import * as outputs from "../types/output";
export interface AccountService {
/**
* CreatedAt is the timestamp when the user was created
*/
createdAt: string;
/**
* Unique human-readable name of the Service.
*/
name: string;
/**
* The Service's suspended state.
*/
suspended?: boolean;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
token: string;
}
export interface AccountUser {
/**
* CreatedAt is the timestamp when the user was created
*/
createdAt: string;
/**
* The User's email address. Must be unique.
*/
email: string;
/**
* Internal employee ID used to identify the user.
*/
employeeNumber?: string;
/**
* External ID is an alternative unique ID this user is represented by within an external service.
*/
externalId?: string;
/**
* The User's first name.
*/
firstName: string;
/**
* The User's last name.
*/
lastName: string;
/**
* Managed By is a read only field for what service manages this user, e.g. StrongDM, Okta, Azure.
*/
managedBy: string;
/**
* Manager ID is the ID of the user's manager. This field is empty when the user has no manager.
*/
managerId?: string;
/**
* PermissionLevel is the user's permission level e.g. admin, DBA, user.
*/
permissionLevel: string;
/**
* Resolved Manager ID is the ID of the user's manager derived from the manager_id, if present, or from the SCIM metadata. This is a read-only field that's only populated for get and list.
*/
resolvedManagerId: string;
/**
* SCIM contains the raw SCIM metadata for the user. This is a read-only field.
*/
scim: string;
/**
* The Service's suspended state.
*/
suspended: boolean;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface ApprovalWorkflowApprovalStep {
/**
* The approvers for this approval step
*/
approvers: outputs.ApprovalWorkflowApprovalStepApprover[];
/**
* Whether any or all approvers are required to approve for this approval step (optional, defaults to any)
*/
quantifier?: string;
/**
* Duration after which this approval step will be skipped if no approval is given (optional, if not provided this step must be manually approved)
*/
skipAfter?: string;
}
export interface ApprovalWorkflowApprovalStepApprover {
/**
* The account id of the approver (only one of account_id, role_id, group id, or reference may be present for one approver)
*/
accountId?: string;
/**
* The group id of the approver (only one of account_id, role_id, group id, or reference may be present for one approver)
*/
groupId?: string;
/**
* A reference to an approver: 'manager-of-requester' or 'manager-of-manager-of-requester' (only one of account_id, role_id, group id, or reference may be present for one approver)
*/
reference?: string;
/**
* The role id of the approver (only one of account_id, role_id, group id, or reference may be present for one approver)
*/
roleId?: string;
}
export interface ConnectorAws {
/**
* AccountIds is the list of AWS Accounts to scan
*/
accountIds?: string[];
/**
* Description of the Connector.
*/
description?: string;
/**
* ExcludeTags filters out discovered resources that have the tag and value. We do allow duplicate tag names for ExcludeTags to support multiple excluded values for the tag.
*/
excludeTags?: outputs.ConnectorAwsExcludeTag[];
/**
* IncludeTags only discovers cloud resources that have one of the included tags. We do not allow duplicate tag names for IncludeTags
*/
includeTags?: outputs.ConnectorAwsIncludeTag[];
/**
* Unique human-readable name of the Connector.
*/
name: string;
/**
* RoleName is the Role we're assuming into for an account
*/
roleName?: string;
/**
* ScanPeriod identifies which remote system this Connector discovers
*/
scanPeriod?: string;
/**
* Services is a list of services this connector should scan.
*/
services?: string[];
}
export interface ConnectorAwsExcludeTag {
/**
* Unique human-readable name of the Connector.
*/
name?: string;
/**
* The value of this tag.
*/
value?: string;
}
export interface ConnectorAwsIncludeTag {
/**
* Unique human-readable name of the Connector.
*/
name?: string;
/**
* The value of this tag.
*/
value?: string;
}
export interface ConnectorAzure {
/**
* ClientId is the ID of the Application / Service Account we're acting as
*/
clientId?: string;
/**
* Description of the Connector.
*/
description?: string;
/**
* ExcludeTags filters out discovered resources that have the tag and value. We do allow duplicate tag names for ExcludeTags to support multiple excluded values for the tag.
*/
excludeTags?: outputs.ConnectorAzureExcludeTag[];
/**
* IncludeTags only discovers cloud resources that have one of the included tags. We do not allow duplicate tag names for IncludeTags
*/
includeTags?: outputs.ConnectorAzureIncludeTag[];
/**
* Unique human-readable name of the Connector.
*/
name: string;
/**
* ScanPeriod identifies which remote system this Connector discovers
*/
scanPeriod?: string;
/**
* Services is a list of services this connector should scan.
*/
services?: string[];
/**
* SubscriptionIds are the targets of discovery.
*/
subscriptionIds?: string[];
/**
* TenantId is the Azure Tenant we're discovering in
* * gcp:
*/
tenantId?: string;
}
export interface ConnectorAzureExcludeTag {
/**
* Unique human-readable name of the Connector.
*/
name?: string;
/**
* The value of this tag.
*/
value?: string;
}
export interface ConnectorAzureIncludeTag {
/**
* Unique human-readable name of the Connector.
*/
name?: string;
/**
* The value of this tag.
*/
value?: string;
}
export interface ConnectorGcp {
/**
* Description of the Connector.
*/
description?: string;
/**
* ExcludeTags filters out discovered resources that have the tag and value. We do allow duplicate tag names for ExcludeTags to support multiple excluded values for the tag.
*/
excludeTags?: outputs.ConnectorGcpExcludeTag[];
/**
* IncludeTags only discovers cloud resources that have one of the included tags. We do not allow duplicate tag names for IncludeTags
*/
includeTags?: outputs.ConnectorGcpIncludeTag[];
/**
* Unique human-readable name of the Connector.
*/
name: string;
/**
* ProjectIds is the list of GCP Projects the connector will scan
*/
projectIds?: string[];
/**
* ScanPeriod identifies which remote system this Connector discovers
*/
scanPeriod?: string;
/**
* Services is a list of services this connector should scan.
*/
services?: string[];
/**
* WorkloadPoolId is the GCP Workload Pool Identifier used to authenticate our JWT
*/
workloadPoolId?: string;
/**
* WorkloadProjectId is the GCP Project ID where the Workload Pool is defined
*/
workloadProjectId?: string;
/**
* WorkloadProjectNumber is the GCP Project Number where the Workload Pool is defined
*/
workloadProjectNumber?: string;
/**
* WorkloadProviderId is the GCP Workload Provider Identifier used to authenticate our JWT
*/
workloadProviderId?: string;
}
export interface ConnectorGcpExcludeTag {
/**
* Unique human-readable name of the Connector.
*/
name?: string;
/**
* The value of this tag.
*/
value?: string;
}
export interface ConnectorGcpIncludeTag {
/**
* Unique human-readable name of the Connector.
*/
name?: string;
/**
* The value of this tag.
*/
value?: string;
}
export interface GetAccountAccount {
/**
* A Service is a service account that can connect to resources they are granted directly, or granted via roles. Services are typically automated jobs.
*/
services: outputs.GetAccountAccountService[];
/**
* A Token is an account providing tokenized access for automation or integration use. Tokens include admin tokens, API keys, and SCIM tokens.
*/
tokens: outputs.GetAccountAccountToken[];
/**
* A User can connect to resources they are granted directly, or granted via roles.
*/
users: outputs.GetAccountAccountUser[];
}
export interface GetAccountAccountService {
/**
* CreatedAt is the timestamp when the user was created
*/
createdAt: string;
/**
* Unique identifier of the User.
*/
id?: string;
/**
* Unique human-readable name of the Token.
*/
name?: string;
/**
* Reserved for future use. Always false for tokens.
*/
suspended?: boolean;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetAccountAccountToken {
/**
* Corresponds to the type of token, e.g. api or admin-token.
*/
accountType?: string;
/**
* CreatedAt is the timestamp when the user was created
*/
createdAt: string;
/**
* The timestamp when the Token will expire.
*/
deadline?: string;
/**
* Duration from token creation to expiration.
*/
duration?: string;
/**
* Unique identifier of the User.
*/
id?: string;
/**
* Unique human-readable name of the Token.
*/
name?: string;
/**
* Permissions assigned to the token, e.g. role:create.
*/
permissions?: string[];
/**
* The timestamp when the Token was last rekeyed.
*/
rekeyed?: string;
/**
* Reserved for future use. Always false for tokens.
*/
suspended?: boolean;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetAccountAccountUser {
/**
* CreatedAt is the timestamp when the user was created
*/
createdAt: string;
/**
* The User's email address. Must be unique.
*/
email?: string;
/**
* Internal employee ID used to identify the user.
*/
employeeNumber?: string;
/**
* External ID is an alternative unique ID this user is represented by within an external service.
*/
externalId?: string;
/**
* The User's first name.
*/
firstName?: string;
/**
* Unique identifier of the User.
*/
id?: string;
/**
* The User's last name.
*/
lastName?: string;
/**
* Managed By is a read only field for what service manages this user, e.g. StrongDM, Okta, Azure.
*/
managedBy: string;
/**
* Manager ID is the ID of the user's manager. This field is empty when the user has no manager.
*/
managerId?: string;
/**
* PermissionLevel is the user's permission level e.g. admin, DBA, user.
*/
permissionLevel?: string;
/**
* Resolved Manager ID is the ID of the user's manager derived from the manager_id, if present, or from the SCIM metadata. This is a read-only field that's only populated for get and list.
*/
resolvedManagerId: string;
/**
* SCIM contains the raw SCIM metadata for the user. This is a read-only field.
*/
scim: string;
/**
* Reserved for future use. Always false for tokens.
*/
suspended: boolean;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetAccountAttachmentAccountAttachment {
/**
* The id of the account of this AccountAttachment.
*/
accountId?: string;
/**
* Unique identifier of the AccountAttachment.
*/
id?: string;
/**
* The id of the attached role of this AccountAttachment.
*/
roleId?: string;
}
export interface GetAccountGroupAccountsGroup {
/**
* Unique identifier of the Account.
*/
accountId?: string;
/**
* Unique identifier of the Group.
*/
groupId?: string;
/**
* Unique identifier of the AccountGroup.
*/
id?: string;
}
export interface GetApprovalWorkflowApprovalStep {
/**
* The approvers for this approval step
*/
approvers: outputs.GetApprovalWorkflowApprovalStepApprover[];
/**
* Whether any or all approvers are required to approve for this approval step (optional, defaults to any)
*/
quantifier?: string;
/**
* Duration after which this approval step will be skipped if no approval is given (optional, if not provided this step must be manually approved)
*/
skipAfter?: string;
}
export interface GetApprovalWorkflowApprovalStepApprover {
/**
* The account id of the approver (only one of account_id, role_id, group id, or reference may be present for one approver)
*/
accountId?: string;
/**
* The group id of the approver (only one of account_id, role_id, group id, or reference may be present for one approver)
*/
groupId?: string;
/**
* A reference to an approver: 'manager-of-requester' or 'manager-of-manager-of-requester' (only one of account_id, role_id, group id, or reference may be present for one approver)
*/
reference?: string;
/**
* The role id of the approver (only one of account_id, role_id, group id, or reference may be present for one approver)
*/
roleId?: string;
}
export interface GetApprovalWorkflowApprovalWorkflow {
/**
* Approval mode of the ApprovalWorkflow
*/
approvalMode?: string;
/**
* The approval steps of this approval workflow
*/
approvalSteps?: outputs.GetApprovalWorkflowApprovalWorkflowApprovalStep[];
/**
* Optional description of the ApprovalWorkflow.
*/
description?: string;
/**
* Unique identifier of the ApprovalWorkflow.
*/
id?: string;
/**
* Unique human-readable name of the ApprovalWorkflow.
*/
name?: string;
}
export interface GetApprovalWorkflowApprovalWorkflowApprovalStep {
/**
* The approvers for this approval step
*/
approvers: outputs.GetApprovalWorkflowApprovalWorkflowApprovalStepApprover[];
/**
* Whether any or all approvers are required to approve for this approval step (optional, defaults to any)
*/
quantifier?: string;
/**
* Duration after which this approval step will be skipped if no approval is given (optional, if not provided this step must be manually approved)
*/
skipAfter?: string;
}
export interface GetApprovalWorkflowApprovalWorkflowApprovalStepApprover {
/**
* The account id of the approver (only one of account_id, role_id, group id, or reference may be present for one approver)
*/
accountId?: string;
/**
* The group id of the approver (only one of account_id, role_id, group id, or reference may be present for one approver)
*/
groupId?: string;
/**
* A reference to an approver: 'manager-of-requester' or 'manager-of-manager-of-requester' (only one of account_id, role_id, group id, or reference may be present for one approver)
*/
reference?: string;
/**
* The role id of the approver (only one of account_id, role_id, group id, or reference may be present for one approver)
*/
roleId?: string;
}
export interface GetConnectorDiscoveryConnector {
aws: outputs.GetConnectorDiscoveryConnectorAw[];
azures: outputs.GetConnectorDiscoveryConnectorAzure[];
gcps: outputs.GetConnectorDiscoveryConnectorGcp[];
}
export interface GetConnectorDiscoveryConnectorAw {
/**
* AccountIds is the list of AWS Accounts to scan
*/
accountIds?: string[];
/**
* Description of the Connector.
*/
description?: string;
/**
* Unique identifier of the Connector.
*/
id?: string;
/**
* Unique human-readable name of the Connector.
*/
name?: string;
/**
* RoleName is the Role we're assuming into for an account
*/
roleName?: string;
/**
* ScanPeriod identifies which remote system this Connector discovers
*/
scanPeriod?: string;
/**
* Services is a list of services this connector should scan.
*/
services?: string[];
}
export interface GetConnectorDiscoveryConnectorAzure {
/**
* ClientId is the ID of the Application / Service Account we're acting as
*/
clientId?: string;
/**
* Description of the Connector.
*/
description?: string;
/**
* Unique identifier of the Connector.
*/
id?: string;
/**
* Unique human-readable name of the Connector.
*/
name?: string;
/**
* ScanPeriod identifies which remote system this Connector discovers
*/
scanPeriod?: string;
/**
* Services is a list of services this connector should scan.
*/
services?: string[];
/**
* SubscriptionIds are the targets of discovery.
*/
subscriptionIds?: string[];
/**
* TenantId is the Azure Tenant we're discovering in
*/
tenantId?: string;
}
export interface GetConnectorDiscoveryConnectorGcp {
/**
* Description of the Connector.
*/
description?: string;
/**
* Unique identifier of the Connector.
*/
id?: string;
/**
* Unique human-readable name of the Connector.
*/
name?: string;
/**
* ProjectIds is the list of GCP Projects the connector will scan
*/
projectIds?: string[];
/**
* ScanPeriod identifies which remote system this Connector discovers
*/
scanPeriod?: string;
/**
* Services is a list of services this connector should scan.
*/
services?: string[];
/**
* WorkloadPoolId is the GCP Workload Pool Identifier used to authenticate our JWT
*/
workloadPoolId?: string;
/**
* WorkloadProjectId is the GCP Project ID where the Workload Pool is defined
*/
workloadProjectId?: string;
/**
* WorkloadProjectNumber is the GCP Project Number where the Workload Pool is defined
*/
workloadProjectNumber?: string;
/**
* WorkloadProviderId is the GCP Workload Provider Identifier used to authenticate our JWT
*/
workloadProviderId?: string;
}
export interface GetGroupGroup {
/**
* Description of the Group.
*/
description?: string;
/**
* Unique identifier of the Group.
*/
id?: string;
/**
* Unique human-readable name of the Group.
*/
name?: string;
/**
* Source is a read only field for what service manages this group, e.g. StrongDM, Okta, Azure.
*/
source: string;
/**
* Tags is a map of key/value pairs that can be attached to a Group.
*/
tags?: {
[key: string]: string;
};
}
export interface GetGroupRoleGroupsRole {
/**
* The assigned Group ID.
*/
groupId?: string;
/**
* Unique identifier of the GroupRole.
*/
id?: string;
/**
* The assigned Role ID.
*/
roleId?: string;
}
export interface GetIdentityAliasIdentityAlias {
/**
* The account for this identity alias.
*/
accountId?: string;
/**
* Unique identifier of the IdentityAlias.
*/
id?: string;
/**
* The identity set.
*/
identitySetId?: string;
/**
* The username to be used as the identity alias for this account.
*/
username?: string;
}
export interface GetIdentitySetIdentitySet {
/**
* Unique identifier of the IdentitySet.
*/
id?: string;
/**
* Unique human-readable name of the IdentitySet.
*/
name?: string;
}
export interface GetManagedSecretManagedSecret {
/**
* public part of the secret value
*/
config: string;
/**
* Timestamp of when secret is going to be rotated
*/
expiresAt: string;
/**
* Unique identifier of the Managed Secret.
*/
id?: string;
/**
* Timestamp of when secret was last rotated
*/
lastRotatedAt: string;
/**
* Whether the secret requires a lock to access
*/
lockRequired?: boolean;
/**
* Unique human-readable name of the Managed Secret.
*/
name?: string;
/**
* An ID of a Secret Engine linked with the Managed Secret.
*/
secretEngineId?: string;
/**
* Path in a secret store.
*/
secretStorePath: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* Sensitive value of the secret.
*/
value?: string;
}
export interface GetNodeNode {
/**
* Gateway represents a StrongDM CLI installation running in gateway mode.
*/
gateways: outputs.GetNodeNodeGateway[];
/**
* ProxyCluster represents a cluster of StrongDM proxies.
*/
proxyClusters: outputs.GetNodeNodeProxyCluster[];
/**
* Relay represents a StrongDM CLI installation running in relay mode.
*/
relays: outputs.GetNodeNodeRelay[];
}
export interface GetNodeNodeGateway {
/**
* The hostname/port tuple which the gateway daemon will bind to. If not provided on create, set to "0.0.0.0:listen_address_port".
*/
bindAddress?: string;
/**
* Device is a read only device name uploaded by the gateway process when it comes online.
*/
device: string;
/**
* GatewayFilter can be used to restrict the peering between relays and gateways. Deprecated.
