pulumi-harness 0.9.0a1760076204__py3-none-any.whl → 0.10.0a1764049859__py3-none-any.whl

pulumi_harness/platform/secret_winrm.py

@@ -0,0 +1,1082 @@
+# coding=utf-8
+# *** WARNING: this file was generated by pulumi-language-python. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import builtins as _builtins
+import warnings
+import sys
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
+from .. import _utilities
+from . import outputs
+from ._inputs import *
+
+__all__ = ['SecretWinrmArgs', 'SecretWinrm']
+
+@pulumi.input_type
+class SecretWinrmArgs:
+    def __init__(__self__, *,
+                 identifier: pulumi.Input[_builtins.str],
+                 description: Optional[pulumi.Input[_builtins.str]] = None,
+                 kerberos: Optional[pulumi.Input['SecretWinrmKerberosArgs']] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 ntlm: Optional[pulumi.Input['SecretWinrmNtlmArgs']] = None,
+                 org_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 port: Optional[pulumi.Input[_builtins.int]] = None,
+                 project_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 tags: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None):
+        """
+        The set of arguments for constructing a SecretWinrm resource.
+        :param pulumi.Input[_builtins.str] identifier: Unique identifier of the resource.
+        :param pulumi.Input[_builtins.str] description: Description of the resource.
+        :param pulumi.Input['SecretWinrmKerberosArgs'] kerberos: Kerberos authentication scheme
+        :param pulumi.Input[_builtins.str] name: Name of the resource.
+        :param pulumi.Input['SecretWinrmNtlmArgs'] ntlm: NTLM authentication scheme
+        :param pulumi.Input[_builtins.str] org_id: Unique identifier of the organization.
+        :param pulumi.Input[_builtins.int] port: WinRM port. Default is 5986 for HTTPS, 5985 for HTTP.
+        :param pulumi.Input[_builtins.str] project_id: Unique identifier of the project.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] tags: Tags to associate with the resource.
+        """
+        pulumi.set(__self__, "identifier", identifier)
+        if description is not None:
+            pulumi.set(__self__, "description", description)
+        if kerberos is not None:
+            pulumi.set(__self__, "kerberos", kerberos)
+        if name is not None:
+            pulumi.set(__self__, "name", name)
+        if ntlm is not None:
+            pulumi.set(__self__, "ntlm", ntlm)
+        if org_id is not None:
+            pulumi.set(__self__, "org_id", org_id)
+        if port is not None:
+            pulumi.set(__self__, "port", port)
+        if project_id is not None:
+            pulumi.set(__self__, "project_id", project_id)
+        if tags is not None:
+            pulumi.set(__self__, "tags", tags)
+
+    @_builtins.property
+    @pulumi.getter
+    def identifier(self) -> pulumi.Input[_builtins.str]:
+        """
+        Unique identifier of the resource.
+        """
+        return pulumi.get(self, "identifier")
+
+    @identifier.setter
+    def identifier(self, value: pulumi.Input[_builtins.str]):
+        pulumi.set(self, "identifier", value)
+
+    @_builtins.property
+    @pulumi.getter
+    def description(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Description of the resource.
+        """
+        return pulumi.get(self, "description")
+
+    @description.setter
+    def description(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "description", value)
+
+    @_builtins.property
+    @pulumi.getter
+    def kerberos(self) -> Optional[pulumi.Input['SecretWinrmKerberosArgs']]:
+        """
+        Kerberos authentication scheme
+        """
+        return pulumi.get(self, "kerberos")
+
+    @kerberos.setter
+    def kerberos(self, value: Optional[pulumi.Input['SecretWinrmKerberosArgs']]):
+        pulumi.set(self, "kerberos", value)
+
+    @_builtins.property
+    @pulumi.getter
+    def name(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Name of the resource.
+        """
+        return pulumi.get(self, "name")
+
+    @name.setter
+    def name(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "name", value)
+
+    @_builtins.property
+    @pulumi.getter
+    def ntlm(self) -> Optional[pulumi.Input['SecretWinrmNtlmArgs']]:
+        """
+        NTLM authentication scheme
+        """
+        return pulumi.get(self, "ntlm")
+
+    @ntlm.setter
+    def ntlm(self, value: Optional[pulumi.Input['SecretWinrmNtlmArgs']]):
+        pulumi.set(self, "ntlm", value)
+
+    @_builtins.property
+    @pulumi.getter(name="orgId")
+    def org_id(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Unique identifier of the organization.
+        """
+        return pulumi.get(self, "org_id")
+
+    @org_id.setter
+    def org_id(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "org_id", value)
+
+    @_builtins.property
+    @pulumi.getter
+    def port(self) -> Optional[pulumi.Input[_builtins.int]]:
+        """
+        WinRM port. Default is 5986 for HTTPS, 5985 for HTTP.
+        """
+        return pulumi.get(self, "port")
+
+    @port.setter
+    def port(self, value: Optional[pulumi.Input[_builtins.int]]):
+        pulumi.set(self, "port", value)
+
+    @_builtins.property
+    @pulumi.getter(name="projectId")
+    def project_id(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Unique identifier of the project.
