import type { Construct } from 'constructs';
import type { ISecret } from './secret';
import { CfnRotationSchedule } from './secretsmanager.generated';
import * as ec2 from '../../aws-ec2';
import type * as lambda from '../../aws-lambda';
import { Duration, Resource } from '../../core';
/**
 * Options to add a rotation schedule to a secret.
 */
export interface RotationScheduleOptions {
    /**
     * A Lambda function that can rotate the secret.
     *
     * @default - either `rotationLambda` or `hostedRotation` must be specified
     */
    readonly rotationLambda?: lambda.IFunction;
    /**
     * Hosted rotation
     *
     * @default - either `rotationLambda` or `hostedRotation` must be specified
     */
    readonly hostedRotation?: HostedRotation;
    /**
     * Specifies the number of days after the previous rotation before
     * Secrets Manager triggers the next automatic rotation.
     *
     * The minimum value is 4 hours.
     * The maximum value is 1000 days.
     *
     * A value of zero (`Duration.days(0)`) will not create RotationRules.
     *
     * @default Duration.days(30)
     */
    readonly automaticallyAfter?: Duration;
    /**
     * Specifies whether to rotate the secret immediately or wait until the next
     * scheduled rotation window.
     *
     * @default true
     */
    readonly rotateImmediatelyOnUpdate?: boolean;
}
/**
 * Construction properties for a RotationSchedule.
 */
export interface RotationScheduleProps extends RotationScheduleOptions {
    /**
     * The secret to rotate.
     *
     * If hosted rotation is used, this must be a JSON string with the following format:
     *
     * ```
     * {
     *   "engine": <required: database engine>,
     *   "host": <required: instance host name>,
     *   "username": <required: username>,
     *   "password": <required: password>,
     *   "dbname": <optional: database name>,
     *   "port": <optional: if not specified, default port will be used>,
     *   "masterarn": <required for multi user rotation: the arn of the master secret which will be used to create users/change passwords>
     * }
     * ```
     *
     * This is typically the case for a secret referenced from an `AWS::SecretsManager::SecretTargetAttachment`
     * or an `ISecret` returned by the `attach()` method of `Secret`.
     */
    readonly secret: ISecret;
}
/**
 * A rotation schedule.
 */
export declare class RotationSchedule extends Resource {
    /** Uniquely identifies this class. */
    static readonly PROPERTY_INJECTION_ID: string;
    constructor(scope: Construct, id: string, props: RotationScheduleProps);
}
/**
 * Single user hosted rotation options
 */
export interface SingleUserHostedRotationOptions {
    /**
     * A name for the Lambda created to rotate the secret
     *
     * @default - a CloudFormation generated name
     */
    readonly functionName?: string;
    /**
     * A list of security groups for the Lambda created to rotate the secret
     *
     * @default - a new security group is created
     */
    readonly securityGroups?: ec2.ISecurityGroup[];
    /**
     * The VPC where the Lambda rotation function will run.
     *
     * @default - the Lambda is not deployed in a VPC
     */
    readonly vpc?: ec2.IVpc;
    /**
     * The type of subnets in the VPC where the Lambda rotation function will run.
     *
     * @default - the Vpc default strategy if not specified.