*/
gatewayFilter?: string;
/**
* Unique identifier of the Relay.
*/
id?: string;
/**
* The public hostname/port tuple at which the gateway will be accessible to clients.
*/
listenAddress?: string;
/**
* Location is a read only network location uploaded by the gateway process when it comes online.
*/
location: string;
/**
* Maintenance Windows define when this node is allowed to restart. If a node is requested to restart, it will check each window to determine if any of them permit it to restart, and if any do, it will. This check is repeated per window until the restart is successfully completed. If not set here, may be set on the command line or via an environment variable on the process itself; any server setting will take precedence over local settings. This setting is ineffective for nodes below version 38.44.0. If this setting is not applied via this remote configuration or via local configuration, the default setting is used: always allow restarts if serving no connections, and allow a restart even if serving connections between 7-8 UTC, any day.
*/
maintenanceWindows?: outputs.GetNodeNodeGatewayMaintenanceWindow[];
/**
* Unique human-readable name of the Relay. Node names must include only letters, numbers, and hyphens (no spaces, underscores, or other special characters). Generated if not provided on create.
*/
name?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* Version is a read only sdm binary version uploaded by the gateway process when it comes online.
*/
version: string;
}
export interface GetNodeNodeGatewayMaintenanceWindow {
cronSchedule: string;
requireIdleness: boolean;
}
export interface GetNodeNodeProxyCluster {
/**
* The public hostname/port tuple at which the proxy cluster will be accessible to clients.
*/
address?: string;
/**
* Unique identifier of the Relay.
*/
id?: string;
/**
* Maintenance Windows define when this node is allowed to restart. If a node is requested to restart, it will check each window to determine if any of them permit it to restart, and if any do, it will. This check is repeated per window until the restart is successfully completed. If not set here, may be set on the command line or via an environment variable on the process itself; any server setting will take precedence over local settings. This setting is ineffective for nodes below version 38.44.0. If this setting is not applied via this remote configuration or via local configuration, the default setting is used: always allow restarts if serving no connections, and allow a restart even if serving connections between 7-8 UTC, any day.
*/
maintenanceWindows?: outputs.GetNodeNodeProxyClusterMaintenanceWindow[];
/**
* Unique human-readable name of the Relay. Node names must include only letters, numbers, and hyphens (no spaces, underscores, or other special characters). Generated if not provided on create.
*/
name?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetNodeNodeProxyClusterMaintenanceWindow {
cronSchedule: string;
requireIdleness: boolean;
}
export interface GetNodeNodeRelay {
/**
* Device is a read only device name uploaded by the gateway process when it comes online.
*/
device: string;
/**
* GatewayFilter can be used to restrict the peering between relays and gateways. Deprecated.
*/
gatewayFilter?: string;
/**
* Unique identifier of the Relay.
*/
id?: string;
/**
* Location is a read only network location uploaded by the gateway process when it comes online.
*/
location: string;
/**
* Maintenance Windows define when this node is allowed to restart. If a node is requested to restart, it will check each window to determine if any of them permit it to restart, and if any do, it will. This check is repeated per window until the restart is successfully completed. If not set here, may be set on the command line or via an environment variable on the process itself; any server setting will take precedence over local settings. This setting is ineffective for nodes below version 38.44.0. If this setting is not applied via this remote configuration or via local configuration, the default setting is used: always allow restarts if serving no connections, and allow a restart even if serving connections between 7-8 UTC, any day.
*/
maintenanceWindows?: outputs.GetNodeNodeRelayMaintenanceWindow[];
/**
* Unique human-readable name of the Relay. Node names must include only letters, numbers, and hyphens (no spaces, underscores, or other special characters). Generated if not provided on create.
*/
name?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* Version is a read only sdm binary version uploaded by the gateway process when it comes online.
*/
version: string;
}
export interface GetNodeNodeRelayMaintenanceWindow {
cronSchedule: string;
requireIdleness: boolean;
}
export interface GetPeeringGroupNodePeeringGroupNode {
/**
* Peering Group ID to which the node will be attached to.
*/
groupId?: string;
/**
* Unique identifier of the Attachment.
*/
id?: string;
/**
* Node ID to be attached.
*/
nodeId?: string;
}
export interface GetPeeringGroupPeerPeeringGroupPeer {
/**
* Group ID from which the link will originate.
*/
groupId?: string;
/**
* Unique identifier of the Attachment.
*/
id?: string;
/**
* Peering Group ID to which Group ID will link.
*/
peersWithGroupId?: string;
}
export interface GetPeeringGroupPeeringGroup {
/**
* Unique identifier of the PeeringGroup.
*/
id?: string;
/**
* Unique human-readable name of the PeeringGroup.
*/
name?: string;
}
export interface GetPeeringGroupResourcePeeringGroupResource {
/**
* Peering Group ID to which the resource will be attached to.
*/
groupId?: string;
/**
* Unique identifier of the Attachment.
*/
id?: string;
/**
* Resource ID to be attached.
*/
resourceId?: string;
}
export interface GetPolicyPolicy {
/**
* Optional description of the Policy.
*/
description?: string;
/**
* Unique identifier of the Policy.
*/
id?: string;
/**
* Unique human-readable name of the Policy.
*/
name?: string;
/**
* The content of the Policy, in Cedar policy language.
*/
policy?: string;
}
export interface GetProxyClusterKeyProxyClusterKey {
/**
* Unique identifier of the Relay.
*/
id?: string;
/**
* The ID of the proxy cluster which this key authenticates to.
*/
proxyClusterId?: string;
}
export interface GetRemoteIdentityGroupRemoteIdentityGroup {
/**
* Unique identifier of the RemoteIdentityGroup.
*/
id?: string;
/**
* Unique human-readable name of the RemoteIdentityGroup.
*/
name?: string;
}
export interface GetRemoteIdentityRemoteIdentity {
/**
* The account for this remote identity.
*/
accountId?: string;
/**
* Unique identifier of the RemoteIdentity.
*/
id?: string;
/**
* The remote identity group.
*/
remoteIdentityGroupId?: string;
/**
* The username to be used as the remote identity for this account.
*/
username?: string;
}
export interface GetResourceResource {
aerospikes: outputs.GetResourceResourceAerospike[];
aks: outputs.GetResourceResourceAk[];
aksBasicAuths: outputs.GetResourceResourceAksBasicAuth[];
/**
* @deprecated aks_service_account_user_impersonation is deprecated, see docs for more info
*/
aksServiceAccountUserImpersonations: outputs.GetResourceResourceAksServiceAccountUserImpersonation[];
aksServiceAccounts: outputs.GetResourceResourceAksServiceAccount[];
/**
* @deprecated aks_user_impersonation is deprecated, see docs for more info
*/
aksUserImpersonations: outputs.GetResourceResourceAksUserImpersonation[];
amazonEks: outputs.GetResourceResourceAmazonEk[];
/**
* @deprecated amazon_eks_instance_profile_user_impersonation is deprecated, see docs for more info
*/
amazonEksInstanceProfileUserImpersonations: outputs.GetResourceResourceAmazonEksInstanceProfileUserImpersonation[];
amazonEksInstanceProfiles: outputs.GetResourceResourceAmazonEksInstanceProfile[];
/**
* @deprecated amazon_eks_user_impersonation is deprecated, see docs for more info
*/
amazonEksUserImpersonations: outputs.GetResourceResourceAmazonEksUserImpersonation[];
amazonEs: outputs.GetResourceResourceAmazonE[];
amazonEsiams: outputs.GetResourceResourceAmazonEsiam[];
amazonmqAmqp091s: outputs.GetResourceResourceAmazonmqAmqp091[];
amazonmqAmqps: outputs.GetResourceResourceAmazonmqAmqp[];
athenaIams: outputs.GetResourceResourceAthenaIam[];
athenas: outputs.GetResourceResourceAthena[];
auroraMysqlIams: outputs.GetResourceResourceAuroraMysqlIam[];
auroraMysqls: outputs.GetResourceResourceAuroraMysql[];
auroraPostgres: outputs.GetResourceResourceAuroraPostgre[];
auroraPostgresIams: outputs.GetResourceResourceAuroraPostgresIam[];
aws: outputs.GetResourceResourceAw[];
awsConsoleStaticKeyPairs: outputs.GetResourceResourceAwsConsoleStaticKeyPair[];
awsConsoles: outputs.GetResourceResourceAwsConsole[];
awsInstanceProfiles: outputs.GetResourceResourceAwsInstanceProfile[];
azureCertificates: outputs.GetResourceResourceAzureCertificate[];
azureMysqlManagedIdentities: outputs.GetResourceResourceAzureMysqlManagedIdentity[];
azureMysqls: outputs.GetResourceResourceAzureMysql[];
azurePostgres: outputs.GetResourceResourceAzurePostgre[];
azurePostgresManagedIdentities: outputs.GetResourceResourceAzurePostgresManagedIdentity[];
azures: outputs.GetResourceResourceAzure[];
bigQueries: outputs.GetResourceResourceBigQuery[];
cassandras: outputs.GetResourceResourceCassandra[];
cituses: outputs.GetResourceResourceCitus[];
clickHouseHttps: outputs.GetResourceResourceClickHouseHttp[];
clickHouseMySqls: outputs.GetResourceResourceClickHouseMySql[];
clickHouseTcps: outputs.GetResourceResourceClickHouseTcp[];
clustrixes: outputs.GetResourceResourceClustrix[];
cockroaches: outputs.GetResourceResourceCockroach[];
couchbaseDatabases: outputs.GetResourceResourceCouchbaseDatabase[];
couchbaseWebUis: outputs.GetResourceResourceCouchbaseWebUi[];
databricks: outputs.GetResourceResourceDatabrick[];
db2Is: outputs.GetResourceResourceDb2I[];
db2Luws: outputs.GetResourceResourceDb2Luw[];
documentDbHostIams: outputs.GetResourceResourceDocumentDbHostIam[];
documentDbHosts: outputs.GetResourceResourceDocumentDbHost[];
documentDbReplicaSetIams: outputs.GetResourceResourceDocumentDbReplicaSetIam[];
documentDbReplicaSets: outputs.GetResourceResourceDocumentDbReplicaSet[];
druids: outputs.GetResourceResourceDruid[];
dynamoDbiams: outputs.GetResourceResourceDynamoDbiam[];
dynamoDbs: outputs.GetResourceResourceDynamoDb[];
elasticacheRedis: outputs.GetResourceResourceElasticacheRedi[];
elasticacheRedisIams: outputs.GetResourceResourceElasticacheRedisIam[];
elastics: outputs.GetResourceResourceElastic[];
entraIds: outputs.GetResourceResourceEntraId[];
gcpConsoles: outputs.GetResourceResourceGcpConsole[];
gcps: outputs.GetResourceResourceGcp[];
gcpwifs: outputs.GetResourceResourceGcpwif[];
/**
* @deprecated google_gke_user_impersonation is deprecated, see docs for more info
*/
googleGkeUserImpersonations: outputs.GetResourceResourceGoogleGkeUserImpersonation[];
googleGkes: outputs.GetResourceResourceGoogleGke[];
googleSpanners: outputs.GetResourceResourceGoogleSpanner[];
greenplums: outputs.GetResourceResourceGreenplum[];
httpAuths: outputs.GetResourceResourceHttpAuth[];
httpBasicAuths: outputs.GetResourceResourceHttpBasicAuth[];
httpNoAuths: outputs.GetResourceResourceHttpNoAuth[];
kubernetes: outputs.GetResourceResourceKubernete[];
kubernetesBasicAuths: outputs.GetResourceResourceKubernetesBasicAuth[];
kubernetesPodIdentities: outputs.GetResourceResourceKubernetesPodIdentity[];
/**
* @deprecated kubernetes_service_account_user_impersonation is deprecated, see docs for more info
*/
kubernetesServiceAccountUserImpersonations: outputs.GetResourceResourceKubernetesServiceAccountUserImpersonation[];
kubernetesServiceAccounts: outputs.GetResourceResourceKubernetesServiceAccount[];
/**
* @deprecated kubernetes_user_impersonation is deprecated, see docs for more info
*/
kubernetesUserImpersonations: outputs.GetResourceResourceKubernetesUserImpersonation[];
marias: outputs.GetResourceResourceMaria[];
mcpGatewayNoAuths: outputs.GetResourceResourceMcpGatewayNoAuth[];
mcpGatewayOAuthDcrs: outputs.GetResourceResourceMcpGatewayOAuthDcr[];
mcpGatewayOAuths: outputs.GetResourceResourceMcpGatewayOAuth[];
mcpGatewayPats: outputs.GetResourceResourceMcpGatewayPat[];
memcacheds: outputs.GetResourceResourceMemcached[];
memsqls: outputs.GetResourceResourceMemsql[];
mongoHosts: outputs.GetResourceResourceMongoHost[];
mongoLegacyHosts: outputs.GetResourceResourceMongoLegacyHost[];
mongoLegacyReplicasets: outputs.GetResourceResourceMongoLegacyReplicaset[];
mongoReplicaSets: outputs.GetResourceResourceMongoReplicaSet[];
mongoShardedClusters: outputs.GetResourceResourceMongoShardedCluster[];
mtlsMysqls: outputs.GetResourceResourceMtlsMysql[];
mtlsPostgres: outputs.GetResourceResourceMtlsPostgre[];
mysqls: outputs.GetResourceResourceMysql[];
neptuneIams: outputs.GetResourceResourceNeptuneIam[];
neptunes: outputs.GetResourceResourceNeptune[];
oktaGroups: outputs.GetResourceResourceOktaGroup[];
oracleNnes: outputs.GetResourceResourceOracleNne[];
oracles: outputs.GetResourceResourceOracle[];
postgres: outputs.GetResourceResourcePostgre[];
prestos: outputs.GetResourceResourcePresto[];
rabbitmqAmqp091s: outputs.GetResourceResourceRabbitmqAmqp091[];
rawTcps: outputs.GetResourceResourceRawTcp[];
rdpCerts: outputs.GetResourceResourceRdpCert[];
rdps: outputs.GetResourceResourceRdp[];
rdsPostgresIams: outputs.GetResourceResourceRdsPostgresIam[];
redis: outputs.GetResourceResourceRedi[];
redisClusters: outputs.GetResourceResourceRedisCluster[];
redshiftIams: outputs.GetResourceResourceRedshiftIam[];
redshiftServerlessIams: outputs.GetResourceResourceRedshiftServerlessIam[];
redshifts: outputs.GetResourceResourceRedshift[];
singleStores: outputs.GetResourceResourceSingleStore[];
snowflakes: outputs.GetResourceResourceSnowflake[];
snowsights: outputs.GetResourceResourceSnowsight[];
sqlServerAzureAds: outputs.GetResourceResourceSqlServerAzureAd[];
sqlServerKerberosAds: outputs.GetResourceResourceSqlServerKerberosAd[];
sqlServers: outputs.GetResourceResourceSqlServer[];
sshCerts: outputs.GetResourceResourceSshCert[];
sshCustomerKeys: outputs.GetResourceResourceSshCustomerKey[];
sshPasswords: outputs.GetResourceResourceSshPassword[];
sshes: outputs.GetResourceResourceSsh[];
sybaseIqs: outputs.GetResourceResourceSybaseIq[];
sybases: outputs.GetResourceResourceSybase[];
teradatas: outputs.GetResourceResourceTeradata[];
trinos: outputs.GetResourceResourceTrino[];
verticas: outputs.GetResourceResourceVertica[];
}
export interface GetResourceResourceAerospike {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If true, uses UseServicesAlternates directive for Aerospike connection
*/
useServicesAlternate?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceAk {
/**
* If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided.
*/
allowResourceRoleBypass?: boolean;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The CA to authenticate TLS connections with.
*/
certificateAuthority?: string;
/**
* The certificate to authenticate TLS connections with.
*/
clientCertificate?: string;
/**
* The key to authenticate TLS connections with.
*/
clientKey?: string;
/**
* If true, configures discovery of the Okta org to be run from a node.
*/
discoveryEnabled?: boolean;
/**
* If a cluster is configured for user impersonation, this is the user to impersonate when running discovery.
*/
discoveryUsername?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetResourceResourceAksBasicAuth {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceAksServiceAccount {
/**
* If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided.
*/
allowResourceRoleBypass?: boolean;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* If true, configures discovery of the Okta org to be run from a node.
*/
discoveryEnabled?: boolean;
/**
* If a cluster is configured for user impersonation, this is the user to impersonate when running discovery.
*/
discoveryUsername?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The API token to authenticate with.
* * kubernetes_user_impersonation:
*/
token?: string;
}
export interface GetResourceResourceAksServiceAccountUserImpersonation {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The API token to authenticate with.
* * kubernetes_user_impersonation:
*/
token?: string;
}
export interface GetResourceResourceAksUserImpersonation {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The CA to authenticate TLS connections with.
*/
certificateAuthority?: string;
/**
* The certificate to authenticate TLS connections with.
*/
clientCertificate?: string;
/**
* The key to authenticate TLS connections with.
*/
clientKey?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetResourceResourceAmazonE {
/**
* The Access Key ID to use to authenticate.
*/
accessKey?: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com
*/
endpoint?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region?: string;
/**
* The role to assume after logging in.
*/
roleArn?: string;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: string;
/**
* The Secret Access Key to use to authenticate.
*/
secretAccessKey?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetResourceResourceAmazonEk {
/**
* The Access Key ID to use to authenticate.
*/
accessKey?: string;
/**
* If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided.
*/
allowResourceRoleBypass?: boolean;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The CA to authenticate TLS connections with.
*/
certificateAuthority?: string;
/**
* The name of the cluster to connect to.
*/
clusterName?: string;
/**
* If true, configures discovery of the Okta org to be run from a node.
*/
discoveryEnabled?: boolean;
/**
* If a cluster is configured for user impersonation, this is the user to impersonate when running discovery.
*/
discoveryUsername?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com
*/
endpoint?: string;
/**
* The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region?: string;
/**
* The role to assume after logging in.
*/
roleArn?: string;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: string;
/**
* The Secret Access Key to use to authenticate.