+        """
+        return pulumi.get(self, "project_id")
+
+    @project_id.setter
+    def project_id(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "project_id", value)
+
+    @_builtins.property
+    @pulumi.getter
+    def tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
+        """
+        Tags to associate with the resource.
+        """
+        return pulumi.get(self, "tags")
+
+    @tags.setter
+    def tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
+        pulumi.set(self, "tags", value)
+
+
+@pulumi.input_type
+class _SecretWinrmState:
+    def __init__(__self__, *,
+                 description: Optional[pulumi.Input[_builtins.str]] = None,
+                 identifier: Optional[pulumi.Input[_builtins.str]] = None,
+                 kerberos: Optional[pulumi.Input['SecretWinrmKerberosArgs']] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 ntlm: Optional[pulumi.Input['SecretWinrmNtlmArgs']] = None,
+                 org_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 port: Optional[pulumi.Input[_builtins.int]] = None,
+                 project_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 tags: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None):
+        """
+        Input properties used for looking up and filtering SecretWinrm resources.
+        :param pulumi.Input[_builtins.str] description: Description of the resource.
+        :param pulumi.Input[_builtins.str] identifier: Unique identifier of the resource.
+        :param pulumi.Input['SecretWinrmKerberosArgs'] kerberos: Kerberos authentication scheme
+        :param pulumi.Input[_builtins.str] name: Name of the resource.
+        :param pulumi.Input['SecretWinrmNtlmArgs'] ntlm: NTLM authentication scheme
+        :param pulumi.Input[_builtins.str] org_id: Unique identifier of the organization.
+        :param pulumi.Input[_builtins.int] port: WinRM port. Default is 5986 for HTTPS, 5985 for HTTP.
+        :param pulumi.Input[_builtins.str] project_id: Unique identifier of the project.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] tags: Tags to associate with the resource.
+        """
+        if description is not None:
+            pulumi.set(__self__, "description", description)
+        if identifier is not None:
+            pulumi.set(__self__, "identifier", identifier)
+        if kerberos is not None:
+            pulumi.set(__self__, "kerberos", kerberos)
+        if name is not None:
+            pulumi.set(__self__, "name", name)
+        if ntlm is not None:
+            pulumi.set(__self__, "ntlm", ntlm)
+        if org_id is not None:
+            pulumi.set(__self__, "org_id", org_id)
+        if port is not None:
+            pulumi.set(__self__, "port", port)
+        if project_id is not None:
+            pulumi.set(__self__, "project_id", project_id)
+        if tags is not None:
+            pulumi.set(__self__, "tags", tags)
+
+    @_builtins.property
+    @pulumi.getter
+    def description(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Description of the resource.
+        """
+        return pulumi.get(self, "description")
+
+    @description.setter
+    def description(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "description", value)
+
+    @_builtins.property
+    @pulumi.getter
+    def identifier(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Unique identifier of the resource.
+        """
+        return pulumi.get(self, "identifier")
+
+    @identifier.setter
+    def identifier(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "identifier", value)
+
+    @_builtins.property
+    @pulumi.getter
+    def kerberos(self) -> Optional[pulumi.Input['SecretWinrmKerberosArgs']]:
+        """
+        Kerberos authentication scheme
+        """
+        return pulumi.get(self, "kerberos")
+
+    @kerberos.setter
+    def kerberos(self, value: Optional[pulumi.Input['SecretWinrmKerberosArgs']]):
+        pulumi.set(self, "kerberos", value)
+
+    @_builtins.property
+    @pulumi.getter
+    def name(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Name of the resource.
+        """
+        return pulumi.get(self, "name")
+
+    @name.setter
+    def name(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "name", value)
+
+    @_builtins.property
+    @pulumi.getter
+    def ntlm(self) -> Optional[pulumi.Input['SecretWinrmNtlmArgs']]:
+        """
+        NTLM authentication scheme
+        """
+        return pulumi.get(self, "ntlm")
+
+    @ntlm.setter
+    def ntlm(self, value: Optional[pulumi.Input['SecretWinrmNtlmArgs']]):
+        pulumi.set(self, "ntlm", value)
+
+    @_builtins.property
+    @pulumi.getter(name="orgId")
+    def org_id(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Unique identifier of the organization.
+        """
+        return pulumi.get(self, "org_id")
+
+    @org_id.setter
+    def org_id(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "org_id", value)
+
+    @_builtins.property
+    @pulumi.getter
+    def port(self) -> Optional[pulumi.Input[_builtins.int]]:
+        """
+        WinRM port. Default is 5986 for HTTPS, 5985 for HTTP.
+        """
+        return pulumi.get(self, "port")
+
+    @port.setter
+    def port(self, value: Optional[pulumi.Input[_builtins.int]]):
+        pulumi.set(self, "port", value)
+
+    @_builtins.property
+    @pulumi.getter(name="projectId")
+    def project_id(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Unique identifier of the project.
