecretAuthType"),
+    ] = InputEventhubClientSecretAuthTypeAuthenticationMethod.MANUAL
+
+    client_secret: Annotated[Optional[str], pydantic.Field(alias="clientSecret")] = None
+    r"""client_secret to pass in the OAuth request parameter"""
+
+    client_text_secret: Annotated[
+        Optional[str], pydantic.Field(alias="clientTextSecret")
+    ] = None
+    r"""Select or create a stored text secret"""
+
+    certificate_name: Annotated[
+        Optional[str], pydantic.Field(alias="certificateName")
+    ] = None
+    r"""Select or create a stored certificate"""
+
+    cert_path: Annotated[Optional[str], pydantic.Field(alias="certPath")] = None
+
+    priv_key_path: Annotated[Optional[str], pydantic.Field(alias="privKeyPath")] = None
+
+    passphrase: Optional[str] = None
+
+    oauth_endpoint: Annotated[
+        Annotated[
+            Optional[InputEventhubMicrosoftEntraIDAuthenticationEndpoint],
+            PlainValidator(validate_open_enum(False)),
+        ],
+        pydantic.Field(alias="oauthEndpoint"),
+    ] = InputEventhubMicrosoftEntraIDAuthenticationEndpoint.HTTPS_LOGIN_MICROSOFTONLINE_COM
+    r"""Endpoint used to acquire authentication tokens from Azure"""
+
+    client_id: Annotated[Optional[str], pydantic.Field(alias="clientId")] = None
+    r"""client_id to pass in the OAuth request parameter"""
+
+    tenant_id: Annotated[Optional[str], pydantic.Field(alias="tenantId")] = None
+    r"""Directory ID (tenant identifier) in Azure Active Directory"""
+
+    scope: Optional[str] = None
+    r"""Scope to pass in the OAuth request parameter"""
+
 
 class InputEventhubTLSSettingsClientSideTypedDict(TypedDict):
     disabled: NotRequired[bool]

cribl_control_plane/models/inputfile.py

@@ -157,8 +157,10 @@ class InputFileTypedDict(TypedDict):
     r"""Read only new entries at the end of all files discovered at next startup. @{product} will then read newly discovered files from the head. Disable this to resume reading all files from head."""
     idle_timeout: NotRequired[float]
     r"""Time, in seconds, before an idle file is closed"""
+    min_age_dur: NotRequired[str]
+    r"""The minimum age of files to monitor. Format examples: 30s, 15m, 1h. Age is relative to file modification time. Leave empty to apply no age filters."""
     max_age_dur: NotRequired[str]
-    r"""The maximum age of files to monitor. Format examples: 60s, 4h, 3d, 1w. Age is relative to file modification time. Leave empty to apply no age filters."""
+    r"""The maximum age of event timestamps to collect. Format examples: 60s, 4h, 3d, 1w. Can be used in conjuction with \"Check file modification times\". Leave empty to apply no age filters."""
     check_file_mod_time: NotRequired[bool]
     r"""Skip files with modification times earlier than the maximum age duration"""
     force_text: NotRequired[bool]
@@ -230,8 +232,11 @@ class InputFile(BaseModel):
     idle_timeout: Annotated[Optional[float], pydantic.Field(alias="idleTimeout")] = 300
     r"""Time, in seconds, before an idle file is closed"""
 
+    min_age_dur: Annotated[Optional[str], pydantic.Field(alias="minAgeDur")] = None
+    r"""The minimum age of files to monitor. Format examples: 30s, 15m, 1h. Age is relative to file modification time. Leave empty to apply no age filters."""
+
     max_age_dur: Annotated[Optional[str], pydantic.Field(alias="maxAgeDur")] = None
-    r"""The maximum age of files to monitor. Format examples: 60s, 4h, 3d, 1w. Age is relative to file modification time. Leave empty to apply no age filters."""
+    r"""The maximum age of event timestamps to collect. Format examples: 60s, 4h, 3d, 1w. Can be used in conjuction with \"Check file modification times\". Leave empty to apply no age filters."""
 