*/
secretAccessKey?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetResourceResourceAmazonEksInstanceProfile {
/**
* If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided.
*/
allowResourceRoleBypass?: boolean;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The CA to authenticate TLS connections with.
*/
certificateAuthority?: string;
/**
* The name of the cluster to connect to.
*/
clusterName?: string;
/**
* If true, configures discovery of the Okta org to be run from a node.
*/
discoveryEnabled?: boolean;
/**
* If a cluster is configured for user impersonation, this is the user to impersonate when running discovery.
*/
discoveryUsername?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com
*/
endpoint?: string;
/**
* The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region?: string;
/**
* The role to assume after logging in.
*/
roleArn?: string;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetResourceResourceAmazonEksInstanceProfileUserImpersonation {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The CA to authenticate TLS connections with.
*/
certificateAuthority?: string;
/**
* The name of the cluster to connect to.
*/
clusterName?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com
*/
endpoint?: string;
/**
* The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region?: string;
/**
* The role to assume after logging in.
*/
roleArn?: string;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetResourceResourceAmazonEksUserImpersonation {
/**
* The Access Key ID to use to authenticate.
*/
accessKey?: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The CA to authenticate TLS connections with.
*/
certificateAuthority?: string;
/**
* The name of the cluster to connect to.
*/
clusterName?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com
*/
endpoint?: string;
/**
* The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region?: string;
/**
* The role to assume after logging in.
*/
roleArn?: string;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: string;
/**
* The Secret Access Key to use to authenticate.
*/
secretAccessKey?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetResourceResourceAmazonEsiam {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com
*/
endpoint?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region?: string;
/**
* The role to assume after logging in.
*/
roleArn?: string;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
}
export interface GetResourceResourceAmazonmqAmqp {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceAmazonmqAmqp091 {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceAthena {
/**
* The Access Key ID to use to authenticate.
*/
accessKey?: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The AWS S3 output location.
*/
output?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region?: string;
/**
* The role to assume after logging in.
*/
roleArn?: string;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: string;
/**
* The Secret Access Key to use to authenticate.
*/
secretAccessKey?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetResourceResourceAthenaIam {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The AWS S3 output location.
*/
output?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region?: string;
/**
* The role to assume after logging in.
*/
roleArn?: string;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetResourceResourceAuroraMysql {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* Whether native auth (mysql_native_password) is used for all connections (for backwards compatibility)
*/
requireNativeAuth?: boolean;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If true, appends the hostname to the username when hitting a database.azure.com address
*/
useAzureSingleServerUsernames?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceAuroraMysqlIam {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region?: string;
/**
* If provided, the gateway/relay will try to assume this role instead of the underlying compute's role.
*/
roleAssumptionArn?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceAuroraPostgre {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
*/
overrideDatabase?: boolean;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceAuroraPostgresIam {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
*/
overrideDatabase?: boolean;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region?: string;
/**
* If provided, the gateway/relay will try to assume this role instead of the underlying compute's role.
*/
roleAssumptionArn?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceAw {
/**
* The Access Key ID to use to authenticate.
*/
accessKey?: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The AWS region healthcheck requests should attempt to connect to.
*/
healthcheckRegion?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The role to assume after logging in.
*/
roleArn?: string;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: string;
/**
* The Secret Access Key to use to authenticate.
*/
secretAccessKey?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetResourceResourceAwsConsole {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* If true, prefer environment variables to authenticate connection even if EC2 roles are configured.
*/
enableEnvVariables?: boolean;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region?: string;
/**
* The role to assume after logging in.
*/
roleArn?: string;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* The length of time in seconds console sessions will live before needing to reauthenticate.
*/
sessionExpiry?: number;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* This option enforces HTTPS on the client, not resource connection.
* * sql_server:
*/
useHttps?: boolean;
}
export interface GetResourceResourceAwsConsoleStaticKeyPair {
/**
* The Access Key ID to use to authenticate.
*/
accessKey?: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region?: string;
/**
* The role to assume after logging in.
*/
roleArn?: string;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: string;
/**
* The Secret Access Key to use to authenticate.
*/
secretAccessKey?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* The length of time in seconds console sessions will live before needing to reauthenticate.
*/
sessionExpiry?: number;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* This option enforces HTTPS on the client, not resource connection.
* * sql_server:
*/
useHttps?: boolean;
}
export interface GetResourceResourceAwsInstanceProfile {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* If true, prefer environment variables to authenticate connection even if EC2 roles are configured.
*/
enableEnvVariables?: boolean;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region?: string;
/**
* The role to assume after logging in.
*/
roleArn?: string;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetResourceResourceAzure {
/**
* The application ID to authenticate with.
*/
appId?: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The Azure AD directory (tenant) ID with which to authenticate.
* * sql_server_kerberos_ad:
*/
tenantId?: string;
}
export interface GetResourceResourceAzureCertificate {
/**
* The application ID to authenticate with.
*/
appId?: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The certificate to authenticate TLS connections with.
*/
clientCertificate?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The Azure AD directory (tenant) ID with which to authenticate.
* * sql_server_kerberos_ad:
*/
tenantId?: string;
}
export interface GetResourceResourceAzureMysql {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* Whether native auth (mysql_native_password) is used for all connections (for backwards compatibility)
*/
requireNativeAuth?: boolean;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If true, appends the hostname to the username when hitting a database.azure.com address
*/
useAzureSingleServerUsernames?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceAzureMysqlManagedIdentity {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If true, appends the hostname to the username when hitting a database.azure.com address
*/
useAzureSingleServerUsernames?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceAzurePostgre {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
*/
overrideDatabase?: boolean;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceAzurePostgresManagedIdentity {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
*/
overrideDatabase?: boolean;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If true, appends the hostname to the username when hitting a database.azure.com address
*/
useAzureSingleServerUsernames?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceBigQuery {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com
*/
endpoint?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* The private key used to authenticate with the server.
*/
privateKey?: string;
/**
* The GCP project ID containing the Spanner database.
*/
project?: string;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceCassandra {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceCitus {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
*/
overrideDatabase?: boolean;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceClickHouseHttp {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The URL to dial to initiate a connection from the egress node to this resource.
* * memcached:
*/
url?: string;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceClickHouseMySql {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* Whether native auth (mysql_native_password) is used for all connections (for backwards compatibility)
*/
requireNativeAuth?: boolean;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceClickHouseTcp {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceClustrix {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* Whether native auth (mysql_native_password) is used for all connections (for backwards compatibility)
*/
requireNativeAuth?: boolean;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If true, appends the hostname to the username when hitting a database.azure.com address
*/
useAzureSingleServerUsernames?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceCockroach {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
*/
overrideDatabase?: boolean;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceCouchbaseDatabase {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* The port number for N1QL queries. Default HTTP is 8093. Default HTTPS is 18093.
*/
n1QlPort?: number;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceCouchbaseWebUi {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The URL to dial to initiate a connection from the egress node to this resource.
* * memcached:
*/
url?: string;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceDatabrick {
/**
* Databricks Personal Access Token (PAT)
*/
accessToken?: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* The HTTP path to the SQL warehouse or cluster (e.g., /sql/1.0/warehouses/xxx)
*/
httpPath?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The Schema to use to direct initial requests.
*/
schema?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetResourceResourceDb2I {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceDb2Luw {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceDocumentDbHost {
/**
* The authentication database to use.
*/
authDatabase?: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceDocumentDbHostIam {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetResourceResourceDocumentDbReplicaSet {
/**
* The authentication database to use.
*/
authDatabase?: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* Set to connect to a replica instead of the primary node.
*/
connectToReplica?: boolean;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceDocumentDbReplicaSetIam {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* Set to connect to a replica instead of the primary node.
*/
connectToReplica?: boolean;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetResourceResourceDruid {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceDynamoDb {
/**
* The Access Key ID to use to authenticate.
*/
accessKey?: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com
*/
endpoint?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region?: string;
/**
* The role to assume after logging in.
*/
roleArn?: string;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: string;
/**
* The Secret Access Key to use to authenticate.
*/
secretAccessKey?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetResourceResourceDynamoDbiam {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com
*/
endpoint?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region?: string;
/**
* The role to assume after logging in.
*/
roleArn?: string;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetResourceResourceElastic {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceElasticacheRedi {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceElasticacheRedisIam {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region?: string;
/**
* If provided, the gateway/relay will try to assume this role instead of the underlying compute's role.
*/
roleAssumptionArn?: string;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceEntraId {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* If true, configures discovery of the Okta org to be run from a node.
*/
discoveryEnabled?: boolean;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* comma separated list of group names to filter by. Supports wildcards (*)
*/
groupNames?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* The management group ID to authenticate scope Privileges to.
*/
managementGroupId?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The privilege levels specify which Groups are managed externally
*/
privilegeLevels?: string;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* filters discovered groups to the specified Resource Group
*/
resourceGroupId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* The subscription ID to authenticate scope Privileges to.
*/
subscriptionId?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The Azure AD directory (tenant) ID with which to authenticate.
* * sql_server_kerberos_ad:
*/
tenantId?: string;
}
export interface GetResourceResourceGcp {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* The service account keyfile to authenticate with.
*/
keyfile?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* Space separated scopes that this login should assume into when authenticating.
*/
scopes?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetResourceResourceGcpConsole {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* The length of time in seconds console sessions will live before needing to reauthenticate.
*/
sessionExpiry?: number;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The ID of the Workforce Identity Pool in GCP to use for federated authentication.
*/
workforcePoolId?: string;
/**
* The ID of the Workforce Identity Provider in GCP to use for federated authentication.
* * google_gke:
*/
workforceProviderId?: string;
}
export interface GetResourceResourceGcpwif {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* When specified, all project scoped requests will use this Project ID, overriding the project ID specified by clients
*/
projectId?: string;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* Space separated scopes that this login should assume into when authenticating.
*/
scopes?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* The length of time in seconds console sessions will live before needing to reauthenticate.
*/
sessionExpiry?: number;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The ID of the Workforce Identity Pool in GCP to use for federated authentication.
*/
workforcePoolId?: string;
/**
* The ID of the Workforce Identity Provider in GCP to use for federated authentication.
* * google_gke:
*/
workforceProviderId?: string;
}
export interface GetResourceResourceGoogleGke {
/**
* If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided.
*/
allowResourceRoleBypass?: boolean;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The CA to authenticate TLS connections with.
*/
certificateAuthority?: string;
/**
* If true, configures discovery of the Okta org to be run from a node.
*/
discoveryEnabled?: boolean;
/**
* If a cluster is configured for user impersonation, this is the user to impersonate when running discovery.
*/
discoveryUsername?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com
*/
endpoint?: string;
/**
* The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* The service account key to authenticate with.
*/
serviceAccountKey?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetResourceResourceGoogleGkeUserImpersonation {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The CA to authenticate TLS connections with.
*/
certificateAuthority?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com
*/
endpoint?: string;
/**
* The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* The service account key to authenticate with.
*/
serviceAccountKey?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetResourceResourceGoogleSpanner {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com
*/
endpoint?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* The Spanner instance ID within the GCP project.
*/
instance?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* The GCP project ID containing the Spanner database.
*/
project?: string;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* Optional service account email to impersonate. When set, the relay's Application Default Credentials will impersonate this service account to access Spanner. This allows role separation where the relay uses one service account but operates as another.
*/
serviceAccountToImpersonate?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetResourceResourceGreenplum {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
*/
overrideDatabase?: boolean;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceHttpAuth {
/**
* The content to set as the authorization header.
*/
authHeader?: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* Automatically redirect to this path upon connecting.
*/
defaultPath?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* Header names (e.g. Authorization), to omit from logs.
*/
headersBlacklist?: string;
/**
* This path will be used to check the health of your site.
*/
healthcheckPath?: string;
/**
* The host header will be overwritten with this field if provided.
*/
hostOverride?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The URL to dial to initiate a connection from the egress node to this resource.
* * memcached:
*/
url?: string;
}
export interface GetResourceResourceHttpBasicAuth {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* Automatically redirect to this path upon connecting.
*/
defaultPath?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* Header names (e.g. Authorization), to omit from logs.
*/
headersBlacklist?: string;
/**
* This path will be used to check the health of your site.
*/
healthcheckPath?: string;
/**
* The host header will be overwritten with this field if provided.
*/
hostOverride?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The URL to dial to initiate a connection from the egress node to this resource.
* * memcached:
*/
url?: string;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceHttpNoAuth {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* Automatically redirect to this path upon connecting.
*/
defaultPath?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* Header names (e.g. Authorization), to omit from logs.
*/
headersBlacklist?: string;
/**
* This path will be used to check the health of your site.
*/
healthcheckPath?: string;
/**
* The host header will be overwritten with this field if provided.
*/
hostOverride?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The URL to dial to initiate a connection from the egress node to this resource.
* * memcached:
*/
url?: string;
}
export interface GetResourceResourceKubernete {
/**
* If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided.
*/
allowResourceRoleBypass?: boolean;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The CA to authenticate TLS connections with.
*/
certificateAuthority?: string;
/**
* The certificate to authenticate TLS connections with.
*/
clientCertificate?: string;
/**
* The key to authenticate TLS connections with.
*/
clientKey?: string;
/**
* If true, configures discovery of the Okta org to be run from a node.
*/
discoveryEnabled?: boolean;
/**
* If a cluster is configured for user impersonation, this is the user to impersonate when running discovery.
*/
discoveryUsername?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetResourceResourceKubernetesBasicAuth {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceKubernetesPodIdentity {
/**
* If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided.
*/
allowResourceRoleBypass?: boolean;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The CA to authenticate TLS connections with.
*/
certificateAuthority?: string;
/**
* If true, configures discovery of the Okta org to be run from a node.
*/
discoveryEnabled?: boolean;
/**
* If a cluster is configured for user impersonation, this is the user to impersonate when running discovery.
*/
discoveryUsername?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetResourceResourceKubernetesServiceAccount {
/**
* If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided.
*/
allowResourceRoleBypass?: boolean;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* If true, configures discovery of the Okta org to be run from a node.
*/
discoveryEnabled?: boolean;
/**
* If a cluster is configured for user impersonation, this is the user to impersonate when running discovery.
*/
discoveryUsername?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The API token to authenticate with.
* * kubernetes_user_impersonation:
*/
token?: string;
}
export interface GetResourceResourceKubernetesServiceAccountUserImpersonation {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The API token to authenticate with.
* * kubernetes_user_impersonation:
*/
token?: string;
}
export interface GetResourceResourceKubernetesUserImpersonation {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The CA to authenticate TLS connections with.
*/
certificateAuthority?: string;
/**
* The certificate to authenticate TLS connections with.
*/
clientCertificate?: string;
/**
* The key to authenticate TLS connections with.
*/
clientKey?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetResourceResourceMaria {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* Whether native auth (mysql_native_password) is used for all connections (for backwards compatibility)
*/
requireNativeAuth?: boolean;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If true, appends the hostname to the username when hitting a database.azure.com address
*/
useAzureSingleServerUsernames?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceMcpGatewayNoAuth {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The URL to dial to initiate a connection from the egress node to this resource.
* * memcached:
*/
url?: string;
}
export interface GetResourceResourceMcpGatewayOAuth {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The OAuth 2.0 authorization endpoint URL.
*/
oauthAuthEndpoint?: string;
/**
* Space-separated list of OAuth scopes to request.
*/
oauthScopes?: string;
/**
* The OAuth 2.0 token endpoint URL.
*/
oauthTokenEndpoint?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The URL to dial to initiate a connection from the egress node to this resource.
* * memcached:
*/
url?: string;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceMcpGatewayOAuthDcr {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The OAuth 2.0 authorization endpoint URL.
*/
oauthAuthEndpoint?: string;
/**
* The OAuth 2.0 dynamic client registration endpoint URL.
*/
oauthRegisterEndpoint?: string;
/**
* Space-separated list of OAuth scopes to request.
*/
oauthScopes?: string;
/**
* The OAuth 2.0 token endpoint URL.
*/
oauthTokenEndpoint?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The URL to dial to initiate a connection from the egress node to this resource.
* * memcached:
*/
url?: string;
}
export interface GetResourceResourceMcpGatewayPat {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The URL to dial to initiate a connection from the egress node to this resource.
* * memcached:
*/
url?: string;
}
export interface GetResourceResourceMemcached {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetResourceResourceMemsql {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* Whether native auth (mysql_native_password) is used for all connections (for backwards compatibility)
*/
requireNativeAuth?: boolean;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If true, appends the hostname to the username when hitting a database.azure.com address
*/
useAzureSingleServerUsernames?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceMongoHost {
/**
* The authentication database to use.
*/
authDatabase?: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceMongoLegacyHost {
/**
* The authentication database to use.
*/
authDatabase?: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceMongoLegacyReplicaset {
/**
* The authentication database to use.
*/
authDatabase?: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* Set to connect to a replica instead of the primary node.
*/
connectToReplica?: boolean;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceMongoReplicaSet {
/**
* The authentication database to use.
*/
authDatabase?: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* Set to connect to a replica instead of the primary node.
*/
connectToReplica?: boolean;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceMongoShardedCluster {
/**
* The authentication database to use.
*/
authDatabase?: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceMtlsMysql {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The CA to authenticate TLS connections with.
*/
certificateAuthority?: string;
/**
* The certificate to authenticate TLS connections with.
*/
clientCertificate?: string;
/**
* The key to authenticate TLS connections with.
*/
clientKey?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* Whether native auth (mysql_native_password) is used for all connections (for backwards compatibility)
*/
requireNativeAuth?: boolean;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* Server name for TLS verification (unverified by StrongDM if empty)
*/
serverName?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If true, appends the hostname to the username when hitting a database.azure.com address
*/
useAzureSingleServerUsernames?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceMtlsPostgre {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The CA to authenticate TLS connections with.
*/
certificateAuthority?: string;
/**
* The certificate to authenticate TLS connections with.
*/
clientCertificate?: string;
/**
* The key to authenticate TLS connections with.