+        """
+        return pulumi.get(self, "project_id")
+
+    @project_id.setter
+    def project_id(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "project_id", value)
+
+    @_builtins.property
+    @pulumi.getter
+    def tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
+        """
+        Tags to associate with the resource.
+        """
+        return pulumi.get(self, "tags")
+
+    @tags.setter
+    def tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
+        pulumi.set(self, "tags", value)
+
+
+@pulumi.type_token("harness:platform/secretWinrm:SecretWinrm")
+class SecretWinrm(pulumi.CustomResource):
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 description: Optional[pulumi.Input[_builtins.str]] = None,
+                 identifier: Optional[pulumi.Input[_builtins.str]] = None,
+                 kerberos: Optional[pulumi.Input[Union['SecretWinrmKerberosArgs', 'SecretWinrmKerberosArgsDict']]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 ntlm: Optional[pulumi.Input[Union['SecretWinrmNtlmArgs', 'SecretWinrmNtlmArgsDict']]] = None,
+                 org_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 port: Optional[pulumi.Input[_builtins.int]] = None,
+                 project_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 tags: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 __props__=None):
+        """
+        Resource for creating a WinRM credential secret.
+
+        ## Example Usage
+
+        ```python
+        import pulumi
+        import pulumi_harness as harness
+
+        # ============================================================================
+        # ACCOUNT LEVEL TESTS (3 scenarios)
+        # ============================================================================
+        # 1. Account-level NTLM
+        account_ntlm_password = harness.platform.SecretText("account_ntlm_password",
+            identifier="account_ntlm_password_v3",
+            name="account_ntlm_password_v3",
+            description="Password for account-level NTLM",
+            secret_manager_identifier="harnessSecretManager",
+            value_type="Inline",
+            value="account_ntlm_pass")
+        account_ntlm = harness.platform.SecretWinrm("account_ntlm",
+            identifier="account_ntlm_v3",
+            name="Account NTLM v3",
+            description="Account-level WinRM with NTLM",
+            tags=[
+                "scope:account",
+                "auth:ntlm",
+            ],
+            port=5986,
+            ntlm={
+                "domain": "example.com",
+                "username": "admin",
+                "password_ref": account_ntlm_password.id.apply(lambda id: f"account.{id}"),
+                "use_ssl": True,
+                "skip_cert_check": False,
+                "use_no_profile": True,
+            })
+        # 2. Account-level Kerberos with KeyTab
+        account_kerberos_keytab = harness.platform.SecretWinrm("account_kerberos_keytab",
+            identifier="account_kerberos_keytab_v3",
+            name="Account Kerberos KeyTab v3",
+            description="Account-level WinRM with Kerberos KeyTab",
+            tags=[
+                "scope:account",
+                "auth:kerberos-keytab",
+            ],
+            port=5986,
+            kerberos={
+                "principal": "service@EXAMPLE.COM",
+                "realm": "EXAMPLE.COM",
+                "tgt_generation_method": "KeyTabFilePath",
+                "use_ssl": True,
+                "skip_cert_check": True,
+                "use_no_profile": True,
+                "tgt_key_tab_file_path_spec": {
+                    "key_path": "/etc/krb5.keytab",
+                },
+            })
+        # 3. Account-level Kerberos with Password
+        account_kerberos_password1 = harness.platform.SecretText("account_kerberos_password_1",
+            identifier="account_kerb_pass_20251111",
+            name="account_kerb_pass_20251111",
+            description="Password for account-level Kerberos",
+            secret_manager_identifier="harnessSecretManager",
+            value_type="Inline",
+            value="account_kerberos_pass")
+        account_kerberos_password1_secret_winrm = harness.platform.SecretWinrm("account_kerberos_password_1",
+            identifier="account_kerb_winrm_20251111",
+            name="Account Kerberos WinRM 20251111",
+            description="Account-level WinRM with Kerberos Password",
+            tags=[
+                "scope:account",
+                "auth:kerberos-password",
+            ],
+            port=5986,
+            kerberos={
+                "principal": "user@EXAMPLE.COM",
+                "realm": "EXAMPLE.COM",
+                "tgt_generation_method": "Password",
+                "use_ssl": True,
+                "skip_cert_check": False,
+                "use_no_profile": True,
+                "tgt_password_spec": {
+                    "password_ref": account_kerberos_password1.id.apply(lambda id: f"account.{id}"),
+                },
+            })
+        # ============================================================================
+        # ORGANIZATION LEVEL TESTS (3 scenarios)
+        # ============================================================================
+        # 4. Org-level NTLM
+        org_ntlm_password = harness.platform.SecretText("org_ntlm_password",
+            identifier="org_ntlm_password_v3",
+            name="org_ntlm_password_v3",
+            description="Password for org-level NTLM",
+            org_id="default",
+            secret_manager_identifier="harnessSecretManager",
+            value_type="Inline",
+            value="org_ntlm_pass")
+        org_ntlm = harness.platform.SecretWinrm("org_ntlm",
+            identifier="org_ntlm_v3",
+            name="Org NTLM v3",
+            description="Org-level WinRM with NTLM",
