{ "name": "cyral", "version": "4.16.3", "description": "A Pulumi provider dynamically bridged from cyral.", "attribution": "This Pulumi package is based on the [`cyral` Terraform Provider](https://github.com/cyralinc/terraform-provider-cyral).", "repository": "https://github.com/cyralinc/terraform-provider-cyral", "publisher": "cyralinc", "meta": { "moduleFormat": "(.*)(?:/[^/]*)" }, "language": { "csharp": { "compatibility": "tfbridge20", "liftSingleValueMethodReturns": true, "respectSchemaVersion": true }, "go": { "importBasePath": "github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral", "rootPackageName": "cyral", "liftSingleValueMethodReturns": true, "generateExtraInputTypes": true, "respectSchemaVersion": true }, "java": { "basePackage": "", "buildFiles": "", "gradleNexusPublishPluginVersion": "", "gradleTest": "" }, "nodejs": { "packageDescription": "A Pulumi provider dynamically bridged from cyral.", "readme": "> This provider is a derived work of the [Terraform Provider](https://github.com/cyralinc/terraform-provider-cyral)\n> distributed under [MPL 2.0](https://www.mozilla.org/en-US/MPL/2.0/). If you encounter a bug or missing feature,\n> please consult the source [`terraform-provider-cyral` repo](https://github.com/cyralinc/terraform-provider-cyral/issues).", "compatibility": "tfbridge20", "disableUnionOutputTypes": true, "liftSingleValueMethodReturns": true, "respectSchemaVersion": true }, "python": { "readme": "> This provider is a derived work of the [Terraform Provider](https://github.com/cyralinc/terraform-provider-cyral)\n> distributed under [MPL 2.0](https://www.mozilla.org/en-US/MPL/2.0/). If you encounter a bug or missing feature,\n> please consult the source [`terraform-provider-cyral` repo](https://github.com/cyralinc/terraform-provider-cyral/issues).", "compatibility": "tfbridge20", "respectSchemaVersion": true, "pyproject": { "enabled": true } } }, "config": { "variables": { "clientId": { "type": "string", "description": "Client id used to authenticate against the control plane. Can be ommited and declared using the environment variable\n`CYRAL_TF_CLIENT_ID`.\n", "secret": true }, "clientSecret": { "type": "string", "description": "Client secret used to authenticate against the control plane. Can be ommited and declared using the environment variable\n`CYRAL_TF_CLIENT_SECRET`.\n", "secret": true }, "controlPlane": { "type": "string", "description": "Control plane host and API port (ex: `tenant.app.cyral.com`)\n" }, "tlsSkipVerify": { "type": "boolean", "description": "Specifies if the client will verify the TLS server certificate used by the control plane. If set to `true`, the client\nwill not verify the server certificate, hence, it will allow insecure connections to be established. This should be set\nonly for testing and is not recommended to be used in production environments. Can be set through the\n`CYRAL_TF_TLS_SKIP_VERIFY` environment variable. Defaults to `false`.\n" } }, "defaults": [ "controlPlane" ] }, "types": { "cyral:index/DatalabelClassificationRule:DatalabelClassificationRule": { "properties": { "ruleCode": { "type": "string", "description": "Actual code of the classification rule. For example, this attribute may contain REGO code for `REGO`-type classification rules.\n" }, "ruleStatus": { "type": "string", "description": "Status of the classification rule. List of supported values: \n - `ENABLED`\n - `DISABLED`\n" }, "ruleType": { "type": "string", "description": "Type of the classification rule. List of supported values: \n - `UNKNOWN`\n - `REGO`\n" } }, "type": "object" }, "cyral:index/IntegrationIdpAadSamlp:IntegrationIdpAadSamlp": { "properties": { "addReadTokenRoleOnCreate": { "type": "boolean", "description": "Adds read token role on creation. Defaults to `false`.\n" }, "config": { "$ref": "#/types/cyral:index%2FIntegrationIdpAadSamlpConfig:IntegrationIdpAadSamlpConfig", "description": "SAML configuration for this IdP Integration.\n" }, "disabled": { "type": "boolean", "description": "Disable maps to Keycloak's `enabled` field. Defaults to `false`.\n" }, "displayName": { "type": "string", "description": "Name of the IdP Integration displayed in the control plane. Defaults to `Azure Active Directory`\n" }, "firstBrokerLoginFlowAlias": { "type": "string", "description": "Alias of authentication flow, which is triggered after `First Login` with this identity provider. Term `First Login` means that no Keycloak account is currently linked to the authenticated identity provider account. Defaults to `SAML_First_Broker`.\n" }, "internalId": { "type": "string", "description": "An ID that is auto-generated internally for this IdP Integration.\n" }, "linkOnly": { "type": "boolean", "description": "If true, users cannot log in through this identity provider. They can only link to this identity provider. This is useful if you don't want to allow login from the identity provider, but want to integrate with an identity provider. Defaults to `false`.\n" }, "postBrokerLoginFlowAlias": { "type": "string", "description": "Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you need no any additional authenticators to be triggered after login with this identity provider. Defaults to `\"\"`.\n" }, "providerId": { "type": "string", "description": "This is the provider ID of `saml`. Defaults to `saml`.\n" }, "storeToken": { "type": "boolean", "description": "Enable if tokens must be stored after authenticating users. Defaults to `false`.\n" }, "trustEmail": { "type": "boolean", "description": "If the identity provider supplies an email address this email address will be trusted. If the realm required email validation, users that log in from this identity provider will not have to go through the email verification process. Defaults to `false`.\n" } }, "type": "object", "required": [ "config" ], "language": { "nodejs": { "requiredOutputs": [ "config", "internalId" ] } } }, "cyral:index/IntegrationIdpAadSamlpConfig:IntegrationIdpAadSamlpConfig": { "properties": { "allowedClockSkew": { "type": "number", "description": "Clock skew in seconds that is tolerated when validating identity provider tokens. Defaults to `0`.\n" }, "backChannelSupported": { "type": "boolean", "description": "Defaults to `false` if unset.\n" }, "base64SamlMetadataDocument": { "type": "string", "description": "Full SAML metadata document that was used to import the SAML configuration, Base64 encoded. Defaults to `\"\"`.\n" }, "disableForceAuthentication": { "type": "boolean", "description": "Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. Defaults to `false`\n" }, "disablePostBindingAuthnRequest": { "type": "boolean", "description": "Indicates whether the AuthnRequest must be sent using `HTTP-POST` binding. If `true`, `HTTP-REDIRECT` binding will be used. Defaults to `false`.\n" }, "disablePostBindingLogout": { "type": "boolean", "description": "Indicates whether to respond to requests using `HTTP-POST` binding. If `true`, `HTTP-REDIRECT` binding will be used. Defaults to `false`.\n" }, "disablePostBindingResponse": { "type": "boolean", "description": "Indicates whether to respond to requests using `HTTP-POST` binding. If `true`, `HTTP-REDIRECT` binding will be used. Defaults to `false`.\n" }, "disableUsingJwksUrl": { "type": "boolean", "description": "By default, the jwks URL is used for all SAML connections. Defaults to `false`.\n" }, "guiOrder": { "type": "string", "description": "GUI order. Defaults to `\"\"`.\n" }, "hideOnLoginPage": { "type": "boolean", "description": "Defaults to `false` if unset.\n" }, "ldapGroupAttribute": { "type": "string", "description": "Type of `LDAP Group RDN` that identifies the name of a group within a DN. For example, if an LDAP DN sent in a SAML assertion is `cn=Everyone`, `ou=groups`, `dc=openam`, `dc=forgerock`, `dc=org` and the `LDAP Group RDN` Type is `cn` Cyral will interpret `Everyone` as the group name.\n" }, "nameIdPolicyFormat": { "type": "string", "description": "Defaults to `urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified` if unset.\n" }, "principalType": { "type": "string", "description": "Defaults to `SUBJECT` if unset.\n" }, "samlMetadataUrl": { "type": "string", "description": "This is the full SAML metadata URL that was used to import the SAML configuration. Defaults to `\"\"`.\n" }, "samlXmlKeyNameTranformer": { "type": "string", "description": "Defaults to `KEY_ID` if unset.\n" }, "signatureType": { "type": "string", "description": "Defaults to `RSA_SHA256` if unset.\n" }, "signingCertificate": { "type": "string", "description": "Signing certificate used to validate signatures. Required if signature validation is enabled. Defaults to `\"\"`.\n" }, "singleLogoutServiceUrl": { "type": "string", "description": "URL that must be used to send logout requests. Defaults to `\"\"`.\n" }, "singleSignOnServiceUrl": { "type": "string", "description": "URL that must be used to send authentication requests (SAML AuthnRequest).\n" }, "syncMode": { "type": "string", "description": "Defaults to `FORCE` if unset.\n" }, "wantAssertionsEncrypted": { "type": "boolean", "description": "Indicates whether the service provider expects an encrypted Assertion. Defaults to `false`.\n" }, "xmlSigKeyInfoKeyNameTransformer": { "type": "string", "description": "Defaults to `KEY_ID` if unset.\n" } }, "type": "object", "required": [ "singleSignOnServiceUrl" ] }, "cyral:index/IntegrationIdpAdfsSamlp:IntegrationIdpAdfsSamlp": { "properties": { "addReadTokenRoleOnCreate": { "type": "boolean", "description": "Adds read token role on creation. Defaults to `false`.\n" }, "config": { "$ref": "#/types/cyral:index%2FIntegrationIdpAdfsSamlpConfig:IntegrationIdpAdfsSamlpConfig", "description": "SAML configuration for this IdP Integration.\n" }, "disabled": { "type": "boolean", "description": "Disable maps to Keycloak's `enabled` field. Defaults to `false`.\n" }, "displayName": { "type": "string", "description": "Name of the IdP Integration displayed in the control plane. Defaults to `Active Directory`\n" }, "firstBrokerLoginFlowAlias": { "type": "string", "description": "Alias of authentication flow, which is triggered after `First Login` with this identity provider. Term `First Login` means that no Keycloak account is currently linked to the authenticated identity provider account. Defaults to `SAML_First_Broker`.\n" }, "internalId": { "type": "string", "description": "An ID that is auto-generated internally for this IdP Integration.\n" }, "linkOnly": { "type": "boolean", "description": "If true, users cannot log in through this identity provider. They can only link to this identity provider. This is useful if you don't want to allow login from the identity provider, but want to integrate with an identity provider. Defaults to `false`.\n" }, "postBrokerLoginFlowAlias": { "type": "string", "description": "Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you need no any additional authenticators to be triggered after login with this identity provider. Defaults to `\"\"`.\n" }, "providerId": { "type": "string", "description": "This is the provider ID of `saml`. Defaults to `saml`.\n" }, "storeToken": { "type": "boolean", "description": "Enable if tokens must be stored after authenticating users. Defaults to `false`.\n" }, "trustEmail": { "type": "boolean", "description": "If the identity provider supplies an email address this email address will be trusted. If the realm required email validation, users that log in from this identity provider will not have to go through the email verification process. Defaults to `false`.\n" } }, "type": "object", "required": [ "config" ], "language": { "nodejs": { "requiredOutputs": [ "config", "internalId" ] } } }, "cyral:index/IntegrationIdpAdfsSamlpConfig:IntegrationIdpAdfsSamlpConfig": { "properties": { "allowedClockSkew": { "type": "number", "description": "Clock skew in seconds that is tolerated when validating identity provider tokens. Defaults to `0`.\n" }, "backChannelSupported": { "type": "boolean", "description": "Defaults to `false` if unset.\n" }, "base64SamlMetadataDocument": { "type": "string", "description": "Full SAML metadata document that was used to import the SAML configuration, Base64 encoded. Defaults to `\"\"`.\n" }, "disableForceAuthentication": { "type": "boolean", "description": "Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. Defaults to `false`\n" }, "disablePostBindingAuthnRequest": { "type": "boolean", "description": "Indicates whether the AuthnRequest must be sent using `HTTP-POST` binding. If `true`, `HTTP-REDIRECT` binding will be used. Defaults to `false`.\n" }, "disablePostBindingLogout": { "type": "boolean", "description": "Indicates whether to respond to requests using `HTTP-POST` binding. If `true`, `HTTP-REDIRECT` binding will be used. Defaults to `false`.\n" }, "disablePostBindingResponse": { "type": "boolean", "description": "Indicates whether to respond to requests using `HTTP-POST` binding. If `true`, `HTTP-REDIRECT` binding will be used. Defaults to `false`.\n" }, "disableUsingJwksUrl": { "type": "boolean", "description": "By default, the jwks URL is used for all SAML connections. Defaults to `false`.\n" }, "guiOrder": { "type": "string", "description": "GUI order. Defaults to `\"\"`.\n" }, "hideOnLoginPage": { "type": "boolean", "description": "Defaults to `false` if unset.\n" }, "ldapGroupAttribute": { "type": "string", "description": "Type of `LDAP Group RDN` that identifies the name of a group within a DN. For example, if an LDAP DN sent in a SAML assertion is `cn=Everyone`, `ou=groups`, `dc=openam`, `dc=forgerock`, `dc=org` and the `LDAP Group RDN` Type is `cn` Cyral will interpret `Everyone` as the group name.\n" }, "nameIdPolicyFormat": { "type": "string", "description": "Defaults to `urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified` if unset.\n" }, "principalType": { "type": "string", "description": "Defaults to `SUBJECT` if unset.\n" }, "samlMetadataUrl": { "type": "string", "description": "This is the full SAML metadata URL that was used to import the SAML configuration. Defaults to `\"\"`.\n" }, "samlXmlKeyNameTranformer": { "type": "string", "description": "Defaults to `KEY_ID` if unset.\n" }, "signatureType": { "type": "string", "description": "Defaults to `RSA_SHA256` if unset.\n" }, "signingCertificate": { "type": "string", "description": "Signing certificate used to validate signatures. Required if signature validation is enabled. Defaults to `\"\"`.\n" }, "singleLogoutServiceUrl": { "type": "string", "description": "URL that must be used to send logout requests. Defaults to `\"\"`.\n" }, "singleSignOnServiceUrl": { "type": "string", "description": "URL that must be used to send authentication requests (SAML AuthnRequest).\n" }, "syncMode": { "type": "string", "description": "Defaults to `FORCE` if unset.\n" }, "wantAssertionsEncrypted": { "type": "boolean", "description": "Indicates whether the service provider expects an encrypted Assertion. Defaults to `false`.\n" }, "xmlSigKeyInfoKeyNameTransformer": { "type": "string", "description": "Defaults to `KEY_ID` if unset.\n" } }, "type": "object", "required": [ "singleSignOnServiceUrl" ] }, "cyral:index/IntegrationIdpForgerockSamlp:IntegrationIdpForgerockSamlp": { "properties": { "addReadTokenRoleOnCreate": { "type": "boolean", "description": "Adds read token role on creation. Defaults to `false`.\n" }, "config": { "$ref": "#/types/cyral:index%2FIntegrationIdpForgerockSamlpConfig:IntegrationIdpForgerockSamlpConfig", "description": "SAML configuration for this IdP Integration.\n" }, "disabled": { "type": "boolean", "description": "Disable maps to Keycloak's `enabled` field. Defaults to `false`.\n" }, "displayName": { "type": "string", "description": "Name of the IdP Integration displayed in the control plane. Defaults to `Forgerock`\n" }, "firstBrokerLoginFlowAlias": { "type": "string", "description": "Alias of authentication flow, which is triggered after `First Login` with this identity provider. Term `First Login` means that no Keycloak account is currently linked to the authenticated identity provider account. Defaults to `SAML_First_Broker`.\n" }, "internalId": { "type": "string", "description": "An ID that is auto-generated internally for this IdP Integration.\n" }, "linkOnly": { "type": "boolean", "description": "If true, users cannot log in through this identity provider. They can only link to this identity provider. This is useful if you don't want to allow login from the identity provider, but want to integrate with an identity provider. Defaults to `false`.\n" }, "postBrokerLoginFlowAlias": { "type": "string", "description": "Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you need no any additional authenticators to be triggered after login with this identity provider. Defaults to `\"\"`.\n" }, "providerId": { "type": "string", "description": "This is the provider ID of `saml`. Defaults to `saml`.\n" }, "storeToken": { "type": "boolean", "description": "Enable if tokens must be stored after authenticating users. Defaults to `false`.\n" }, "trustEmail": { "type": "boolean", "description": "If the identity provider supplies an email address this email address will be trusted. If the realm required email validation, users that log in from this identity provider will not have to go through the email verification process. Defaults to `false`.\n" } }, "type": "object", "required": [ "config" ], "language": { "nodejs": { "requiredOutputs": [ "config", "internalId" ] } } }, "cyral:index/IntegrationIdpForgerockSamlpConfig:IntegrationIdpForgerockSamlpConfig": { "properties": { "allowedClockSkew": { "type": "number", "description": "Clock skew in seconds that is tolerated when validating identity provider tokens. Defaults to `0`.\n" }, "backChannelSupported": { "type": "boolean", "description": "Defaults to `false` if unset.\n" }, "base64SamlMetadataDocument": { "type": "string", "description": "Full SAML metadata document that was used to import the SAML configuration, Base64 encoded. Defaults to `\"\"`.\n" }, "disableForceAuthentication": { "type": "boolean", "description": "Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. Defaults to `false`\n" }, "disablePostBindingAuthnRequest": { "type": "boolean", "description": "Indicates whether the AuthnRequest must be sent using `HTTP-POST` binding. If `true`, `HTTP-REDIRECT` binding will be used. Defaults to `false`.\n" }, "disablePostBindingLogout": { "type": "boolean", "description": "Indicates whether to respond to requests using `HTTP-POST` binding. If `true`, `HTTP-REDIRECT` binding will be used. Defaults to `false`.\n" }, "disablePostBindingResponse": { "type": "boolean", "description": "Indicates whether to respond to requests using `HTTP-POST` binding. If `true`, `HTTP-REDIRECT` binding will be used. Defaults to `false`.\n" }, "disableUsingJwksUrl": { "type": "boolean", "description": "By default, the jwks URL is used for all SAML connections. Defaults to `false`.\n" }, "guiOrder": { "type": "string", "description": "GUI order. Defaults to `\"\"`.\n" }, "hideOnLoginPage": { "type": "boolean", "description": "Defaults to `false` if unset.\n" }, "ldapGroupAttribute": { "type": "string", "description": "Type of `LDAP Group RDN` that identifies the name of a group within a DN. For example, if an LDAP DN sent in a SAML assertion is `cn=Everyone`, `ou=groups`, `dc=openam`, `dc=forgerock`, `dc=org` and the `LDAP Group RDN` Type is `cn` Cyral will interpret `Everyone` as the group name.\n" }, "nameIdPolicyFormat": { "type": "string", "description": "Defaults to `urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified` if unset.\n" }, "principalType": { "type": "string", "description": "Defaults to `SUBJECT` if unset.\n" }, "samlMetadataUrl": { "type": "string", "description": "This is the full SAML metadata URL that was used to import the SAML configuration. Defaults to `\"\"`.\n" }, "samlXmlKeyNameTranformer": { "type": "string", "description": "Defaults to `KEY_ID` if unset.\n" }, "signatureType": { "type": "string", "description": "Defaults to `RSA_SHA256` if unset.\n" }, "signingCertificate": { "type": "string", "description": "Signing certificate used to validate signatures. Required if signature validation is enabled. Defaults to `\"\"`.\n" }, "singleLogoutServiceUrl": { "type": "string", "description": "URL that must be used to send logout requests. Defaults to `\"\"`.