*/
clientKey?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
*/
overrideDatabase?: boolean;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* Server name for TLS verification (unverified by StrongDM if empty)
*/
serverName?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceMysql {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* Whether native auth (mysql_native_password) is used for all connections (for backwards compatibility)
*/
requireNativeAuth?: boolean;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If true, appends the hostname to the username when hitting a database.azure.com address
*/
useAzureSingleServerUsernames?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceNeptune {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com
*/
endpoint?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetResourceResourceNeptuneIam {
/**
* The Access Key ID to use to authenticate.
*/
accessKey?: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com
*/
endpoint?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region?: string;
/**
* The role to assume after logging in.
*/
roleArn?: string;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: string;
/**
* The Secret Access Key to use to authenticate.
*/
secretAccessKey?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetResourceResourceOktaGroup {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* If true, configures discovery of the Okta org to be run from a node.
*/
discoveryEnabled?: boolean;
/**
* Represents the Okta Org Client URL
*/
domain?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* comma separated list of group names to filter by. Supports wildcards (*)
*/
groupNames?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The privilege levels specify which Groups are managed externally
*/
privilegeLevels?: string;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetResourceResourceOracle {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceOracleNne {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourcePostgre {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
*/
overrideDatabase?: boolean;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourcePresto {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceRabbitmqAmqp091 {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceRawTcp {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetResourceResourceRdp {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* When set, network level authentication will not be used. May resolve unexpected authentication errors to older servers. When set, healthchecks cannot detect if a provided username / password pair is correct.
*/
downgradeNlaConnections?: boolean;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* When set, require a resource lock to access the resource to ensure it can only be used by one user at a time.
*/
lockRequired?: boolean;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceRdpCert {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* Comma-separated list of Active Directory Domain Controller hostnames. Required in on-premises AD environments for Kerberos Network Level Authentication (NLA), and for LDAPS SID resolution for strong certificate mapping in full enforcement mode when the identity alias does not specify a SID. Unused for Entra ID.
*/
dcHostnames?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* When set, require a resource lock to access the resource to ensure it can only be used by one user at a time.
*/
lockRequired?: boolean;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* Fully-qualified DNS name of the target Windows server, including the AD domain. Must match the Service Principal Name (SPN) of the server in AD. Required in on-premises AD environments for Kerberos Network Level Authentication (NLA), unused for Entra ID.
*/
serverFqdn?: string;
/**
* Windows Security Identifier (SID) of the configured Username, or AD service account if using LDAPS SID resolution. Required in on-premises AD environments for strong certificate mapping in full enforcement mode, unused for Entra ID.
*/
sid?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceRdsPostgresIam {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
*/
overrideDatabase?: boolean;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region?: string;
/**
* If provided, the gateway/relay will try to assume this role instead of the underlying compute's role.
*/
roleAssumptionArn?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceRedi {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceRedisCluster {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceRedshift {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
*/
overrideDatabase?: boolean;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceRedshiftIam {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* Cluster Identified of Redshift cluster
*/
clusterId?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
*/
overrideDatabase?: boolean;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region?: string;
/**
* If provided, the gateway/relay will try to assume this role instead of the underlying compute's role.
*/
roleAssumptionArn?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetResourceResourceRedshiftServerlessIam {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
*/
overrideDatabase?: boolean;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region?: string;
/**
* If provided, the gateway/relay will try to assume this role instead of the underlying compute's role.
*/
roleAssumptionArn?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* Workgroup name in the serverless Redshift
* * single_store:
*/
workgroup?: string;
}
export interface GetResourceResourceSingleStore {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* Whether native auth (mysql_native_password) is used for all connections (for backwards compatibility)
*/
requireNativeAuth?: boolean;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If true, appends the hostname to the username when hitting a database.azure.com address
*/
useAzureSingleServerUsernames?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceSnowflake {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* The private key used to authenticate with the server.
*/
privateKey?: string;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The Schema to use to direct initial requests.
*/
schema?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceSnowsight {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* If true, select the ACS with isDefault=true
*/
connectToDefault?: boolean;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The StrongDM user email to use for healthchecks.
*/
healthcheckUsername?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The Metadata for your snowflake IDP integration
*/
samlMetadata?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* This option enforces HTTPS on the client, not resource connection.
* * sql_server:
*/
useHttps?: boolean;
}
export interface GetResourceResourceSqlServer {
/**
* Whether to allow deprecated encryption protocols to be used for this resource. For example, TLS 1.0.
*/
allowDeprecatedEncryption?: boolean;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
*/
overrideDatabase?: boolean;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The Schema to use to direct initial requests.
*/
schema?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceSqlServerAzureAd {
/**
* Whether to allow deprecated encryption protocols to be used for this resource. For example, TLS 1.0.
*/
allowDeprecatedEncryption?: boolean;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The Azure AD application (client) ID with which to authenticate.
*/
clientId?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
*/
overrideDatabase?: boolean;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The Schema to use to direct initial requests.
*/
schema?: string;
/**
* The Azure AD client secret (application password) with which to authenticate.
*/
secret?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The Azure AD directory (tenant) ID with which to authenticate.
* * sql_server_kerberos_ad:
*/
tenantId?: string;
}
export interface GetResourceResourceSqlServerKerberosAd {
/**
* Whether to allow deprecated encryption protocols to be used for this resource. For example, TLS 1.0.
*/
allowDeprecatedEncryption?: boolean;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* The keytab file in base64 format containing an entry with the principal name (username@realm) and key version number with which to authenticate.
*/
keytab?: string;
/**
* The Kerberos 5 configuration file (krb5.conf) specifying the Active Directory server (KDC) for the configured realm.
*/
krbConfig?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
*/
overrideDatabase?: boolean;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The Active Directory domain (realm) to which the configured username belongs.
*/
realm?: string;
/**
* The Schema to use to direct initial requests.
*/
schema?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* The Service Principal Name of the Microsoft SQL Server instance in Active Directory.
*/
serverSpn?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceSsh {
/**
* Whether deprecated, insecure key exchanges are allowed for use to connect to the target ssh server.
*/
allowDeprecatedKeyExchanges?: boolean;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* The key type to use e.g. rsa-2048 or ed25519
*/
keyType?: string;
/**
* When set, require a resource lock to access the resource to ensure it can only be used by one user at a time.
*/
lockRequired?: boolean;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* Whether port forwarding is allowed through this server.
*/
portForwarding?: boolean;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The public key to append to a server's authorized keys. This will be generated after resource creation.
*/
publicKey: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceSshCert {
/**
* Whether deprecated, insecure key exchanges are allowed for use to connect to the target ssh server.
*/
allowDeprecatedKeyExchanges?: boolean;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* The key type to use e.g. rsa-2048 or ed25519
*/
keyType?: string;
/**
* When set, require a resource lock to access the resource to ensure it can only be used by one user at a time.
*/
lockRequired?: boolean;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* Whether port forwarding is allowed through this server.
*/
portForwarding?: boolean;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceSshCustomerKey {
/**
* Whether deprecated, insecure key exchanges are allowed for use to connect to the target ssh server.
*/
allowDeprecatedKeyExchanges?: boolean;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* When set, require a resource lock to access the resource to ensure it can only be used by one user at a time.
*/
lockRequired?: boolean;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* Whether port forwarding is allowed through this server.
*/
portForwarding?: boolean;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* The private key used to authenticate with the server.
*/
privateKey?: string;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceSshPassword {
/**
* Whether deprecated, insecure key exchanges are allowed for use to connect to the target ssh server.
*/
allowDeprecatedKeyExchanges?: boolean;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* When set, require a resource lock to access the resource to ensure it can only be used by one user at a time.
*/
lockRequired?: boolean;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* Whether port forwarding is allowed through this server.
*/
portForwarding?: boolean;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceSybase {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceSybaseIq {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceTeradata {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceTrino {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetResourceResourceVertica {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname?: string;
/**
* Unique identifier of the Resource.
*/
id?: string;
/**
* Unique human-readable name of the Resource.
*/
name?: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride?: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface GetRoleRole {
/**
* AccessRules is a list of access rules defining the resources this Role has access to.
*/
accessRules?: string;
/**
* Unique identifier of the Role.
*/
id?: string;
/**
* Managed By is a read only field for what service manages this role, e.g. StrongDM, Okta, Azure.
*/
managedBy: string;
/**
* Unique human-readable name of the Role.
*/
name?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetSecretEngineSecretEngine {
activeDirectories: outputs.GetSecretEngineSecretEngineActiveDirectory[];
keyValues: outputs.GetSecretEngineSecretEngineKeyValue[];
mysqlSecretEngines: outputs.GetSecretEngineSecretEngineMysqlSecretEngine[];
postgresSecretEngines: outputs.GetSecretEngineSecretEnginePostgresSecretEngine[];
sqlserverSecretEngines: outputs.GetSecretEngineSecretEngineSqlserverSecretEngine[];
}
export interface GetSecretEngineSecretEngineActiveDirectory {
/**
* The default time-to-live duration of the password after it's read. Once the ttl has passed, a password will be rotated.
*/
afterReadTtl?: string;
/**
* Distinguished name of object to bind when performing user and group search. Example: cn=vault,ou=Users,dc=example,dc=com
*/
binddn?: string;
/**
* Password to use along with binddn when performing user search.
*/
bindpass?: string;
/**
* CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded.
*/
certificate?: string;
/**
* Timeout, in seconds, when attempting to connect to the LDAP server before trying the next URL in the configuration.
*/
connectionTimeout?: number;
/**
* If set to true this will prevent password change timestamp validation in Active Directory when validating credentials
*/
doNotValidateTimestamps?: boolean;
/**
* Unique identifier of the Secret Engine.
*/
id?: string;
/**
* If true, skips LDAP server SSL certificate verification - insecure, use with caution!
*/
insecureTls?: boolean;
/**
* An interval of public/private key rotation for secret engine in days
*/
keyRotationIntervalDays?: number;
/**
* The maximum retry duration in case of automatic failure. On failed ttl rotation attempt it will be retried in an increasing intervals until it reaches max_backoff_duration
*/
maxBackoffDuration?: string;
/**
* Unique human-readable name of the Secret Engine.
*/
name?: string;
/**
* node selector is used to narrow down the nodes used to communicate with with secret engine
*/
nodeSelector?: string;
/**
* Public key linked with a secret engine
*/
publicKey: string;
/**
* Timeout, in seconds, for the connection when making requests against the server before returning back an error.
*/
requestTimeout?: number;
/**
* Backing secret store identifier
*/
secretStoreId?: string;
/**
* Backing Secret Store root path where managed secrets are going to be stored
*/
secretStoreRootPath?: string;
/**
* If true, issues a StartTLS command after establishing an unencrypted connection.
*/
startTls?: boolean;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The default password time-to-live duration. Once the ttl has passed, a password will be rotated the next time it's requested.
*/
ttl?: string;
/**
* The domain (userPrincipalDomain) used to construct a UPN string for authentication.
*/
upndomain?: string;
/**
* The LDAP server to connect to.
*/
url?: string;
/**
* Base DN under which to perform user search. Example: ou=Users,dc=example,dc=com
*/
userdn?: string;
}
export interface GetSecretEngineSecretEngineKeyValue {
/**
* Unique identifier of the Secret Engine.
*/
id?: string;
/**
* An interval of public/private key rotation for secret engine in days
*/
keyRotationIntervalDays?: number;
/**
* Unique human-readable name of the Secret Engine.
*/
name?: string;
/**
* node selector is used to narrow down the nodes used to communicate with with secret engine
*/
nodeSelector?: string;
/**
* Public key linked with a secret engine
*/
publicKey: string;
/**
* Backing secret store identifier
*/
secretStoreId?: string;
/**
* Backing Secret Store root path where managed secrets are going to be stored
*/
secretStoreRootPath?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetSecretEngineSecretEngineMysqlSecretEngine {
/**
* The default time-to-live duration of the password after it's read. Once the ttl has passed, a password will be rotated.
*/
afterReadTtl?: string;
/**
* Database is the database to verify credential against.
*/
database?: string;
/**
* Hostname is the hostname or IP address of the SQL Server.
*/
hostname?: string;
/**
* Unique identifier of the Secret Engine.
*/
id?: string;
/**
* An interval of public/private key rotation for secret engine in days
*/
keyRotationIntervalDays?: number;
/**
* Unique human-readable name of the Secret Engine.
*/
name?: string;
/**
* node selector is used to narrow down the nodes used to communicate with with secret engine
*/
nodeSelector?: string;
/**
* Password is the password to connect to the SQL Server server.
*/
password?: string;
/**
* Port is the port number of the SQL Server server.
*/
port?: number;
/**
* Public key linked with a secret engine
*/
publicKey: string;
/**
* Backing secret store identifier
*/
secretStoreId?: string;
/**
* Backing Secret Store root path where managed secrets are going to be stored
*/
secretStoreRootPath?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* TLS enables TLS/SSL when connecting to the SQL Server server.
*/
tls?: boolean;
/**
* TLS disable certificate verification
*/
tlsSkipVerify?: boolean;
/**
* The default password time-to-live duration. Once the ttl has passed, a password will be rotated the next time it's requested.
*/
ttl?: string;
/**
* Username is the username to connect to the SQL Server.
*/
username?: string;
}
export interface GetSecretEngineSecretEnginePostgresSecretEngine {
/**
* The default time-to-live duration of the password after it's read. Once the ttl has passed, a password will be rotated.
*/
afterReadTtl?: string;
/**
* Database is the database to verify credential against.
*/
database?: string;
/**
* Hostname is the hostname or IP address of the SQL Server.
*/
hostname?: string;
/**
* Unique identifier of the Secret Engine.
*/
id?: string;
/**
* An interval of public/private key rotation for secret engine in days
*/
keyRotationIntervalDays?: number;
/**
* Unique human-readable name of the Secret Engine.
*/
name?: string;
/**
* node selector is used to narrow down the nodes used to communicate with with secret engine
*/
nodeSelector?: string;
/**
* Password is the password to connect to the SQL Server server.
*/
password?: string;
/**
* Port is the port number of the SQL Server server.
*/
port?: number;
/**
* Public key linked with a secret engine
*/
publicKey: string;
/**
* Backing secret store identifier
*/
secretStoreId?: string;
/**
* Backing Secret Store root path where managed secrets are going to be stored
*/
secretStoreRootPath?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* TLS enables TLS/SSL when connecting to the SQL Server server.
*/
tls?: boolean;
/**
* The default password time-to-live duration. Once the ttl has passed, a password will be rotated the next time it's requested.
*/
ttl?: string;
/**
* Username is the username to connect to the SQL Server.
*/
username?: string;
}
export interface GetSecretEngineSecretEngineSqlserverSecretEngine {
/**
* The default time-to-live duration of the password after it's read. Once the ttl has passed, a password will be rotated.
*/
afterReadTtl?: string;
/**
* Database is the database to verify credential against.
*/
database?: string;
/**
* Hostname is the hostname or IP address of the SQL Server.
*/
hostname?: string;
/**
* Unique identifier of the Secret Engine.
*/
id?: string;
/**
* An interval of public/private key rotation for secret engine in days
*/
keyRotationIntervalDays?: number;
/**
* Unique human-readable name of the Secret Engine.
*/
name?: string;
/**
* node selector is used to narrow down the nodes used to communicate with with secret engine
*/
nodeSelector?: string;
/**
* Password is the password to connect to the SQL Server server.
*/
password?: string;
/**
* Port is the port number of the SQL Server server.
*/
port?: number;
/**
* Public key linked with a secret engine
*/
publicKey: string;
/**
* Backing secret store identifier
*/
secretStoreId?: string;
/**
* Backing Secret Store root path where managed secrets are going to be stored
*/
secretStoreRootPath?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* TLS enables TLS/SSL when connecting to the SQL Server server.
*/
tls?: boolean;
/**
* TLS disable certificate verification
*/
tlsSkipVerify?: boolean;
/**
* The default password time-to-live duration. Once the ttl has passed, a password will be rotated the next time it's requested.
*/
ttl?: string;
/**
* Username is the username to connect to the SQL Server.
*/
username?: string;
}
export interface GetSecretStoreSecretStore {
activeDirectoryStores: outputs.GetSecretStoreSecretStoreActiveDirectoryStore[];
aws: outputs.GetSecretStoreSecretStoreAw[];
awsCertX509s: outputs.GetSecretStoreSecretStoreAwsCertX509[];
azureStores: outputs.GetSecretStoreSecretStoreAzureStore[];
cyberarkConjurs: outputs.GetSecretStoreSecretStoreCyberarkConjur[];
cyberarkPamExperimentals: outputs.GetSecretStoreSecretStoreCyberarkPamExperimental[];
cyberarkPams: outputs.GetSecretStoreSecretStoreCyberarkPam[];
delineaStores: outputs.GetSecretStoreSecretStoreDelineaStore[];
gcpCertX509Stores: outputs.GetSecretStoreSecretStoreGcpCertX509Store[];
gcpStores: outputs.GetSecretStoreSecretStoreGcpStore[];
keyfactorSshStores: outputs.GetSecretStoreSecretStoreKeyfactorSshStore[];
keyfactorX509Stores: outputs.GetSecretStoreSecretStoreKeyfactorX509Store[];
strongVaults: outputs.GetSecretStoreSecretStoreStrongVault[];
vaultApproleCertSshes: outputs.GetSecretStoreSecretStoreVaultApproleCertSsh[];
vaultApproleCertX509s: outputs.GetSecretStoreSecretStoreVaultApproleCertX509[];
vaultApproles: outputs.GetSecretStoreSecretStoreVaultApprole[];
vaultAwsEc2CertSshes: outputs.GetSecretStoreSecretStoreVaultAwsEc2CertSsh[];
vaultAwsEc2CertX509s: outputs.GetSecretStoreSecretStoreVaultAwsEc2CertX509[];
vaultAwsEc2s: outputs.GetSecretStoreSecretStoreVaultAwsEc2[];
vaultAwsIamCertSshes: outputs.GetSecretStoreSecretStoreVaultAwsIamCertSsh[];
vaultAwsIamCertX509s: outputs.GetSecretStoreSecretStoreVaultAwsIamCertX509[];
vaultAwsIams: outputs.GetSecretStoreSecretStoreVaultAwsIam[];
vaultTls: outputs.GetSecretStoreSecretStoreVaultTl[];
vaultTlsCertSshes: outputs.GetSecretStoreSecretStoreVaultTlsCertSsh[];
vaultTlsCertX509s: outputs.GetSecretStoreSecretStoreVaultTlsCertX509[];
vaultTokenCertSshes: outputs.GetSecretStoreSecretStoreVaultTokenCertSsh[];
vaultTokenCertX509s: outputs.GetSecretStoreSecretStoreVaultTokenCertX509[];
vaultTokens: outputs.GetSecretStoreSecretStoreVaultToken[];
}
export interface GetSecretStoreSecretStoreActiveDirectoryStore {
/**
* Unique identifier of the SecretStore.