     check_file_mod_time: Annotated[
         Optional[bool], pydantic.Field(alias="checkFileModTime")

cribl_control_plane/models/inputfirehose.py

@@ -7,7 +7,7 @@ from cribl_control_plane.utils import validate_open_enum
 from enum import Enum
 import pydantic
 from pydantic.functional_validators import PlainValidator
-from typing import Any, List, Optional
+from typing import List, Optional
 from typing_extensions import Annotated, NotRequired, TypedDict
 
 
@@ -123,6 +123,12 @@ class InputFirehoseMaximumTLSVersion(str, Enum, metaclass=utils.OpenEnumMeta):
 
 class InputFirehoseTLSSettingsServerSideTypedDict(TypedDict):
     disabled: NotRequired[bool]
+    request_cert: NotRequired[bool]
+    r"""Require clients to present their certificates. Used to perform client authentication using SSL certs."""
+    reject_unauthorized: NotRequired[bool]
+    r"""Reject certificates not authorized by a CA in the CA certificate path or by another trusted CA (such as the system's)"""
+    common_name_regex: NotRequired[str]
+    r"""Regex matching allowable common names in peer certificates' subject attribute"""
     certificate_name: NotRequired[str]
     r"""The name of the predefined certificate"""
     priv_key_path: NotRequired[str]
@@ -133,10 +139,6 @@ class InputFirehoseTLSSettingsServerSideTypedDict(TypedDict):
     r"""Path on server containing certificates to use. PEM format. Can reference $ENV_VARS."""
     ca_path: NotRequired[str]
     r"""Path on server containing CA certificates to use. PEM format. Can reference $ENV_VARS."""
-    request_cert: NotRequired[bool]
-    r"""Require clients to present their certificates. Used to perform client authentication using SSL certs."""
-    reject_unauthorized: NotRequired[Any]
-    common_name_regex: NotRequired[Any]
     min_version: NotRequired[InputFirehoseMinimumTLSVersion]
     max_version: NotRequired[InputFirehoseMaximumTLSVersion]
 
@@ -144,6 +146,19 @@ class InputFirehoseTLSSettingsServerSideTypedDict(TypedDict):
 class InputFirehoseTLSSettingsServerSide(BaseModel):
     disabled: Optional[bool] = True
 
+    request_cert: Annotated[Optional[bool], pydantic.Field(alias="requestCert")] = False
+    r"""Require clients to present their certificates. Used to perform client authentication using SSL certs."""
+
+    reject_unauthorized: Annotated[
+        Optional[bool], pydantic.Field(alias="rejectUnauthorized")
+    ] = True
+    r"""Reject certificates not authorized by a CA in the CA certificate path or by another trusted CA (such as the system's)"""
+
+    common_name_regex: Annotated[
+        Optional[str], pydantic.Field(alias="commonNameRegex")
+    ] = "/.*/"
+    r"""Regex matching allowable common names in peer certificates' subject attribute"""
+
     certificate_name: Annotated[
         Optional[str], pydantic.Field(alias="certificateName")
     ] = None
@@ -161,17 +176,6 @@ class InputFirehoseTLSSettingsServerSide(BaseModel):
     ca_path: Annotated[Optional[str], pydantic.Field(alias="caPath")] = None
     r"""Path on server containing CA certificates to use. PEM format. Can reference $ENV_VARS."""
 
-    request_cert: Annotated[Optional[bool], pydantic.Field(alias="requestCert")] = False
-    r"""Require clients to present their certificates. Used to perform client authentication using SSL certs."""
-
-    reject_unauthorized: Annotated[
-        Optional[Any], pydantic.Field(alias="rejectUnauthorized")
-    ] = None
-
-    common_name_regex: Annotated[
-        Optional[Any], pydantic.Field(alias="commonNameRegex")
-    ] = None
-
     min_version: Annotated[
         Annotated[
             Optional[InputFirehoseMinimumTLSVersion],

cribl_control_plane/models/inputgrafana.py

@@ -7,7 +7,7 @@ from cribl_control_plane.utils import validate_open_enum
 from enum import Enum
 import pydantic
 from pydantic.functional_validators import PlainValidator
-from typing import Any, List, Optional, Union
+from typing import List, Optional, Union
 from typing_extensions import Annotated, NotRequired, TypeAliasType, TypedDict
 