\n" }, "singleSignOnServiceUrl": { "type": "string", "description": "URL that must be used to send authentication requests (SAML AuthnRequest).\n" }, "syncMode": { "type": "string", "description": "Defaults to `FORCE` if unset.\n" }, "wantAssertionsEncrypted": { "type": "boolean", "description": "Indicates whether the service provider expects an encrypted Assertion. Defaults to `false`.\n" }, "xmlSigKeyInfoKeyNameTransformer": { "type": "string", "description": "Defaults to `KEY_ID` if unset.\n" } }, "type": "object", "required": [ "singleSignOnServiceUrl" ] }, "cyral:index/IntegrationIdpGsuiteSamlp:IntegrationIdpGsuiteSamlp": { "properties": { "addReadTokenRoleOnCreate": { "type": "boolean", "description": "Adds read token role on creation. Defaults to `false`.\n" }, "config": { "$ref": "#/types/cyral:index%2FIntegrationIdpGsuiteSamlpConfig:IntegrationIdpGsuiteSamlpConfig", "description": "SAML configuration for this IdP Integration.\n" }, "disabled": { "type": "boolean", "description": "Disable maps to Keycloak's `enabled` field. Defaults to `false`.\n" }, "displayName": { "type": "string", "description": "Name of the IdP Integration displayed in the control plane. Defaults to `GSuite`\n" }, "firstBrokerLoginFlowAlias": { "type": "string", "description": "Alias of authentication flow, which is triggered after `First Login` with this identity provider. Term `First Login` means that no Keycloak account is currently linked to the authenticated identity provider account. Defaults to `SAML_First_Broker`.\n" }, "internalId": { "type": "string", "description": "An ID that is auto-generated internally for this IdP Integration.\n" }, "linkOnly": { "type": "boolean", "description": "If true, users cannot log in through this identity provider. They can only link to this identity provider. This is useful if you don't want to allow login from the identity provider, but want to integrate with an identity provider. Defaults to `false`.\n" }, "postBrokerLoginFlowAlias": { "type": "string", "description": "Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you need no any additional authenticators to be triggered after login with this identity provider. Defaults to `\"\"`.\n" }, "providerId": { "type": "string", "description": "This is the provider ID of `saml`. Defaults to `saml`.\n" }, "storeToken": { "type": "boolean", "description": "Enable if tokens must be stored after authenticating users. Defaults to `false`.\n" }, "trustEmail": { "type": "boolean", "description": "If the identity provider supplies an email address this email address will be trusted. If the realm required email validation, users that log in from this identity provider will not have to go through the email verification process. Defaults to `false`.\n" } }, "type": "object", "required": [ "config" ], "language": { "nodejs": { "requiredOutputs": [ "config", "internalId" ] } } }, "cyral:index/IntegrationIdpGsuiteSamlpConfig:IntegrationIdpGsuiteSamlpConfig": { "properties": { "allowedClockSkew": { "type": "number", "description": "Clock skew in seconds that is tolerated when validating identity provider tokens. Defaults to `0`.\n" }, "backChannelSupported": { "type": "boolean", "description": "Defaults to `false` if unset.\n" }, "base64SamlMetadataDocument": { "type": "string", "description": "Full SAML metadata document that was used to import the SAML configuration, Base64 encoded. Defaults to `\"\"`.\n" }, "disableForceAuthentication": { "type": "boolean", "description": "Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. Defaults to `false`\n" }, "disablePostBindingAuthnRequest": { "type": "boolean", "description": "Indicates whether the AuthnRequest must be sent using `HTTP-POST` binding. If `true`, `HTTP-REDIRECT` binding will be used. Defaults to `false`.\n" }, "disablePostBindingLogout": { "type": "boolean", "description": "Indicates whether to respond to requests using `HTTP-POST` binding. If `true`, `HTTP-REDIRECT` binding will be used. Defaults to `false`.\n" }, "disablePostBindingResponse": { "type": "boolean", "description": "Indicates whether to respond to requests using `HTTP-POST` binding. If `true`, `HTTP-REDIRECT` binding will be used. Defaults to `false`.\n" }, "disableUsingJwksUrl": { "type": "boolean", "description": "By default, the jwks URL is used for all SAML connections. Defaults to `false`.\n" }, "guiOrder": { "type": "string", "description": "GUI order. Defaults to `\"\"`.\n" }, "hideOnLoginPage": { "type": "boolean", "description": "Defaults to `false` if unset.\n" }, "ldapGroupAttribute": { "type": "string", "description": "Type of `LDAP Group RDN` that identifies the name of a group within a DN. For example, if an LDAP DN sent in a SAML assertion is `cn=Everyone`, `ou=groups`, `dc=openam`, `dc=forgerock`, `dc=org` and the `LDAP Group RDN` Type is `cn` Cyral will interpret `Everyone` as the group name.\n" }, "nameIdPolicyFormat": { "type": "string", "description": "Defaults to `urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified` if unset.\n" }, "principalType": { "type": "string", "description": "Defaults to `SUBJECT` if unset.\n" }, "samlMetadataUrl": { "type": "string", "description": "This is the full SAML metadata URL that was used to import the SAML configuration. Defaults to `\"\"`.\n" }, "samlXmlKeyNameTranformer": { "type": "string", "description": "Defaults to `KEY_ID` if unset.\n" }, "signatureType": { "type": "string", "description": "Defaults to `RSA_SHA256` if unset.\n" }, "signingCertificate": { "type": "string", "description": "Signing certificate used to validate signatures. Required if signature validation is enabled. Defaults to `\"\"`.\n" }, "singleLogoutServiceUrl": { "type": "string", "description": "URL that must be used to send logout requests. Defaults to `\"\"`.\n" }, "singleSignOnServiceUrl": { "type": "string", "description": "URL that must be used to send authentication requests (SAML AuthnRequest).\n" }, "syncMode": { "type": "string", "description": "Defaults to `FORCE` if unset.\n" }, "wantAssertionsEncrypted": { "type": "boolean", "description": "Indicates whether the service provider expects an encrypted Assertion. Defaults to `false`.\n" }, "xmlSigKeyInfoKeyNameTransformer": { "type": "string", "description": "Defaults to `KEY_ID` if unset.\n" } }, "type": "object", "required": [ "singleSignOnServiceUrl" ] }, "cyral:index/IntegrationIdpOktaSamlp:IntegrationIdpOktaSamlp": { "properties": { "addReadTokenRoleOnCreate": { "type": "boolean", "description": "Adds read token role on creation. Defaults to `false`.\n" }, "config": { "$ref": "#/types/cyral:index%2FIntegrationIdpOktaSamlpConfig:IntegrationIdpOktaSamlpConfig", "description": "SAML configuration for this IdP Integration.\n" }, "disabled": { "type": "boolean", "description": "Disable maps to Keycloak's `enabled` field. Defaults to `false`.\n" }, "displayName": { "type": "string", "description": "Name of the IdP Integration displayed in the control plane. Defaults to `Okta`\n" }, "firstBrokerLoginFlowAlias": { "type": "string", "description": "Alias of authentication flow, which is triggered after `First Login` with this identity provider. Term `First Login` means that no Keycloak account is currently linked to the authenticated identity provider account. Defaults to `SAML_First_Broker`.\n" }, "internalId": { "type": "string", "description": "An ID that is auto-generated internally for this IdP Integration.\n" }, "linkOnly": { "type": "boolean", "description": "If true, users cannot log in through this identity provider. They can only link to this identity provider. This is useful if you don't want to allow login from the identity provider, but want to integrate with an identity provider. Defaults to `false`.\n" }, "postBrokerLoginFlowAlias": { "type": "string", "description": "Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you need no any additional authenticators to be triggered after login with this identity provider. Defaults to `\"\"`.\n" }, "providerId": { "type": "string", "description": "This is the provider ID of `saml`. Defaults to `saml`.\n" }, "storeToken": { "type": "boolean", "description": "Enable if tokens must be stored after authenticating users. Defaults to `false`.\n" }, "trustEmail": { "type": "boolean", "description": "If the identity provider supplies an email address this email address will be trusted. If the realm required email validation, users that log in from this identity provider will not have to go through the email verification process. Defaults to `false`.\n" } }, "type": "object", "required": [ "config" ], "language": { "nodejs": { "requiredOutputs": [ "config", "internalId" ] } } }, "cyral:index/IntegrationIdpOktaSamlpConfig:IntegrationIdpOktaSamlpConfig": { "properties": { "allowedClockSkew": { "type": "number", "description": "Clock skew in seconds that is tolerated when validating identity provider tokens. Defaults to `0`.\n" }, "backChannelSupported": { "type": "boolean", "description": "Defaults to `false` if unset.\n" }, "base64SamlMetadataDocument": { "type": "string", "description": "Full SAML metadata document that was used to import the SAML configuration, Base64 encoded. Defaults to `\"\"`.\n" }, "disableForceAuthentication": { "type": "boolean", "description": "Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. Defaults to `false`\n" }, "disablePostBindingAuthnRequest": { "type": "boolean", "description": "Indicates whether the AuthnRequest must be sent using `HTTP-POST` binding. If `true`, `HTTP-REDIRECT` binding will be used. Defaults to `false`.\n" }, "disablePostBindingLogout": { "type": "boolean", "description": "Indicates whether to respond to requests using `HTTP-POST` binding. If `true`, `HTTP-REDIRECT` binding will be used. Defaults to `false`.\n" }, "disablePostBindingResponse": { "type": "boolean", "description": "Indicates whether to respond to requests using `HTTP-POST` binding. If `true`, `HTTP-REDIRECT` binding will be used. Defaults to `false`.\n" }, "disableUsingJwksUrl": { "type": "boolean", "description": "By default, the jwks URL is used for all SAML connections. Defaults to `false`.\n" }, "guiOrder": { "type": "string", "description": "GUI order. Defaults to `\"\"`.\n" }, "hideOnLoginPage": { "type": "boolean", "description": "Defaults to `false` if unset.\n" }, "ldapGroupAttribute": { "type": "string", "description": "Type of `LDAP Group RDN` that identifies the name of a group within a DN. For example, if an LDAP DN sent in a SAML assertion is `cn=Everyone`, `ou=groups`, `dc=openam`, `dc=forgerock`, `dc=org` and the `LDAP Group RDN` Type is `cn` Cyral will interpret `Everyone` as the group name.\n" }, "nameIdPolicyFormat": { "type": "string", "description": "Defaults to `urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified` if unset.\n" }, "principalType": { "type": "string", "description": "Defaults to `SUBJECT` if unset.\n" }, "samlMetadataUrl": { "type": "string", "description": "This is the full SAML metadata URL that was used to import the SAML configuration. Defaults to `\"\"`.\n" }, "samlXmlKeyNameTranformer": { "type": "string", "description": "Defaults to `KEY_ID` if unset.\n" }, "signatureType": { "type": "string", "description": "Defaults to `RSA_SHA256` if unset.\n" }, "signingCertificate": { "type": "string", "description": "Signing certificate used to validate signatures. Required if signature validation is enabled. Defaults to `\"\"`.\n" }, "singleLogoutServiceUrl": { "type": "string", "description": "URL that must be used to send logout requests. Defaults to `\"\"`.\n" }, "singleSignOnServiceUrl": { "type": "string", "description": "URL that must be used to send authentication requests (SAML AuthnRequest).\n" }, "syncMode": { "type": "string", "description": "Defaults to `FORCE` if unset.\n" }, "wantAssertionsEncrypted": { "type": "boolean", "description": "Indicates whether the service provider expects an encrypted Assertion. Defaults to `false`.\n" }, "xmlSigKeyInfoKeyNameTransformer": { "type": "string", "description": "Defaults to `KEY_ID` if unset.\n" } }, "type": "object", "required": [ "singleSignOnServiceUrl" ] }, "cyral:index/IntegrationIdpPingOneSamlp:IntegrationIdpPingOneSamlp": { "properties": { "addReadTokenRoleOnCreate": { "type": "boolean", "description": "Adds read token role on creation. Defaults to `false`.\n" }, "config": { "$ref": "#/types/cyral:index%2FIntegrationIdpPingOneSamlpConfig:IntegrationIdpPingOneSamlpConfig", "description": "SAML configuration for this IdP Integration.\n" }, "disabled": { "type": "boolean", "description": "Disable maps to Keycloak's `enabled` field. Defaults to `false`.\n" }, "displayName": { "type": "string", "description": "Name of the IdP Integration displayed in the control plane. Defaults to `PingOne`\n" }, "firstBrokerLoginFlowAlias": { "type": "string", "description": "Alias of authentication flow, which is triggered after `First Login` with this identity provider. Term `First Login` means that no Keycloak account is currently linked to the authenticated identity provider account. Defaults to `SAML_First_Broker`.\n" }, "internalId": { "type": "string", "description": "An ID that is auto-generated internally for this IdP Integration.\n" }, "linkOnly": { "type": "boolean", "description": "If true, users cannot log in through this identity provider. They can only link to this identity provider. This is useful if you don't want to allow login from the identity provider, but want to integrate with an identity provider. Defaults to `false`.\n" }, "postBrokerLoginFlowAlias": { "type": "string", "description": "Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you need no any additional authenticators to be triggered after login with this identity provider. Defaults to `\"\"`.\n" }, "providerId": { "type": "string", "description": "This is the provider ID of `saml`. Defaults to `saml`.\n" }, "storeToken": { "type": "boolean", "description": "Enable if tokens must be stored after authenticating users. Defaults to `false`.\n" }, "trustEmail": { "type": "boolean", "description": "If the identity provider supplies an email address this email address will be trusted. If the realm required email validation, users that log in from this identity provider will not have to go through the email verification process. Defaults to `false`.\n" } }, "type": "object", "required": [ "config" ], "language": { "nodejs": { "requiredOutputs": [ "config", "internalId" ] } } }, "cyral:index/IntegrationIdpPingOneSamlpConfig:IntegrationIdpPingOneSamlpConfig": { "properties": { "allowedClockSkew": { "type": "number", "description": "Clock skew in seconds that is tolerated when validating identity provider tokens. Defaults to `0`.\n" }, "backChannelSupported": { "type": "boolean", "description": "Defaults to `false` if unset.\n" }, "base64SamlMetadataDocument": { "type": "string", "description": "Full SAML metadata document that was used to import the SAML configuration, Base64 encoded. Defaults to `\"\"`.\n" }, "disableForceAuthentication": { "type": "boolean", "description": "Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. Defaults to `false`\n" }, "disablePostBindingAuthnRequest": { "type": "boolean", "description": "Indicates whether the AuthnRequest must be sent using `HTTP-POST` binding. If `true`, `HTTP-REDIRECT` binding will be used. Defaults to `false`.\n" }, "disablePostBindingLogout": { "type": "boolean", "description": "Indicates whether to respond to requests using `HTTP-POST` binding. If `true`, `HTTP-REDIRECT` binding will be used. Defaults to `false`.\n" }, "disablePostBindingResponse": { "type": "boolean", "description": "Indicates whether to respond to requests using `HTTP-POST` binding. If `true`, `HTTP-REDIRECT` binding will be used. Defaults to `false`.\n" }, "disableUsingJwksUrl": { "type": "boolean", "description": "By default, the jwks URL is used for all SAML connections. Defaults to `false`.\n" }, "guiOrder": { "type": "string", "description": "GUI order. Defaults to `\"\"`.\n" }, "hideOnLoginPage": { "type": "boolean", "description": "Defaults to `false` if unset.\n" }, "ldapGroupAttribute": { "type": "string", "description": "Type of `LDAP Group RDN` that identifies the name of a group within a DN. For example, if an LDAP DN sent in a SAML assertion is `cn=Everyone`, `ou=groups`, `dc=openam`, `dc=forgerock`, `dc=org` and the `LDAP Group RDN` Type is `cn` Cyral will interpret `Everyone` as the group name.\n" }, "nameIdPolicyFormat": { "type": "string", "description": "Defaults to `urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified` if unset.\n" }, "principalType": { "type": "string", "description": "Defaults to `SUBJECT` if unset.\n" }, "samlMetadataUrl": { "type": "string", "description": "This is the full SAML metadata URL that was used to import the SAML configuration. Defaults to `\"\"`.\n" }, "samlXmlKeyNameTranformer": { "type": "string", "description": "Defaults to `KEY_ID` if unset.\n" }, "signatureType": { "type": "string", "description": "Defaults to `RSA_SHA256` if unset.\n" }, "signingCertificate": { "type": "string", "description": "Signing certificate used to validate signatures. Required if signature validation is enabled. Defaults to `\"\"`.\n" }, "singleLogoutServiceUrl": { "type": "string", "description": "URL that must be used to send logout requests. Defaults to `\"\"`.\n" }, "singleSignOnServiceUrl": { "type": "string", "description": "URL that must be used to send authentication requests (SAML AuthnRequest).\n" }, "syncMode": { "type": "string", "description": "Defaults to `FORCE` if unset.\n" }, "wantAssertionsEncrypted": { "type": "boolean", "description": "Indicates whether the service provider expects an encrypted Assertion. Defaults to `false`.\n" }, "xmlSigKeyInfoKeyNameTransformer": { "type": "string", "description": "Defaults to `KEY_ID` if unset.\n" } }, "type": "object", "required": [ "singleSignOnServiceUrl" ] }, "cyral:index/IntegrationIdpSamlDraftAttributes:IntegrationIdpSamlDraftAttributes": { "properties": { "email": { "type": "string", "description": "The name of the attribute in the incoming SAML assertion containing the users email address. Defaults to `email`.\n" }, "firstName": { "type": "string", "description": "The name of the attribute in the incoming SAML assertion containing the users first name (given name). Defaults to `firstName`.\n" }, "groups": { "type": "string", "description": "The name of the attribute in the incoming SAML assertion containing the users group membership in the IdP. Defaults to `memberOf`.\n" }, "lastName": { "type": "string", "description": "The name of the attribute in the incoming SAML assertion containing the users last name (family name). Defaults to `lastName`.\n" } }, "type": "object" }, "cyral:index/IntegrationIdpSamlDraftServiceProviderMetadata:IntegrationIdpSamlDraftServiceProviderMetadata": { "properties": { "assertionConsumerServices": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FIntegrationIdpSamlDraftServiceProviderMetadataAssertionConsumerService:IntegrationIdpSamlDraftServiceProviderMetadataAssertionConsumerService" } }, "entityId": { "type": "string" }, "singleLogoutUrl": { "type": "string" }, "url": { "type": "string" }, "xmlDocument": { "type": "string" } }, "type": "object", "required": [ "assertionConsumerServices", "entityId", "singleLogoutUrl", "url", "xmlDocument" ] }, "cyral:index/IntegrationIdpSamlDraftServiceProviderMetadataAssertionConsumerService:IntegrationIdpSamlDraftServiceProviderMetadataAssertionConsumerService": { "properties": { "index": { "type": "number" }, "url": { "type": "string" } }, "type": "object", "required": [ "index", "url" ] }, "cyral:index/IntegrationLoggingCloudwatch:IntegrationLoggingCloudwatch": { "properties": { "group": { "type": "string", "description": "CloudWatch log group.\n" }, "region": { "type": "string", "description": "AWS region.\n" }, "stream": { "type": "string", "description": "CloudWatch log stream. Defaults to `cyral-sidecar` if not set.\n" } }, "type": "object", "required": [ "group", "region" ] }, "cyral:index/IntegrationLoggingDatadog:IntegrationLoggingDatadog": { "properties": { "apiKey": { "type": "string", "description": "DataDog API key.\n", "secret": true } }, "type": "object", "required": [ "apiKey" ] }, "cyral:index/IntegrationLoggingElk:IntegrationLoggingElk": { "properties": { "esCredentials": { "$ref": "#/types/cyral:index%2FIntegrationLoggingElkEsCredentials:IntegrationLoggingElkEsCredentials", "description": "Credentials used to authenticate to Elastic Search.Can be omitted for unprotected instances.