*/
id?: string;
/**
* Unique human-readable name of the SecretStore.
*/
name?: string;
/**
* The URL of the Vault to target
*/
serverAddress?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetSecretStoreSecretStoreAw {
/**
* Unique identifier of the SecretStore.
*/
id?: string;
/**
* Unique human-readable name of the SecretStore.
*/
name?: string;
/**
* The AWS region to target e.g. us-east-1
*/
region?: string;
/**
* The role to assume after logging in.
*/
roleArn?: string;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetSecretStoreSecretStoreAwsCertX509 {
/**
* The ARN of the CA in AWS Private CA
*/
caArn?: string;
/**
* The ARN of the AWS certificate template for requested certificates. Must allow SAN, key usage, and ext key usage passthrough from CSR
*/
certificateTemplateArn?: string;
/**
* Unique identifier of the SecretStore.
*/
id?: string;
/**
* The lifetime of certificates issued by this CA represented in minutes.
*/
issuedCertTtlMinutes?: number;
/**
* Unique human-readable name of the SecretStore.
*/
name?: string;
/**
* The AWS region to target e.g. us-east-1
*/
region?: string;
/**
* The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key. e.g. SHA256WITHRSA
*/
signingAlgo?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetSecretStoreSecretStoreAzureStore {
/**
* Unique identifier of the SecretStore.
*/
id?: string;
/**
* Unique human-readable name of the SecretStore.
*/
name?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The URI of the key vault to target e.g. https://myvault.vault.azure.net
* * cyberark_conjur:
*/
vaultUri?: string;
}
export interface GetSecretStoreSecretStoreCyberarkConjur {
/**
* The URL of the Cyberark instance
*/
appUrl?: string;
/**
* Unique identifier of the SecretStore.
*/
id?: string;
/**
* Unique human-readable name of the SecretStore.
*/
name?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetSecretStoreSecretStoreCyberarkPam {
/**
* The URL of the Cyberark instance
*/
appUrl?: string;
/**
* Unique identifier of the SecretStore.
*/
id?: string;
/**
* Unique human-readable name of the SecretStore.
*/
name?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetSecretStoreSecretStoreCyberarkPamExperimental {
/**
* The URL of the Cyberark instance
*/
appUrl?: string;
/**
* Unique identifier of the SecretStore.
*/
id?: string;
/**
* Unique human-readable name of the SecretStore.
*/
name?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetSecretStoreSecretStoreDelineaStore {
/**
* Unique identifier of the SecretStore.
*/
id?: string;
/**
* Unique human-readable name of the SecretStore.
*/
name?: string;
/**
* The URL of the Delinea instance
*/
serverUrl?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The tenant name to target
* * gcp_store:
*/
tenantName?: string;
}
export interface GetSecretStoreSecretStoreGcpCertX509Store {
/**
* The ID of the target CA
*/
caId?: string;
/**
* The ID of the target CA pool
*/
caPoolId?: string;
/**
* Unique identifier of the SecretStore.
*/
id?: string;
/**
* The lifetime of certificates issued by this CA represented in minutes.
*/
issuedCertTtlMinutes?: number;
/**
* The Region for the CA in GCP format e.g. us-west1
*/
location?: string;
/**
* Unique human-readable name of the SecretStore.
*/
name?: string;
/**
* The GCP project ID to target.
*/
projectId?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetSecretStoreSecretStoreGcpStore {
/**
* Unique identifier of the SecretStore.
*/
id?: string;
/**
* Unique human-readable name of the SecretStore.
*/
name?: string;
/**
* The GCP project ID to target.
*/
projectId?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetSecretStoreSecretStoreKeyfactorSshStore {
/**
* Path to the root CA that signed the certificate passed to the client for HTTPS connection. This is not required if the CA is trusted by the host operating system. This should be a PEM formatted certificate, and doesn't necessarily have to be the CA that signed CertificateFile.
*/
caFilePath?: string;
/**
* Path to client certificate in PEM format. This certificate must contain a client certificate that is recognized by the EJBCA instance represented by Hostname. This PEM file may also contain the private key associated with the certificate, but KeyFile can also be set to configure the private key.
*/
certificateFilePath?: string;
/**
* Name of EJBCA certificate authority that will enroll CSR.
*/
defaultCertificateAuthorityName?: string;
/**
* Certificate profile name that EJBCA will enroll the CSR with.
*/
defaultCertificateProfileName?: string;
/**
* End entity profile that EJBCA will enroll the CSR with.
*/
defaultEndEntityProfileName?: string;
/**
* code used by EJBCA during enrollment. May be left blank if no code is required.
*/
enrollmentCodeEnvVar?: string;
/**
* username that used by the EJBCA during enrollment. This can be left out. If so, the username must be auto-generated on the Keyfactor side.
*/
enrollmentUsernameEnvVar?: string;
/**
* Unique identifier of the SecretStore.
*/
id?: string;
/**
* Path to private key in PEM format. This file should contain the private key associated with the client certificate configured in CertificateFile.
*/
keyFilePath?: string;
/**
* Unique human-readable name of the SecretStore.
*/
name?: string;
/**
* The URL of the Vault to target
*/
serverAddress?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetSecretStoreSecretStoreKeyfactorX509Store {
/**
* Path to the root CA that signed the certificate passed to the client for HTTPS connection. This is not required if the CA is trusted by the host operating system. This should be a PEM formatted certificate, and doesn't necessarily have to be the CA that signed CertificateFile.
*/
caFilePath?: string;
/**
* Path to client certificate in PEM format. This certificate must contain a client certificate that is recognized by the EJBCA instance represented by Hostname. This PEM file may also contain the private key associated with the certificate, but KeyFile can also be set to configure the private key.
*/
certificateFilePath?: string;
/**
* Name of EJBCA certificate authority that will enroll CSR.
*/
defaultCertificateAuthorityName?: string;
/**
* Certificate profile name that EJBCA will enroll the CSR with.
*/
defaultCertificateProfileName?: string;
/**
* End entity profile that EJBCA will enroll the CSR with.
*/
defaultEndEntityProfileName?: string;
/**
* code used by EJBCA during enrollment. May be left blank if no code is required.
*/
enrollmentCodeEnvVar?: string;
/**
* username that used by the EJBCA during enrollment. This can be left out. If so, the username must be auto-generated on the Keyfactor side.
*/
enrollmentUsernameEnvVar?: string;
/**
* Unique identifier of the SecretStore.
*/
id?: string;
/**
* Path to private key in PEM format. This file should contain the private key associated with the client certificate configured in CertificateFile.
*/
keyFilePath?: string;
/**
* Unique human-readable name of the SecretStore.
*/
name?: string;
/**
* The URL of the Vault to target
*/
serverAddress?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetSecretStoreSecretStoreStrongVault {
/**
* Unique identifier of the SecretStore.
*/
id?: string;
/**
* Unique human-readable name of the SecretStore.
*/
name?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetSecretStoreSecretStoreVaultApprole {
/**
* Unique identifier of the SecretStore.
*/
id?: string;
/**
* Unique human-readable name of the SecretStore.
*/
name?: string;
/**
* The namespace to make requests within
*/
namespace?: string;
/**
* The URL of the Vault to target
*/
serverAddress?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetSecretStoreSecretStoreVaultApproleCertSsh {
/**
* Unique identifier of the SecretStore.
*/
id?: string;
/**
* The lifetime of certificates issued by this CA represented in minutes.
*/
issuedCertTtlMinutes?: number;
/**
* Unique human-readable name of the SecretStore.
*/
name?: string;
/**
* The namespace to make requests within
*/
namespace?: string;
/**
* The URL of the Vault to target
*/
serverAddress?: string;
/**
* The signing role to be used for signing certificates
*/
signingRole?: string;
/**
* The mount point of the SSH engine configured with the desired CA
*/
sshMountPoint?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetSecretStoreSecretStoreVaultApproleCertX509 {
/**
* Unique identifier of the SecretStore.
*/
id?: string;
/**
* The lifetime of certificates issued by this CA represented in minutes.
*/
issuedCertTtlMinutes?: number;
/**
* Unique human-readable name of the SecretStore.
*/
name?: string;
/**
* The namespace to make requests within
*/
namespace?: string;
/**
* The mount point of the PKI engine configured with the desired CA
*/
pkiMountPoint?: string;
/**
* The URL of the Vault to target
*/
serverAddress?: string;
/**
* The signing role to be used for signing certificates
*/
signingRole?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetSecretStoreSecretStoreVaultAwsEc2 {
/**
* Unique identifier of the SecretStore.
*/
id?: string;
/**
* Unique human-readable name of the SecretStore.
*/
name?: string;
/**
* The namespace to make requests within
*/
namespace?: string;
/**
* The URL of the Vault to target
*/
serverAddress?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetSecretStoreSecretStoreVaultAwsEc2CertSsh {
/**
* Unique identifier of the SecretStore.
*/
id?: string;
/**
* The lifetime of certificates issued by this CA represented in minutes.
*/
issuedCertTtlMinutes?: number;
/**
* Unique human-readable name of the SecretStore.
*/
name?: string;
/**
* The namespace to make requests within
*/
namespace?: string;
/**
* The URL of the Vault to target
*/
serverAddress?: string;
/**
* The signing role to be used for signing certificates
*/
signingRole?: string;
/**
* The mount point of the SSH engine configured with the desired CA
*/
sshMountPoint?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetSecretStoreSecretStoreVaultAwsEc2CertX509 {
/**
* Unique identifier of the SecretStore.
*/
id?: string;
/**
* The lifetime of certificates issued by this CA represented in minutes.
*/
issuedCertTtlMinutes?: number;
/**
* Unique human-readable name of the SecretStore.
*/
name?: string;
/**
* The namespace to make requests within
*/
namespace?: string;
/**
* The mount point of the PKI engine configured with the desired CA
*/
pkiMountPoint?: string;
/**
* The URL of the Vault to target
*/
serverAddress?: string;
/**
* The signing role to be used for signing certificates
*/
signingRole?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetSecretStoreSecretStoreVaultAwsIam {
/**
* Unique identifier of the SecretStore.
*/
id?: string;
/**
* Unique human-readable name of the SecretStore.
*/
name?: string;
/**
* The namespace to make requests within
*/
namespace?: string;
/**
* The URL of the Vault to target
*/
serverAddress?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetSecretStoreSecretStoreVaultAwsIamCertSsh {
/**
* Unique identifier of the SecretStore.
*/
id?: string;
/**
* The lifetime of certificates issued by this CA represented in minutes.
*/
issuedCertTtlMinutes?: number;
/**
* Unique human-readable name of the SecretStore.
*/
name?: string;
/**
* The namespace to make requests within
*/
namespace?: string;
/**
* The URL of the Vault to target
*/
serverAddress?: string;
/**
* The signing role to be used for signing certificates
*/
signingRole?: string;
/**
* The mount point of the SSH engine configured with the desired CA
*/
sshMountPoint?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetSecretStoreSecretStoreVaultAwsIamCertX509 {
/**
* Unique identifier of the SecretStore.
*/
id?: string;
/**
* The lifetime of certificates issued by this CA represented in minutes.
*/
issuedCertTtlMinutes?: number;
/**
* Unique human-readable name of the SecretStore.
*/
name?: string;
/**
* The namespace to make requests within
*/
namespace?: string;
/**
* The mount point of the PKI engine configured with the desired CA
*/
pkiMountPoint?: string;
/**
* The URL of the Vault to target
*/
serverAddress?: string;
/**
* The signing role to be used for signing certificates
*/
signingRole?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetSecretStoreSecretStoreVaultTl {
/**
* A path to a CA file accessible by a Node
*/
caCertPath?: string;
/**
* A path to a client certificate file accessible by a Node
*/
clientCertPath?: string;
/**
* A path to a client key file accessible by a Node
*/
clientKeyPath?: string;
/**
* Unique identifier of the SecretStore.
*/
id?: string;
/**
* Unique human-readable name of the SecretStore.
*/
name?: string;
/**
* The namespace to make requests within
*/
namespace?: string;
/**
* The URL of the Vault to target
*/
serverAddress?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetSecretStoreSecretStoreVaultTlsCertSsh {
/**
* A path to a CA file accessible by a Node
*/
caCertPath?: string;
/**
* A path to a client certificate file accessible by a Node
*/
clientCertPath?: string;
/**
* A path to a client key file accessible by a Node
*/
clientKeyPath?: string;
/**
* Unique identifier of the SecretStore.
*/
id?: string;
/**
* The lifetime of certificates issued by this CA represented in minutes.
*/
issuedCertTtlMinutes?: number;
/**
* Unique human-readable name of the SecretStore.
*/
name?: string;
/**
* The namespace to make requests within
*/
namespace?: string;
/**
* The URL of the Vault to target
*/
serverAddress?: string;
/**
* The signing role to be used for signing certificates
*/
signingRole?: string;
/**
* The mount point of the SSH engine configured with the desired CA
*/
sshMountPoint?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetSecretStoreSecretStoreVaultTlsCertX509 {
/**
* A path to a CA file accessible by a Node
*/
caCertPath?: string;
/**
* A path to a client certificate file accessible by a Node
*/
clientCertPath?: string;
/**
* A path to a client key file accessible by a Node
*/
clientKeyPath?: string;
/**
* Unique identifier of the SecretStore.
*/
id?: string;
/**
* The lifetime of certificates issued by this CA represented in minutes.
*/
issuedCertTtlMinutes?: number;
/**
* Unique human-readable name of the SecretStore.
*/
name?: string;
/**
* The namespace to make requests within
*/
namespace?: string;
/**
* The mount point of the PKI engine configured with the desired CA
*/
pkiMountPoint?: string;
/**
* The URL of the Vault to target
*/
serverAddress?: string;
/**
* The signing role to be used for signing certificates
*/
signingRole?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetSecretStoreSecretStoreVaultToken {
/**
* Unique identifier of the SecretStore.
*/
id?: string;
/**
* Unique human-readable name of the SecretStore.
*/
name?: string;
/**
* The namespace to make requests within
*/
namespace?: string;
/**
* The URL of the Vault to target
*/
serverAddress?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetSecretStoreSecretStoreVaultTokenCertSsh {
/**
* Unique identifier of the SecretStore.
*/
id?: string;
/**
* The lifetime of certificates issued by this CA represented in minutes.
*/
issuedCertTtlMinutes?: number;
/**
* Unique human-readable name of the SecretStore.
*/
name?: string;
/**
* The namespace to make requests within
*/
namespace?: string;
/**
* The URL of the Vault to target
*/
serverAddress?: string;
/**
* The signing role to be used for signing certificates
*/
signingRole?: string;
/**
* The mount point of the SSH engine configured with the desired CA
*/
sshMountPoint?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetSecretStoreSecretStoreVaultTokenCertX509 {
/**
* Unique identifier of the SecretStore.
*/
id?: string;
/**
* The lifetime of certificates issued by this CA represented in minutes.
*/
issuedCertTtlMinutes?: number;
/**
* Unique human-readable name of the SecretStore.
*/
name?: string;
/**
* The namespace to make requests within
*/
namespace?: string;
/**
* The mount point of the PKI engine configured with the desired CA
*/
pkiMountPoint?: string;
/**
* The URL of the Vault to target
*/
serverAddress?: string;
/**
* The signing role to be used for signing certificates
*/
signingRole?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface GetWorkflowApproverWorkflowApprover {
/**
* The approver account id.
*/
accountId?: string;
/**
* Unique identifier of the WorkflowApprover.
*/
id?: string;
/**
* The approver role id
*/
roleId?: string;
/**
* The workflow id.
*/
workflowId?: string;
}
export interface GetWorkflowRoleWorkflowRole {
/**
* Unique identifier of the WorkflowRole.
*/
id?: string;
/**
* The role id.
*/
roleId?: string;
/**
* The workflow id.
*/
workflowId?: string;
}
export interface GetWorkflowWorkflow {
/**
* Fixed Duration of access requests bound to this workflow. If fixed duration is provided, max duration must be empty. If neither max nor fixed duration are provided, requests that bind to this workflow will use the organization-level settings.
*/
accessRequestFixedDuration?: string;
/**
* Maximum Duration of access requests bound to this workflow. If max duration is provided, fixed duration must be empty. If neither max nor fixed duration are provided, requests that bind to this workflow will use the organization-level settings.
*/
accessRequestMaxDuration?: string;
/**
* AccessRules is a list of access rules defining the resources this Workflow provides access to.
*/
accessRules?: string;
/**
* Optional approval flow ID identifies an approval flow that linked to the workflow
*/
approvalFlowId?: string;
/**
* Optional auto grant setting to automatically approve requests or not, defaults to false.
*
* @deprecated auto_grant is deprecated, see docs for more info
*/
autoGrant?: boolean;
/**
* Optional description of the Workflow.
*/
description?: string;
/**
* Optional enabled state for workflow. This setting may be overridden by the system if the workflow doesn't meet the requirements to be enabled or if other conditions prevent enabling the workflow. The requirements to enable a workflow are that the workflow must be either set up for with auto grant enabled or have one or more WorkflowApprovers created for the workflow.
*/
enabled?: boolean;
/**
* Unique identifier of the Workflow.
*/
id?: string;
/**
* Unique human-readable name of the Workflow.
*/
name?: string;
/**
* Optional weight for workflow to specify it's priority in matching a request.