 
@@ -123,6 +123,12 @@ class InputGrafanaMaximumTLSVersion2(str, Enum, metaclass=utils.OpenEnumMeta):
 
 class InputGrafanaTLSSettingsServerSide2TypedDict(TypedDict):
     disabled: NotRequired[bool]
+    request_cert: NotRequired[bool]
+    r"""Require clients to present their certificates. Used to perform client authentication using SSL certs."""
+    reject_unauthorized: NotRequired[bool]
+    r"""Reject certificates not authorized by a CA in the CA certificate path or by another trusted CA (such as the system's)"""
+    common_name_regex: NotRequired[str]
+    r"""Regex matching allowable common names in peer certificates' subject attribute"""
     certificate_name: NotRequired[str]
     r"""The name of the predefined certificate"""
     priv_key_path: NotRequired[str]
@@ -133,10 +139,6 @@ class InputGrafanaTLSSettingsServerSide2TypedDict(TypedDict):
     r"""Path on server containing certificates to use. PEM format. Can reference $ENV_VARS."""
     ca_path: NotRequired[str]
     r"""Path on server containing CA certificates to use. PEM format. Can reference $ENV_VARS."""
-    request_cert: NotRequired[bool]
-    r"""Require clients to present their certificates. Used to perform client authentication using SSL certs."""
-    reject_unauthorized: NotRequired[Any]
-    common_name_regex: NotRequired[Any]
     min_version: NotRequired[InputGrafanaMinimumTLSVersion2]
     max_version: NotRequired[InputGrafanaMaximumTLSVersion2]
 
@@ -144,6 +146,19 @@ class InputGrafanaTLSSettingsServerSide2TypedDict(TypedDict):
 class InputGrafanaTLSSettingsServerSide2(BaseModel):
     disabled: Optional[bool] = True
 
+    request_cert: Annotated[Optional[bool], pydantic.Field(alias="requestCert")] = False
+    r"""Require clients to present their certificates. Used to perform client authentication using SSL certs."""
+
+    reject_unauthorized: Annotated[
+        Optional[bool], pydantic.Field(alias="rejectUnauthorized")
+    ] = True
+    r"""Reject certificates not authorized by a CA in the CA certificate path or by another trusted CA (such as the system's)"""
+
+    common_name_regex: Annotated[
+        Optional[str], pydantic.Field(alias="commonNameRegex")
+    ] = "/.*/"
+    r"""Regex matching allowable common names in peer certificates' subject attribute"""
+
     certificate_name: Annotated[
         Optional[str], pydantic.Field(alias="certificateName")
     ] = None
@@ -161,17 +176,6 @@ class InputGrafanaTLSSettingsServerSide2(BaseModel):
     ca_path: Annotated[Optional[str], pydantic.Field(alias="caPath")] = None
     r"""Path on server containing CA certificates to use. PEM format. Can reference $ENV_VARS."""
 
-    request_cert: Annotated[Optional[bool], pydantic.Field(alias="requestCert")] = False
-    r"""Require clients to present their certificates. Used to perform client authentication using SSL certs."""
-
-    reject_unauthorized: Annotated[
-        Optional[Any], pydantic.Field(alias="rejectUnauthorized")
-    ] = None
-
-    common_name_regex: Annotated[
-        Optional[Any], pydantic.Field(alias="commonNameRegex")
-    ] = None
-
     min_version: Annotated[
         Annotated[
             Optional[InputGrafanaMinimumTLSVersion2],
@@ -753,6 +757,12 @@ class InputGrafanaMaximumTLSVersion1(str, Enum, metaclass=utils.OpenEnumMeta):
 