\n" }, "esUrl": { "type": "string", "description": "Elasticsearch URL.\n" }, "kibanaUrl": { "type": "string", "description": "Kibana URL.\n" } }, "type": "object", "required": [ "esUrl" ] }, "cyral:index/IntegrationLoggingElkEsCredentials:IntegrationLoggingElkEsCredentials": { "properties": { "password": { "type": "string", "description": "Elasticsearch password.\n", "secret": true }, "username": { "type": "string", "description": "Elasticsearch username.\n" } }, "type": "object", "required": [ "password", "username" ] }, "cyral:index/IntegrationLoggingFluentBit:IntegrationLoggingFluentBit": { "properties": { "config": { "type": "string", "description": "Fluent Bit configuration, in 'classic mode' INI format. For more details, see: https://docs.fluentbit.io/manual/administration/configuring-fluent-bit/classic-mode/configuration-file\n" }, "skipValidate": { "type": "boolean", "description": "Whether to validate the Fluent Bit config.\n" } }, "type": "object", "required": [ "config" ] }, "cyral:index/IntegrationLoggingSplunk:IntegrationLoggingSplunk": { "properties": { "accessToken": { "type": "string", "description": "Splunk access token.\n", "secret": true }, "hecPort": { "type": "string", "description": "Splunk HTTP Event Collector (HEC) port.\n" }, "hostname": { "type": "string", "description": "Splunk hostname.\n" }, "index": { "type": "string", "description": "Splunk index which logs should be indexed to.\n" }, "useTls": { "type": "boolean", "description": "Whether or not to use TLS.\n" } }, "type": "object", "required": [ "accessToken", "hecPort", "hostname" ] }, "cyral:index/IntegrationLoggingSumoLogic:IntegrationLoggingSumoLogic": { "properties": { "address": { "type": "string", "description": "Sumo Logic HTTP collector address. A full URL is expected\n" } }, "type": "object", "required": [ "address" ] }, "cyral:index/PolicyRuleDelete:PolicyRuleDelete": { "properties": { "additionalChecks": { "type": "string", "description": "Constraints on the data access specified in [Rego](https://www.openpolicyagent.org/docs/latest/policy-language/). See [Additional checks](https://cyral.com/docs/policy/rules/#additional-checks).\n" }, "datas": { "type": "array", "items": { "type": "string" }, "description": "The data locations protected by this rule. Use `*` if you want to define `any` data location. For more information, see the [policy rules](https://cyral.com/docs/policy/rules#contexted-rules) documentation.\n" }, "datasetRewrites": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FPolicyRuleDeleteDatasetRewrite:PolicyRuleDeleteDatasetRewrite" }, "description": "Defines how requests should be rewritten in the case of policy violations. See [Request rewriting](https://cyral.com/docs/policy/rules/#request-rewriting).\n" }, "rateLimit": { "type": "number", "description": "Rate Limit specifies the limit of calls that a user can make within a given time period.\n" }, "rows": { "type": "number", "description": "The number of records (for example, rows or documents) that can be accessed/affected in a single statement. Use positive integer numbers to define how many records. If you want to define `any` number of records, set to `-1`.\n" }, "severity": { "type": "string", "description": "severity level that's recorded when someone violate this rule. This is an informational value. Settings: (`low` | `medium` | `high`). If not specified, the severity is considered to be low.\n" } }, "type": "object", "required": [ "datas", "rows" ] }, "cyral:index/PolicyRuleDeleteDatasetRewrite:PolicyRuleDeleteDatasetRewrite": { "properties": { "dataset": { "type": "string", "description": "The dataset that should be rewritten.In the case of Snowflake, this denotes a fully qualified table name in the form: `..`\n" }, "parameters": { "type": "array", "items": { "type": "string" }, "description": "The set of parameters used in the substitution request, these are references to fields in the activity log as described in the [Additional Checks section](https://cyral.com/docs/policy/rules/#additional-checks).\n" }, "repo": { "type": "string", "description": "The name of the repository that the rewrite applies to.\n" }, "substitution": { "type": "string", "description": "The request used to substitute references to the dataset.\n" } }, "type": "object", "required": [ "dataset", "parameters", "repo", "substitution" ] }, "cyral:index/PolicyRuleIdentities:PolicyRuleIdentities": { "properties": { "dbRoles": { "type": "array", "items": { "type": "string" }, "description": "Database roles that this rule will apply to.\n" }, "groups": { "type": "array", "items": { "type": "string" }, "description": "Groups that this rule will apply to.\n" }, "services": { "type": "array", "items": { "type": "string" }, "description": "Services that this rule will apply to.\n" }, "users": { "type": "array", "items": { "type": "string" }, "description": "Users that this rule will apply to.\n" } }, "type": "object" }, "cyral:index/PolicyRuleRead:PolicyRuleRead": { "properties": { "additionalChecks": { "type": "string", "description": "Constraints on the data access specified in [Rego](https://www.openpolicyagent.org/docs/latest/policy-language/). See [Additional checks](https://cyral.com/docs/policy/rules/#additional-checks).\n" }, "datas": { "type": "array", "items": { "type": "string" }, "description": "The data locations protected by this rule. Use `*` if you want to define `any` data location. For more information, see the [policy rules](https://cyral.com/docs/policy/rules#contexted-rules) documentation.\n" }, "datasetRewrites": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FPolicyRuleReadDatasetRewrite:PolicyRuleReadDatasetRewrite" }, "description": "Defines how requests should be rewritten in the case of policy violations. See [Request rewriting](https://cyral.com/docs/policy/rules/#request-rewriting).\n" }, "rateLimit": { "type": "number", "description": "Rate Limit specifies the limit of calls that a user can make within a given time period.\n" }, "rows": { "type": "number", "description": "The number of records (for example, rows or documents) that can be accessed/affected in a single statement. Use positive integer numbers to define how many records. If you want to define `any` number of records, set to `-1`.\n" }, "severity": { "type": "string", "description": "severity level that's recorded when someone violate this rule. This is an informational value. Settings: (`low` | `medium` | `high`). If not specified, the severity is considered to be low.\n" } }, "type": "object", "required": [ "datas", "rows" ] }, "cyral:index/PolicyRuleReadDatasetRewrite:PolicyRuleReadDatasetRewrite": { "properties": { "dataset": { "type": "string", "description": "The dataset that should be rewritten.In the case of Snowflake, this denotes a fully qualified table name in the form: `..
`\n" }, "parameters": { "type": "array", "items": { "type": "string" }, "description": "The set of parameters used in the substitution request, these are references to fields in the activity log as described in the [Additional Checks section](https://cyral.com/docs/policy/rules/#additional-checks).\n" }, "repo": { "type": "string", "description": "The name of the repository that the rewrite applies to.\n" }, "substitution": { "type": "string", "description": "The request used to substitute references to the dataset.\n" } }, "type": "object", "required": [ "dataset", "parameters", "repo", "substitution" ] }, "cyral:index/PolicyRuleUpdate:PolicyRuleUpdate": { "properties": { "additionalChecks": { "type": "string", "description": "Constraints on the data access specified in [Rego](https://www.openpolicyagent.org/docs/latest/policy-language/). See [Additional checks](https://cyral.com/docs/policy/rules/#additional-checks).\n" }, "datas": { "type": "array", "items": { "type": "string" }, "description": "The data locations protected by this rule. Use `*` if you want to define `any` data location. For more information, see the [policy rules](https://cyral.com/docs/policy/rules#contexted-rules) documentation.\n" }, "datasetRewrites": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FPolicyRuleUpdateDatasetRewrite:PolicyRuleUpdateDatasetRewrite" }, "description": "Defines how requests should be rewritten in the case of policy violations. See [Request rewriting](https://cyral.com/docs/policy/rules/#request-rewriting).\n" }, "rateLimit": { "type": "number", "description": "Rate Limit specifies the limit of calls that a user can make within a given time period.\n" }, "rows": { "type": "number", "description": "The number of records (for example, rows or documents) that can be accessed/affected in a single statement. Use positive integer numbers to define how many records. If you want to define `any` number of records, set to `-1`.\n" }, "severity": { "type": "string", "description": "severity level that's recorded when someone violate this rule. This is an informational value. Settings: (`low` | `medium` | `high`). If not specified, the severity is considered to be low.\n" } }, "type": "object", "required": [ "datas", "rows" ] }, "cyral:index/PolicyRuleUpdateDatasetRewrite:PolicyRuleUpdateDatasetRewrite": { "properties": { "dataset": { "type": "string", "description": "The dataset that should be rewritten.In the case of Snowflake, this denotes a fully qualified table name in the form: `..
`\n" }, "parameters": { "type": "array", "items": { "type": "string" }, "description": "The set of parameters used in the substitution request, these are references to fields in the activity log as described in the [Additional Checks section](https://cyral.com/docs/policy/rules/#additional-checks).\n" }, "repo": { "type": "string", "description": "The name of the repository that the rewrite applies to.\n" }, "substitution": { "type": "string", "description": "The request used to substitute references to the dataset.\n" } }, "type": "object", "required": [ "dataset", "parameters", "repo", "substitution" ] }, "cyral:index/PolicySetPolicy:PolicySetPolicy": { "properties": { "id": { "type": "string" }, "type": { "type": "string" } }, "type": "object", "required": [ "id", "type" ] }, "cyral:index/PolicySetScope:PolicySetScope": { "properties": { "repoIds": { "type": "array", "items": { "type": "string" }, "description": "List of repository IDs that are in scope. Empty list means all repositories are in scope.\n" } }, "type": "object" }, "cyral:index/PolicyV2Scope:PolicyV2Scope": { "properties": { "repoIds": { "type": "array", "items": { "type": "string" }, "description": "List of repository IDs that are in scope.\n" } }, "type": "object" }, "cyral:index/RegoPolicyInstanceCreated:RegoPolicyInstanceCreated": { "properties": { "actor": { "type": "string" }, "actorType": { "type": "string" }, "timestamp": { "type": "string" } }, "type": "object", "required": [ "actor", "actorType", "timestamp" ] }, "cyral:index/RegoPolicyInstanceLastUpdated:RegoPolicyInstanceLastUpdated": { "properties": { "actor": { "type": "string" }, "actorType": { "type": "string" }, "timestamp": { "type": "string" } }, "type": "object", "required": [ "actor", "actorType", "timestamp" ] }, "cyral:index/RegoPolicyInstanceScope:RegoPolicyInstanceScope": { "properties": { "repoIds": { "type": "array", "items": { "type": "string" }, "description": "A list of repository identifiers that belongs to the policy scope. The policy will be applied at repo-level for every repository ID included in this list. This is equivalent of creating a repo-level policy in the UI for a given repository.\n" } }, "type": "object", "required": [ "repoIds" ] }, "cyral:index/RepositoryAccessRulesRule:RepositoryAccessRulesRule": { "properties": { "config": { "$ref": "#/types/cyral:index%2FRepositoryAccessRulesRuleConfig:RepositoryAccessRulesRuleConfig", "description": "Extra (optional) configuration parameters.\n" }, "identity": { "$ref": "#/types/cyral:index%2FRepositoryAccessRulesRuleIdentity:RepositoryAccessRulesRuleIdentity", "description": "The identity of the person/group getting access.\n" }, "validFrom": { "type": "string", "description": "The start time for the grant. Format is: `yyyy-mm-ddThh:mm:ssZ`. Eg. `2022-01-24T18:30:00Z`.\n" }, "validUntil": { "type": "string", "description": "The end time for the grant. Format is: `yyyy-mm-ddThh:mm:ssZ`. Eg. `2022-01-24T18:30:00Z`.\n" } }, "type": "object", "required": [ "identity" ] }, "cyral:index/RepositoryAccessRulesRuleConfig:RepositoryAccessRulesRuleConfig": { "properties": { "policyIds": { "type": "array", "items": { "type": "string" }, "description": "Extra authorization policies, such as PagerDuty or DUO. Use the attribute `id` from resources `cyral.IntegrationPagerDuty` and `cyral.IntegrationMfaDuo`.\n" } }, "type": "object", "required": [ "policyIds" ] }, "cyral:index/RepositoryAccessRulesRuleIdentity:RepositoryAccessRulesRuleIdentity": { "properties": { "name": { "type": "string", "description": "The name of the person/group getting access.\n" }, "type": { "type": "string", "description": "Identity type. List of supported values: \n - `username`\n - `email`\n - `group`\n" } }, "type": "object", "required": [ "name", "type" ] }, "cyral:index/RepositoryBindingListenerBinding:RepositoryBindingListenerBinding": { "properties": { "listenerId": { "type": "string", "description": "The sidecar listener that this binding is associated with.\n" }, "nodeIndex": { "type": "number", "description": "The index of the repo node that this binding is associated with.\n" } }, "type": "object", "required": [ "listenerId" ] }, "cyral:index/RepositoryConnectionDraining:RepositoryConnectionDraining": { "properties": { "auto": { "type": "boolean", "description": "Whether connections should be drained automatically after a listener dies.\n" }, "waitTime": { "type": "number", "description": "Seconds to wait to let connections drain before starting to kill all the connections, if auto is set to true.\n" } }, "type": "object" }, "cyral:index/RepositoryDatamapMapping:RepositoryDatamapMapping": { "properties": { "attributes": { "type": "array", "items": { "type": "string" }, "description": "List containing the specific locations of the data within the repo, following the pattern `{SCHEMA}.{TABLE}.{ATTRIBUTE}` (ex: `[your_schema_name.your_table_name.your_attr_name]`).\n" }, "label": { "type": "string", "description": "Label given to the attributes in this mapping.\n" } }, "type": "object", "required": [ "attributes", "label" ] }, "cyral:index/RepositoryMongodbSettings:RepositoryMongodbSettings": { "properties": { "flavor": { "type": "string", "description": "The flavor of the MongoDB deployment. Allowed values: \n - `mongodb`\n - `documentdb`\n\n The following conditions apply:\n - The `documentdb` flavor cannot be combined with the MongoDB Server type `sharded`.\n" }, "replicaSetName": { "type": "string", "description": "Name of the replica set, if applicable.\n" }, "serverType": { "type": "string", "description": "Type of the MongoDB server. Allowed values: \n - `replicaset`\n - `standalone`\n - `sharded`\n\n The following conditions apply:\n - If `sharded` and `srv_record_name` *not* provided, then all `repo_node` blocks must be static (see `dynamic`).\n - If `sharded` and `srv_record_name` provided, then all `repo_node` blocks must be dynamic (see `dynamic`).\n - If `standalone`, then only one `repo_node` block can be declared and it must be static (see `dynamic`). The `srv_record_name` is not supported in this configuration.\n - If `replicaset` and `srv_record_name` *not* provided, then `repo_node` blocks may mix dynamic and static nodes (see `dynamic`).\n - If `replicaset` and `srv_record_name` provided, then `repo_node` blocks must be dynamic (see `dynamic`).\n" }, "srvRecordName": { "type": "string", "description": "Name of a DNS SRV record which contains cluster topology details. If specified, then all `repo_node` blocks must be declared dynamic (see `dynamic`). Only supported for `server_type=\"sharded\"` or `server_type=\"replicaset\".\n" } }, "type": "object", "required": [ "serverType" ] }, "cyral:index/RepositoryNetworkAccessPolicyNetworkAccessRule:RepositoryNetworkAccessPolicyNetworkAccessRule": { "properties": { "dbAccounts": { "type": "array", "items": { "type": "string" }, "description": "Specify which accounts this rule applies to. The account name must match an existing account in your database.\n" }, "description": { "type": "string", "description": "Description of the network access policy.\n" }, "name": { "type": "string", "description": "Name of the rule.\n" }, "sourceIps": { "type": "array", "items": { "type": "string" }, "description": "Specify IPs to restrict the range of allowed IP addresses for this rule.\n" } }, "type": "object", "required": [ "name" ] }, "cyral:index/RepositoryRedshiftSettings:RepositoryRedshiftSettings": { "properties": { "awsRegion": { "type": "string", "description": "Code of the AWS region where the Redshift instance is deployed.\n" }, "clusterIdentifier": { "type": "string", "description": "Name of the provisioned cluster.\n" }, "workgroupName": { "type": "string", "description": "Workgroup name for serverless cluster.\n" } }, "type": "object" }, "cyral:index/RepositoryRepoNode:RepositoryRepoNode": { "properties": { "dynamic": { "type": "boolean", "description": "*Only supported for MongoDB in cluster configurations.*\nIndicates if the node is dynamically discovered, meaning that the sidecar will query the cluster to get the topology information and discover the addresses of the dynamic nodes. If set to `true`, `host` and `port` must be empty. A node with value of this field as false considered `static`.\nThe following conditions apply: \n - The total number of declared `repo_node` blocks must match the actual number of nodes in the cluster.\n - If there are static nodes in the configuration, they must be declared before all dynamic nodes.\n - See the MongoDB-specific configuration in the mongodb_settings.\n" }, "host": { "type": "string", "description": "Repo node host (ex: `somerepo.cyral.com`). Can be empty if node is dynamic.\n" }, "name": { "type": "string", "description": "Name of the repo node.\n" }, "port": { "type": "number", "description": "Repository access port (ex: `3306`). Can be empty if node is dynamic.\n" } }, "type": "object" }, "cyral:index/RepositoryUserAccountApprovalConfig:RepositoryUserAccountApprovalConfig": { "properties": { "automaticGrant": { "type": "boolean", "description": "If `true`, approvals can be automatically granted.\n" }, "maxAutoGrantDuration": { "type": "string", "description": "The maximum duration in seconds for approvals can be automatically granted. E.g.: `\"2000s\"`, `\"3000.5s\"\n" } }, "type": "object", "required": [ "automaticGrant", "maxAutoGrantDuration" ] }, "cyral:index/RepositoryUserAccountAuthScheme:RepositoryUserAccountAuthScheme": { "properties": { "awsIam": { "$ref": "#/types/cyral:index%2FRepositoryUserAccountAuthSchemeAwsIam:RepositoryUserAccountAuthSchemeAwsIam", "description": "Credential option to set the repository user account from AWS IAM.\n" }, "awsSecretsManager": { "$ref": "#/types/cyral:index%2FRepositoryUserAccountAuthSchemeAwsSecretsManager:RepositoryUserAccountAuthSchemeAwsSecretsManager", "description": "Credential option to set the repository user account from AWS Secrets Manager.\n" }, "azureKeyVault": { "$ref": "#/types/cyral:index%2FRepositoryUserAccountAuthSchemeAzureKeyVault:RepositoryUserAccountAuthSchemeAzureKeyVault", "description": "Credential option to set the repository user account from Azure Key Vault.\n" }, "cyralStorage": { "$ref": "#/types/cyral:index%2FRepositoryUserAccountAuthSchemeCyralStorage:RepositoryUserAccountAuthSchemeCyralStorage", "description": "Credential option to set the repository user account from Cyral Storage.\n" }, "environmentVariable": { "$ref": "#/types/cyral:index%2FRepositoryUserAccountAuthSchemeEnvironmentVariable:RepositoryUserAccountAuthSchemeEnvironmentVariable", "description": "Credential option to set the repository user account from Environment Variable.\n" }, "gcpSecretsManager": { "$ref": "#/types/cyral:index%2FRepositoryUserAccountAuthSchemeGcpSecretsManager:RepositoryUserAccountAuthSchemeGcpSecretsManager", "description": "Credential option to set the repository user account from GCP Secrets Manager.