*/
weight?: number;
}
export interface NodeGateway {
/**
* The hostname/port tuple which the gateway daemon will bind to. If not provided on create, set to "0.0.0.0:listen_address_port".
*/
bindAddress: string;
/**
* Device is a read only device name uploaded by the gateway process when it comes online.
*/
device: string;
/**
* GatewayFilter can be used to restrict the peering between relays and gateways. Deprecated.
*/
gatewayFilter?: string;
/**
* The public hostname/port tuple at which the gateway will be accessible to clients.
*/
listenAddress: string;
/**
* Location is a read only network location uploaded by the gateway process when it comes online.
*/
location: string;
/**
* Maintenance Windows define when this node is allowed to restart. If a node is requested to restart, it will check each window to determine if any of them permit it to restart, and if any do, it will. This check is repeated per window until the restart is successfully completed. If not set here, may be set on the command line or via an environment variable on the process itself; any server setting will take precedence over local settings. This setting is ineffective for nodes below version 38.44.0. If this setting is not applied via this remote configuration or via local configuration, the default setting is used: always allow restarts if serving no connections, and allow a restart even if serving connections between 7-8 UTC, any day.
*/
maintenanceWindows?: outputs.NodeGatewayMaintenanceWindow[];
/**
* Unique human-readable name of the Relay. Node names must include only letters, numbers, and hyphens (no spaces, underscores, or other special characters). Generated if not provided on create.
*/
name: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
token: string;
/**
* Version is a read only sdm binary version uploaded by the gateway process when it comes online.
*/
version: string;
}
export interface NodeGatewayMaintenanceWindow {
cronSchedule: string;
requireIdleness: boolean;
}
export interface NodeProxyCluster {
/**
* The public hostname/port tuple at which the proxy cluster will be accessible to clients.
*/
address: string;
/**
* Maintenance Windows define when this node is allowed to restart. If a node is requested to restart, it will check each window to determine if any of them permit it to restart, and if any do, it will. This check is repeated per window until the restart is successfully completed. If not set here, may be set on the command line or via an environment variable on the process itself; any server setting will take precedence over local settings. This setting is ineffective for nodes below version 38.44.0. If this setting is not applied via this remote configuration or via local configuration, the default setting is used: always allow restarts if serving no connections, and allow a restart even if serving connections between 7-8 UTC, any day.
*/
maintenanceWindows?: outputs.NodeProxyClusterMaintenanceWindow[];
/**
* Unique human-readable name of the Relay. Node names must include only letters, numbers, and hyphens (no spaces, underscores, or other special characters). Generated if not provided on create.
*/
name: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface NodeProxyClusterMaintenanceWindow {
cronSchedule: string;
requireIdleness: boolean;
}
export interface NodeRelay {
/**
* Device is a read only device name uploaded by the gateway process when it comes online.
*/
device: string;
/**
* GatewayFilter can be used to restrict the peering between relays and gateways. Deprecated.
*/
gatewayFilter?: string;
/**
* Location is a read only network location uploaded by the gateway process when it comes online.
*/
location: string;
/**
* Maintenance Windows define when this node is allowed to restart. If a node is requested to restart, it will check each window to determine if any of them permit it to restart, and if any do, it will. This check is repeated per window until the restart is successfully completed. If not set here, may be set on the command line or via an environment variable on the process itself; any server setting will take precedence over local settings. This setting is ineffective for nodes below version 38.44.0. If this setting is not applied via this remote configuration or via local configuration, the default setting is used: always allow restarts if serving no connections, and allow a restart even if serving connections between 7-8 UTC, any day.
*/
maintenanceWindows?: outputs.NodeRelayMaintenanceWindow[];
/**
* Unique human-readable name of the Relay. Node names must include only letters, numbers, and hyphens (no spaces, underscores, or other special characters). Generated if not provided on create.
*/
name: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
token: string;
/**
* Version is a read only sdm binary version uploaded by the gateway process when it comes online.
*/
version: string;
}
export interface NodeRelayMaintenanceWindow {
cronSchedule: string;
requireIdleness: boolean;
}
export interface ResourceAerospike {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If true, uses UseServicesAlternates directive for Aerospike connection
*/
useServicesAlternate?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceAks {
/**
* If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided.
*/
allowResourceRoleBypass?: boolean;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The CA to authenticate TLS connections with.
*/
certificateAuthority?: string;
/**
* The certificate to authenticate TLS connections with.
*/
clientCertificate?: string;
/**
* The key to authenticate TLS connections with.
*/
clientKey?: string;
/**
* If true, configures discovery of the Okta org to be run from a node.
*/
discoveryEnabled?: boolean;
/**
* If a cluster is configured for user impersonation, this is the user to impersonate when running discovery.
*/
discoveryUsername?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface ResourceAksBasicAuth {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceAksServiceAccount {
/**
* If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided.
*/
allowResourceRoleBypass?: boolean;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* If true, configures discovery of the Okta org to be run from a node.
*/
discoveryEnabled?: boolean;
/**
* If a cluster is configured for user impersonation, this is the user to impersonate when running discovery.
*/
discoveryUsername?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The API token to authenticate with.
* * kubernetes_user_impersonation:
*/
token?: string;
}
export interface ResourceAksServiceAccountUserImpersonation {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The API token to authenticate with.
* * kubernetes_user_impersonation:
*/
token?: string;
}
export interface ResourceAksUserImpersonation {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The CA to authenticate TLS connections with.
*/
certificateAuthority?: string;
/**
* The certificate to authenticate TLS connections with.
*/
clientCertificate?: string;
/**
* The key to authenticate TLS connections with.
*/
clientKey?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface ResourceAmazonEks {
/**
* The Access Key ID to use to authenticate.
*/
accessKey?: string;
/**
* If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided.
*/
allowResourceRoleBypass?: boolean;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The CA to authenticate TLS connections with.
*/
certificateAuthority?: string;
/**
* The name of the cluster to connect to.
*/
clusterName: string;
/**
* If true, configures discovery of the Okta org to be run from a node.
*/
discoveryEnabled?: boolean;
/**
* If a cluster is configured for user impersonation, this is the user to impersonate when running discovery.
*/
discoveryUsername?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com
*/
endpoint: string;
/**
* The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace: string;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region: string;
/**
* The role to assume after logging in.
*/
roleArn?: string;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: string;
/**
* The Secret Access Key to use to authenticate.
*/
secretAccessKey?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface ResourceAmazonEksInstanceProfile {
/**
* If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided.
*/
allowResourceRoleBypass?: boolean;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The CA to authenticate TLS connections with.
*/
certificateAuthority?: string;
/**
* The name of the cluster to connect to.
*/
clusterName: string;
/**
* If true, configures discovery of the Okta org to be run from a node.
*/
discoveryEnabled?: boolean;
/**
* If a cluster is configured for user impersonation, this is the user to impersonate when running discovery.
*/
discoveryUsername?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com
*/
endpoint: string;
/**
* The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace: string;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region: string;
/**
* The role to assume after logging in.
*/
roleArn?: string;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface ResourceAmazonEksInstanceProfileUserImpersonation {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The CA to authenticate TLS connections with.
*/
certificateAuthority?: string;
/**
* The name of the cluster to connect to.
*/
clusterName: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com
*/
endpoint: string;
/**
* The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region: string;
/**
* The role to assume after logging in.
*/
roleArn?: string;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface ResourceAmazonEksUserImpersonation {
/**
* The Access Key ID to use to authenticate.
*/
accessKey?: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The CA to authenticate TLS connections with.
*/
certificateAuthority?: string;
/**
* The name of the cluster to connect to.
*/
clusterName: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com
*/
endpoint: string;
/**
* The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region: string;
/**
* The role to assume after logging in.
*/
roleArn?: string;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: string;
/**
* The Secret Access Key to use to authenticate.
*/
secretAccessKey?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface ResourceAmazonEs {
/**
* The Access Key ID to use to authenticate.
*/
accessKey?: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com
*/
endpoint?: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region: string;
/**
* The role to assume after logging in.
*/
roleArn?: string;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: string;
/**
* The Secret Access Key to use to authenticate.
*/
secretAccessKey?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface ResourceAmazonEsiam {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com
*/
endpoint: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region: string;
/**
* The role to assume after logging in.
*/
roleArn?: string;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
}
export interface ResourceAmazonmqAmqp {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceAmazonmqAmqp091 {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceAthena {
/**
* The Access Key ID to use to authenticate.
*/
accessKey?: string;
/**
* The AWS S3 output location.
*/
athenaOutput: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region?: string;
/**
* The role to assume after logging in.
*/
roleArn?: string;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: string;
/**
* The Secret Access Key to use to authenticate.
*/
secretAccessKey?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface ResourceAthenaIam {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The AWS S3 output location.
*/
output: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region?: string;
/**
* The role to assume after logging in.
*/
roleArn?: string;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface ResourceAuroraMysql {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* Whether native auth (mysql_native_password) is used for all connections (for backwards compatibility)
*/
requireNativeAuth?: boolean;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If true, appends the hostname to the username when hitting a database.azure.com address
*/
useAzureSingleServerUsernames?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceAuroraMysqlIam {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region: string;
/**
* If provided, the gateway/relay will try to assume this role instead of the underlying compute's role.
*/
roleAssumptionArn?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceAuroraPostgres {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
*/
overrideDatabase?: boolean;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceAuroraPostgresIam {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
*/
overrideDatabase?: boolean;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region: string;
/**
* If provided, the gateway/relay will try to assume this role instead of the underlying compute's role.
*/
roleAssumptionArn?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceAws {
/**
* The Access Key ID to use to authenticate.
*/
accessKey?: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The AWS region healthcheck requests should attempt to connect to.
*/
healthcheckRegion: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The role to assume after logging in.
*/
roleArn?: string;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: string;
/**
* The Secret Access Key to use to authenticate.
*/
secretAccessKey?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface ResourceAwsConsole {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* If true, prefer environment variables to authenticate connection even if EC2 roles are configured.
*/
enableEnvVariables?: boolean;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region: string;
/**
* The role to assume after logging in.
*/
roleArn?: string;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* The length of time in seconds console sessions will live before needing to reauthenticate.
*/
sessionExpiry?: number;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* This option enforces HTTPS on the client, not resource connection.
* * sql_server:
*/
useHttps?: boolean;
}
export interface ResourceAwsConsoleStaticKeyPair {
/**
* The Access Key ID to use to authenticate.
*/
accessKey?: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region: string;
/**
* The role to assume after logging in.
*/
roleArn?: string;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: string;
/**
* The Secret Access Key to use to authenticate.
*/
secretAccessKey?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* The length of time in seconds console sessions will live before needing to reauthenticate.
*/
sessionExpiry?: number;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* This option enforces HTTPS on the client, not resource connection.
* * sql_server:
*/
useHttps?: boolean;
}
export interface ResourceAwsInstanceProfile {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* If true, prefer environment variables to authenticate connection even if EC2 roles are configured.
*/
enableEnvVariables?: boolean;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region: string;
/**
* The role to assume after logging in.
*/
roleArn?: string;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface ResourceAzure {
/**
* The application ID to authenticate with.
*/
appId?: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The Azure AD directory (tenant) ID with which to authenticate.
* * sql_server_kerberos_ad:
*/
tenantId?: string;
}
export interface ResourceAzureCertificate {
/**
* The application ID to authenticate with.
*/
appId?: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The certificate to authenticate TLS connections with.
*/
clientCertificate?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The Azure AD directory (tenant) ID with which to authenticate.
* * sql_server_kerberos_ad:
*/
tenantId?: string;
}
export interface ResourceAzureMysql {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* Whether native auth (mysql_native_password) is used for all connections (for backwards compatibility)
*/
requireNativeAuth?: boolean;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If true, appends the hostname to the username when hitting a database.azure.com address
*/
useAzureSingleServerUsernames?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceAzureMysqlManagedIdentity {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If true, appends the hostname to the username when hitting a database.azure.com address
*/
useAzureSingleServerUsernames?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceAzurePostgres {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
*/
overrideDatabase?: boolean;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceAzurePostgresManagedIdentity {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
*/
overrideDatabase?: boolean;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If true, appends the hostname to the username when hitting a database.azure.com address
*/
useAzureSingleServerUsernames?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceBigQuery {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com
*/
endpoint: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* The private key used to authenticate with the server.
*/
privateKey?: string;
/**
* The GCP project ID containing the Spanner database.
*/
project: string;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceCassandra {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceCitus {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
*/
overrideDatabase?: boolean;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceClickHouseHttp {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The URL to dial to initiate a connection from the egress node to this resource.
* * memcached:
*/
url: string;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceClickHouseMySql {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* Whether native auth (mysql_native_password) is used for all connections (for backwards compatibility)
*/
requireNativeAuth?: boolean;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceClickHouseTcp {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceClustrix {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* Whether native auth (mysql_native_password) is used for all connections (for backwards compatibility)
*/
requireNativeAuth?: boolean;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If true, appends the hostname to the username when hitting a database.azure.com address
*/
useAzureSingleServerUsernames?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceCockroach {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
*/
overrideDatabase?: boolean;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceCouchbaseDatabase {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* The port number for N1QL queries. Default HTTP is 8093. Default HTTPS is 18093.
*/
n1QlPort: number;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceCouchbaseWebUi {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The URL to dial to initiate a connection from the egress node to this resource.
* * memcached:
*/
url: string;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceDatabricks {
/**
* Databricks Personal Access Token (PAT)
*/
accessToken?: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* The HTTP path to the SQL warehouse or cluster (e.g., /sql/1.0/warehouses/xxx)
*/
httpPath: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The Schema to use to direct initial requests.
*/
schema?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface ResourceDb2I {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceDb2Luw {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceDocumentDbHost {
/**
* The authentication database to use.
*/
authDatabase: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceDocumentDbHostIam {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface ResourceDocumentDbReplicaSet {
/**
* The authentication database to use.
*/
authDatabase: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* Set to connect to a replica instead of the primary node.
*/
connectToReplica?: boolean;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceDocumentDbReplicaSetIam {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* Set to connect to a replica instead of the primary node.
*/
connectToReplica?: boolean;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface ResourceDruid {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceDynamoDb {
/**
* The Access Key ID to use to authenticate.
*/
accessKey?: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com
*/
endpoint: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region: string;
/**
* The role to assume after logging in.
*/
roleArn?: string;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: string;
/**
* The Secret Access Key to use to authenticate.
*/
secretAccessKey?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface ResourceDynamoDbiam {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com
*/
endpoint: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region: string;
/**
* The role to assume after logging in.
*/
roleArn?: string;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface ResourceElastic {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceElasticacheRedis {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceElasticacheRedisIam {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region: string;
/**
* If provided, the gateway/relay will try to assume this role instead of the underlying compute's role.
*/
roleAssumptionArn?: string;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceEntraId {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* If true, configures discovery of the Okta org to be run from a node.
*/
discoveryEnabled?: boolean;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* comma separated list of group names to filter by. Supports wildcards (*)
*/
groupNames?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId: string;
/**
* The management group ID to authenticate scope Privileges to.
*/
managementGroupId?: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The privilege levels specify which Groups are managed externally
*/
privilegeLevels?: string;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* filters discovered groups to the specified Resource Group
*/
resourceGroupId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* The subscription ID to authenticate scope Privileges to.
*/
subscriptionId?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The Azure AD directory (tenant) ID with which to authenticate.
* * sql_server_kerberos_ad:
*/
tenantId: string;
}
export interface ResourceGcp {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The service account keyfile to authenticate with.
*/
keyfile?: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* Space separated scopes that this login should assume into when authenticating.
*/
scopes: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface ResourceGcpConsole {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* The length of time in seconds console sessions will live before needing to reauthenticate.
*/
sessionExpiry?: number;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The ID of the Workforce Identity Pool in GCP to use for federated authentication.
*/
workforcePoolId: string;
/**
* The ID of the Workforce Identity Provider in GCP to use for federated authentication.
* * google_gke:
*/
workforceProviderId: string;
}
export interface ResourceGcpwif {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* When specified, all project scoped requests will use this Project ID, overriding the project ID specified by clients
*/
projectId?: string;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* Space separated scopes that this login should assume into when authenticating.
*/
scopes: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* The length of time in seconds console sessions will live before needing to reauthenticate.
*/
sessionExpiry?: number;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The ID of the Workforce Identity Pool in GCP to use for federated authentication.
*/
workforcePoolId: string;
/**
* The ID of the Workforce Identity Provider in GCP to use for federated authentication.
* * google_gke:
*/
workforceProviderId: string;
}
export interface ResourceGoogleGke {
/**
* If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided.
*/
allowResourceRoleBypass?: boolean;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The CA to authenticate TLS connections with.
*/
certificateAuthority?: string;
/**
* If true, configures discovery of the Okta org to be run from a node.
*/
discoveryEnabled?: boolean;
/**
* If a cluster is configured for user impersonation, this is the user to impersonate when running discovery.
*/
discoveryUsername?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com
*/
endpoint: string;
/**
* The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace: string;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* The service account key to authenticate with.
*/
serviceAccountKey?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface ResourceGoogleGkeUserImpersonation {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The CA to authenticate TLS connections with.
*/
certificateAuthority?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com
*/
endpoint: string;
/**
* The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* The service account key to authenticate with.
*/
serviceAccountKey?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface ResourceGoogleSpanner {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com
*/
endpoint: string;
/**
* The Spanner instance ID within the GCP project.
*/
instance: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* The GCP project ID containing the Spanner database.
*/
project: string;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* Optional service account email to impersonate. When set, the relay's Application Default Credentials will impersonate this service account to access Spanner. This allows role separation where the relay uses one service account but operates as another.
*/
serviceAccountToImpersonate?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface ResourceGreenplum {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
*/
overrideDatabase?: boolean;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceHttpAuth {
/**
* The content to set as the authorization header.
*/
authHeader?: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* Automatically redirect to this path upon connecting.
*/
defaultPath?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* Header names (e.g. Authorization), to omit from logs.