+            org_id="default",
+            tags=[
+                "scope:org",
+                "auth:ntlm",
+            ],
+            port=5985,
+            ntlm={
+                "domain": "org.example.com",
+                "username": "orgadmin",
+                "password_ref": org_ntlm_password.id.apply(lambda id: f"org.{id}"),
+                "use_ssl": False,
+                "skip_cert_check": False,
+                "use_no_profile": True,
+            })
+        # 5. Org-level Kerberos with KeyTab
+        org_kerberos_keytab = harness.platform.SecretWinrm("org_kerberos_keytab",
+            identifier="org_kerberos_keytab_v3",
+            name="Org Kerberos KeyTab v3",
+            description="Org-level WinRM with Kerberos KeyTab",
+            org_id="default",
+            tags=[
+                "scope:org",
+                "auth:kerberos-keytab",
+            ],
+            port=5986,
+            kerberos={
+                "principal": "orgservice@EXAMPLE.COM",
+                "realm": "EXAMPLE.COM",
+                "tgt_generation_method": "KeyTabFilePath",
+                "use_ssl": True,
+                "skip_cert_check": True,
+                "use_no_profile": True,
+                "tgt_key_tab_file_path_spec": {
+                    "key_path": "/etc/org.keytab",
+                },
+            })
+        # 6. Org-level Kerberos with Password
+        org_kerberos_password = harness.platform.SecretText("org_kerberos_password",
+            identifier="org_kerb_pass_v3",
+            name="org_kerb_pass_v3",
+            description="Password for org-level Kerberos",
+            org_id="default",
+            secret_manager_identifier="harnessSecretManager",
+            value_type="Inline",
+            value="org_kerberos_pass")
+        org_kerberos_password_secret_winrm = harness.platform.SecretWinrm("org_kerberos_password",
+            identifier="org_kerb_winrm_v3",
+            name="Org Kerberos WinRM v3",
+            description="Org-level WinRM with Kerberos Password",
+            org_id="default",
+            tags=[
+                "scope:org",
+                "auth:kerberos-password",
+            ],
+            port=5986,
+            kerberos={
+                "principal": "orguser@EXAMPLE.COM",
+                "realm": "EXAMPLE.COM",
+                "tgt_generation_method": "Password",
+                "use_ssl": True,
+                "skip_cert_check": False,
+                "use_no_profile": True,
+                "tgt_password_spec": {
+                    "password_ref": org_kerberos_password.id.apply(lambda id: f"org.{id}"),
+                },
+            })
+        # ============================================================================
+        # PROJECT LEVEL TESTS (3 scenarios)
+        # ============================================================================
+        # 7. Project-level NTLM
+        project_ntlm_password = harness.platform.SecretText("project_ntlm_password",
+            identifier="proj_ntlm_pass_v3",
+            name="proj_ntlm_pass_v3",
+            description="Password for project-level NTLM",
+            org_id="default",
+            project_id="winrm_support_terraform",
+            secret_manager_identifier="harnessSecretManager",
+            value_type="Inline",
+            value="project_ntlm_pass")
+        project_ntlm = harness.platform.SecretWinrm("project_ntlm",
+            identifier="proj_ntlm_winrm_v3",
+            name="Project NTLM WinRM v3",
+            description="Project-level WinRM with NTLM",
+            org_id="default",
+            project_id="winrm_support_terraform",
+            tags=[
+                "scope:project",
+                "auth:ntlm",
+            ],
+            port=5986,
+            ntlm={
+                "domain": "project.example.com",
+                "username": "projectadmin",
+                "password_ref": project_ntlm_password.id,
+                "use_ssl": True,
+                "skip_cert_check": False,
+                "use_no_profile": False,
+            })
+        # 8. Project-level Kerberos with KeyTab
+        project_kerberos_keytab = harness.platform.SecretWinrm("project_kerberos_keytab",
+            identifier="proj_kerb_keytab_v3",
+            name="Project Kerberos KeyTab v3",
+            description="Project-level WinRM with Kerberos KeyTab",
+            org_id="default",
+            project_id="winrm_support_terraform",
+            tags=[
+                "scope:project",
+                "auth:kerberos-keytab",
+            ],
+            port=5986,
+            kerberos={
+                "principal": "projectservice@EXAMPLE.COM",
+                "realm": "EXAMPLE.COM",
+                "tgt_generation_method": "KeyTabFilePath",
+                "use_ssl": False,
+                "skip_cert_check": False,
+                "use_no_profile": False,
+                "tgt_key_tab_file_path_spec": {
+                    "key_path": "/etc/project.keytab",
+                },
+            })
+        # 9. Project-level Kerberos with Password
+        project_kerberos_password = harness.platform.SecretText("project_kerberos_password",
+            identifier="proj_kerb_pass_v3",
+            name="proj_kerb_pass_v3",
+            description="Password for project-level Kerberos",
+            org_id="default",
+            project_id="winrm_support_terraform",
+            secret_manager_identifier="harnessSecretManager",
+            value_type="Inline",
+            value="project_kerberos_pass")
+        project_kerberos_password_secret_winrm = harness.platform.SecretWinrm("project_kerberos_password",
+            identifier="proj_kerb_winrm_v3",
+            name="Project Kerberos WinRM v3",
+            description="Project-level WinRM with Kerberos Password",
+            org_id="default",
+            project_id="winrm_support_terraform",