\n" }, "hashicorpVault": { "$ref": "#/types/cyral:index%2FRepositoryUserAccountAuthSchemeHashicorpVault:RepositoryUserAccountAuthSchemeHashicorpVault" }, "kubernetesSecret": { "$ref": "#/types/cyral:index%2FRepositoryUserAccountAuthSchemeKubernetesSecret:RepositoryUserAccountAuthSchemeKubernetesSecret", "description": "Credential option to set the repository user account from a Kubernetes secret.\n" } }, "type": "object" }, "cyral:index/RepositoryUserAccountAuthSchemeAwsIam:RepositoryUserAccountAuthSchemeAwsIam": { "properties": { "authenticateAsIamRole": { "type": "boolean", "description": "Indicates whether to access as an AWS IAM role (`true`)or a native database user (`false`). Defaults to `false`.\n" }, "roleArn": { "type": "string", "description": "The AWS IAM roleARN to gain access to the database.\n" } }, "type": "object", "required": [ "roleArn" ] }, "cyral:index/RepositoryUserAccountAuthSchemeAwsSecretsManager:RepositoryUserAccountAuthSchemeAwsSecretsManager": { "properties": { "secretArn": { "type": "string", "description": "The AWS Secrets Manager secretARN to gain access to the database.\n" } }, "type": "object", "required": [ "secretArn" ] }, "cyral:index/RepositoryUserAccountAuthSchemeAzureKeyVault:RepositoryUserAccountAuthSchemeAzureKeyVault": { "properties": { "secretUrl": { "type": "string", "description": "The URL of the secret in the Azure Key Vault.\n" } }, "type": "object", "required": [ "secretUrl" ] }, "cyral:index/RepositoryUserAccountAuthSchemeCyralStorage:RepositoryUserAccountAuthSchemeCyralStorage": { "properties": { "password": { "type": "string", "description": "The Cyral Storage password to gain access to the database.\n", "secret": true } }, "type": "object", "required": [ "password" ] }, "cyral:index/RepositoryUserAccountAuthSchemeEnvironmentVariable:RepositoryUserAccountAuthSchemeEnvironmentVariable": { "properties": { "variableName": { "type": "string", "description": "Name of the environment variable that will store credentials.\n" } }, "type": "object", "required": [ "variableName" ] }, "cyral:index/RepositoryUserAccountAuthSchemeGcpSecretsManager:RepositoryUserAccountAuthSchemeGcpSecretsManager": { "properties": { "secretName": { "type": "string", "description": "The unique identifier of the secret in GCP Secrets Manager.\n" } }, "type": "object", "required": [ "secretName" ] }, "cyral:index/RepositoryUserAccountAuthSchemeHashicorpVault:RepositoryUserAccountAuthSchemeHashicorpVault": { "properties": { "isDynamicUserAccount": { "type": "boolean", "description": "Some Vault engines allow the dynamic creation of user accounts, meaning the username used to log in to the database may change from time to time.\n" }, "path": { "type": "string", "description": "The location in the Vault where the database username and password may be retrieved.\n" } }, "type": "object", "required": [ "isDynamicUserAccount", "path" ] }, "cyral:index/RepositoryUserAccountAuthSchemeKubernetesSecret:RepositoryUserAccountAuthSchemeKubernetesSecret": { "properties": { "secretKey": { "type": "string", "description": "The key of the credentials JSON blob within the secret.\n" }, "secretName": { "type": "string", "description": "The unique identifier of the secret in Kubernetes.\n" } }, "type": "object", "required": [ "secretKey", "secretName" ] }, "cyral:index/RolePermissions:RolePermissions": { "properties": { "approvalManagement": { "type": "boolean", "description": "Allows approving or denying approval requests on Cyral Control Plane. Defaults to `false`.\n" }, "modifyIntegrations": { "type": "boolean", "description": "Allows modifying integrations on Cyral Control Plane. Defaults to `false`.\n" }, "modifyPolicies": { "type": "boolean", "description": "Allows modifying policies on Cyral Control Plane. Defaults to `false`.\n" }, "modifyRoles": { "type": "boolean", "description": "Allows modifying roles on Cyral Control Plane. Defaults to `false`.\n" }, "modifySidecarsAndRepositories": { "type": "boolean", "description": "Allows modifying sidecars and repositories on Cyral Control Plane. Defaults to `false`.\n" }, "modifyUsers": { "type": "boolean", "description": "Allows modifying users on Cyral Control Plane. Defaults to `false`.\n" }, "repoCrawler": { "type": "boolean", "description": "Allows running the Cyral repo crawler data classifier and user discovery. Defaults to `false`.\n" }, "viewAuditLogs": { "type": "boolean", "description": "Allows viewing audit logs on Cyral Control Plane. Defaults to `false`.\n" }, "viewDatamaps": { "type": "boolean", "description": "Allows viewing datamaps on Cyral Control Plane. Defaults to `false`.\n" }, "viewIntegrations": { "type": "boolean", "description": "Allows viewing integrations on Cyral Control Plane. Defaults to `false`.\n" }, "viewPolicies": { "type": "boolean", "description": "Allows viewing policies on Cyral Control Plane. Defaults to `false`.\n" }, "viewRoles": { "type": "boolean", "description": "Allows viewing roles on Cyral Control Plane. Defaults to `false`.\n" }, "viewUsers": { "type": "boolean", "description": "Allows viewing users on Cyral Control Plane. Defaults to `false`.\n" } }, "type": "object" }, "cyral:index/RoleSsoGroupsSsoGroup:RoleSsoGroupsSsoGroup": { "properties": { "groupName": { "type": "string", "description": "The name of the SSO group to be mapped.\n" }, "id": { "type": "string", "description": "The ID of an SSO group mapping.\n" }, "idpId": { "type": "string", "description": "The ID of the identity provider integration to be mapped.\n" }, "idpName": { "type": "string", "description": "The name of the identity provider integration of an SSO group mapping.\n" } }, "type": "object", "required": [ "groupName", "idpId" ], "language": { "nodejs": { "requiredOutputs": [ "groupName", "id", "idpId", "idpName" ] } } }, "cyral:index/SidecarCertificateBundleSecrets:SidecarCertificateBundleSecrets": { "properties": { "sidecar": { "$ref": "#/types/cyral:index%2FSidecarCertificateBundleSecretsSidecar:SidecarCertificateBundleSecretsSidecar", "description": "Certificate Bundle Secret for sidecar.\n" } }, "type": "object", "required": [ "sidecar" ] }, "cyral:index/SidecarCertificateBundleSecretsSidecar:SidecarCertificateBundleSecretsSidecar": { "properties": { "engine": { "type": "string", "description": "Engine is the name of the engine used with the given secrets manager type, when applicable.\n" }, "secretId": { "type": "string", "description": "Secret ID is the identifier or location for the secret that holds the certificate bundle.\n" }, "type": { "type": "string", "description": "Type identifies the secret manager used to store the secret. Valid values are: `aws` and `k8s`.\n" } }, "type": "object", "required": [ "secretId", "type" ] }, "cyral:index/SidecarListenerDynamodbSettings:SidecarListenerDynamodbSettings": { "properties": { "proxyMode": { "type": "boolean", "description": "DynamoDB proxy mode. Only relevant for listeners of type `dynamodb` or `dynamodbstreams` and must always be set to `true` for these listener types. Defaults to false. When `true`, instructs the sidecar to operate as an HTTP Proxy server. Client applications need to be explicitly configured to send the traffic through an HTTP proxy server, represented by the Cyral sidecar endpoint + the DynamoDB listening port. It is indicated when connecting from CLI applications, such as `aws cli`, or through the AWS SDK.Setting this value to `false` for the `dynamodb` and `dynamodbstreams` listeners types is currently not allowed and is reserved for future use.\n" } }, "type": "object" }, "cyral:index/SidecarListenerMysqlSettings:SidecarListenerMysqlSettings": { "properties": { "characterSet": { "type": "string", "description": "MySQL character set. Optional (and only relevant) for listeners of types `mysql` and `mariadb`. The sidecar automatically derives this value out of the server version specified in the dbVersion field. This field should only be populated if the database was configured, at deployment time, to use a global character set different from the database default. The char set is extracted from the collation informed. The list of possible collations can be extracted from the column `collation` by running the command `SHOW COLLATION` in the target database.\n" }, "dbVersion": { "type": "string", "description": "MySQL advertised DB version. Required (and only relevant) for listeners of types `mysql` and `mariadb`. This value represents the MySQL/MariaDB server version that the Cyral sidecar will use to present itself to client applications. Different applications, especially JDBC-based ones, may behave differently according to the version of the database they are connecting to. It is crucial that version value specified in this field to be either the same value as the underlying database version, or to be a compatible one. For a compatibility reference, refer to our [public docs](https://cyral.com/docs/sidecars/manage/bind-repo). Example values: `\"5.7.3\"`, `\"8.0.4\"` or `\"10.2.1\"`.\n" } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "characterSet" ] } } }, "cyral:index/SidecarListenerNetworkAddress:SidecarListenerNetworkAddress": { "properties": { "host": { "type": "string", "description": "Host where the sidecar will listen for the given repository, in the case where the sidecar is deployed on a host with multiple network interfaces. If omitted, the sidecar will assume the default \"0.0.0.0\" and listen on all network interfaces.\n" }, "port": { "type": "number", "description": "Port where the sidecar will listen for the given repository.\n" } }, "type": "object", "required": [ "port" ] }, "cyral:index/SidecarListenerS3Settings:SidecarListenerS3Settings": { "properties": { "proxyMode": { "type": "boolean", "description": "S3 proxy mode. Only relevant for S3 listeners. Allowed values: [true, false]. Defaults to `false`. When `true`, instructs the sidecar to operate as an HTTP Proxy server. Client applications need to be explicitly configured to send the traffic through an HTTP proxy server, represented by the Cyral sidecar endpoint + the S3 listening port. It is indicated when connecting from CLI applications, such as `aws cli`, or through the AWS SDK. This listener mode is functional for client applications using either AWS native credentials, e.g. Access Key ID/Secret Access Key, or Cyral-Provided access tokens (Single Sign-On connections). When `false`, instructs the sidecar to mimic the actual behavior of AWS S3, meaning client applications will not be aware of a middleware HTTP proxy in the path to S3. This listener mode is only compatible with applications using Cyral-Provided access tokens and is must used when configuring the Cyral S3 Browser. This mode is currently not recommended for any other use besides the Cyral S3 Browser.\n" } }, "type": "object" }, "cyral:index/SidecarListenerSqlserverSettings:SidecarListenerSqlserverSettings": { "properties": { "version": { "type": "string", "description": "Advertised SQL Server version. Required (and only relevant) for Listeners of type 'sqlserver' The format of the version should be .. API will validate that the version is a valid version number. Major version is an integer in range 0-255. Minor version is an integer in range 0-255. Build number is an integer in range 0-65535. Example: 16.0.1000 To get the version of the SQL Server runtime, run the following query: SELECT SERVERPROPERTY('productversion') Note: If the query returns a four part version number, only the first three parts should be used. Example: 16.0.1000.6 > 16.0.1000\n" } }, "type": "object", "required": [ "version" ] }, "cyral:index/getDatalabelDatalabelList:getDatalabelDatalabelList": { "properties": { "classificationRules": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FgetDatalabelDatalabelListClassificationRule:getDatalabelDatalabelListClassificationRule" } }, "description": { "type": "string" }, "implicit": { "type": "boolean" }, "name": { "type": "string" }, "tags": { "type": "array", "items": { "type": "string" } }, "type": { "type": "string" } }, "type": "object", "required": [ "classificationRules", "description", "implicit", "name", "tags", "type" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getDatalabelDatalabelListClassificationRule:getDatalabelDatalabelListClassificationRule": { "properties": { "ruleCode": { "type": "string" }, "ruleStatus": { "type": "string" }, "ruleType": { "type": "string" } }, "type": "object", "required": [ "ruleCode", "ruleStatus", "ruleType" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getIntegrationIdpIdpList:getIntegrationIdpIdpList": { "properties": { "alias": { "type": "string" }, "displayName": { "type": "string" }, "enabled": { "type": "boolean" }, "singleSignOnServiceUrl": { "type": "string" } }, "type": "object", "required": [ "alias", "displayName", "enabled", "singleSignOnServiceUrl" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getIntegrationIdpSamlIdpList:getIntegrationIdpSamlIdpList": { "properties": { "attributes": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FgetIntegrationIdpSamlIdpListAttribute:getIntegrationIdpSamlIdpListAttribute" } }, "disabled": { "type": "boolean" }, "displayName": { "type": "string" }, "id": { "type": "string" }, "idpDescriptors": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FgetIntegrationIdpSamlIdpListIdpDescriptor:getIntegrationIdpSamlIdpListIdpDescriptor" } }, "idpType": { "type": "string" }, "spMetadatas": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FgetIntegrationIdpSamlIdpListSpMetadata:getIntegrationIdpSamlIdpListSpMetadata" } } }, "type": "object", "required": [ "attributes", "disabled", "displayName", "id", "idpDescriptors", "idpType", "spMetadatas" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getIntegrationIdpSamlIdpListAttribute:getIntegrationIdpSamlIdpListAttribute": { "properties": { "email": { "type": "string" }, "firstName": { "type": "string" }, "groups": { "type": "string" }, "lastName": { "type": "string" } }, "type": "object", "required": [ "email", "firstName", "groups", "lastName" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getIntegrationIdpSamlIdpListIdpDescriptor:getIntegrationIdpSamlIdpListIdpDescriptor": { "properties": { "disableForceAuthentication": { "type": "boolean" }, "signingCertificate": { "type": "string" }, "singleLogoutServiceUrl": { "type": "string" }, "singleSignOnServiceUrl": { "type": "string" } }, "type": "object", "required": [ "disableForceAuthentication", "signingCertificate", "singleLogoutServiceUrl", "singleSignOnServiceUrl" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getIntegrationIdpSamlIdpListSpMetadata:getIntegrationIdpSamlIdpListSpMetadata": { "properties": { "assertionConsumerServices": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FgetIntegrationIdpSamlIdpListSpMetadataAssertionConsumerService:getIntegrationIdpSamlIdpListSpMetadataAssertionConsumerService" } }, "entityId": { "type": "string" }, "singleLogoutUrl": { "type": "string" }, "url": { "type": "string" }, "xmlDocument": { "type": "string" } }, "type": "object", "required": [ "assertionConsumerServices", "entityId", "singleLogoutUrl", "url", "xmlDocument" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getIntegrationIdpSamlIdpListSpMetadataAssertionConsumerService:getIntegrationIdpSamlIdpListSpMetadataAssertionConsumerService": { "properties": { "index": { "type": "number" }, "url": { "type": "string" } }, "type": "object", "required": [ "index", "url" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getIntegrationLoggingIntegration:getIntegrationLoggingIntegration": { "properties": { "cloudwatches": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FgetIntegrationLoggingIntegrationCloudwatch:getIntegrationLoggingIntegrationCloudwatch" } }, "datadogs": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FgetIntegrationLoggingIntegrationDatadog:getIntegrationLoggingIntegrationDatadog" } }, "elk": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FgetIntegrationLoggingIntegrationElk:getIntegrationLoggingIntegrationElk" } }, "fluentBits": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FgetIntegrationLoggingIntegrationFluentBit:getIntegrationLoggingIntegrationFluentBit" } }, "id": { "type": "string" }, "name": { "type": "string" }, "receiveAuditLogs": { "type": "boolean" }, "splunks": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FgetIntegrationLoggingIntegrationSplunk:getIntegrationLoggingIntegrationSplunk" } }, "sumoLogics": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FgetIntegrationLoggingIntegrationSumoLogic:getIntegrationLoggingIntegrationSumoLogic" } } }, "type": "object", "required": [ "cloudwatches", "datadogs", "elk", "fluentBits", "id", "name", "receiveAuditLogs", "splunks", "sumoLogics" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getIntegrationLoggingIntegrationCloudwatch:getIntegrationLoggingIntegrationCloudwatch": { "properties": { "group": { "type": "string" }, "region": { "type": "string" }, "stream": { "type": "string" } }, "type": "object", "required": [ "group", "region", "stream" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getIntegrationLoggingIntegrationDatadog:getIntegrationLoggingIntegrationDatadog": { "properties": { "apiKey": { "type": "string" } }, "type": "object", "required": [ "apiKey" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getIntegrationLoggingIntegrationElk:getIntegrationLoggingIntegrationElk": { "properties": { "esCredentials": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FgetIntegrationLoggingIntegrationElkEsCredential:getIntegrationLoggingIntegrationElkEsCredential" } }, "esUrl": { "type": "string" }, "kibanaUrl": { "type": "string" } }, "type": "object", "required": [ "esCredentials", "esUrl", "kibanaUrl" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getIntegrationLoggingIntegrationElkEsCredential:getIntegrationLoggingIntegrationElkEsCredential": { "properties": { "password": { "type": "string" }, "username": { "type": "string" } }, "type": "object", "required": [ "password", "username" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getIntegrationLoggingIntegrationFluentBit:getIntegrationLoggingIntegrationFluentBit": { "properties": { "config": { "type": "string" }, "skipValidate": { "type": "boolean" } }, "type": "object", "required": [ "config", "skipValidate" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getIntegrationLoggingIntegrationSplunk:getIntegrationLoggingIntegrationSplunk": { "properties": { "accessToken": { "type": "string" }, "hecPort": { "type": "string" }, "hostname": { "type": "string" }, "index": { "type": "string" }, "useTls": { "type": "boolean" } }, "type": "object", "required": [ "accessToken", "hecPort", "hostname", "index", "useTls" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getIntegrationLoggingIntegrationSumoLogic:getIntegrationLoggingIntegrationSumoLogic": { "properties": { "address": { "type": "string" } }, "type": "object", "required": [ "address" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getPermissionPermissionList:getPermissionPermissionList": { "properties": { "description": { "type": "string" }, "id": { "type": "string" }, "name": { "type": "string" } }, "type": "object", "required": [ "description", "id", "name" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getPolicySetPolicy:getPolicySetPolicy": { "properties": { "id": { "type": "string" }, "type": { "type": "string" } }, "type": "object", "required": [ "id", "type" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getPolicySetScope:getPolicySetScope": { "properties": { "repoIds": { "type": "array", "items": { "type": "string" } } }, "type": "object", "required": [ "repoIds" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getPolicyV2Scope:getPolicyV2Scope": { "properties": { "repoIds": { "type": "array", "items": { "type": "string" } } }, "type": "object", "required": [ "repoIds" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getPolicyWizardsWizard:getPolicyWizardsWizard": { "properties": { "description": { "type": "string" }, "id": { "type": "string" }, "name": { "type": "string" }, "parameterSchema": { "type": "string" }, "tags": { "type": "array", "items": { "type": "string" } } }, "type": "object", "required": [ "description", "id", "name", "parameterSchema", "tags" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getRepositoryRepositoryList:getRepositoryRepositoryList": { "properties": { "connectionDrainings": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FgetRepositoryRepositoryListConnectionDraining:getRepositoryRepositoryListConnectionDraining" } }, "id": { "type": "string" }, "labels": { "type": "array", "items": { "type": "string" } }, "mongodbSettings": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FgetRepositoryRepositoryListMongodbSetting:getRepositoryRepositoryListMongodbSetting" } }, "name": { "type": "string" }, "repoNodes": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FgetRepositoryRepositoryListRepoNode:getRepositoryRepositoryListRepoNode" } }, "type": { "type": "string" } }, "type": "object", "required": [ "connectionDrainings", "id", "labels", "mongodbSettings", "name", "repoNodes", "type" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getRepositoryRepositoryListConnectionDraining:getRepositoryRepositoryListConnectionDraining": { "properties": { "auto": { "type": "boolean" }, "waitTime": { "type": "number" } }, "type": "object", "required": [ "auto", "waitTime" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getRepositoryRepositoryListMongodbSetting:getRepositoryRepositoryListMongodbSetting": { "properties": { "flavor": { "type": "string" }, "replicaSetName": { "type": "string" }, "serverType": { "type": "string" }, "srvRecordName": { "type": "string" } }, "type": "object", "required": [ "flavor", "replicaSetName", "serverType", "srvRecordName" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getRepositoryRepositoryListRepoNode:getRepositoryRepositoryListRepoNode": { "properties": { "dynamic": { "type": "boolean" }, "host": { "type": "string" }, "name": { "type": "string" }, "port": { "type": "number" } }, "type": "object", "required": [ "dynamic", "host", "name", "port" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getRoleRoleList:getRoleRoleList": { "properties": { "description": { "type": "string" }, "id": { "type": "string" }, "members": { "type": "array", "items": { "type": "string" } }, "name": { "type": "string" }, "roles": { "type": "array", "items": { "type": "string" } }, "ssoGroups": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FgetRoleRoleListSsoGroup:getRoleRoleListSsoGroup" } } }, "type": "object", "required": [ "description", "id", "members", "name", "roles", "ssoGroups" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getRoleRoleListSsoGroup:getRoleRoleListSsoGroup": { "properties": { "groupName": { "type": "string" }, "id": { "type": "string" }, "idpId": { "type": "string" }, "idpName": { "type": "string" } }, "type": "object", "required": [ "groupName", "id", "idpId", "idpName" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getSidecarCftTemplateAwsConfiguration:getSidecarCftTemplateAwsConfiguration": { "properties": { "keyName": { "type": "string", "description": "Key-pair name that will be associated to the sidecar EC2 instances.