*/
headersBlacklist?: string;
/**
* This path will be used to check the health of your site.
*/
healthcheckPath: string;
/**
* The host header will be overwritten with this field if provided.
*/
hostOverride?: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The URL to dial to initiate a connection from the egress node to this resource.
* * memcached:
*/
url: string;
}
export interface ResourceHttpBasicAuth {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* Automatically redirect to this path upon connecting.
*/
defaultPath?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* Header names (e.g. Authorization), to omit from logs.
*/
headersBlacklist?: string;
/**
* This path will be used to check the health of your site.
*/
healthcheckPath: string;
/**
* The host header will be overwritten with this field if provided.
*/
hostOverride?: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The URL to dial to initiate a connection from the egress node to this resource.
* * memcached:
*/
url: string;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceHttpNoAuth {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* Automatically redirect to this path upon connecting.
*/
defaultPath?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* Header names (e.g. Authorization), to omit from logs.
*/
headersBlacklist?: string;
/**
* This path will be used to check the health of your site.
*/
healthcheckPath: string;
/**
* The host header will be overwritten with this field if provided.
*/
hostOverride?: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The URL to dial to initiate a connection from the egress node to this resource.
* * memcached:
*/
url: string;
}
export interface ResourceKubernetes {
/**
* If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided.
*/
allowResourceRoleBypass?: boolean;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The CA to authenticate TLS connections with.
*/
certificateAuthority?: string;
/**
* The certificate to authenticate TLS connections with.
*/
clientCertificate?: string;
/**
* The key to authenticate TLS connections with.
*/
clientKey?: string;
/**
* If true, configures discovery of the Okta org to be run from a node.
*/
discoveryEnabled?: boolean;
/**
* If a cluster is configured for user impersonation, this is the user to impersonate when running discovery.
*/
discoveryUsername?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface ResourceKubernetesBasicAuth {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceKubernetesPodIdentity {
/**
* If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided.
*/
allowResourceRoleBypass?: boolean;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The CA to authenticate TLS connections with.
*/
certificateAuthority?: string;
/**
* If true, configures discovery of the Okta org to be run from a node.
*/
discoveryEnabled?: boolean;
/**
* If a cluster is configured for user impersonation, this is the user to impersonate when running discovery.
*/
discoveryUsername?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace: string;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface ResourceKubernetesServiceAccount {
/**
* If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided.
*/
allowResourceRoleBypass?: boolean;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* If true, configures discovery of the Okta org to be run from a node.
*/
discoveryEnabled?: boolean;
/**
* If a cluster is configured for user impersonation, this is the user to impersonate when running discovery.
*/
discoveryUsername?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The API token to authenticate with.
* * kubernetes_user_impersonation:
*/
token?: string;
}
export interface ResourceKubernetesServiceAccountUserImpersonation {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The API token to authenticate with.
* * kubernetes_user_impersonation:
*/
token?: string;
}
export interface ResourceKubernetesUserImpersonation {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The CA to authenticate TLS connections with.
*/
certificateAuthority?: string;
/**
* The certificate to authenticate TLS connections with.
*/
clientCertificate?: string;
/**
* The key to authenticate TLS connections with.
*/
clientKey?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The path used to check the health of your connection. Defaults to `default`. This field is required, and is only marked as optional for backwards compatibility.
*/
healthcheckNamespace: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface ResourceMaria {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* Whether native auth (mysql_native_password) is used for all connections (for backwards compatibility)
*/
requireNativeAuth?: boolean;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If true, appends the hostname to the username when hitting a database.azure.com address
*/
useAzureSingleServerUsernames?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceMcpGatewayNoAuth {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The URL to dial to initiate a connection from the egress node to this resource.
* * memcached:
*/
url: string;
}
export interface ResourceMcpGatewayOAuth {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The OAuth 2.0 authorization endpoint URL.
*/
oauthAuthEndpoint: string;
/**
* Space-separated list of OAuth scopes to request.
*/
oauthScopes?: string;
/**
* The OAuth 2.0 token endpoint URL.
*/
oauthTokenEndpoint: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The URL to dial to initiate a connection from the egress node to this resource.
* * memcached:
*/
url: string;
/**
* The username to authenticate with.
*/
username: string;
}
export interface ResourceMcpGatewayOAuthDcr {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The OAuth 2.0 authorization endpoint URL.
*/
oauthAuthEndpoint: string;
/**
* The OAuth 2.0 dynamic client registration endpoint URL.
*/
oauthRegisterEndpoint: string;
/**
* Space-separated list of OAuth scopes to request.
*/
oauthScopes?: string;
/**
* The OAuth 2.0 token endpoint URL.
*/
oauthTokenEndpoint: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The URL to dial to initiate a connection from the egress node to this resource.
* * memcached:
*/
url: string;
}
export interface ResourceMcpGatewayPat {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The URL to dial to initiate a connection from the egress node to this resource.
* * memcached:
*/
url: string;
}
export interface ResourceMemcached {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface ResourceMemsql {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* Whether native auth (mysql_native_password) is used for all connections (for backwards compatibility)
*/
requireNativeAuth?: boolean;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If true, appends the hostname to the username when hitting a database.azure.com address
*/
useAzureSingleServerUsernames?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceMongoHost {
/**
* The authentication database to use.
*/
authDatabase: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceMongoLegacyHost {
/**
* The authentication database to use.
*/
authDatabase: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceMongoLegacyReplicaset {
/**
* The authentication database to use.
*/
authDatabase: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* Set to connect to a replica instead of the primary node.
*/
connectToReplica?: boolean;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceMongoReplicaSet {
/**
* The authentication database to use.
*/
authDatabase: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* Set to connect to a replica instead of the primary node.
*/
connectToReplica?: boolean;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceMongoShardedCluster {
/**
* The authentication database to use.
*/
authDatabase: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceMtlsMysql {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The CA to authenticate TLS connections with.
*/
certificateAuthority?: string;
/**
* The certificate to authenticate TLS connections with.
*/
clientCertificate?: string;
/**
* The key to authenticate TLS connections with.
*/
clientKey?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* Whether native auth (mysql_native_password) is used for all connections (for backwards compatibility)
*/
requireNativeAuth?: boolean;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* Server name for TLS verification (unverified by StrongDM if empty)
*/
serverName?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If true, appends the hostname to the username when hitting a database.azure.com address
*/
useAzureSingleServerUsernames?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceMtlsPostgres {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The CA to authenticate TLS connections with.
*/
certificateAuthority?: string;
/**
* The certificate to authenticate TLS connections with.
*/
clientCertificate?: string;
/**
* The key to authenticate TLS connections with.
*/
clientKey?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
*/
overrideDatabase?: boolean;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* Server name for TLS verification (unverified by StrongDM if empty)
*/
serverName?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceMysql {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* Whether native auth (mysql_native_password) is used for all connections (for backwards compatibility)
*/
requireNativeAuth?: boolean;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If true, appends the hostname to the username when hitting a database.azure.com address
*/
useAzureSingleServerUsernames?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceNeptune {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com
*/
endpoint: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface ResourceNeptuneIam {
/**
* The Access Key ID to use to authenticate.
*/
accessKey?: string;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The neptune endpoint to connect to as in endpoint.region.neptune.amazonaws.com
*/
endpoint: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region: string;
/**
* The role to assume after logging in.
*/
roleArn?: string;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: string;
/**
* The Secret Access Key to use to authenticate.
*/
secretAccessKey?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface ResourceOktaGroups {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* If true, configures discovery of the Okta org to be run from a node.
*/
discoveryEnabled?: boolean;
/**
* Represents the Okta Org Client URL
*/
domain: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* comma separated list of group names to filter by. Supports wildcards (*)
*/
groupNames?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The privilege levels specify which Groups are managed externally
*/
privilegeLevels?: string;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface ResourceOracle {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceOracleNne {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourcePostgres {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
*/
overrideDatabase?: boolean;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourcePresto {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceRabbitmqAmqp091 {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceRawTcp {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface ResourceRdp {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* When set, network level authentication will not be used. May resolve unexpected authentication errors to older servers. When set, healthchecks cannot detect if a provided username / password pair is correct.
*/
downgradeNlaConnections?: boolean;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* When set, require a resource lock to access the resource to ensure it can only be used by one user at a time.
*/
lockRequired?: boolean;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceRdpCert {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* Comma-separated list of Active Directory Domain Controller hostnames. Required in on-premises AD environments for Kerberos Network Level Authentication (NLA), and for LDAPS SID resolution for strong certificate mapping in full enforcement mode when the identity alias does not specify a SID. Unused for Entra ID.
*/
dcHostnames?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* When set, require a resource lock to access the resource to ensure it can only be used by one user at a time.
*/
lockRequired?: boolean;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* Fully-qualified DNS name of the target Windows server, including the AD domain. Must match the Service Principal Name (SPN) of the server in AD. Required in on-premises AD environments for Kerberos Network Level Authentication (NLA), unused for Entra ID.
*/
serverFqdn?: string;
/**
* Windows Security Identifier (SID) of the configured Username, or AD service account if using LDAPS SID resolution. Required in on-premises AD environments for strong certificate mapping in full enforcement mode, unused for Entra ID.
*/
sid?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceRdsPostgresIam {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
*/
overrideDatabase?: boolean;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region: string;
/**
* If provided, the gateway/relay will try to assume this role instead of the underlying compute's role.
*/
roleAssumptionArn?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceRedis {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceRedisCluster {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceRedshift {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
*/
overrideDatabase?: boolean;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceRedshiftIam {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* Cluster Identified of Redshift cluster
*/
clusterId: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
*/
overrideDatabase?: boolean;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region: string;
/**
* If provided, the gateway/relay will try to assume this role instead of the underlying compute's role.
*/
roleAssumptionArn?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface ResourceRedshiftServerlessIam {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
*/
overrideDatabase?: boolean;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The AWS region to connect to.
*/
region: string;
/**
* If provided, the gateway/relay will try to assume this role instead of the underlying compute's role.
*/
roleAssumptionArn?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* Workgroup name in the serverless Redshift
* * single_store:
*/
workgroup: string;
}
export interface ResourceSingleStore {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* Whether native auth (mysql_native_password) is used for all connections (for backwards compatibility)
*/
requireNativeAuth?: boolean;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If true, appends the hostname to the username when hitting a database.azure.com address
*/
useAzureSingleServerUsernames?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceSnowflake {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* The private key used to authenticate with the server.
*/
privateKey?: string;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The Schema to use to direct initial requests.
*/
schema?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceSnowsight {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* If true, select the ACS with isDefault=true
*/
connectToDefault?: boolean;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The StrongDM user email to use for healthchecks.
*/
healthcheckUsername: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The Metadata for your snowflake IDP integration
*/
samlMetadata?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* This option enforces HTTPS on the client, not resource connection.
* * sql_server:
*/
useHttps?: boolean;
}
export interface ResourceSqlServer {
/**
* Whether to allow deprecated encryption protocols to be used for this resource. For example, TLS 1.0.
*/
allowDeprecatedEncryption?: boolean;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
*/
overrideDatabase?: boolean;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The Schema to use to direct initial requests.
*/
schema?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceSqlServerAzureAd {
/**
* Whether to allow deprecated encryption protocols to be used for this resource. For example, TLS 1.0.
*/
allowDeprecatedEncryption?: boolean;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The Azure AD application (client) ID with which to authenticate.
*/
clientId?: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
*/
overrideDatabase?: boolean;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The Schema to use to direct initial requests.
*/
schema?: string;
/**
* The Azure AD client secret (application password) with which to authenticate.
*/
secret?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The Azure AD directory (tenant) ID with which to authenticate.
* * sql_server_kerberos_ad:
*/
tenantId?: string;
}
export interface ResourceSqlServerKerberosAd {
/**
* Whether to allow deprecated encryption protocols to be used for this resource. For example, TLS 1.0.
*/
allowDeprecatedEncryption?: boolean;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database?: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* The keytab file in base64 format containing an entry with the principal name (username@realm) and key version number with which to authenticate.
*/
keytab?: string;
/**
* The Kerberos 5 configuration file (krb5.conf) specifying the Active Directory server (KDC) for the configured realm.
*/
krbConfig?: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* If set, the database configured cannot be changed by users. This setting is not recommended for most use cases, as some clients will insist their database has changed when it has not, leading to user confusion.
*/
overrideDatabase?: boolean;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The Active Directory domain (realm) to which the configured username belongs.
*/
realm?: string;
/**
* The Schema to use to direct initial requests.
*/
schema?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* The Service Principal Name of the Microsoft SQL Server instance in Active Directory.
*/
serverSpn: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceSsh {
/**
* Whether deprecated, insecure key exchanges are allowed for use to connect to the target ssh server.
*/
allowDeprecatedKeyExchanges?: boolean;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* The key type to use e.g. rsa-2048 or ed25519
*/
keyType: string;
/**
* When set, require a resource lock to access the resource to ensure it can only be used by one user at a time.
*/
lockRequired?: boolean;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port: number;
/**
* Whether port forwarding is allowed through this server.
*/
portForwarding?: boolean;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* The public key to append to a server's authorized keys. This will be generated after resource creation.
*/
publicKey: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceSshCert {
/**
* Whether deprecated, insecure key exchanges are allowed for use to connect to the target ssh server.
*/
allowDeprecatedKeyExchanges?: boolean;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* The key type to use e.g. rsa-2048 or ed25519
*/
keyType: string;
/**
* When set, require a resource lock to access the resource to ensure it can only be used by one user at a time.
*/
lockRequired?: boolean;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port: number;
/**
* Whether port forwarding is allowed through this server.
*/
portForwarding?: boolean;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceSshCustomerKey {
/**
* Whether deprecated, insecure key exchanges are allowed for use to connect to the target ssh server.
*/
allowDeprecatedKeyExchanges?: boolean;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* The username to use for healthchecks, when clients otherwise connect with their own identity alias username.
*/
identityAliasHealthcheckUsername?: string;
/**
* The ID of the identity set to use for identity connections.
*/
identitySetId?: string;
/**
* When set, require a resource lock to access the resource to ensure it can only be used by one user at a time.
*/
lockRequired?: boolean;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port: number;
/**
* Whether port forwarding is allowed through this server.
*/
portForwarding?: boolean;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* The private key used to authenticate with the server.
*/
privateKey?: string;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceSshPassword {
/**
* Whether deprecated, insecure key exchanges are allowed for use to connect to the target ssh server.
*/
allowDeprecatedKeyExchanges?: boolean;
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* When set, require a resource lock to access the resource to ensure it can only be used by one user at a time.
*/
lockRequired?: boolean;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port: number;
/**
* Whether port forwarding is allowed through this server.
*/
portForwarding?: boolean;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceSybase {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceSybaseIq {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceTeradata {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceTrino {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* If set, TLS must be used to connect to this resource.
*/
tlsRequired?: boolean;
/**
* The username to authenticate with.
*/
username?: string;
}
export interface ResourceVertica {
/**
* The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided and may also be set to one of the ResourceIPAllocationMode constants to select between VNM, loopback, or default allocation.
*/
bindInterface: string;
/**
* The initial database to connect to. This setting does not by itself prevent switching to another database after connecting.
*/
database: string;
/**
* A filter applied to the routing logic to pin datasource to nodes.
*/
egressFilter?: string;
/**
* The host to dial to initiate a connection from the egress node to this resource.
*/
hostname: string;
/**
* Unique human-readable name of the Resource.
*/
name: string;
/**
* The password to authenticate with.
*/
password?: string;
/**
* The port to dial to initiate a connection from the egress node to this resource.
*/
port?: number;
/**
* The local port used by clients to connect to this resource. It is automatically generated if not provided on create and may be re-generated on update by specifying a value of -1.
*/
portOverride: number;
/**
* ID of the proxy cluster for this resource, if any.
*/
proxyClusterId?: string;
/**
* ID of the secret store containing credentials for this resource, if any.
*/
secretStoreId?: string;
/**
* DNS subdomain through which this resource may be accessed on clients. (e.g. "app-prod1" allows the resource to be accessed at "app-prod1.your-org-name.sdm-proxy-domain"). Only applicable to HTTP-based resources or resources using virtual networking mode.
*/
subdomain: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The username to authenticate with.
*/
username?: string;
}
export interface SecretEngineActiveDirectory {
/**
* The default time-to-live duration of the password after it's read. Once the ttl has passed, a password will be rotated.
*/
afterReadTtl?: string;
/**
* Distinguished name of object to bind when performing user and group search. Example: cn=vault,ou=Users,dc=example,dc=com
*/
binddn: string;
/**
* Password to use along with binddn when performing user search.
*/
bindpass: string;
/**
* CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded.
*/
certificate?: string;
/**
* Timeout, in seconds, when attempting to connect to the LDAP server before trying the next URL in the configuration.
*/
connectionTimeout?: number;
/**
* If set to true this will prevent password change timestamp validation in Active Directory when validating credentials
*/
doNotValidateTimestamps?: boolean;
/**
* If true, skips LDAP server SSL certificate verification - insecure, use with caution!
*/
insecureTls?: boolean;
/**
* An interval of public/private key rotation for secret engine in days
*/
keyRotationIntervalDays?: number;
/**
* The maximum retry duration in case of automatic failure. On failed ttl rotation attempt it will be retried in an increasing intervals until it reaches max_backoff_duration
*/
maxBackoffDuration?: string;
/**
* Unique human-readable name of the Secret Engine.
*/
name: string;
/**
* node selector is used to narrow down the nodes used to communicate with with secret engine
*/
nodeSelector?: string;
/**
* Public key linked with a secret engine
*/
publicKey: string;
/**
* Timeout, in seconds, for the connection when making requests against the server before returning back an error.
*/
requestTimeout?: number;
/**
* Backing secret store identifier
*/
secretStoreId: string;
/**
* Backing Secret Store root path where managed secrets are going to be stored
*/
secretStoreRootPath: string;
/**
* If true, issues a StartTLS command after establishing an unencrypted connection.
*/
startTls?: boolean;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The default password time-to-live duration. Once the ttl has passed, a password will be rotated the next time it's requested.