+            tags=[
+                "scope:project",
+                "auth:kerberos-password",
+            ],
+            port=5986,
+            kerberos={
+                "principal": "projectuser@EXAMPLE.COM",
+                "realm": "EXAMPLE.COM",
+                "tgt_generation_method": "Password",
+                "use_ssl": False,
+                "skip_cert_check": True,
+                "use_no_profile": True,
+                "tgt_password_spec": {
+                    "password_ref": project_kerberos_password.id,
+                },
+            })
+        ```
+
+        ## Import
+
+        The `pulumi import` command can be used, for example:
+
+        Import account level WinRM credential
+
+        ```sh
+        $ pulumi import harness:platform/secretWinrm:SecretWinrm example <winrm_credential_id>
+        ```
+
+        Import organization level WinRM credential
+
+        ```sh
+        $ pulumi import harness:platform/secretWinrm:SecretWinrm example <org_id>/<winrm_credential_id>
+        ```
+
+        Import project level WinRM credential
+
+        ```sh
+        $ pulumi import harness:platform/secretWinrm:SecretWinrm example <org_id>/<project_id>/<winrm_credential_id>
+        ```
+
+        :param str resource_name: The name of the resource.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[_builtins.str] description: Description of the resource.
+        :param pulumi.Input[_builtins.str] identifier: Unique identifier of the resource.
+        :param pulumi.Input[Union['SecretWinrmKerberosArgs', 'SecretWinrmKerberosArgsDict']] kerberos: Kerberos authentication scheme
+        :param pulumi.Input[_builtins.str] name: Name of the resource.
+        :param pulumi.Input[Union['SecretWinrmNtlmArgs', 'SecretWinrmNtlmArgsDict']] ntlm: NTLM authentication scheme
+        :param pulumi.Input[_builtins.str] org_id: Unique identifier of the organization.
+        :param pulumi.Input[_builtins.int] port: WinRM port. Default is 5986 for HTTPS, 5985 for HTTP.
+        :param pulumi.Input[_builtins.str] project_id: Unique identifier of the project.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] tags: Tags to associate with the resource.
+        """
+        ...
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 args: SecretWinrmArgs,
+                 opts: Optional[pulumi.ResourceOptions] = None):
+        """
+        Resource for creating a WinRM credential secret.
+
+        ## Example Usage
+
+        ```python
+        import pulumi
+        import pulumi_harness as harness
+
+        # ============================================================================
+        # ACCOUNT LEVEL TESTS (3 scenarios)
+        # ============================================================================
+        # 1. Account-level NTLM
+        account_ntlm_password = harness.platform.SecretText("account_ntlm_password",
+            identifier="account_ntlm_password_v3",
+            name="account_ntlm_password_v3",
+            description="Password for account-level NTLM",
+            secret_manager_identifier="harnessSecretManager",
+            value_type="Inline",
+            value="account_ntlm_pass")
+        account_ntlm = harness.platform.SecretWinrm("account_ntlm",
+            identifier="account_ntlm_v3",
+            name="Account NTLM v3",
+            description="Account-level WinRM with NTLM",
+            tags=[
+                "scope:account",
+                "auth:ntlm",
+            ],
+            port=5986,
+            ntlm={
+                "domain": "example.com",
+                "username": "admin",
+                "password_ref": account_ntlm_password.id.apply(lambda id: f"account.{id}"),
+                "use_ssl": True,
+                "skip_cert_check": False,
+                "use_no_profile": True,
+            })
+        # 2. Account-level Kerberos with KeyTab
+        account_kerberos_keytab = harness.platform.SecretWinrm("account_kerberos_keytab",
+            identifier="account_kerberos_keytab_v3",
+            name="Account Kerberos KeyTab v3",
+            description="Account-level WinRM with Kerberos KeyTab",
+            tags=[
+                "scope:account",
+                "auth:kerberos-keytab",
+            ],
+            port=5986,
+            kerberos={
+                "principal": "service@EXAMPLE.COM",
+                "realm": "EXAMPLE.COM",
+                "tgt_generation_method": "KeyTabFilePath",
+                "use_ssl": True,
+                "skip_cert_check": True,
+                "use_no_profile": True,
+                "tgt_key_tab_file_path_spec": {
+                    "key_path": "/etc/krb5.keytab",
+                },
+            })
+        # 3. Account-level Kerberos with Password
+        account_kerberos_password1 = harness.platform.SecretText("account_kerberos_password_1",
+            identifier="account_kerb_pass_20251111",
+            name="account_kerb_pass_20251111",
+            description="Password for account-level Kerberos",
+            secret_manager_identifier="harnessSecretManager",
+            value_type="Inline",
+            value="account_kerberos_pass")
+        account_kerberos_password1_secret_winrm = harness.platform.SecretWinrm("account_kerberos_password_1",
+            identifier="account_kerb_winrm_20251111",
+            name="Account Kerberos WinRM 20251111",
+            description="Account-level WinRM with Kerberos Password",
+            tags=[
+                "scope:account",
+                "auth:kerberos-password",
+            ],
+            port=5986,
+            kerberos={
+                "principal": "user@EXAMPLE.COM",
+                "realm": "EXAMPLE.COM",
+                "tgt_generation_method": "Password",
+                "use_ssl": True,
+                "skip_cert_check": False,
+                "use_no_profile": True,