 class InputGrafanaTLSSettingsServerSide1TypedDict(TypedDict):
     disabled: NotRequired[bool]
+    request_cert: NotRequired[bool]
+    r"""Require clients to present their certificates. Used to perform client authentication using SSL certs."""
+    reject_unauthorized: NotRequired[bool]
+    r"""Reject certificates not authorized by a CA in the CA certificate path or by another trusted CA (such as the system's)"""
+    common_name_regex: NotRequired[str]
+    r"""Regex matching allowable common names in peer certificates' subject attribute"""
     certificate_name: NotRequired[str]
     r"""The name of the predefined certificate"""
     priv_key_path: NotRequired[str]
@@ -763,10 +773,6 @@ class InputGrafanaTLSSettingsServerSide1TypedDict(TypedDict):
     r"""Path on server containing certificates to use. PEM format. Can reference $ENV_VARS."""
     ca_path: NotRequired[str]
     r"""Path on server containing CA certificates to use. PEM format. Can reference $ENV_VARS."""
-    request_cert: NotRequired[bool]
-    r"""Require clients to present their certificates. Used to perform client authentication using SSL certs."""
-    reject_unauthorized: NotRequired[Any]
-    common_name_regex: NotRequired[Any]
     min_version: NotRequired[InputGrafanaMinimumTLSVersion1]
     max_version: NotRequired[InputGrafanaMaximumTLSVersion1]
 
@@ -774,6 +780,19 @@ class InputGrafanaTLSSettingsServerSide1TypedDict(TypedDict):
 class InputGrafanaTLSSettingsServerSide1(BaseModel):
     disabled: Optional[bool] = True
 
+    request_cert: Annotated[Optional[bool], pydantic.Field(alias="requestCert")] = False
+    r"""Require clients to present their certificates. Used to perform client authentication using SSL certs."""
+
+    reject_unauthorized: Annotated[
+        Optional[bool], pydantic.Field(alias="rejectUnauthorized")
+    ] = True
+    r"""Reject certificates not authorized by a CA in the CA certificate path or by another trusted CA (such as the system's)"""
+
+    common_name_regex: Annotated[
+        Optional[str], pydantic.Field(alias="commonNameRegex")
+    ] = "/.*/"
+    r"""Regex matching allowable common names in peer certificates' subject attribute"""
+
     certificate_name: Annotated[
         Optional[str], pydantic.Field(alias="certificateName")
     ] = None
@@ -791,17 +810,6 @@ class InputGrafanaTLSSettingsServerSide1(BaseModel):
     ca_path: Annotated[Optional[str], pydantic.Field(alias="caPath")] = None
     r"""Path on server containing CA certificates to use. PEM format. Can reference $ENV_VARS."""
 
-    request_cert: Annotated[Optional[bool], pydantic.Field(alias="requestCert")] = False
-    r"""Require clients to present their certificates. Used to perform client authentication using SSL certs."""
-
-    reject_unauthorized: Annotated[
-        Optional[Any], pydantic.Field(alias="rejectUnauthorized")
-    ] = None
-
-    common_name_regex: Annotated[
-        Optional[Any], pydantic.Field(alias="commonNameRegex")
-    ] = None
-
     min_version: Annotated[
         Annotated[
             Optional[InputGrafanaMinimumTLSVersion1],

cribl_control_plane/models/inputhttp.py

@@ -7,7 +7,7 @@ from cribl_control_plane.utils import validate_open_enum
 from enum import Enum
 import pydantic
 from pydantic.functional_validators import PlainValidator
-from typing import Any, List, Optional
+from typing import List, Optional
 from typing_extensions import Annotated, NotRequired, TypedDict
 
 
@@ -123,6 +123,12 @@ class InputHTTPMaximumTLSVersion(str, Enum, metaclass=utils.OpenEnumMeta):
 