*/
ttl?: string;
/**
* The domain (userPrincipalDomain) used to construct a UPN string for authentication.
*/
upndomain?: string;
/**
* The LDAP server to connect to.
*/
url: string;
/**
* Base DN under which to perform user search. Example: ou=Users,dc=example,dc=com
* * key_value:
*/
userdn?: string;
}
export interface SecretEngineKeyValue {
/**
* An interval of public/private key rotation for secret engine in days
*/
keyRotationIntervalDays?: number;
/**
* Unique human-readable name of the Secret Engine.
*/
name: string;
/**
* node selector is used to narrow down the nodes used to communicate with with secret engine
*/
nodeSelector?: string;
/**
* Public key linked with a secret engine
*/
publicKey: string;
/**
* Backing secret store identifier
*/
secretStoreId: string;
/**
* Backing Secret Store root path where managed secrets are going to be stored
*/
secretStoreRootPath: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface SecretEngineMysqlSecretEngine {
/**
* The default time-to-live duration of the password after it's read. Once the ttl has passed, a password will be rotated.
*/
afterReadTtl?: string;
/**
* Database is the database to verify credential against.
*/
database: string;
/**
* Hostname is the hostname or IP address of the SQL Server.
*/
hostname: string;
/**
* An interval of public/private key rotation for secret engine in days
*/
keyRotationIntervalDays?: number;
/**
* Unique human-readable name of the Secret Engine.
*/
name: string;
/**
* node selector is used to narrow down the nodes used to communicate with with secret engine
*/
nodeSelector?: string;
/**
* Password is the password to connect to the SQL Server server.
*/
password: string;
/**
* Port is the port number of the SQL Server server.
*/
port: number;
/**
* Public key linked with a secret engine
*/
publicKey: string;
/**
* Backing secret store identifier
*/
secretStoreId: string;
/**
* Backing Secret Store root path where managed secrets are going to be stored
*/
secretStoreRootPath: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* TLS enables TLS/SSL when connecting to the SQL Server server.
*/
tls?: boolean;
/**
* TLS disable certificate verification
*/
tlsSkipVerify?: boolean;
/**
* The default password time-to-live duration. Once the ttl has passed, a password will be rotated the next time it's requested.
*/
ttl?: string;
/**
* Username is the username to connect to the SQL Server.
*/
username: string;
}
export interface SecretEnginePostgresSecretEngine {
/**
* The default time-to-live duration of the password after it's read. Once the ttl has passed, a password will be rotated.
*/
afterReadTtl?: string;
/**
* Database is the database to verify credential against.
*/
database: string;
/**
* Hostname is the hostname or IP address of the SQL Server.
*/
hostname: string;
/**
* An interval of public/private key rotation for secret engine in days
*/
keyRotationIntervalDays?: number;
/**
* Unique human-readable name of the Secret Engine.
*/
name: string;
/**
* node selector is used to narrow down the nodes used to communicate with with secret engine
*/
nodeSelector?: string;
/**
* Password is the password to connect to the SQL Server server.
*/
password: string;
/**
* Port is the port number of the SQL Server server.
*/
port: number;
/**
* Public key linked with a secret engine
*/
publicKey: string;
/**
* Backing secret store identifier
*/
secretStoreId: string;
/**
* Backing Secret Store root path where managed secrets are going to be stored
*/
secretStoreRootPath: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* TLS enables TLS/SSL when connecting to the SQL Server server.
*/
tls?: boolean;
/**
* The default password time-to-live duration. Once the ttl has passed, a password will be rotated the next time it's requested.
*/
ttl?: string;
/**
* Username is the username to connect to the SQL Server.
*/
username: string;
}
export interface SecretEngineSqlserverSecretEngine {
/**
* The default time-to-live duration of the password after it's read. Once the ttl has passed, a password will be rotated.
*/
afterReadTtl?: string;
/**
* Database is the database to verify credential against.
*/
database: string;
/**
* Hostname is the hostname or IP address of the SQL Server.
*/
hostname: string;
/**
* An interval of public/private key rotation for secret engine in days
*/
keyRotationIntervalDays?: number;
/**
* Unique human-readable name of the Secret Engine.
*/
name: string;
/**
* node selector is used to narrow down the nodes used to communicate with with secret engine
*/
nodeSelector?: string;
/**
* Password is the password to connect to the SQL Server server.
*/
password: string;
/**
* Port is the port number of the SQL Server server.
*/
port: number;
/**
* Public key linked with a secret engine
*/
publicKey: string;
/**
* Backing secret store identifier
*/
secretStoreId: string;
/**
* Backing Secret Store root path where managed secrets are going to be stored
*/
secretStoreRootPath: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* TLS enables TLS/SSL when connecting to the SQL Server server.
*/
tls?: boolean;
/**
* TLS disable certificate verification
*/
tlsSkipVerify?: boolean;
/**
* The default password time-to-live duration. Once the ttl has passed, a password will be rotated the next time it's requested.
*/
ttl?: string;
/**
* Username is the username to connect to the SQL Server.
*/
username: string;
}
export interface SecretStoreActiveDirectoryStore {
/**
* Unique human-readable name of the SecretStore.
*/
name: string;
/**
* The URL of the Vault to target
*/
serverAddress: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface SecretStoreAws {
/**
* Unique human-readable name of the SecretStore.
*/
name: string;
/**
* The AWS region to target e.g. us-east-1
*/
region: string;
/**
* The role to assume after logging in.
*/
roleArn?: string;
/**
* The external ID to associate with assume role requests. Does nothing if a role ARN is not provided.
*/
roleExternalId?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface SecretStoreAwsCertX509 {
/**
* The ARN of the CA in AWS Private CA
*/
caArn: string;
/**
* The ARN of the AWS certificate template for requested certificates. Must allow SAN, key usage, and ext key usage passthrough from CSR
*/
certificateTemplateArn: string;
/**
* The lifetime of certificates issued by this CA represented in minutes.
*/
issuedCertTtlMinutes: number;
/**
* Unique human-readable name of the SecretStore.
*/
name: string;
/**
* The AWS region to target e.g. us-east-1
*/
region: string;
/**
* The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key. e.g. SHA256WITHRSA
*/
signingAlgo: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface SecretStoreAzureStore {
/**
* Unique human-readable name of the SecretStore.
*/
name: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The URI of the key vault to target e.g. https://myvault.vault.azure.net
* * cyberark_conjur:
*/
vaultUri: string;
}
export interface SecretStoreCyberarkConjur {
/**
* The URL of the Cyberark instance
*/
appUrl: string;
/**
* Unique human-readable name of the SecretStore.
*/
name: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface SecretStoreCyberarkPam {
/**
* The URL of the Cyberark instance
*/
appUrl: string;
/**
* Unique human-readable name of the SecretStore.
*/
name: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface SecretStoreCyberarkPamExperimental {
/**
* The URL of the Cyberark instance
*/
appUrl: string;
/**
* Unique human-readable name of the SecretStore.
*/
name: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface SecretStoreDelineaStore {
/**
* Unique human-readable name of the SecretStore.
*/
name: string;
/**
* The URL of the Delinea instance
*/
serverUrl?: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
/**
* The tenant name to target
* * gcp_store:
*/
tenantName?: string;
}
export interface SecretStoreGcpCertX509Store {
/**
* The ID of the target CA
*/
caId?: string;
/**
* The ID of the target CA pool
*/
caPoolId: string;
/**
* The lifetime of certificates issued by this CA represented in minutes.
*/
issuedCertTtlMinutes: number;
/**
* The Region for the CA in GCP format e.g. us-west1
*/
location: string;
/**
* Unique human-readable name of the SecretStore.
*/
name: string;
/**
* The GCP project ID to target.
*/
projectId: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface SecretStoreGcpStore {
/**
* Unique human-readable name of the SecretStore.
*/
name: string;
/**
* The GCP project ID to target.
*/
projectId: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface SecretStoreKeyfactorSshStore {
/**
* Path to the root CA that signed the certificate passed to the client for HTTPS connection. This is not required if the CA is trusted by the host operating system. This should be a PEM formatted certificate, and doesn't necessarily have to be the CA that signed CertificateFile.
*/
caFilePath?: string;
/**
* Path to client certificate in PEM format. This certificate must contain a client certificate that is recognized by the EJBCA instance represented by Hostname. This PEM file may also contain the private key associated with the certificate, but KeyFile can also be set to configure the private key.
*/
certificateFilePath: string;
/**
* Name of EJBCA certificate authority that will enroll CSR.
*/
defaultCertificateAuthorityName: string;
/**
* Certificate profile name that EJBCA will enroll the CSR with.
*/
defaultCertificateProfileName: string;
/**
* End entity profile that EJBCA will enroll the CSR with.
*/
defaultEndEntityProfileName: string;
/**
* code used by EJBCA during enrollment. May be left blank if no code is required.
*/
enrollmentCodeEnvVar?: string;
/**
* username that used by the EJBCA during enrollment. This can be left out. If so, the username must be auto-generated on the Keyfactor side.
*/
enrollmentUsernameEnvVar?: string;
/**
* Path to private key in PEM format. This file should contain the private key associated with the client certificate configured in CertificateFile.
*/
keyFilePath?: string;
/**
* Unique human-readable name of the SecretStore.
*/
name: string;
/**
* The URL of the Vault to target
*/
serverAddress: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface SecretStoreKeyfactorX509Store {
/**
* Path to the root CA that signed the certificate passed to the client for HTTPS connection. This is not required if the CA is trusted by the host operating system. This should be a PEM formatted certificate, and doesn't necessarily have to be the CA that signed CertificateFile.
*/
caFilePath?: string;
/**
* Path to client certificate in PEM format. This certificate must contain a client certificate that is recognized by the EJBCA instance represented by Hostname. This PEM file may also contain the private key associated with the certificate, but KeyFile can also be set to configure the private key.
*/
certificateFilePath: string;
/**
* Name of EJBCA certificate authority that will enroll CSR.
*/
defaultCertificateAuthorityName: string;
/**
* Certificate profile name that EJBCA will enroll the CSR with.
*/
defaultCertificateProfileName: string;
/**
* End entity profile that EJBCA will enroll the CSR with.
*/
defaultEndEntityProfileName: string;
/**
* code used by EJBCA during enrollment. May be left blank if no code is required.
*/
enrollmentCodeEnvVar?: string;
/**
* username that used by the EJBCA during enrollment. This can be left out. If so, the username must be auto-generated on the Keyfactor side.
*/
enrollmentUsernameEnvVar?: string;
/**
* Path to private key in PEM format. This file should contain the private key associated with the client certificate configured in CertificateFile.
*/
keyFilePath?: string;
/**
* Unique human-readable name of the SecretStore.
*/
name: string;
/**
* The URL of the Vault to target
*/
serverAddress: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface SecretStoreStrongVault {
/**
* Unique human-readable name of the SecretStore.
*/
name: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface SecretStoreVaultApprole {
/**
* Unique human-readable name of the SecretStore.
*/
name: string;
/**
* The namespace to make requests within
*/
namespace?: string;
/**
* The URL of the Vault to target
*/
serverAddress: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface SecretStoreVaultApproleCertSsh {
/**
* The lifetime of certificates issued by this CA represented in minutes.
*/
issuedCertTtlMinutes: number;
/**
* Unique human-readable name of the SecretStore.
*/
name: string;
/**
* The namespace to make requests within
*/
namespace?: string;
/**
* The URL of the Vault to target
*/
serverAddress: string;
/**
* The signing role to be used for signing certificates
*/
signingRole: string;
/**
* The mount point of the SSH engine configured with the desired CA
*/
sshMountPoint: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface SecretStoreVaultApproleCertX509 {
/**
* The lifetime of certificates issued by this CA represented in minutes.
*/
issuedCertTtlMinutes: number;
/**
* Unique human-readable name of the SecretStore.
*/
name: string;
/**
* The namespace to make requests within
*/
namespace?: string;
/**
* The mount point of the PKI engine configured with the desired CA
*/
pkiMountPoint: string;
/**
* The URL of the Vault to target
*/
serverAddress: string;
/**
* The signing role to be used for signing certificates
*/
signingRole: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface SecretStoreVaultAwsEc2 {
/**
* Unique human-readable name of the SecretStore.
*/
name: string;
/**
* The namespace to make requests within
*/
namespace?: string;
/**
* The URL of the Vault to target
*/
serverAddress: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface SecretStoreVaultAwsEc2CertSsh {
/**
* The lifetime of certificates issued by this CA represented in minutes.
*/
issuedCertTtlMinutes: number;
/**
* Unique human-readable name of the SecretStore.
*/
name: string;
/**
* The namespace to make requests within
*/
namespace?: string;
/**
* The URL of the Vault to target
*/
serverAddress: string;
/**
* The signing role to be used for signing certificates
*/
signingRole: string;
/**
* The mount point of the SSH engine configured with the desired CA
*/
sshMountPoint: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface SecretStoreVaultAwsEc2CertX509 {
/**
* The lifetime of certificates issued by this CA represented in minutes.
*/
issuedCertTtlMinutes: number;
/**
* Unique human-readable name of the SecretStore.
*/
name: string;
/**
* The namespace to make requests within
*/
namespace?: string;
/**
* The mount point of the PKI engine configured with the desired CA
*/
pkiMountPoint: string;
/**
* The URL of the Vault to target
*/
serverAddress: string;
/**
* The signing role to be used for signing certificates
*/
signingRole: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface SecretStoreVaultAwsIam {
/**
* Unique human-readable name of the SecretStore.
*/
name: string;
/**
* The namespace to make requests within
*/
namespace?: string;
/**
* The URL of the Vault to target
*/
serverAddress: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface SecretStoreVaultAwsIamCertSsh {
/**
* The lifetime of certificates issued by this CA represented in minutes.
*/
issuedCertTtlMinutes: number;
/**
* Unique human-readable name of the SecretStore.
*/
name: string;
/**
* The namespace to make requests within
*/
namespace?: string;
/**
* The URL of the Vault to target
*/
serverAddress: string;
/**
* The signing role to be used for signing certificates
*/
signingRole: string;
/**
* The mount point of the SSH engine configured with the desired CA
*/
sshMountPoint: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface SecretStoreVaultAwsIamCertX509 {
/**
* The lifetime of certificates issued by this CA represented in minutes.
*/
issuedCertTtlMinutes: number;
/**
* Unique human-readable name of the SecretStore.
*/
name: string;
/**
* The namespace to make requests within
*/
namespace?: string;
/**
* The mount point of the PKI engine configured with the desired CA
*/
pkiMountPoint: string;
/**
* The URL of the Vault to target
*/
serverAddress: string;
/**
* The signing role to be used for signing certificates
*/
signingRole: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface SecretStoreVaultTls {
/**
* A path to a CA file accessible by a Node
*/
caCertPath?: string;
/**
* A path to a client certificate file accessible by a Node
*/
clientCertPath: string;
/**
* A path to a client key file accessible by a Node
*/
clientKeyPath: string;
/**
* Unique human-readable name of the SecretStore.
*/
name: string;
/**
* The namespace to make requests within
*/
namespace?: string;
/**
* The URL of the Vault to target
*/
serverAddress: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface SecretStoreVaultTlsCertSsh {
/**
* A path to a CA file accessible by a Node
*/
caCertPath?: string;
/**
* A path to a client certificate file accessible by a Node
*/
clientCertPath: string;
/**
* A path to a client key file accessible by a Node
*/
clientKeyPath: string;
/**
* The lifetime of certificates issued by this CA represented in minutes.
*/
issuedCertTtlMinutes: number;
/**
* Unique human-readable name of the SecretStore.
*/
name: string;
/**
* The namespace to make requests within
*/
namespace?: string;
/**
* The URL of the Vault to target
*/
serverAddress: string;
/**
* The signing role to be used for signing certificates
*/
signingRole: string;
/**
* The mount point of the SSH engine configured with the desired CA
*/
sshMountPoint: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface SecretStoreVaultTlsCertX509 {
/**
* A path to a CA file accessible by a Node
*/
caCertPath?: string;
/**
* A path to a client certificate file accessible by a Node
*/
clientCertPath: string;
/**
* A path to a client key file accessible by a Node
*/
clientKeyPath: string;
/**
* The lifetime of certificates issued by this CA represented in minutes.
*/
issuedCertTtlMinutes: number;
/**
* Unique human-readable name of the SecretStore.
*/
name: string;
/**
* The namespace to make requests within
*/
namespace?: string;
/**
* The mount point of the PKI engine configured with the desired CA
*/
pkiMountPoint: string;
/**
* The URL of the Vault to target
*/
serverAddress: string;
/**
* The signing role to be used for signing certificates
*/
signingRole: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface SecretStoreVaultToken {
/**
* Unique human-readable name of the SecretStore.
*/
name: string;
/**
* The namespace to make requests within
*/
namespace?: string;
/**
* The URL of the Vault to target
*/
serverAddress: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface SecretStoreVaultTokenCertSsh {
/**
* The lifetime of certificates issued by this CA represented in minutes.
*/
issuedCertTtlMinutes: number;
/**
* Unique human-readable name of the SecretStore.
*/
name: string;
/**
* The namespace to make requests within
*/
namespace?: string;
/**
* The URL of the Vault to target
*/
serverAddress: string;
/**
* The signing role to be used for signing certificates
*/
signingRole: string;
/**
* The mount point of the SSH engine configured with the desired CA
*/
sshMountPoint: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
export interface SecretStoreVaultTokenCertX509 {
/**
* The lifetime of certificates issued by this CA represented in minutes.
*/
issuedCertTtlMinutes: number;
/**
* Unique human-readable name of the SecretStore.
*/
name: string;
/**
* The namespace to make requests within
*/
namespace?: string;
/**
* The mount point of the PKI engine configured with the desired CA
*/
pkiMountPoint: string;
/**
* The URL of the Vault to target
*/
serverAddress: string;
/**
* The signing role to be used for signing certificates
*/
signingRole: string;
/**
* Tags is a map of key, value pairs.
*/
tags?: {
[key: string]: string;
};
}
//# sourceMappingURL=output.d.ts.map