\n" }, "publiclyAccessible": { "type": "boolean", "description": "Defines a public IP and an internet-facing LB if set to `true`.\n" } }, "type": "object", "required": [ "publiclyAccessible" ] }, "cyral:index/getSidecarInstanceInstanceList:getSidecarInstanceInstanceList": { "properties": { "id": { "type": "string", "description": "Instance identifier. Varies according to the computing platform that the sidecar is deployed to.\n" }, "metadatas": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FgetSidecarInstanceInstanceListMetadata:getSidecarInstanceInstanceListMetadata" }, "description": "Instance metadata.\n" }, "monitorings": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FgetSidecarInstanceInstanceListMonitoring:getSidecarInstanceInstanceListMonitoring" }, "description": "Instance monitoring information, such as its overall health.\n" } }, "type": "object", "required": [ "id", "metadatas", "monitorings" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getSidecarInstanceInstanceListMetadata:getSidecarInstanceInstanceListMetadata": { "properties": { "capabilities": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FgetSidecarInstanceInstanceListMetadataCapability:getSidecarInstanceInstanceListMetadataCapability" }, "description": "Set of capabilities that can be enabled or disabled. **Note**: This field is per-instance, not per-sidecar, because not all sidecar instances might be in sync at some point in time.\n" }, "dynamicVersion": { "type": "boolean", "description": "If true, indicates that the instance has dynamic versioning, that means that the version is not fixed at template level and it can be automatically upgraded.\n" }, "lastRegistration": { "type": "string", "description": "The last time the instance reported to the Control Plane.\n" }, "recycling": { "type": "boolean", "description": "Indicates whether the Control Plane has asked the instance to mark itself unhealthy so that it is recycled by the infrastructure.\n" }, "startTimestamp": { "type": "string", "description": "The time when the instance started.\n" }, "version": { "type": "string", "description": "Sidecar version that the instance is using.\n" } }, "type": "object", "required": [ "capabilities", "dynamicVersion", "lastRegistration", "recycling", "startTimestamp", "version" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getSidecarInstanceInstanceListMetadataCapability:getSidecarInstanceInstanceListMetadataCapability": { "properties": { "recyclable": { "type": "boolean", "description": "Indicates if sidecar instance will be recycled (e.g., by an ASG) if it reports itself as unhealthy.\n" } }, "type": "object", "required": [ "recyclable" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getSidecarInstanceInstanceListMonitoring:getSidecarInstanceInstanceListMonitoring": { "properties": { "services": { "type": "object", "additionalProperties": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FgetSidecarInstanceInstanceListMonitoringServices:getSidecarInstanceInstanceListMonitoringServices" } }, "description": "Sidecar instance services monitoring information.\n" }, "status": { "type": "string", "description": "Aggregated status of all the sidecar services.\n" } }, "type": "object", "required": [ "services", "status" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getSidecarInstanceInstanceListMonitoringServices:getSidecarInstanceInstanceListMonitoringServices": { "properties": { "components": { "type": "object", "additionalProperties": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FgetSidecarInstanceInstanceListMonitoringServicesComponents:getSidecarInstanceInstanceListMonitoringServicesComponents" } }, "description": "Map of name to monitoring component. A component is a monitored check on the service that has its own status.\n" }, "host": { "type": "string", "description": "Service host on the deployment.\n" }, "metricsPort": { "type": "number", "description": "Metrics port for service monitoring.\n" }, "status": { "type": "string", "description": "Aggregated status of sidecar service.\n" } }, "type": "object", "required": [ "components", "host", "metricsPort", "status" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getSidecarInstanceInstanceListMonitoringServicesComponents:getSidecarInstanceInstanceListMonitoringServicesComponents": { "properties": { "description": { "type": "string", "description": "Describes what the type of check the component represents.\n" }, "error": { "type": "string", "description": "Error that describes what caused the current status.\n" }, "status": { "type": "string", "description": "Component status.\n" } }, "type": "object", "required": [ "description", "error", "status" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getSidecarListenerListenerList:getSidecarListenerListenerList": { "properties": { "dynamodbSettings": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FgetSidecarListenerListenerListDynamodbSetting:getSidecarListenerListenerListDynamodbSetting" } }, "listenerId": { "type": "string" }, "mysqlSettings": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FgetSidecarListenerListenerListMysqlSetting:getSidecarListenerListenerListMysqlSetting" } }, "networkAddresses": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FgetSidecarListenerListenerListNetworkAddress:getSidecarListenerListenerListNetworkAddress" } }, "repoTypes": { "type": "array", "items": { "type": "string" } }, "s3Settings": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FgetSidecarListenerListenerListS3Setting:getSidecarListenerListenerListS3Setting" } }, "sidecarId": { "type": "string" }, "sqlserverSettings": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FgetSidecarListenerListenerListSqlserverSetting:getSidecarListenerListenerListSqlserverSetting" } } }, "type": "object", "required": [ "dynamodbSettings", "listenerId", "mysqlSettings", "networkAddresses", "repoTypes", "s3Settings", "sidecarId", "sqlserverSettings" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getSidecarListenerListenerListDynamodbSetting:getSidecarListenerListenerListDynamodbSetting": { "properties": { "proxyMode": { "type": "boolean" } }, "type": "object", "required": [ "proxyMode" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getSidecarListenerListenerListMysqlSetting:getSidecarListenerListenerListMysqlSetting": { "properties": { "characterSet": { "type": "string" }, "dbVersion": { "type": "string" } }, "type": "object", "required": [ "characterSet", "dbVersion" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getSidecarListenerListenerListNetworkAddress:getSidecarListenerListenerListNetworkAddress": { "properties": { "host": { "type": "string" }, "port": { "type": "number" } }, "type": "object", "required": [ "host", "port" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getSidecarListenerListenerListS3Setting:getSidecarListenerListenerListS3Setting": { "properties": { "proxyMode": { "type": "boolean" } }, "type": "object", "required": [ "proxyMode" ], "language": { "nodejs": { "requiredInputs": [] } } }, "cyral:index/getSidecarListenerListenerListSqlserverSetting:getSidecarListenerListenerListSqlserverSetting": { "properties": { "version": { "type": "string" } }, "type": "object", "required": [ "version" ], "language": { "nodejs": { "requiredInputs": [] } } } }, "provider": { "description": "The provider type for the cyral package. By default, resources use package-wide configuration\nsettings, however an explicit `Provider` instance may be created and passed during resource\nconstruction to achieve fine-grained programmatic control over provider settings. See the\n[documentation](https://www.pulumi.com/docs/reference/programming-model/#providers) for more information.\n", "properties": { "clientId": { "type": "string", "description": "Client id used to authenticate against the control plane. Can be ommited and declared using the environment variable\n`CYRAL_TF_CLIENT_ID`.\n", "secret": true }, "clientSecret": { "type": "string", "description": "Client secret used to authenticate against the control plane. Can be ommited and declared using the environment variable\n`CYRAL_TF_CLIENT_SECRET`.\n", "secret": true }, "controlPlane": { "type": "string", "description": "Control plane host and API port (ex: `tenant.app.cyral.com`)\n" } }, "type": "object", "required": [ "controlPlane" ], "inputProperties": { "clientId": { "type": "string", "description": "Client id used to authenticate against the control plane. Can be ommited and declared using the environment variable\n`CYRAL_TF_CLIENT_ID`.\n", "secret": true }, "clientSecret": { "type": "string", "description": "Client secret used to authenticate against the control plane. Can be ommited and declared using the environment variable\n`CYRAL_TF_CLIENT_SECRET`.\n", "secret": true }, "controlPlane": { "type": "string", "description": "Control plane host and API port (ex: `tenant.app.cyral.com`)\n" }, "tlsSkipVerify": { "type": "boolean", "description": "Specifies if the client will verify the TLS server certificate used by the control plane. If set to `true`, the client\nwill not verify the server certificate, hence, it will allow insecure connections to be established. This should be set\nonly for testing and is not recommended to be used in production environments. Can be set through the\n`CYRAL_TF_TLS_SKIP_VERIFY` environment variable. Defaults to `false`.\n" } }, "requiredInputs": [ "controlPlane" ] }, "resources": { "cyral:index/accessTokenSettings:AccessTokenSettings": { "description": "## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst current = new cyral.AccessTokenSettings(\"current\", {\n defaultValidity: \"36000s\",\n maxNumberOfTokensPerUser: 3,\n maxValidity: \"72000s\",\n offlineTokenValidation: true,\n tokenLength: 16,\n});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\ncurrent = cyral.AccessTokenSettings(\"current\",\n default_validity=\"36000s\",\n max_number_of_tokens_per_user=3,\n max_validity=\"72000s\",\n offline_token_validation=True,\n token_length=16)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var current = new Cyral.AccessTokenSettings(\"current\", new()\n {\n DefaultValidity = \"36000s\",\n MaxNumberOfTokensPerUser = 3,\n MaxValidity = \"72000s\",\n OfflineTokenValidation = true,\n TokenLength = 16,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cyral.NewAccessTokenSettings(ctx, \"current\", &cyral.AccessTokenSettingsArgs{\n\t\t\tDefaultValidity: pulumi.String(\"36000s\"),\n\t\t\tMaxNumberOfTokensPerUser: pulumi.Float64(3),\n\t\t\tMaxValidity: pulumi.String(\"72000s\"),\n\t\t\tOfflineTokenValidation: pulumi.Bool(true),\n\t\t\tTokenLength: pulumi.Float64(16),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.AccessTokenSettings;\nimport com.pulumi.cyral.AccessTokenSettingsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var current = new AccessTokenSettings(\"current\", AccessTokenSettingsArgs.builder()\n .defaultValidity(\"36000s\")\n .maxNumberOfTokensPerUser(3)\n .maxValidity(\"72000s\")\n .offlineTokenValidation(true)\n .tokenLength(16)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n current:\n type: cyral:AccessTokenSettings\n properties:\n defaultValidity: 36000s\n maxNumberOfTokensPerUser: 3\n maxValidity: 72000s\n offlineTokenValidation: true\n tokenLength: 16\n```\n\n", "properties": { "defaultValidity": { "type": "string", "description": "The default duration used for access token validity. Defaults to `36000s`. Should follow the protobuf duration string format, which corresponds to a sequence of decimal numbers suffixed by a 's' at the end, representing the duration in seconds. For example: `300s`, `60s`, `10.50s`, etc.\n" }, "maxNumberOfTokensPerUser": { "type": "number", "description": "The maximum number of access tokens that a user can have at the same time. Must be between `1` and `5` (inclusive). Defaults to `3`.\n" }, "maxValidity": { "type": "string", "description": "The maximum duration that a user can request for access token validity. Defaults to `36000s`. Should follow the protobuf duration string format, which corresponds to a sequence of decimal numbers suffixed by a 's' at the end, representing the duration in seconds. For example: `300s`, `60s`, `10.50s`, etc.\n" }, "offlineTokenValidation": { "type": "boolean", "description": "The configuration that determines if the sidecar should perform access token validation independently using cached token values. If this is `true`, the sidecar will be able to validate and authenticate database access even when it cannot reach the Control Plane. Defaults to `true`.\n" }, "tokenLength": { "type": "number", "description": "The number of characters of the access token plaintext value. Valid values are `8`, `12` and `16`. Defaults to `16`.\n" } }, "type": "object", "inputProperties": { "defaultValidity": { "type": "string", "description": "The default duration used for access token validity. Defaults to `36000s`. Should follow the protobuf duration string format, which corresponds to a sequence of decimal numbers suffixed by a 's' at the end, representing the duration in seconds. For example: `300s`, `60s`, `10.50s`, etc.\n" }, "maxNumberOfTokensPerUser": { "type": "number", "description": "The maximum number of access tokens that a user can have at the same time. Must be between `1` and `5` (inclusive). Defaults to `3`.\n" }, "maxValidity": { "type": "string", "description": "The maximum duration that a user can request for access token validity. Defaults to `36000s`. Should follow the protobuf duration string format, which corresponds to a sequence of decimal numbers suffixed by a 's' at the end, representing the duration in seconds. For example: `300s`, `60s`, `10.50s`, etc.\n" }, "offlineTokenValidation": { "type": "boolean", "description": "The configuration that determines if the sidecar should perform access token validation independently using cached token values. If this is `true`, the sidecar will be able to validate and authenticate database access even when it cannot reach the Control Plane. Defaults to `true`.\n" }, "tokenLength": { "type": "number", "description": "The number of characters of the access token plaintext value. Valid values are `8`, `12` and `16`. Defaults to `16`.\n" } }, "stateInputs": { "description": "Input properties used for looking up and filtering AccessTokenSettings resources.\n", "properties": { "defaultValidity": { "type": "string", "description": "The default duration used for access token validity. Defaults to `36000s`. Should follow the protobuf duration string format, which corresponds to a sequence of decimal numbers suffixed by a 's' at the end, representing the duration in seconds. For example: `300s`, `60s`, `10.50s`, etc.\n" }, "maxNumberOfTokensPerUser": { "type": "number", "description": "The maximum number of access tokens that a user can have at the same time. Must be between `1` and `5` (inclusive). Defaults to `3`.\n" }, "maxValidity": { "type": "string", "description": "The maximum duration that a user can request for access token validity. Defaults to `36000s`. Should follow the protobuf duration string format, which corresponds to a sequence of decimal numbers suffixed by a 's' at the end, representing the duration in seconds. For example: `300s`, `60s`, `10.50s`, etc.\n" }, "offlineTokenValidation": { "type": "boolean", "description": "The configuration that determines if the sidecar should perform access token validation independently using cached token values. If this is `true`, the sidecar will be able to validate and authenticate database access even when it cannot reach the Control Plane. Defaults to `true`.\n" }, "tokenLength": { "type": "number", "description": "The number of characters of the access token plaintext value. Valid values are `8`, `12` and `16`. Defaults to `16`.\n" } }, "type": "object" } }, "cyral:index/datalabel:Datalabel": { "description": "Manages data labels. Data labels are part of the Cyral [Data Map](https://cyral.com/docs/policy/datamap).\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst nAME = new cyral.Datalabel(\"nAME\", {\n classificationRule: {\n ruleCode: \"some-rego-code\",\n ruleStatus: \"ENABLED\",\n ruleType: \"REGO\",\n },\n description: \"Customer name\",\n tags: [\n \"PII\",\n \"SENSITIVE\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nn_ame = cyral.Datalabel(\"nAME\",\n classification_rule={\n \"rule_code\": \"some-rego-code\",\n \"rule_status\": \"ENABLED\",\n \"rule_type\": \"REGO\",\n },\n description=\"Customer name\",\n tags=[\n \"PII\",\n \"SENSITIVE\",\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var nAME = new Cyral.Datalabel(\"nAME\", new()\n {\n ClassificationRule = new Cyral.Inputs.DatalabelClassificationRuleArgs\n {\n RuleCode = \"some-rego-code\",\n RuleStatus = \"ENABLED\",\n RuleType = \"REGO\",\n },\n Description = \"Customer name\",\n Tags = new[]\n {\n \"PII\",\n \"SENSITIVE\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cyral.NewDatalabel(ctx, \"nAME\", &cyral.DatalabelArgs{\n\t\t\tClassificationRule: &cyral.DatalabelClassificationRuleArgs{\n\t\t\t\tRuleCode: pulumi.String(\"some-rego-code\"),\n\t\t\t\tRuleStatus: pulumi.String(\"ENABLED\"),\n\t\t\t\tRuleType: pulumi.String(\"REGO\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"Customer name\"),\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"PII\"),\n\t\t\t\tpulumi.String(\"SENSITIVE\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.Datalabel;\nimport com.pulumi.cyral.DatalabelArgs;\nimport com.pulumi.cyral.inputs.DatalabelClassificationRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var nAME = new Datalabel(\"nAME\", DatalabelArgs.builder()\n .classificationRule(DatalabelClassificationRuleArgs.builder()\n .ruleCode(\"some-rego-code\")\n .ruleStatus(\"ENABLED\")\n .ruleType(\"REGO\")\n .build())\n .description(\"Customer name\")\n .tags( \n \"PII\",\n \"SENSITIVE\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n nAME:\n type: cyral:Datalabel\n properties:\n classificationRule:\n ruleCode: some-rego-code\n ruleStatus: ENABLED\n ruleType: REGO\n description: Customer name\n tags:\n - PII\n - SENSITIVE\n```\n\n", "properties": { "classificationRule": { "$ref": "#/types/cyral:index%2FDatalabelClassificationRule:DatalabelClassificationRule", "description": "Classification rules are used by the [Automatic Data Map](https://cyral.com/docs/policy/repo-crawler/use-auto-mapping/)\nfeature to automatically map data locations to labels.