 class InputHTTPTLSSettingsServerSideTypedDict(TypedDict):
     disabled: NotRequired[bool]
+    request_cert: NotRequired[bool]
+    r"""Require clients to present their certificates. Used to perform client authentication using SSL certs."""
+    reject_unauthorized: NotRequired[bool]
+    r"""Reject certificates not authorized by a CA in the CA certificate path or by another trusted CA (such as the system's)"""
+    common_name_regex: NotRequired[str]
+    r"""Regex matching allowable common names in peer certificates' subject attribute"""
     certificate_name: NotRequired[str]
     r"""The name of the predefined certificate"""
     priv_key_path: NotRequired[str]
@@ -133,10 +139,6 @@ class InputHTTPTLSSettingsServerSideTypedDict(TypedDict):
     r"""Path on server containing certificates to use. PEM format. Can reference $ENV_VARS."""
     ca_path: NotRequired[str]
     r"""Path on server containing CA certificates to use. PEM format. Can reference $ENV_VARS."""
-    request_cert: NotRequired[bool]
-    r"""Require clients to present their certificates. Used to perform client authentication using SSL certs."""
-    reject_unauthorized: NotRequired[Any]
-    common_name_regex: NotRequired[Any]
     min_version: NotRequired[InputHTTPMinimumTLSVersion]
     max_version: NotRequired[InputHTTPMaximumTLSVersion]
 
@@ -144,6 +146,19 @@ class InputHTTPTLSSettingsServerSideTypedDict(TypedDict):
 class InputHTTPTLSSettingsServerSide(BaseModel):
     disabled: Optional[bool] = True
 
+    request_cert: Annotated[Optional[bool], pydantic.Field(alias="requestCert")] = False
+    r"""Require clients to present their certificates. Used to perform client authentication using SSL certs."""
+
+    reject_unauthorized: Annotated[
+        Optional[bool], pydantic.Field(alias="rejectUnauthorized")
+    ] = True
+    r"""Reject certificates not authorized by a CA in the CA certificate path or by another trusted CA (such as the system's)"""
+
+    common_name_regex: Annotated[
+        Optional[str], pydantic.Field(alias="commonNameRegex")
+    ] = "/.*/"
+    r"""Regex matching allowable common names in peer certificates' subject attribute"""
+
     certificate_name: Annotated[
         Optional[str], pydantic.Field(alias="certificateName")
     ] = None
@@ -161,17 +176,6 @@ class InputHTTPTLSSettingsServerSide(BaseModel):
     ca_path: Annotated[Optional[str], pydantic.Field(alias="caPath")] = None
     r"""Path on server containing CA certificates to use. PEM format. Can reference $ENV_VARS."""
 
-    request_cert: Annotated[Optional[bool], pydantic.Field(alias="requestCert")] = False
-    r"""Require clients to present their certificates. Used to perform client authentication using SSL certs."""
-
-    reject_unauthorized: Annotated[
-        Optional[Any], pydantic.Field(alias="rejectUnauthorized")
-    ] = None
-
-    common_name_regex: Annotated[
-        Optional[Any], pydantic.Field(alias="commonNameRegex")
-    ] = None
-
     min_version: Annotated[
         Annotated[
             Optional[InputHTTPMinimumTLSVersion],

cribl_control_plane/models/inputhttpraw.py

@@ -7,7 +7,7 @@ from cribl_control_plane.utils import validate_open_enum
 from enum import Enum
 import pydantic
 from pydantic.functional_validators import PlainValidator
-from typing import Any, List, Optional
+from typing import List, Optional
 from typing_extensions import Annotated, NotRequired, TypedDict
 
 
@@ -123,6 +123,12 @@ class InputHTTPRawMaximumTLSVersion(str, Enum, metaclass=utils.OpenEnumMeta):
 
 class InputHTTPRawTLSSettingsServerSideTypedDict(TypedDict):
     disabled: NotRequired[bool]
+    request_cert: NotRequired[bool]
+    r"""Require clients to present their certificates. Used to perform client authentication using SSL certs."""
+    reject_unauthorized: NotRequired[bool]
+    r"""Reject certificates not authorized by a CA in the CA certificate path or by another trusted CA (such as the system's)"""
+    common_name_regex: NotRequired[str]
+    r"""Regex matching allowable common names in peer certificates' subject attribute"""
     certificate_name: NotRequired[str]
     r"""The name of the predefined certificate"""
     priv_key_path: NotRequired[str]
@@ -133,10 +139,6 @@ class InputHTTPRawTLSSettingsServerSideTypedDict(TypedDict):
     r"""Path on server containing certificates to use. PEM format. Can reference $ENV_VARS."""
     ca_path: NotRequired[str]
     r"""Path on server containing CA certificates to use. PEM format. Can reference $ENV_VARS."""
-    request_cert: NotRequired[bool]
-    r"""Require clients to present their certificates. Used to perform client authentication using SSL certs."""
-    reject_unauthorized: NotRequired[Any]
-    common_name_regex: NotRequired[Any]
     min_version: NotRequired[InputHTTPRawMinimumTLSVersion]
     max_version: NotRequired[InputHTTPRawMaximumTLSVersion]
 