     */
    readonly vpcSubnets?: ec2.SubnetSelection;
    /**
     * A string of the characters that you don't want in the password
     *
     * @default the same exclude characters as the ones used for the
     * secret or " %+~`#$&*()|[]{}:;<>?!'/@\"\\"
     */
    readonly excludeCharacters?: string;
}
/**
 * Multi user hosted rotation options
 */
export interface MultiUserHostedRotationOptions extends SingleUserHostedRotationOptions {
    /**
     * The master secret for a multi user rotation scheme
     */
    readonly masterSecret: ISecret;
}
/**
 * A hosted rotation
 */
export declare class HostedRotation implements ec2.IConnectable {
    private readonly type;
    private readonly props;
    private readonly masterSecret?;
    /** MySQL Single User */
    static mysqlSingleUser(options?: SingleUserHostedRotationOptions): HostedRotation;
    /** MySQL Multi User */
    static mysqlMultiUser(options: MultiUserHostedRotationOptions): HostedRotation;
    /** PostgreSQL Single User */
    static postgreSqlSingleUser(options?: SingleUserHostedRotationOptions): HostedRotation;
    /** PostgreSQL Multi User */
    static postgreSqlMultiUser(options: MultiUserHostedRotationOptions): HostedRotation;
    /** Oracle Single User */
    static oracleSingleUser(options?: SingleUserHostedRotationOptions): HostedRotation;
    /** Oracle Multi User */
    static oracleMultiUser(options: MultiUserHostedRotationOptions): HostedRotation;
    /** MariaDB Single User */
    static mariaDbSingleUser(options?: SingleUserHostedRotationOptions): HostedRotation;
    /** MariaDB Multi User */
    static mariaDbMultiUser(options: MultiUserHostedRotationOptions): HostedRotation;
    /** SQL Server Single User */
    static sqlServerSingleUser(options?: SingleUserHostedRotationOptions): HostedRotation;
    /** SQL Server Multi User */
    static sqlServerMultiUser(options: MultiUserHostedRotationOptions): HostedRotation;
    /** Redshift Single User */
    static redshiftSingleUser(options?: SingleUserHostedRotationOptions): HostedRotation;
    /** Redshift Multi User */
    static redshiftMultiUser(options: MultiUserHostedRotationOptions): HostedRotation;
    /** MongoDB Single User */
    static mongoDbSingleUser(options?: SingleUserHostedRotationOptions): HostedRotation;
    /** MongoDB Multi User */
    static mongoDbMultiUser(options: MultiUserHostedRotationOptions): HostedRotation;
    private _connections?;
    private constructor();
    /**
     * Binds this hosted rotation to a secret
     */
    bind(secret: ISecret, scope: Construct): CfnRotationSchedule.HostedRotationLambdaProperty;
    /**
     * Security group connections for this hosted rotation
     */
    get connections(): ec2.Connections;
}
/**
 * Hosted rotation type
 */
export declare class HostedRotationType {
    readonly name: string;
    readonly isMultiUser?: boolean | undefined;
    /** MySQL Single User */
    static readonly MYSQL_SINGLE_USER: HostedRotationType;
    /** MySQL Multi User */
    static readonly MYSQL_MULTI_USER: HostedRotationType;
    /** PostgreSQL Single User */
    static readonly POSTGRESQL_SINGLE_USER: HostedRotationType;
    /** PostgreSQL Multi User */
    static readonly POSTGRESQL_MULTI_USER: HostedRotationType;
    /** Oracle Single User */
    static readonly ORACLE_SINGLE_USER: HostedRotationType;
    /** Oracle Multi User */
    static readonly ORACLE_MULTI_USER: HostedRotationType;
    /** MariaDB Single User */
    static readonly MARIADB_SINGLE_USER: HostedRotationType;
    /** MariaDB Multi User */
    static readonly MARIADB_MULTI_USER: HostedRotationType;
    /** SQL Server Single User */
    static readonly SQLSERVER_SINGLE_USER: HostedRotationType;
    /** SQL Server Multi User */
    static readonly SQLSERVER_MULTI_USER: HostedRotationType;
    /** Redshift Single User */
    static readonly REDSHIFT_SINGLE_USER: HostedRotationType;
    /** Redshift Multi User */
    static readonly REDSHIFT_MULTI_USER: HostedRotationType;
    /** MongoDB Single User */
    static readonly MONGODB_SINGLE_USER: HostedRotationType;
    /** MongoDB Multi User */
    static readonly MONGODB_MULTI_USER: HostedRotationType;
    /**
     * @param name The type of rotation
     * @param isMultiUser Whether the rotation uses the mutli user scheme
     */
    private constructor();
}