+                "tgt_password_spec": {
+                    "password_ref": account_kerberos_password1.id.apply(lambda id: f"account.{id}"),
+                },
+            })
+        # ============================================================================
+        # ORGANIZATION LEVEL TESTS (3 scenarios)
+        # ============================================================================
+        # 4. Org-level NTLM
+        org_ntlm_password = harness.platform.SecretText("org_ntlm_password",
+            identifier="org_ntlm_password_v3",
+            name="org_ntlm_password_v3",
+            description="Password for org-level NTLM",
+            org_id="default",
+            secret_manager_identifier="harnessSecretManager",
+            value_type="Inline",
+            value="org_ntlm_pass")
+        org_ntlm = harness.platform.SecretWinrm("org_ntlm",
+            identifier="org_ntlm_v3",
+            name="Org NTLM v3",
+            description="Org-level WinRM with NTLM",
+            org_id="default",
+            tags=[
+                "scope:org",
+                "auth:ntlm",
+            ],
+            port=5985,
+            ntlm={
+                "domain": "org.example.com",
+                "username": "orgadmin",
+                "password_ref": org_ntlm_password.id.apply(lambda id: f"org.{id}"),
+                "use_ssl": False,
+                "skip_cert_check": False,
+                "use_no_profile": True,
+            })
+        # 5. Org-level Kerberos with KeyTab
+        org_kerberos_keytab = harness.platform.SecretWinrm("org_kerberos_keytab",
+            identifier="org_kerberos_keytab_v3",
+            name="Org Kerberos KeyTab v3",
+            description="Org-level WinRM with Kerberos KeyTab",
+            org_id="default",
+            tags=[
+                "scope:org",
+                "auth:kerberos-keytab",
+            ],
+            port=5986,
+            kerberos={
+                "principal": "orgservice@EXAMPLE.COM",
+                "realm": "EXAMPLE.COM",
+                "tgt_generation_method": "KeyTabFilePath",
+                "use_ssl": True,
+                "skip_cert_check": True,
+                "use_no_profile": True,
+                "tgt_key_tab_file_path_spec": {
+                    "key_path": "/etc/org.keytab",
+                },
+            })
+        # 6. Org-level Kerberos with Password
+        org_kerberos_password = harness.platform.SecretText("org_kerberos_password",
+            identifier="org_kerb_pass_v3",
+            name="org_kerb_pass_v3",
+            description="Password for org-level Kerberos",
+            org_id="default",
+            secret_manager_identifier="harnessSecretManager",
+            value_type="Inline",
+            value="org_kerberos_pass")
+        org_kerberos_password_secret_winrm = harness.platform.SecretWinrm("org_kerberos_password",
+            identifier="org_kerb_winrm_v3",
+            name="Org Kerberos WinRM v3",
+            description="Org-level WinRM with Kerberos Password",
+            org_id="default",
+            tags=[
+                "scope:org",
+                "auth:kerberos-password",
+            ],
+            port=5986,
+            kerberos={
+                "principal": "orguser@EXAMPLE.COM",
+                "realm": "EXAMPLE.COM",
+                "tgt_generation_method": "Password",
+                "use_ssl": True,
+                "skip_cert_check": False,
+                "use_no_profile": True,
+                "tgt_password_spec": {
+                    "password_ref": org_kerberos_password.id.apply(lambda id: f"org.{id}"),
+                },
+            })
+        # ============================================================================
+        # PROJECT LEVEL TESTS (3 scenarios)
+        # ============================================================================
+        # 7. Project-level NTLM
+        project_ntlm_password = harness.platform.SecretText("project_ntlm_password",
+            identifier="proj_ntlm_pass_v3",
+            name="proj_ntlm_pass_v3",
+            description="Password for project-level NTLM",
+            org_id="default",
+            project_id="winrm_support_terraform",
+            secret_manager_identifier="harnessSecretManager",
+            value_type="Inline",
+            value="project_ntlm_pass")
+        project_ntlm = harness.platform.SecretWinrm("project_ntlm",
+            identifier="proj_ntlm_winrm_v3",
+            name="Project NTLM WinRM v3",
+            description="Project-level WinRM with NTLM",
+            org_id="default",
+            project_id="winrm_support_terraform",
+            tags=[
+                "scope:project",
+                "auth:ntlm",
+            ],
+            port=5986,
+            ntlm={
+                "domain": "project.example.com",
+                "username": "projectadmin",
+                "password_ref": project_ntlm_password.id,
+                "use_ssl": True,
+                "skip_cert_check": False,
+                "use_no_profile": False,
+            })
+        # 8. Project-level Kerberos with KeyTab
+        project_kerberos_keytab = harness.platform.SecretWinrm("project_kerberos_keytab",
+            identifier="proj_kerb_keytab_v3",
+            name="Project Kerberos KeyTab v3",
+            description="Project-level WinRM with Kerberos KeyTab",
+            org_id="default",
+            project_id="winrm_support_terraform",
+            tags=[
+                "scope:project",
+                "auth:kerberos-keytab",
+            ],
+            port=5986,
+            kerberos={
+                "principal": "projectservice@EXAMPLE.COM",
+                "realm": "EXAMPLE.COM",
+                "tgt_generation_method": "KeyTabFilePath",
+                "use_ssl": False,
+                "skip_cert_check": False,