@@ -144,6 +146,19 @@ class InputHTTPRawTLSSettingsServerSideTypedDict(TypedDict):
 class InputHTTPRawTLSSettingsServerSide(BaseModel):
     disabled: Optional[bool] = True
 
+    request_cert: Annotated[Optional[bool], pydantic.Field(alias="requestCert")] = False
+    r"""Require clients to present their certificates. Used to perform client authentication using SSL certs."""
+
+    reject_unauthorized: Annotated[
+        Optional[bool], pydantic.Field(alias="rejectUnauthorized")
+    ] = True
+    r"""Reject certificates not authorized by a CA in the CA certificate path or by another trusted CA (such as the system's)"""
+
+    common_name_regex: Annotated[
+        Optional[str], pydantic.Field(alias="commonNameRegex")
+    ] = "/.*/"
+    r"""Regex matching allowable common names in peer certificates' subject attribute"""
+
     certificate_name: Annotated[
         Optional[str], pydantic.Field(alias="certificateName")
     ] = None
@@ -161,17 +176,6 @@ class InputHTTPRawTLSSettingsServerSide(BaseModel):
     ca_path: Annotated[Optional[str], pydantic.Field(alias="caPath")] = None
     r"""Path on server containing CA certificates to use. PEM format. Can reference $ENV_VARS."""
 
-    request_cert: Annotated[Optional[bool], pydantic.Field(alias="requestCert")] = False
-    r"""Require clients to present their certificates. Used to perform client authentication using SSL certs."""
-
-    reject_unauthorized: Annotated[
-        Optional[Any], pydantic.Field(alias="rejectUnauthorized")
-    ] = None
-
-    common_name_regex: Annotated[
-        Optional[Any], pydantic.Field(alias="commonNameRegex")
-    ] = None
-
     min_version: Annotated[
         Annotated[
             Optional[InputHTTPRawMinimumTLSVersion],

cribl_control_plane/models/inputkafka.py

@@ -255,6 +255,13 @@ class InputKafkaKafkaSchemaRegistryAuthentication(BaseModel):
     tls: Optional[InputKafkaKafkaSchemaRegistryTLSSettingsClientSide] = None
 
 
+class InputKafkaAuthenticationMethod(str, Enum, metaclass=utils.OpenEnumMeta):
+    r"""Enter credentials directly, or select a stored secret"""
+
+    MANUAL = "manual"
+    SECRET = "secret"
+
+
 class InputKafkaSASLMechanism(str, Enum, metaclass=utils.OpenEnumMeta):
     # PLAIN
     PLAIN = "plain"
@@ -266,13 +273,58 @@ class InputKafkaSASLMechanism(str, Enum, metaclass=utils.OpenEnumMeta):
     KERBEROS = "kerberos"
 
 
+class InputKafkaOauthParamTypedDict(TypedDict):
+    name: str
+    value: str
+
+
+class InputKafkaOauthParam(BaseModel):
+    name: str
+
+    value: str
+
+
+class InputKafkaSaslExtensionTypedDict(TypedDict):
+    name: str
+    value: str
+
+
+class InputKafkaSaslExtension(BaseModel):
+    name: str
+
+    value: str
+
+
 class InputKafkaAuthenticationTypedDict(TypedDict):
     r"""Authentication parameters to use when connecting to brokers. Using TLS is highly recommended."""
 