+                "use_no_profile": False,
+                "tgt_key_tab_file_path_spec": {
+                    "key_path": "/etc/project.keytab",
+                },
+            })
+        # 9. Project-level Kerberos with Password
+        project_kerberos_password = harness.platform.SecretText("project_kerberos_password",
+            identifier="proj_kerb_pass_v3",
+            name="proj_kerb_pass_v3",
+            description="Password for project-level Kerberos",
+            org_id="default",
+            project_id="winrm_support_terraform",
+            secret_manager_identifier="harnessSecretManager",
+            value_type="Inline",
+            value="project_kerberos_pass")
+        project_kerberos_password_secret_winrm = harness.platform.SecretWinrm("project_kerberos_password",
+            identifier="proj_kerb_winrm_v3",
+            name="Project Kerberos WinRM v3",
+            description="Project-level WinRM with Kerberos Password",
+            org_id="default",
+            project_id="winrm_support_terraform",
+            tags=[
+                "scope:project",
+                "auth:kerberos-password",
+            ],
+            port=5986,
+            kerberos={
+                "principal": "projectuser@EXAMPLE.COM",
+                "realm": "EXAMPLE.COM",
+                "tgt_generation_method": "Password",
+                "use_ssl": False,
+                "skip_cert_check": True,
+                "use_no_profile": True,
+                "tgt_password_spec": {
+                    "password_ref": project_kerberos_password.id,
+                },
+            })
+        ```
+
+        ## Import
+
+        The `pulumi import` command can be used, for example:
+
+        Import account level WinRM credential
+
+        ```sh
+        $ pulumi import harness:platform/secretWinrm:SecretWinrm example <winrm_credential_id>
+        ```
+
+        Import organization level WinRM credential
+
+        ```sh
+        $ pulumi import harness:platform/secretWinrm:SecretWinrm example <org_id>/<winrm_credential_id>
+        ```
+
+        Import project level WinRM credential
+
+        ```sh
+        $ pulumi import harness:platform/secretWinrm:SecretWinrm example <org_id>/<project_id>/<winrm_credential_id>
+        ```
+
+        :param str resource_name: The name of the resource.
+        :param SecretWinrmArgs args: The arguments to use to populate this resource's properties.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        """
+        ...
+    def __init__(__self__, resource_name: str, *args, **kwargs):
+        resource_args, opts = _utilities.get_resource_args_opts(SecretWinrmArgs, pulumi.ResourceOptions, *args, **kwargs)
+        if resource_args is not None:
+            __self__._internal_init(resource_name, opts, **resource_args.__dict__)
+        else:
+            __self__._internal_init(resource_name, *args, **kwargs)
+
+    def _internal_init(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 description: Optional[pulumi.Input[_builtins.str]] = None,
+                 identifier: Optional[pulumi.Input[_builtins.str]] = None,
+                 kerberos: Optional[pulumi.Input[Union['SecretWinrmKerberosArgs', 'SecretWinrmKerberosArgsDict']]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 ntlm: Optional[pulumi.Input[Union['SecretWinrmNtlmArgs', 'SecretWinrmNtlmArgsDict']]] = None,
+                 org_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 port: Optional[pulumi.Input[_builtins.int]] = None,
+                 project_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 tags: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 __props__=None):
+        opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
+        if not isinstance(opts, pulumi.ResourceOptions):
+            raise TypeError('Expected resource options to be a ResourceOptions instance')
+        if opts.id is None:
+            if __props__ is not None:
+                raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
+            __props__ = SecretWinrmArgs.__new__(SecretWinrmArgs)
+
+            __props__.__dict__["description"] = description
+            if identifier is None and not opts.urn:
+                raise TypeError("Missing required property 'identifier'")
+            __props__.__dict__["identifier"] = identifier
+            __props__.__dict__["kerberos"] = kerberos
+            __props__.__dict__["name"] = name
+            __props__.__dict__["ntlm"] = ntlm
+            __props__.__dict__["org_id"] = org_id
+            __props__.__dict__["port"] = port
+            __props__.__dict__["project_id"] = project_id
+            __props__.__dict__["tags"] = tags
+        super(SecretWinrm, __self__).__init__(
+            'harness:platform/secretWinrm:SecretWinrm',
+            resource_name,
+            __props__,
+            opts)
+
+    @staticmethod
+    def get(resource_name: str,
+            id: pulumi.Input[str],
+            opts: Optional[pulumi.ResourceOptions] = None,
+            description: Optional[pulumi.Input[_builtins.str]] = None,
+            identifier: Optional[pulumi.Input[_builtins.str]] = None,
+            kerberos: Optional[pulumi.Input[Union['SecretWinrmKerberosArgs', 'SecretWinrmKerberosArgsDict']]] = None,
+            name: Optional[pulumi.Input[_builtins.str]] = None,
+            ntlm: Optional[pulumi.Input[Union['SecretWinrmNtlmArgs', 'SecretWinrmNtlmArgsDict']]] = None,
+            org_id: Optional[pulumi.Input[_builtins.str]] = None,
+            port: Optional[pulumi.Input[_builtins.int]] = None,
+            project_id: Optional[pulumi.Input[_builtins.str]] = None,
+            tags: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None) -> 'SecretWinrm':
+        """
+        Get an existing SecretWinrm resource's state with the given name, id, and optional extra
+        properties used to qualify the lookup.