     disabled: NotRequired[bool]
+    username: NotRequired[str]
+    password: NotRequired[str]
+    auth_type: NotRequired[InputKafkaAuthenticationMethod]
+    r"""Enter credentials directly, or select a stored secret"""
+    credentials_secret: NotRequired[str]
+    r"""Select or create a secret that references your credentials"""
     mechanism: NotRequired[InputKafkaSASLMechanism]
+    keytab_location: NotRequired[str]
+    r"""Location of keytab file for authentication principal"""
+    principal: NotRequired[str]
+    r"""Authentication principal, such as `kafka_user@example.com`"""
+    broker_service_class: NotRequired[str]
+    r"""Kerberos service class for Kafka brokers, such as `kafka`"""
     oauth_enabled: NotRequired[bool]
     r"""Enable OAuth authentication"""
+    token_url: NotRequired[str]
+    r"""URL of the token endpoint to use for OAuth authentication"""
+    client_id: NotRequired[str]
+    r"""Client ID to use for OAuth authentication"""
+    oauth_secret_type: NotRequired[str]
+    client_text_secret: NotRequired[str]
+    r"""Select or create a stored text secret"""
+    oauth_params: NotRequired[List[InputKafkaOauthParamTypedDict]]
+    r"""Additional fields to send to the token endpoint, such as scope or audience"""
+    sasl_extensions: NotRequired[List[InputKafkaSaslExtensionTypedDict]]
+    r"""Additional SASL extension fields, such as Confluent's logicalCluster or identityPoolId"""
 
 
 class InputKafkaAuthentication(BaseModel):
@@ -280,15 +332,71 @@ class InputKafkaAuthentication(BaseModel):
 
     disabled: Optional[bool] = True
 
+    username: Optional[str] = None
+
+    password: Optional[str] = None
+
+    auth_type: Annotated[
+        Annotated[
+            Optional[InputKafkaAuthenticationMethod],
+            PlainValidator(validate_open_enum(False)),
+        ],
+        pydantic.Field(alias="authType"),
+    ] = InputKafkaAuthenticationMethod.MANUAL
+    r"""Enter credentials directly, or select a stored secret"""
+
+    credentials_secret: Annotated[
+        Optional[str], pydantic.Field(alias="credentialsSecret")
+    ] = None
+    r"""Select or create a secret that references your credentials"""
+
     mechanism: Annotated[
         Optional[InputKafkaSASLMechanism], PlainValidator(validate_open_enum(False))
     ] = InputKafkaSASLMechanism.PLAIN
 
+    keytab_location: Annotated[
+        Optional[str], pydantic.Field(alias="keytabLocation")
+    ] = None
+    r"""Location of keytab file for authentication principal"""
+
+    principal: Optional[str] = None
+    r"""Authentication principal, such as `kafka_user@example.com`"""
+
+    broker_service_class: Annotated[
+        Optional[str], pydantic.Field(alias="brokerServiceClass")
+    ] = None
+    r"""Kerberos service class for Kafka brokers, such as `kafka`"""
+
     oauth_enabled: Annotated[Optional[bool], pydantic.Field(alias="oauthEnabled")] = (
         False
     )
     r"""Enable OAuth authentication"""
 
+    token_url: Annotated[Optional[str], pydantic.Field(alias="tokenUrl")] = None
+    r"""URL of the token endpoint to use for OAuth authentication"""
+
+    client_id: Annotated[Optional[str], pydantic.Field(alias="clientId")] = None
+    r"""Client ID to use for OAuth authentication"""
+
+    oauth_secret_type: Annotated[
+        Optional[str], pydantic.Field(alias="oauthSecretType")
+    ] = "secret"
+
+    client_text_secret: Annotated[
+        Optional[str], pydantic.Field(alias="clientTextSecret")
+    ] = None
+    r"""Select or create a stored text secret"""
+
+    oauth_params: Annotated[
+        Optional[List[InputKafkaOauthParam]], pydantic.Field(alias="oauthParams")
+    ] = None
+    r"""Additional fields to send to the token endpoint, such as scope or audience"""
+
+    sasl_extensions: Annotated[
+        Optional[List[InputKafkaSaslExtension]], pydantic.Field(alias="saslExtensions")
+    ] = None
+    r"""Additional SASL extension fields, such as Confluent's logicalCluster or identityPoolId"""
+
 
 class InputKafkaMinimumTLSVersion(str, Enum, metaclass=utils.OpenEnumMeta):
     TL_SV1 = "TLSv1"