+
+        :param str resource_name: The unique name of the resulting resource.
+        :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[_builtins.str] description: Description of the resource.
+        :param pulumi.Input[_builtins.str] identifier: Unique identifier of the resource.
+        :param pulumi.Input[Union['SecretWinrmKerberosArgs', 'SecretWinrmKerberosArgsDict']] kerberos: Kerberos authentication scheme
+        :param pulumi.Input[_builtins.str] name: Name of the resource.
+        :param pulumi.Input[Union['SecretWinrmNtlmArgs', 'SecretWinrmNtlmArgsDict']] ntlm: NTLM authentication scheme
+        :param pulumi.Input[_builtins.str] org_id: Unique identifier of the organization.
+        :param pulumi.Input[_builtins.int] port: WinRM port. Default is 5986 for HTTPS, 5985 for HTTP.
+        :param pulumi.Input[_builtins.str] project_id: Unique identifier of the project.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] tags: Tags to associate with the resource.
+        """
+        opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
+
+        __props__ = _SecretWinrmState.__new__(_SecretWinrmState)
+
+        __props__.__dict__["description"] = description
+        __props__.__dict__["identifier"] = identifier
+        __props__.__dict__["kerberos"] = kerberos
+        __props__.__dict__["name"] = name
+        __props__.__dict__["ntlm"] = ntlm
+        __props__.__dict__["org_id"] = org_id
+        __props__.__dict__["port"] = port
+        __props__.__dict__["project_id"] = project_id
+        __props__.__dict__["tags"] = tags
+        return SecretWinrm(resource_name, opts=opts, __props__=__props__)
+
+    @_builtins.property
+    @pulumi.getter
+    def description(self) -> pulumi.Output[Optional[_builtins.str]]:
+        """
+        Description of the resource.
+        """
+        return pulumi.get(self, "description")
+
+    @_builtins.property
+    @pulumi.getter
+    def identifier(self) -> pulumi.Output[_builtins.str]:
+        """
+        Unique identifier of the resource.
+        """
+        return pulumi.get(self, "identifier")
+
+    @_builtins.property
+    @pulumi.getter
+    def kerberos(self) -> pulumi.Output[Optional['outputs.SecretWinrmKerberos']]:
+        """
+        Kerberos authentication scheme
+        """
+        return pulumi.get(self, "kerberos")
+
+    @_builtins.property
+    @pulumi.getter
+    def name(self) -> pulumi.Output[_builtins.str]:
+        """
+        Name of the resource.
+        """
+        return pulumi.get(self, "name")
+
+    @_builtins.property
+    @pulumi.getter
+    def ntlm(self) -> pulumi.Output[Optional['outputs.SecretWinrmNtlm']]:
+        """
+        NTLM authentication scheme
+        """
+        return pulumi.get(self, "ntlm")
+
+    @_builtins.property
+    @pulumi.getter(name="orgId")
+    def org_id(self) -> pulumi.Output[Optional[_builtins.str]]:
+        """
+        Unique identifier of the organization.
+        """
+        return pulumi.get(self, "org_id")
+
+    @_builtins.property
+    @pulumi.getter
+    def port(self) -> pulumi.Output[Optional[_builtins.int]]:
+        """
+        WinRM port. Default is 5986 for HTTPS, 5985 for HTTP.
+        """
+        return pulumi.get(self, "port")
+
+    @_builtins.property
+    @pulumi.getter(name="projectId")
+    def project_id(self) -> pulumi.Output[Optional[_builtins.str]]:
+        """
+        Unique identifier of the project.
+        """
+        return pulumi.get(self, "project_id")
+
+    @_builtins.property
+    @pulumi.getter
+    def tags(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
+        """
+        Tags to associate with the resource.
+        """
+        return pulumi.get(self, "tags")
+