\n" }, "datalabelId": { "type": "string" }, "description": { "type": "string", "description": "Description of the data label.\n" }, "name": { "type": "string", "description": "Name of the data label.\n" }, "tags": { "type": "array", "items": { "type": "string" }, "description": "Tags that can be used to categorize data labels.\n" } }, "type": "object", "required": [ "datalabelId", "name" ], "inputProperties": { "classificationRule": { "$ref": "#/types/cyral:index%2FDatalabelClassificationRule:DatalabelClassificationRule", "description": "Classification rules are used by the [Automatic Data Map](https://cyral.com/docs/policy/repo-crawler/use-auto-mapping/)\nfeature to automatically map data locations to labels.\n" }, "datalabelId": { "type": "string" }, "description": { "type": "string", "description": "Description of the data label.\n" }, "name": { "type": "string", "description": "Name of the data label.\n" }, "tags": { "type": "array", "items": { "type": "string" }, "description": "Tags that can be used to categorize data labels.\n" } }, "stateInputs": { "description": "Input properties used for looking up and filtering Datalabel resources.\n", "properties": { "classificationRule": { "$ref": "#/types/cyral:index%2FDatalabelClassificationRule:DatalabelClassificationRule", "description": "Classification rules are used by the [Automatic Data Map](https://cyral.com/docs/policy/repo-crawler/use-auto-mapping/)\nfeature to automatically map data locations to labels.\n" }, "datalabelId": { "type": "string" }, "description": { "type": "string", "description": "Description of the data label.\n" }, "name": { "type": "string", "description": "Name of the data label.\n" }, "tags": { "type": "array", "items": { "type": "string" }, "description": "Tags that can be used to categorize data labels.\n" } }, "type": "object" } }, "cyral:index/integrationAwsIam:IntegrationAwsIam": { "description": "Authenticate users based on AWS IAM credentials.\n", "properties": { "description": { "type": "string", "description": "Optional description of this integration.\n" }, "name": { "type": "string", "description": "The name of this AWS IAM Authentication integration.\n" }, "roleArns": { "type": "array", "items": { "type": "string" }, "description": "List of role ARNs which will be used for authentication.\n" } }, "type": "object", "required": [ "name", "roleArns" ], "inputProperties": { "description": { "type": "string", "description": "Optional description of this integration.\n" }, "name": { "type": "string", "description": "The name of this AWS IAM Authentication integration.\n" }, "roleArns": { "type": "array", "items": { "type": "string" }, "description": "List of role ARNs which will be used for authentication.\n" } }, "requiredInputs": [ "roleArns" ], "stateInputs": { "description": "Input properties used for looking up and filtering IntegrationAwsIam resources.\n", "properties": { "description": { "type": "string", "description": "Optional description of this integration.\n" }, "name": { "type": "string", "description": "The name of this AWS IAM Authentication integration.\n" }, "roleArns": { "type": "array", "items": { "type": "string" }, "description": "List of role ARNs which will be used for authentication.\n" } }, "type": "object" } }, "cyral:index/integrationDatadog:IntegrationDatadog": { "description": "> **DEPRECATED** If configuring Datadog for logging purposes, use resource `cyral.IntegrationLogging` instead.\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst someResourceName = new cyral.IntegrationDatadog(\"someResourceName\", {apiKey: \"\"});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsome_resource_name = cyral.IntegrationDatadog(\"someResourceName\", api_key=\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var someResourceName = new Cyral.IntegrationDatadog(\"someResourceName\", new()\n {\n ApiKey = \"\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cyral.NewIntegrationDatadog(ctx, \"someResourceName\", &cyral.IntegrationDatadogArgs{\n\t\t\tApiKey: pulumi.String(\"\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.IntegrationDatadog;\nimport com.pulumi.cyral.IntegrationDatadogArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var someResourceName = new IntegrationDatadog(\"someResourceName\", IntegrationDatadogArgs.builder()\n .apiKey(\"\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n someResourceName:\n type: cyral:IntegrationDatadog\n properties:\n apiKey: \"\"\n```\n\n", "properties": { "apiKey": { "type": "string", "description": "Datadog API key.\n", "secret": true }, "name": { "type": "string", "description": "Integration name that will be used internally in the control plane.\n" } }, "type": "object", "required": [ "apiKey", "name" ], "inputProperties": { "apiKey": { "type": "string", "description": "Datadog API key.\n", "secret": true }, "name": { "type": "string", "description": "Integration name that will be used internally in the control plane.\n" } }, "requiredInputs": [ "apiKey" ], "stateInputs": { "description": "Input properties used for looking up and filtering IntegrationDatadog resources.\n", "properties": { "apiKey": { "type": "string", "description": "Datadog API key.\n", "secret": true }, "name": { "type": "string", "description": "Integration name that will be used internally in the control plane.\n" } }, "type": "object" } }, "cyral:index/integrationElk:IntegrationElk": { "description": "> **DEPRECATED** Use resource `cyral.IntegrationLogging` instead.\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst someResourceName = new cyral.IntegrationElk(\"someResourceName\", {\n esUrl: \"\",\n kibanaUrl: \"\",\n});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsome_resource_name = cyral.IntegrationElk(\"someResourceName\",\n es_url=\"\",\n kibana_url=\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var someResourceName = new Cyral.IntegrationElk(\"someResourceName\", new()\n {\n EsUrl = \"\",\n KibanaUrl = \"\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cyral.NewIntegrationElk(ctx, \"someResourceName\", &cyral.IntegrationElkArgs{\n\t\t\tEsUrl: pulumi.String(\"\"),\n\t\t\tKibanaUrl: pulumi.String(\"\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.IntegrationElk;\nimport com.pulumi.cyral.IntegrationElkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var someResourceName = new IntegrationElk(\"someResourceName\", IntegrationElkArgs.builder()\n .esUrl(\"\")\n .kibanaUrl(\"\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n someResourceName:\n type: cyral:IntegrationElk\n properties:\n esUrl: \"\"\n kibanaUrl: \"\"\n```\n\n", "properties": { "esUrl": { "type": "string", "description": "Elastic Search URL.\n" }, "kibanaUrl": { "type": "string", "description": "Kibana URL.\n" }, "name": { "type": "string", "description": "Integration name that will be used internally in the control plane.\n" } }, "type": "object", "required": [ "esUrl", "kibanaUrl", "name" ], "inputProperties": { "esUrl": { "type": "string", "description": "Elastic Search URL.\n" }, "kibanaUrl": { "type": "string", "description": "Kibana URL.\n" }, "name": { "type": "string", "description": "Integration name that will be used internally in the control plane.\n" } }, "requiredInputs": [ "esUrl", "kibanaUrl" ], "stateInputs": { "description": "Input properties used for looking up and filtering IntegrationElk resources.\n", "properties": { "esUrl": { "type": "string", "description": "Elastic Search URL.\n" }, "kibanaUrl": { "type": "string", "description": "Kibana URL.\n" }, "name": { "type": "string", "description": "Integration name that will be used internally in the control plane.\n" } }, "type": "object" } }, "cyral:index/integrationHcVault:IntegrationHcVault": { "description": "## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst someResourceName = new cyral.IntegrationHcVault(\"someResourceName\", {\n authMethod: \"\",\n authType: \"\",\n server: \"\",\n});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsome_resource_name = cyral.IntegrationHcVault(\"someResourceName\",\n auth_method=\"\",\n auth_type=\"\",\n server=\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var someResourceName = new Cyral.IntegrationHcVault(\"someResourceName\", new()\n {\n AuthMethod = \"\",\n AuthType = \"\",\n Server = \"\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cyral.NewIntegrationHcVault(ctx, \"someResourceName\", &cyral.IntegrationHcVaultArgs{\n\t\t\tAuthMethod: pulumi.String(\"\"),\n\t\t\tAuthType: pulumi.String(\"\"),\n\t\t\tServer: pulumi.String(\"\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.IntegrationHcVault;\nimport com.pulumi.cyral.IntegrationHcVaultArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var someResourceName = new IntegrationHcVault(\"someResourceName\", IntegrationHcVaultArgs.builder()\n .authMethod(\"\")\n .authType(\"\")\n .server(\"\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n someResourceName:\n type: cyral:IntegrationHcVault\n properties:\n authMethod: \"\"\n authType: \"\"\n server: \"\"\n```\n\n", "properties": { "authMethod": { "type": "string", "description": "Authentication method for the integration.\n" }, "authType": { "type": "string", "description": "Authentication type for the integration.\n" }, "name": { "type": "string", "description": "Integration name that will be used internally in the control plane.\n" }, "server": { "type": "string", "description": "Server on which the vault service is running.\n", "secret": true } }, "type": "object", "required": [ "authMethod", "authType", "name", "server" ], "inputProperties": { "authMethod": { "type": "string", "description": "Authentication method for the integration.\n" }, "authType": { "type": "string", "description": "Authentication type for the integration.\n" }, "name": { "type": "string", "description": "Integration name that will be used internally in the control plane.\n" }, "server": { "type": "string", "description": "Server on which the vault service is running.\n", "secret": true } }, "requiredInputs": [ "authMethod", "authType", "server" ], "stateInputs": { "description": "Input properties used for looking up and filtering IntegrationHcVault resources.\n", "properties": { "authMethod": { "type": "string", "description": "Authentication method for the integration.\n" }, "authType": { "type": "string", "description": "Authentication type for the integration.\n" }, "name": { "type": "string", "description": "Integration name that will be used internally in the control plane.\n" }, "server": { "type": "string", "description": "Server on which the vault service is running.\n", "secret": true } }, "type": "object" } }, "cyral:index/integrationIdpAad:IntegrationIdpAad": { "description": "## # cyral.IntegrationIdpAad (Resource)\n\n> **DEPRECATED** Use resource and data source `cyral.IntegrationIdpSaml` instead.\n\n## Example Usage\n\n### Integration with Default Configuration\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst someResourceName = new cyral.IntegrationIdpAad(\"someResourceName\", {samlp: {\n config: {\n singleSignOnServiceUrl: \"some_sso_url\",\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsome_resource_name = cyral.IntegrationIdpAad(\"someResourceName\", samlp={\n \"config\": {\n \"single_sign_on_service_url\": \"some_sso_url\",\n },\n})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var someResourceName = new Cyral.IntegrationIdpAad(\"someResourceName\", new()\n {\n Samlp = new Cyral.Inputs.IntegrationIdpAadSamlpArgs\n {\n Config = new Cyral.Inputs.IntegrationIdpAadSamlpConfigArgs\n {\n SingleSignOnServiceUrl = \"some_sso_url\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cyral.NewIntegrationIdpAad(ctx, \"someResourceName\", &cyral.IntegrationIdpAadArgs{\n\t\t\tSamlp: &cyral.IntegrationIdpAadSamlpArgs{\n\t\t\t\tConfig: &cyral.IntegrationIdpAadSamlpConfigArgs{\n\t\t\t\t\tSingleSignOnServiceUrl: pulumi.String(\"some_sso_url\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.IntegrationIdpAad;\nimport com.pulumi.cyral.IntegrationIdpAadArgs;\nimport com.pulumi.cyral.inputs.IntegrationIdpAadSamlpArgs;\nimport com.pulumi.cyral.inputs.IntegrationIdpAadSamlpConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var someResourceName = new IntegrationIdpAad(\"someResourceName\", IntegrationIdpAadArgs.builder()\n .samlp(IntegrationIdpAadSamlpArgs.builder()\n .config(IntegrationIdpAadSamlpConfigArgs.builder()\n .singleSignOnServiceUrl(\"some_sso_url\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n someResourceName:\n type: cyral:IntegrationIdpAad\n properties:\n samlp:\n config:\n singleSignOnServiceUrl: some_sso_url\n```\n\n\n### Integration using SAML Configuration Data Source\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst someDataSourceName = cyral.getSamlConfiguration({\n samlMetadataUrl: \"some_metadata_url\",\n});\nconst config = someDataSourceName;\nconst someResourceName = new cyral.IntegrationIdpAad(\"someResourceName\", {samlp: {\n providerId: \"saml\",\n disabled: false,\n firstBrokerLoginFlowAlias: \"SAML_First_Broker\",\n postBrokerLoginFlowAlias: \"\",\n displayName: \"Custom-AAD\",\n storeToken: false,\n addReadTokenRoleOnCreate: false,\n trustEmail: false,\n linkOnly: false,\n config: {\n singleSignOnServiceUrl: config.then(config => config.singleSignOnServiceUrl),\n singleLogoutServiceUrl: Promise.all([config, config]).then(([config, config1]) => config.singleLogoutServiceUrl == \"\" ? undefined : config1.singleLogoutServiceUrl),\n disableUsingJwksUrl: config.then(config => config.disableUsingJwksUrl),\n syncMode: Promise.all([config, config]).then(([config, config1]) => config.syncMode == \"\" ? undefined : config1.syncMode),\n nameIdPolicyFormat: Promise.all([config, config]).then(([config, config1]) => config.nameIdPolicyFormat == \"\" ? undefined : config1.nameIdPolicyFormat),\n principalType: Promise.all([config, config]).then(([config, config1]) => config.principalType == \"\" ? undefined : config1.principalType),\n signatureType: Promise.all([config, config]).then(([config, config1]) => config.signatureType == \"\" ? undefined : config1.signatureType),\n samlXmlKeyNameTranformer: Promise.all([config, config]).then(([config, config1]) => config.samlXmlKeyNameTranformer == \"\" ? undefined : config1.samlXmlKeyNameTranformer),\n hideOnLoginPage: config.then(config => config.hideOnLoginPage),\n backChannelSupported: config.then(config => config.backChannelSupported),\n disablePostBindingResponse: config.then(config => config.disablePostBindingResponse),\n disablePostBindingAuthnRequest: config.then(config => config.disablePostBindingAuthnRequest),\n disablePostBindingLogout: config.then(config => config.disablePostBindingLogout),\n wantAssertionsEncrypted: config.then(config => config.wantAssertionsEncrypted),\n disableForceAuthentication: config.then(config => config.disableForceAuthentication),\n guiOrder: Promise.all([config, config]).then(([config, config1]) => config.guiOrder == \"\" ? undefined : config1.guiOrder),\n xmlSigKeyInfoKeyNameTransformer: Promise.all([config, config]).then(([config, config1]) => config.xmlSigKeyInfoKeyNameTransformer == \"\" ? undefined : config1.xmlSigKeyInfoKeyNameTransformer),\n signingCertificate: Promise.all([config, config]).then(([config, config1]) => config.signingCertificate == \"\" ? undefined : config1.signingCertificate),\n allowedClockSkew: config.then(config => config.allowedClockSkew),\n samlMetadataUrl: Promise.all([config, config]).then(([config, config1]) => config.samlMetadataUrl == \"\" ? undefined : config1.samlMetadataUrl),\n base64SamlMetadataDocument: Promise.all([config, config]).then(([config, config1]) => config.base64SamlMetadataDocument == \"\" ? undefined : config1.base64SamlMetadataDocument),\n ldapGroupAttribute: Promise.all([config, config]).then(([config, config1]) => config.ldapGroupAttribute == \"\" ? undefined : config1.ldapGroupAttribute),\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsome_data_source_name = cyral.get_saml_configuration(saml_metadata_url=\"some_metadata_url\")\nconfig = some_data_source_name\nsome_resource_name = cyral.IntegrationIdpAad(\"someResourceName\", samlp={\n \"provider_id\": \"saml\",\n \"disabled\": False,\n \"first_broker_login_flow_alias\": \"SAML_First_Broker\",\n \"post_broker_login_flow_alias\": \"\",\n \"display_name\": \"Custom-AAD\",\n \"store_token\": False,\n \"add_read_token_role_on_create\": False,\n \"trust_email\": False,\n \"link_only\": False,\n \"config\": {\n \"single_sign_on_service_url\": config.single_sign_on_service_url,\n \"single_logout_service_url\": None if config.single_logout_service_url == \"\" else config.single_logout_service_url,\n \"disable_using_jwks_url\": config.disable_using_jwks_url,\n \"sync_mode\": None if config.sync_mode == \"\" else config.sync_mode,\n \"name_id_policy_format\": None if config.name_id_policy_format == \"\" else config.name_id_policy_format,\n \"principal_type\": None if config.principal_type == \"\" else config.principal_type,\n \"signature_type\": None if config.signature_type == \"\" else config.signature_type,\n \"saml_xml_key_name_tranformer\": None if config.saml_xml_key_name_tranformer == \"\" else config.saml_xml_key_name_tranformer,\n \"hide_on_login_page\": config.hide_on_login_page,\n \"back_channel_supported\": config.back_channel_supported,\n \"disable_post_binding_response\": config.disable_post_binding_response,\n \"disable_post_binding_authn_request\": config.disable_post_binding_authn_request,\n \"disable_post_binding_logout\": config.disable_post_binding_logout,\n \"want_assertions_encrypted\": config.want_assertions_encrypted,\n \"disable_force_authentication\": config.disable_force_authentication,\n \"gui_order\": None if config.gui_order == \"\" else config.gui_order,\n \"xml_sig_key_info_key_name_transformer\": None if config.xml_sig_key_info_key_name_transformer == \"\" else config.xml_sig_key_info_key_name_transformer,\n \"signing_certificate\": None if config.signing_certificate == \"\" else config.signing_certificate,\n \"allowed_clock_skew\": config.allowed_clock_skew,\n \"saml_metadata_url\": None if config.saml_metadata_url == \"\" else config.saml_metadata_url,\n \"base64_saml_metadata_document\": None if config.base64_saml_metadata_document == \"\" else config.base64_saml_metadata_document,\n \"ldap_group_attribute\": None if config.ldap_group_attribute == \"\" else config.ldap_group_attribute,\n },\n})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var someDataSourceName = Cyral.GetSamlConfiguration.Invoke(new()\n {\n SamlMetadataUrl = \"some_metadata_url\",\n });\n\n var config = someDataSourceName;\n\n var someResourceName = new Cyral.IntegrationIdpAad(\"someResourceName\", new()\n {\n Samlp = new Cyral.Inputs.IntegrationIdpAadSamlpArgs\n {\n ProviderId = \"saml\",\n Disabled = false,\n FirstBrokerLoginFlowAlias = \"SAML_First_Broker\",\n PostBrokerLoginFlowAlias = \"\",\n DisplayName = \"Custom-AAD\",\n StoreToken = false,\n AddReadTokenRoleOnCreate = false,\n TrustEmail = false,\n LinkOnly = false,\n Config = new Cyral.Inputs.IntegrationIdpAadSamlpConfigArgs\n {\n SingleSignOnServiceUrl = config.Apply(config => config.SingleSignOnServiceUrl),\n SingleLogoutServiceUrl = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SingleLogoutServiceUrl == \"\" ? null : config1.SingleLogoutServiceUrl;\n }),\n DisableUsingJwksUrl = config.Apply(config => config.DisableUsingJwksUrl),\n SyncMode = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SyncMode == \"\" ? null : config1.SyncMode;\n }),\n NameIdPolicyFormat = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.NameIdPolicyFormat == \"\" ? null : config1.NameIdPolicyFormat;\n }),\n PrincipalType = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.PrincipalType == \"\" ? null : config1.PrincipalType;\n }),\n SignatureType = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SignatureType == \"\" ? null : config1.SignatureType;\n }),\n SamlXmlKeyNameTranformer = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SamlXmlKeyNameTranformer == \"\" ? null : config1.SamlXmlKeyNameTranformer;\n }),\n HideOnLoginPage = config.Apply(config => config.HideOnLoginPage),\n BackChannelSupported = config.Apply(config => config.BackChannelSupported),\n DisablePostBindingResponse = config.Apply(config => config.DisablePostBindingResponse),\n DisablePostBindingAuthnRequest = config.Apply(config => config.DisablePostBindingAuthnRequest),\n DisablePostBindingLogout = config.Apply(config => config.DisablePostBindingLogout),\n WantAssertionsEncrypted = config.Apply(config => config.WantAssertionsEncrypted),\n DisableForceAuthentication = config.Apply(config => config.DisableForceAuthentication),\n GuiOrder = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.GuiOrder == \"\" ? null : config1.GuiOrder;\n }),\n XmlSigKeyInfoKeyNameTransformer = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.XmlSigKeyInfoKeyNameTransformer == \"\" ? null : config1.XmlSigKeyInfoKeyNameTransformer;\n }),\n SigningCertificate = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SigningCertificate == \"\" ? null : config1.SigningCertificate;\n }),\n AllowedClockSkew = config.Apply(config => config.AllowedClockSkew),\n SamlMetadataUrl = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SamlMetadataUrl == \"\" ? null : config1.SamlMetadataUrl;\n }),\n Base64SamlMetadataDocument = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.Base64SamlMetadataDocument == \"\" ? null : config1.Base64SamlMetadataDocument;\n }),\n LdapGroupAttribute = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.LdapGroupAttribute == \"\" ? null : config1.LdapGroupAttribute;\n }),\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsomeDataSourceName, err := cyral.GetSamlConfiguration(ctx, &cyral.GetSamlConfigurationArgs{\n\t\t\tSamlMetadataUrl: pulumi.StringRef(\"some_metadata_url\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tconfig := someDataSourceName\n\t\tvar tmp0 pulumi.String\n\t\tif config.SingleLogoutServiceUrl == \"\" {\n\t\t\ttmp0 = nil\n\t\t} else {\n\t\t\ttmp0 = pulumi.String(config.SingleLogoutServiceUrl)\n\t\t}\n\t\tvar tmp1 pulumi.String\n\t\tif config.SyncMode == \"\" {\n\t\t\ttmp1 = nil\n\t\t} else {\n\t\t\ttmp1 = pulumi.String(config.SyncMode)\n\t\t}\n\t\tvar tmp2 pulumi.String\n\t\tif config.NameIdPolicyFormat == \"\" {\n\t\t\ttmp2 = nil\n\t\t} else {\n\t\t\ttmp2 = pulumi.String(config.NameIdPolicyFormat)\n\t\t}\n\t\tvar tmp3 pulumi.String\n\t\tif config.PrincipalType == \"\" {\n\t\t\ttmp3 = nil\n\t\t} else {\n\t\t\ttmp3 = pulumi.String(config.PrincipalType)\n\t\t}\n\t\tvar tmp4 pulumi.String\n\t\tif config.SignatureType == \"\" {\n\t\t\ttmp4 = nil\n\t\t} else {\n\t\t\ttmp4 = pulumi.String(config.SignatureType)\n\t\t}\n\t\tvar tmp5 pulumi.String\n\t\tif config.SamlXmlKeyNameTranformer == \"\" {\n\t\t\ttmp5 = nil\n\t\t} else {\n\t\t\ttmp5 = pulumi.String(config.SamlXmlKeyNameTranformer)\n\t\t}\n\t\tvar tmp6 pulumi.String\n\t\tif config.GuiOrder == \"\" {\n\t\t\ttmp6 = nil\n\t\t} else {\n\t\t\ttmp6 = pulumi.String(config.GuiOrder)\n\t\t}\n\t\tvar tmp7 pulumi.String\n\t\tif config.XmlSigKeyInfoKeyNameTransformer == \"\" {\n\t\t\ttmp7 = nil\n\t\t} else {\n\t\t\ttmp7 = pulumi.String(config.XmlSigKeyInfoKeyNameTransformer)\n\t\t}\n\t\tvar tmp8 pulumi.String\n\t\tif config.SigningCertificate == \"\" {\n\t\t\ttmp8 = nil\n\t\t} else {\n\t\t\ttmp8 = pulumi.String(config.SigningCertificate)\n\t\t}\n\t\tvar tmp9 pulumi.String\n\t\tif config.SamlMetadataUrl == \"\" {\n\t\t\ttmp9 = nil\n\t\t} else {\n\t\t\ttmp9 = pulumi.String(config.SamlMetadataUrl)\n\t\t}\n\t\tvar tmp10 pulumi.String\n\t\tif config.Base64SamlMetadataDocument == \"\" {\n\t\t\ttmp10 = nil\n\t\t} else {\n\t\t\ttmp10 = pulumi.String(config.Base64SamlMetadataDocument)\n\t\t}\n\t\tvar tmp11 pulumi.String\n\t\tif config.LdapGroupAttribute == \"\" {\n\t\t\ttmp11 = nil\n\t\t} else {\n\t\t\ttmp11 = pulumi.String(config.LdapGroupAttribute)\n\t\t}\n\t\t_, err = cyral.NewIntegrationIdpAad(ctx, \"someResourceName\", &cyral.IntegrationIdpAadArgs{\n\t\t\tSamlp: &cyral.IntegrationIdpAadSamlpArgs{\n\t\t\t\tProviderId: pulumi.String(\"saml\"),\n\t\t\t\tDisabled: pulumi.Bool(false),\n\t\t\t\tFirstBrokerLoginFlowAlias: pulumi.String(\"SAML_First_Broker\"),\n\t\t\t\tPostBrokerLoginFlowAlias: pulumi.String(\"\"),\n\t\t\t\tDisplayName: pulumi.String(\"Custom-AAD\"),\n\t\t\t\tStoreToken: pulumi.Bool(false),\n\t\t\t\tAddReadTokenRoleOnCreate: pulumi.Bool(false),\n\t\t\t\tTrustEmail: pulumi.Bool(false),\n\t\t\t\tLinkOnly: pulumi.Bool(false),\n\t\t\t\tConfig: &cyral.IntegrationIdpAadSamlpConfigArgs{\n\t\t\t\t\tSingleSignOnServiceUrl: pulumi.String(config.SingleSignOnServiceUrl),\n\t\t\t\t\tSingleLogoutServiceUrl: pulumi.String(tmp0),\n\t\t\t\t\tDisableUsingJwksUrl: pulumi.Bool(config.DisableUsingJwksUrl),\n\t\t\t\t\tSyncMode: pulumi.String(tmp1),\n\t\t\t\t\tNameIdPolicyFormat: pulumi.String(tmp2),\n\t\t\t\t\tPrincipalType: pulumi.String(tmp3),\n\t\t\t\t\tSignatureType: pulumi.String(tmp4),\n\t\t\t\t\tSamlXmlKeyNameTranformer: pulumi.String(tmp5),\n\t\t\t\t\tHideOnLoginPage: pulumi.Bool(config.HideOnLoginPage),\n\t\t\t\t\tBackChannelSupported: pulumi.Bool(config.BackChannelSupported),\n\t\t\t\t\tDisablePostBindingResponse: pulumi.Bool(config.DisablePostBindingResponse),\n\t\t\t\t\tDisablePostBindingAuthnRequest: pulumi.Bool(config.DisablePostBindingAuthnRequest),\n\t\t\t\t\tDisablePostBindingLogout: pulumi.Bool(config.DisablePostBindingLogout),\n\t\t\t\t\tWantAssertionsEncrypted: pulumi.Bool(config.WantAssertionsEncrypted),\n\t\t\t\t\tDisableForceAuthentication: pulumi.Bool(config.DisableForceAuthentication),\n\t\t\t\t\tGuiOrder: pulumi.String(tmp6),\n\t\t\t\t\tXmlSigKeyInfoKeyNameTransformer: pulumi.String(tmp7),\n\t\t\t\t\tSigningCertificate: pulumi.String(tmp8),\n\t\t\t\t\tAllowedClockSkew: pulumi.Float64(config.AllowedClockSkew),\n\t\t\t\t\tSamlMetadataUrl: pulumi.String(tmp9),\n\t\t\t\t\tBase64SamlMetadataDocument: pulumi.String(tmp10),\n\t\t\t\t\tLdapGroupAttribute: pulumi.String(tmp11),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.CyralFunctions;\nimport com.pulumi.cyral.inputs.GetSamlConfigurationArgs;\nimport com.pulumi.cyral.IntegrationIdpAad;\nimport com.pulumi.cyral.IntegrationIdpAadArgs;\nimport com.pulumi.cyral.inputs.IntegrationIdpAadSamlpArgs;\nimport com.pulumi.cyral.inputs.IntegrationIdpAadSamlpConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var someDataSourceName = CyralFunctions.getSamlConfiguration(GetSamlConfigurationArgs.builder()\n .samlMetadataUrl(\"some_metadata_url\")\n .build());\n\n final var config = someDataSourceName.applyValue(getSamlConfigurationResult -> getSamlConfigurationResult);\n\n var someResourceName = new IntegrationIdpAad(\"someResourceName\", IntegrationIdpAadArgs.builder()\n .samlp(IntegrationIdpAadSamlpArgs.builder()\n .providerId(\"saml\")\n .disabled(false)\n .firstBrokerLoginFlowAlias(\"SAML_First_Broker\")\n .postBrokerLoginFlowAlias(\"\")\n .displayName(\"Custom-AAD\")\n .storeToken(false)\n .addReadTokenRoleOnCreate(false)\n .trustEmail(false)\n .linkOnly(false)\n .config(IntegrationIdpAadSamlpConfigArgs.builder()\n .singleSignOnServiceUrl(config.singleSignOnServiceUrl())\n .singleLogoutServiceUrl(config.singleLogoutServiceUrl() == \"\" ? null : config.singleLogoutServiceUrl())\n .disableUsingJwksUrl(config.disableUsingJwksUrl())\n .syncMode(config.syncMode() == \"\" ? null : config.syncMode())\n .nameIdPolicyFormat(config.nameIdPolicyFormat() == \"\" ? null : config.nameIdPolicyFormat())\n .principalType(config.principalType() == \"\" ? null : config.principalType())\n .signatureType(config.signatureType() == \"\" ? null : config.signatureType())\n .samlXmlKeyNameTranformer(config.samlXmlKeyNameTranformer() == \"\" ? null : config.samlXmlKeyNameTranformer())\n .hideOnLoginPage(config.hideOnLoginPage())\n .backChannelSupported(config.backChannelSupported())\n .disablePostBindingResponse(config.disablePostBindingResponse())\n .disablePostBindingAuthnRequest(config.disablePostBindingAuthnRequest())\n .disablePostBindingLogout(config.disablePostBindingLogout())\n .wantAssertionsEncrypted(config.wantAssertionsEncrypted())\n .disableForceAuthentication(config.disableForceAuthentication())\n .guiOrder(config.guiOrder() == \"\" ? null : config.guiOrder())\n .xmlSigKeyInfoKeyNameTransformer(config.xmlSigKeyInfoKeyNameTransformer() == \"\" ? null : config.xmlSigKeyInfoKeyNameTransformer())\n .signingCertificate(config.signingCertificate() == \"\" ? null : config.signingCertificate())\n .allowedClockSkew(config.allowedClockSkew())\n .samlMetadataUrl(config.samlMetadataUrl() == \"\" ? null : config.samlMetadataUrl())\n .base64SamlMetadataDocument(config.base64SamlMetadataDocument() == \"\" ? null : config.base64SamlMetadataDocument())\n .ldapGroupAttribute(config.ldapGroupAttribute() == \"\" ? null : config.ldapGroupAttribute())\n .build())\n .build())\n .build());\n\n }\n}\n```\n\n\n> When using the SAML Configuration Data Source to configure this IdP Integration resource, consider verifying if the `string` attributes are `empty` like in the example above so that the resource arguments can be used with their default values, instead of setting them as empty.\n", "properties": { "draftAlias": { "type": "string", "description": "An `alias` that uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the same `alias`. Defaults to `\"\"`.\n" }, "samlp": { "$ref": "#/types/cyral:index%2FIntegrationIdpAadSamlp:IntegrationIdpAadSamlp", "description": "It contains the top-level configuration for an identity provider.\n" } }, "type": "object", "required": [ "samlp" ], "inputProperties": { "draftAlias": { "type": "string", "description": "An `alias` that uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the same `alias`. Defaults to `\"\"`.\n" }, "samlp": { "$ref": "#/types/cyral:index%2FIntegrationIdpAadSamlp:IntegrationIdpAadSamlp", "description": "It contains the top-level configuration for an identity provider.\n" } }, "requiredInputs": [ "samlp" ], "stateInputs": { "description": "Input properties used for looking up and filtering IntegrationIdpAad resources.\n", "properties": { "draftAlias": { "type": "string", "description": "An `alias` that uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the same `alias`. Defaults to `\"\"`.\n" }, "samlp": { "$ref": "#/types/cyral:index%2FIntegrationIdpAadSamlp:IntegrationIdpAadSamlp", "description": "It contains the top-level configuration for an identity provider.\n" } }, "type": "object" } }, "cyral:index/integrationIdpAdfs:IntegrationIdpAdfs": { "description": "## # cyral.IntegrationIdpAdfs (Resource)\n\n> **DEPRECATED** Use resource and data source `cyral.IntegrationIdpSaml` instead.\n\n## Example Usage\n\n### Integration with Default Configuration\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst someResourceName = new cyral.IntegrationIdpAdfs(\"someResourceName\", {samlp: {\n config: {\n singleSignOnServiceUrl: \"some_sso_url\",\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsome_resource_name = cyral.IntegrationIdpAdfs(\"someResourceName\", samlp={\n \"config\": {\n \"single_sign_on_service_url\": \"some_sso_url\",\n },\n})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var someResourceName = new Cyral.IntegrationIdpAdfs(\"someResourceName\", new()\n {\n Samlp = new Cyral.Inputs.IntegrationIdpAdfsSamlpArgs\n {\n Config = new Cyral.Inputs.IntegrationIdpAdfsSamlpConfigArgs\n {\n SingleSignOnServiceUrl = \"some_sso_url\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cyral.NewIntegrationIdpAdfs(ctx, \"someResourceName\", &cyral.IntegrationIdpAdfsArgs{\n\t\t\tSamlp: &cyral.IntegrationIdpAdfsSamlpArgs{\n\t\t\t\tConfig: &cyral.IntegrationIdpAdfsSamlpConfigArgs{\n\t\t\t\t\tSingleSignOnServiceUrl: pulumi.String(\"some_sso_url\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.IntegrationIdpAdfs;\nimport com.pulumi.cyral.IntegrationIdpAdfsArgs;\nimport com.pulumi.cyral.inputs.IntegrationIdpAdfsSamlpArgs;\nimport com.pulumi.cyral.inputs.IntegrationIdpAdfsSamlpConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var someResourceName = new IntegrationIdpAdfs(\"someResourceName\", IntegrationIdpAdfsArgs.builder()\n .samlp(IntegrationIdpAdfsSamlpArgs.builder()\n .config(IntegrationIdpAdfsSamlpConfigArgs.builder()\n .singleSignOnServiceUrl(\"some_sso_url\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n someResourceName:\n type: cyral:IntegrationIdpAdfs\n properties:\n samlp:\n config:\n singleSignOnServiceUrl: some_sso_url\n```\n\n\n### Integration using SAML Configuration Data Source\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst someDataSourceName = cyral.getSamlConfiguration({\n samlMetadataUrl: \"some_metadata_url\",\n});\nconst config = someDataSourceName;\nconst someResourceName = new cyral.IntegrationIdpAdfs(\"someResourceName\", {samlp: {\n providerId: \"saml\",\n disabled: false,\n firstBrokerLoginFlowAlias: \"SAML_First_Broker\",\n postBrokerLoginFlowAlias: \"\",\n displayName: \"Custom-ADFS\",\n storeToken: false,\n addReadTokenRoleOnCreate: false,\n trustEmail: false,\n linkOnly: false,\n config: {\n singleSignOnServiceUrl: config.then(config => config.singleSignOnServiceUrl),\n singleLogoutServiceUrl: Promise.all([config, config]).then(([config, config1]) => config.singleLogoutServiceUrl == \"\" ? undefined : config1.singleLogoutServiceUrl),\n disableUsingJwksUrl: config.then(config => config.disableUsingJwksUrl),\n syncMode: Promise.all([config, config]).then(([config, config1]) => config.syncMode == \"\" ? undefined : config1.syncMode),\n nameIdPolicyFormat: Promise.all([config, config]).then(([config, config1]) => config.nameIdPolicyFormat == \"\" ? undefined : config1.nameIdPolicyFormat),\n principalType: Promise.all([config, config]).then(([config, config1]) => config.principalType == \"\" ? undefined : config1.principalType),\n signatureType: Promise.all([config, config]).then(([config, config1]) => config.signatureType == \"\" ? undefined : config1.signatureType),\n samlXmlKeyNameTranformer: Promise.all([config, config]).then(([config, config1]) => config.samlXmlKeyNameTranformer == \"\" ? undefined : config1.samlXmlKeyNameTranformer),\n hideOnLoginPage: config.then(config => config.hideOnLoginPage),\n backChannelSupported: config.then(config => config.backChannelSupported),\n disablePostBindingResponse: config.then(config => config.disablePostBindingResponse),\n disablePostBindingAuthnRequest: config.then(config => config.disablePostBindingAuthnRequest),\n disablePostBindingLogout: config.then(config => config.disablePostBindingLogout),\n wantAssertionsEncrypted: config.then(config => config.wantAssertionsEncrypted),\n disableForceAuthentication: config.then(config => config.disableForceAuthentication),\n guiOrder: Promise.all([config, config]).then(([config, config1]) => config.guiOrder == \"\" ? undefined : config1.guiOrder),\n xmlSigKeyInfoKeyNameTransformer: Promise.all([config, config]).then(([config, config1]) => config.xmlSigKeyInfoKeyNameTransformer == \"\" ? undefined : config1.xmlSigKeyInfoKeyNameTransformer),\n signingCertificate: Promise.all([config, config]).then(([config, config1]) => config.signingCertificate == \"\" ? undefined : config1.signingCertificate),\n allowedClockSkew: config.then(config => config.allowedClockSkew),\n samlMetadataUrl: Promise.all([config, config]).then(([config, config1]) => config.samlMetadataUrl == \"\" ? undefined : config1.samlMetadataUrl),\n base64SamlMetadataDocument: Promise.all([config, config]).then(([config, config1]) => config.base64SamlMetadataDocument == \"\" ? undefined : config1.base64SamlMetadataDocument),\n ldapGroupAttribute: Promise.all([config, config]).then(([config, config1]) => config.ldapGroupAttribute == \"\" ? undefined : config1.ldapGroupAttribute),\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsome_data_source_name = cyral.get_saml_configuration(saml_metadata_url=\"some_metadata_url\")\nconfig = some_data_source_name\nsome_resource_name = cyral.IntegrationIdpAdfs(\"someResourceName\", samlp={\n \"provider_id\": \"saml\",\n \"disabled\": False,\n \"first_broker_login_flow_alias\": \"SAML_First_Broker\",\n \"post_broker_login_flow_alias\": \"\",\n \"display_name\": \"Custom-ADFS\",\n \"store_token\": False,\n \"add_read_token_role_on_create\": False,\n \"trust_email\": False,\n \"link_only\": False,\n \"config\": {\n \"single_sign_on_service_url\": config.single_sign_on_service_url,\n \"single_logout_service_url\": None if config.single_logout_service_url == \"\" else config.single_logout_service_url,\n \"disable_using_jwks_url\": config.disable_using_jwks_url,\n \"sync_mode\": None if config.sync_mode == \"\" else config.sync_mode,\n \"name_id_policy_format\": None if config.name_id_policy_format == \"\" else config.name_id_policy_format,\n \"principal_type\": None if config.principal_type == \"\" else config.principal_type,\n \"signature_type\": None if config.signature_type == \"\" else config.signature_type,\n \"saml_xml_key_name_tranformer\": None if config.saml_xml_key_name_tranformer == \"\" else config.saml_xml_key_name_tranformer,\n \"hide_on_login_page\": config.hide_on_login_page,\n \"back_channel_supported\": config.back_channel_supported,\n \"disable_post_binding_response\": config.disable_post_binding_response,\n \"disable_post_binding_authn_request\": config.disable_post_binding_authn_request,\n \"disable_post_binding_logout\": config.disable_post_binding_logout,\n \"want_assertions_encrypted\": config.want_assertions_encrypted,\n \"disable_force_authentication\": config.disable_force_authentication,\n \"gui_order\": None if config.gui_order == \"\" else config.gui_order,\n \"xml_sig_key_info_key_name_transformer\": None if config.xml_sig_key_info_key_name_transformer == \"\" else config.xml_sig_key_info_key_name_transformer,\n \"signing_certificate\": None if config.signing_certificate == \"\" else config.signing_certificate,\n \"allowed_clock_skew\": config.allowed_clock_skew,\n \"saml_metadata_url\": None if config.saml_metadata_url == \"\" else config.saml_metadata_url,\n \"base64_saml_metadata_document\": None if config.base64_saml_metadata_document == \"\" else config.base64_saml_metadata_document,\n \"ldap_group_attribute\": None if config.ldap_group_attribute == \"\" else config.ldap_group_attribute,\n },\n})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var someDataSourceName = Cyral.GetSamlConfiguration.Invoke(new()\n {\n SamlMetadataUrl = \"some_metadata_url\",\n });\n\n var config = someDataSourceName;\n\n var someResourceName = new Cyral.IntegrationIdpAdfs(\"someResourceName\", new()\n {\n Samlp = new Cyral.Inputs.IntegrationIdpAdfsSamlpArgs\n {\n ProviderId = \"saml\",\n Disabled = false,\n FirstBrokerLoginFlowAlias = \"SAML_First_Broker\",\n PostBrokerLoginFlowAlias = \"\",\n DisplayName = \"Custom-ADFS\",\n StoreToken = false,\n AddReadTokenRoleOnCreate = false,\n TrustEmail = false,\n LinkOnly = false,\n Config = new Cyral.Inputs.IntegrationIdpAdfsSamlpConfigArgs\n {\n SingleSignOnServiceUrl = config.Apply(config => config.SingleSignOnServiceUrl),\n SingleLogoutServiceUrl = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SingleLogoutServiceUrl == \"\" ? null : config1.SingleLogoutServiceUrl;\n }),\n DisableUsingJwksUrl = config.Apply(config => config.DisableUsingJwksUrl),\n SyncMode = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SyncMode == \"\" ? null : config1.SyncMode;\n }),\n NameIdPolicyFormat = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.NameIdPolicyFormat == \"\" ? null : config1.NameIdPolicyFormat;\n }),\n PrincipalType = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.PrincipalType == \"\" ? null : config1.PrincipalType;\n }),\n SignatureType = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SignatureType == \"\" ? null : config1.SignatureType;\n }),\n SamlXmlKeyNameTranformer = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SamlXmlKeyNameTranformer == \"\" ? null : config1.SamlXmlKeyNameTranformer;\n }),\n HideOnLoginPage = config.Apply(config => config.HideOnLoginPage),\n BackChannelSupported = config.Apply(config => config.BackChannelSupported),\n DisablePostBindingResponse = config.Apply(config => config.DisablePostBindingResponse),\n DisablePostBindingAuthnRequest = config.Apply(config => config.DisablePostBindingAuthnRequest),\n DisablePostBindingLogout = config.Apply(config => config.DisablePostBindingLogout),\n WantAssertionsEncrypted = config.Apply(config => config.WantAssertionsEncrypted),\n DisableForceAuthentication = config.Apply(config => config.DisableForceAuthentication),\n GuiOrder = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.GuiOrder == \"\" ? null : config1.GuiOrder;\n }),\n XmlSigKeyInfoKeyNameTransformer = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.XmlSigKeyInfoKeyNameTransformer == \"\" ? null : config1.XmlSigKeyInfoKeyNameTransformer;\n }),\n SigningCertificate = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SigningCertificate == \"\" ? null : config1.SigningCertificate;\n }),\n AllowedClockSkew = config.Apply(config => config.AllowedClockSkew),\n SamlMetadataUrl = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SamlMetadataUrl == \"\" ? null : config1.SamlMetadataUrl;\n }),\n Base64SamlMetadataDocument = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.Base64SamlMetadataDocument == \"\" ? null : config1.Base64SamlMetadataDocument;\n }),\n LdapGroupAttribute = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.LdapGroupAttribute == \"\" ? null : config1.LdapGroupAttribute;\n }),\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsomeDataSourceName, err := cyral.GetSamlConfiguration(ctx, &cyral.GetSamlConfigurationArgs{\n\t\t\tSamlMetadataUrl: pulumi.StringRef(\"some_metadata_url\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tconfig := someDataSourceName\n\t\tvar tmp0 pulumi.String\n\t\tif config.SingleLogoutServiceUrl == \"\" {\n\t\t\ttmp0 = nil\n\t\t} else {\n\t\t\ttmp0 = pulumi.String(config.SingleLogoutServiceUrl)\n\t\t}\n\t\tvar tmp1 pulumi.String\n\t\tif config.SyncMode == \"\" {\n\t\t\ttmp1 = nil\n\t\t} else {\n\t\t\ttmp1 = pulumi.String(config.SyncMode)\n\t\t}\n\t\tvar tmp2 pulumi.String\n\t\tif config.NameIdPolicyFormat == \"\" {\n\t\t\ttmp2 = nil\n\t\t} else {\n\t\t\ttmp2 = pulumi.String(config.NameIdPolicyFormat)\n\t\t}\n\t\tvar tmp3 pulumi.String\n\t\tif config.PrincipalType == \"\" {\n\t\t\ttmp3 = nil\n\t\t} else {\n\t\t\ttmp3 = pulumi.String(config.PrincipalType)\n\t\t}\n\t\tvar tmp4 pulumi.String\n\t\tif config.SignatureType == \"\" {\n\t\t\ttmp4 = nil\n\t\t} else {\n\t\t\ttmp4 = pulumi.String(config.SignatureType)\n\t\t}\n\t\tvar tmp5 pulumi.String\n\t\tif config.SamlXmlKeyNameTranformer == \"\" {\n\t\t\ttmp5 = nil\n\t\t} else {\n\t\t\ttmp5 = pulumi.String(config.SamlXmlKeyNameTranformer)\n\t\t}\n\t\tvar tmp6 pulumi.String\n\t\tif config.GuiOrder == \"\" {\n\t\t\ttmp6 = nil\n\t\t} else {\n\t\t\ttmp6 = pulumi.String(config.GuiOrder)\n\t\t}\n\t\tvar tmp7 pulumi.String\n\t\tif config.XmlSigKeyInfoKeyNameTransformer == \"\" {\n\t\t\ttmp7 = nil\n\t\t} else {\n\t\t\ttmp7 = pulumi.String(config.XmlSigKeyInfoKeyNameTransformer)\n\t\t}\n\t\tvar tmp8 pulumi.String\n\t\tif config.SigningCertificate == \"\" {\n\t\t\ttmp8 = nil\n\t\t} else {\n\t\t\ttmp8 = pulumi.String(config.SigningCertificate)\n\t\t}\n\t\tvar tmp9 pulumi.String\n\t\tif config.SamlMetadataUrl == \"\" {\n\t\t\ttmp9 = nil\n\t\t} else {\n\t\t\ttmp9 = pulumi.String(config.SamlMetadataUrl)\n\t\t}\n\t\tvar tmp10 pulumi.String\n\t\tif config.Base64SamlMetadataDocument == \"\" {\n\t\t\ttmp10 = nil\n\t\t} else {\n\t\t\ttmp10 = pulumi.String(config.Base64SamlMetadataDocument)\n\t\t}\n\t\tvar tmp11 pulumi.String\n\t\tif config.LdapGroupAttribute == \"\" {\n\t\t\ttmp11 = nil\n\t\t} else {\n\t\t\ttmp11 = pulumi.String(config.LdapGroupAttribute)\n\t\t}\n\t\t_, err = cyral.NewIntegrationIdpAdfs(ctx, \"someResourceName\", &cyral.IntegrationIdpAdfsArgs{\n\t\t\tSamlp: &cyral.IntegrationIdpAdfsSamlpArgs{\n\t\t\t\tProviderId: pulumi.String(\"saml\"),\n\t\t\t\tDisabled: pulumi.Bool(false),\n\t\t\t\tFirstBrokerLoginFlowAlias: pulumi.String(\"SAML_First_Broker\"),\n\t\t\t\tPostBrokerLoginFlowAlias: pulumi.String(\"\"),\n\t\t\t\tDisplayName: pulumi.String(\"Custom-ADFS\"),\n\t\t\t\tStoreToken: pulumi.Bool(false),\n\t\t\t\tAddReadTokenRoleOnCreate: pulumi.Bool(false),\n\t\t\t\tTrustEmail: pulumi.Bool(false),\n\t\t\t\tLinkOnly: pulumi.Bool(false),\n\t\t\t\tConfig: &cyral.IntegrationIdpAdfsSamlpConfigArgs{\n\t\t\t\t\tSingleSignOnServiceUrl: pulumi.String(config.SingleSignOnServiceUrl),\n\t\t\t\t\tSingleLogoutServiceUrl: pulumi.String(tmp0),\n\t\t\t\t\tDisableUsingJwksUrl: pulumi.Bool(config.DisableUsingJwksUrl),\n\t\t\t\t\tSyncMode: pulumi.String(tmp1),\n\t\t\t\t\tNameIdPolicyFormat: pulumi.String(tmp2),\n\t\t\t\t\tPrincipalType: pulumi.String(tmp3),\n\t\t\t\t\tSignatureType: pulumi.String(tmp4),\n\t\t\t\t\tSamlXmlKeyNameTranformer: pulumi.String(tmp5),\n\t\t\t\t\tHideOnLoginPage: pulumi.Bool(config.HideOnLoginPage),\n\t\t\t\t\tBackChannelSupported: pulumi.Bool(config.BackChannelSupported),\n\t\t\t\t\tDisablePostBindingResponse: pulumi.Bool(config.DisablePostBindingResponse),\n\t\t\t\t\tDisablePostBindingAuthnRequest: pulumi.Bool(config.DisablePostBindingAuthnRequest),\n\t\t\t\t\tDisablePostBindingLogout: pulumi.Bool(config.DisablePostBindingLogout),\n\t\t\t\t\tWantAssertionsEncrypted: pulumi.Bool(config.WantAssertionsEncrypted),\n\t\t\t\t\tDisableForceAuthentication: pulumi.Bool(config.DisableForceAuthentication),\n\t\t\t\t\tGuiOrder: pulumi.String(tmp6),\n\t\t\t\t\tXmlSigKeyInfoKeyNameTransformer: pulumi.String(tmp7),\n\t\t\t\t\tSigningCertificate: pulumi.String(tmp8),\n\t\t\t\t\tAllowedClockSkew: pulumi.Float64(config.AllowedClockSkew),\n\t\t\t\t\tSamlMetadataUrl: pulumi.String(tmp9),\n\t\t\t\t\tBase64SamlMetadataDocument: pulumi.String(tmp10),\n\t\t\t\t\tLdapGroupAttribute: pulumi.String(tmp11),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.CyralFunctions;\nimport com.pulumi.cyral.inputs.GetSamlConfigurationArgs;\nimport com.pulumi.cyral.IntegrationIdpAdfs;\nimport com.pulumi.cyral.IntegrationIdpAdfsArgs;\nimport com.pulumi.cyral.inputs.IntegrationIdpAdfsSamlpArgs;\nimport com.pulumi.cyral.inputs.IntegrationIdpAdfsSamlpConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var someDataSourceName = CyralFunctions.getSamlConfiguration(GetSamlConfigurationArgs.builder()\n .samlMetadataUrl(\"some_metadata_url\")\n .build());\n\n final var config = someDataSourceName.applyValue(getSamlConfigurationResult -> getSamlConfigurationResult);\n\n var someResourceName = new IntegrationIdpAdfs(\"someResourceName\", IntegrationIdpAdfsArgs.builder()\n .samlp(IntegrationIdpAdfsSamlpArgs.builder()\n .providerId(\"saml\")\n .disabled(false)\n .firstBrokerLoginFlowAlias(\"SAML_First_Broker\")\n .postBrokerLoginFlowAlias(\"\")\n .displayName(\"Custom-ADFS\")\n .storeToken(false)\n .addReadTokenRoleOnCreate(false)\n .trustEmail(false)\n .linkOnly(false)\n .config(IntegrationIdpAdfsSamlpConfigArgs.builder()\n .singleSignOnServiceUrl(config.singleSignOnServiceUrl())\n .singleLogoutServiceUrl(config.singleLogoutServiceUrl() == \"\" ? null : config.singleLogoutServiceUrl())\n .disableUsingJwksUrl(config.disableUsingJwksUrl())\n .syncMode(config.syncMode() == \"\" ? null : config.syncMode())\n .nameIdPolicyFormat(config.nameIdPolicyFormat() == \"\" ? null : config.nameIdPolicyFormat())\n .principalType(config.principalType() == \"\" ? null : config.principalType())\n .signatureType(config.signatureType() == \"\" ? null : config.signatureType())\n .samlXmlKeyNameTranformer(config.samlXmlKeyNameTranformer() == \"\" ? null : config.samlXmlKeyNameTranformer())\n .hideOnLoginPage(config.hideOnLoginPage())\n .backChannelSupported(config.backChannelSupported())\n .disablePostBindingResponse(config.disablePostBindingResponse())\n .disablePostBindingAuthnRequest(config.disablePostBindingAuthnRequest())\n .disablePostBindingLogout(config.disablePostBindingLogout())\n .wantAssertionsEncrypted(config.wantAssertionsEncrypted())\n .disableForceAuthentication(config.disableForceAuthentication())\n .guiOrder(config.guiOrder() == \"\" ? null : config.guiOrder())\n .xmlSigKeyInfoKeyNameTransformer(config.xmlSigKeyInfoKeyNameTransformer() == \"\" ? null : config.xmlSigKeyInfoKeyNameTransformer())\n .signingCertificate(config.signingCertificate() == \"\" ? null : config.signingCertificate())\n .allowedClockSkew(config.allowedClockSkew())\n .samlMetadataUrl(config.samlMetadataUrl() == \"\" ? null : config.samlMetadataUrl())\n .base64SamlMetadataDocument(config.base64SamlMetadataDocument() == \"\" ? null : config.base64SamlMetadataDocument())\n .ldapGroupAttribute(config.ldapGroupAttribute() == \"\" ? null : config.ldapGroupAttribute())\n .build())\n .build())\n .build());\n\n }\n}\n```\n\n\n> When using the SAML Configuration Data Source to configure this IdP Integration resource, consider verifying if the `string` attributes are `empty` like in the example above so that the resource arguments can be used with their default values, instead of setting them as empty.\n", "properties": { "draftAlias": { "type": "string", "description": "An `alias` that uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the same `alias`. Defaults to `\"\"`.\n" }, "samlp": { "$ref": "#/types/cyral:index%2FIntegrationIdpAdfsSamlp:IntegrationIdpAdfsSamlp", "description": "It contains the top-level configuration for an identity provider.\n" } }, "type": "object", "required": [ "samlp" ], "inputProperties": { "draftAlias": { "type": "string", "description": "An `alias` that uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the same `alias`. Defaults to `\"\"`.\n" }, "samlp": { "$ref": "#/types/cyral:index%2FIntegrationIdpAdfsSamlp:IntegrationIdpAdfsSamlp", "description": "It contains the top-level configuration for an identity provider.\n" } }, "requiredInputs": [ "samlp" ], "stateInputs": { "description": "Input properties used for looking up and filtering IntegrationIdpAdfs resources.\n", "properties": { "draftAlias": { "type": "string", "description": "An `alias` that uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the same `alias`. Defaults to `\"\"`.\n" }, "samlp": { "$ref": "#/types/cyral:index%2FIntegrationIdpAdfsSamlp:IntegrationIdpAdfsSamlp", "description": "It contains the top-level configuration for an identity provider.\n" } }, "type": "object" } }, "cyral:index/integrationIdpForgerock:IntegrationIdpForgerock": { "description": "## # cyral.IntegrationIdpForgerock (Resource)\n\nManages [integration with Forgerock](https://cyral.com/docs/integrations/authentication/idp/forgerock) identity provider to allow single-sign on to Cyral.\n\n## Example Usage\n\n### Integration with Default Configuration\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst someResourceName = new cyral.IntegrationIdpForgerock(\"someResourceName\", {samlp: {\n config: {\n singleSignOnServiceUrl: \"some_sso_url\",\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsome_resource_name = cyral.IntegrationIdpForgerock(\"someResourceName\", samlp={\n \"config\": {\n \"single_sign_on_service_url\": \"some_sso_url\",\n },\n})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var someResourceName = new Cyral.IntegrationIdpForgerock(\"someResourceName\", new()\n {\n Samlp = new Cyral.Inputs.IntegrationIdpForgerockSamlpArgs\n {\n Config = new Cyral.Inputs.IntegrationIdpForgerockSamlpConfigArgs\n {\n SingleSignOnServiceUrl = \"some_sso_url\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cyral.NewIntegrationIdpForgerock(ctx, \"someResourceName\", &cyral.IntegrationIdpForgerockArgs{\n\t\t\tSamlp: &cyral.IntegrationIdpForgerockSamlpArgs{\n\t\t\t\tConfig: &cyral.IntegrationIdpForgerockSamlpConfigArgs{\n\t\t\t\t\tSingleSignOnServiceUrl: pulumi.String(\"some_sso_url\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.IntegrationIdpForgerock;\nimport com.pulumi.cyral.IntegrationIdpForgerockArgs;\nimport com.pulumi.cyral.inputs.IntegrationIdpForgerockSamlpArgs;\nimport com.pulumi.cyral.inputs.IntegrationIdpForgerockSamlpConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var someResourceName = new IntegrationIdpForgerock(\"someResourceName\", IntegrationIdpForgerockArgs.builder()\n .samlp(IntegrationIdpForgerockSamlpArgs.builder()\n .config(IntegrationIdpForgerockSamlpConfigArgs.builder()\n .singleSignOnServiceUrl(\"some_sso_url\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n someResourceName:\n type: cyral:IntegrationIdpForgerock\n properties:\n samlp:\n config:\n singleSignOnServiceUrl: some_sso_url\n```\n\n\n### Integration using SAML Configuration Data Source\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst someDataSourceName = cyral.getSamlConfiguration({\n samlMetadataUrl: \"some_metadata_url\",\n});\nconst config = someDataSourceName;\nconst someResourceName = new cyral.IntegrationIdpForgerock(\"someResourceName\", {samlp: {\n providerId: \"saml\",\n disabled: false,\n firstBrokerLoginFlowAlias: \"SAML_First_Broker\",\n postBrokerLoginFlowAlias: \"\",\n displayName: \"Custom-Forgerock\",\n storeToken: false,\n addReadTokenRoleOnCreate: false,\n trustEmail: false,\n linkOnly: false,\n config: {\n singleSignOnServiceUrl: config.then(config => config.singleSignOnServiceUrl),\n singleLogoutServiceUrl: Promise.all([config, config]).then(([config, config1]) => config.singleLogoutServiceUrl == \"\" ? undefined : config1.singleLogoutServiceUrl),\n disableUsingJwksUrl: config.then(config => config.disableUsingJwksUrl),\n syncMode: Promise.all([config, config]).then(([config, config1]) => config.syncMode == \"\" ? undefined : config1.syncMode),\n nameIdPolicyFormat: Promise.all([config, config]).then(([config, config1]) => config.nameIdPolicyFormat == \"\" ? undefined : config1.nameIdPolicyFormat),\n principalType: Promise.all([config, config]).then(([config, config1]) => config.principalType == \"\" ? undefined : config1.principalType),\n signatureType: Promise.all([config, config]).then(([config, config1]) => config.signatureType == \"\" ? undefined : config1.signatureType),\n samlXmlKeyNameTranformer: Promise.all([config, config]).then(([config, config1]) => config.samlXmlKeyNameTranformer == \"\" ? undefined : config1.samlXmlKeyNameTranformer),\n hideOnLoginPage: config.then(config => config.hideOnLoginPage),\n backChannelSupported: config.then(config => config.backChannelSupported),\n disablePostBindingResponse: config.then(config => config.disablePostBindingResponse),\n disablePostBindingAuthnRequest: config.then(config => config.disablePostBindingAuthnRequest),\n disablePostBindingLogout: config.then(config => config.disablePostBindingLogout),\n wantAssertionsEncrypted: config.then(config => config.wantAssertionsEncrypted),\n disableForceAuthentication: config.then(config => config.disableForceAuthentication),\n guiOrder: Promise.all([config, config]).then(([config, config1]) => config.guiOrder == \"\" ? undefined : config1.guiOrder),\n xmlSigKeyInfoKeyNameTransformer: Promise.all([config, config]).then(([config, config1]) => config.xmlSigKeyInfoKeyNameTransformer == \"\" ? undefined : config1.xmlSigKeyInfoKeyNameTransformer),\n signingCertificate: Promise.all([config, config]).then(([config, config1]) => config.signingCertificate == \"\" ? undefined : config1.signingCertificate),\n allowedClockSkew: config.then(config => config.allowedClockSkew),\n samlMetadataUrl: Promise.all([config, config]).then(([config, config1]) => config.samlMetadataUrl == \"\" ? undefined : config1.samlMetadataUrl),\n base64SamlMetadataDocument: Promise.all([config, config]).then(([config, config1]) => config.base64SamlMetadataDocument == \"\" ? undefined : config1.base64SamlMetadataDocument),\n ldapGroupAttribute: Promise.all([config, config]).then(([config, config1]) => config.ldapGroupAttribute == \"\" ? undefined : config1.ldapGroupAttribute),\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsome_data_source_name = cyral.get_saml_configuration(saml_metadata_url=\"some_metadata_url\")\nconfig = some_data_source_name\nsome_resource_name = cyral.IntegrationIdpForgerock(\"someResourceName\", samlp={\n \"provider_id\": \"saml\",\n \"disabled\": False,\n \"first_broker_login_flow_alias\": \"SAML_First_Broker\",\n \"post_broker_login_flow_alias\": \"\",\n \"display_name\": \"Custom-Forgerock\",\n \"store_token\": False,\n \"add_read_token_role_on_create\": False,\n \"trust_email\": False,\n \"link_only\": False,\n \"config\": {\n \"single_sign_on_service_url\": config.single_sign_on_service_url,\n \"single_logout_service_url\": None if config.single_logout_service_url == \"\" else config.single_logout_service_url,\n \"disable_using_jwks_url\": config.disable_using_jwks_url,\n \"sync_mode\": None if config.sync_mode == \"\" else config.sync_mode,\n \"name_id_policy_format\": None if config.name_id_policy_format == \"\" else config.name_id_policy_format,\n \"principal_type\": None if config.principal_type == \"\" else config.principal_type,\n \"signature_type\": None if config.signature_type == \"\" else config.signature_type,\n \"saml_xml_key_name_tranformer\": None if config.saml_xml_key_name_tranformer == \"\" else config.saml_xml_key_name_tranformer,\n \"hide_on_login_page\": config.hide_on_login_page,\n \"back_channel_supported\": config.back_channel_supported,\n \"disable_post_binding_response\": config.disable_post_binding_response,\n \"disable_post_binding_authn_request\": config.disable_post_binding_authn_request,\n \"disable_post_binding_logout\": config.disable_post_binding_logout,\n \"want_assertions_encrypted\": config.want_assertions_encrypted,\n \"disable_force_authentication\": config.disable_force_authentication,\n \"gui_order\": None if config.gui_order == \"\" else config.gui_order,\n \"xml_sig_key_info_key_name_transformer\": None if config.xml_sig_key_info_key_name_transformer == \"\" else config.xml_sig_key_info_key_name_transformer,\n \"signing_certificate\": None if config.signing_certificate == \"\" else config.signing_certificate,\n \"allowed_clock_skew\": config.allowed_clock_skew,\n \"saml_metadata_url\": None if config.saml_metadata_url == \"\" else config.saml_metadata_url,\n \"base64_saml_metadata_document\": None if config.base64_saml_metadata_document == \"\" else config.base64_saml_metadata_document,\n \"ldap_group_attribute\": None if config.ldap_group_attribute == \"\" else config.ldap_group_attribute,\n },\n})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var someDataSourceName = Cyral.GetSamlConfiguration.Invoke(new()\n {\n SamlMetadataUrl = \"some_metadata_url\",\n });\n\n var config = someDataSourceName;\n\n var someResourceName = new Cyral.IntegrationIdpForgerock(\"someResourceName\", new()\n {\n Samlp = new Cyral.Inputs.IntegrationIdpForgerockSamlpArgs\n {\n ProviderId = \"saml\",\n Disabled = false,\n FirstBrokerLoginFlowAlias = \"SAML_First_Broker\",\n PostBrokerLoginFlowAlias = \"\",\n DisplayName = \"Custom-Forgerock\",\n StoreToken = false,\n AddReadTokenRoleOnCreate = false,\n TrustEmail = false,\n LinkOnly = false,\n Config = new Cyral.Inputs.IntegrationIdpForgerockSamlpConfigArgs\n {\n SingleSignOnServiceUrl = config.Apply(config => config.SingleSignOnServiceUrl),\n SingleLogoutServiceUrl = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SingleLogoutServiceUrl == \"\" ? null : config1.SingleLogoutServiceUrl;\n }),\n DisableUsingJwksUrl = config.Apply(config => config.DisableUsingJwksUrl),\n SyncMode = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SyncMode == \"\" ? null : config1.SyncMode;\n }),\n NameIdPolicyFormat = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.NameIdPolicyFormat == \"\" ? null : config1.NameIdPolicyFormat;\n }),\n PrincipalType = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.PrincipalType == \"\" ? null : config1.PrincipalType;\n }),\n SignatureType = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SignatureType == \"\" ? null : config1.SignatureType;\n }),\n SamlXmlKeyNameTranformer = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SamlXmlKeyNameTranformer == \"\" ? null : config1.SamlXmlKeyNameTranformer;\n }),\n HideOnLoginPage = config.Apply(config => config.HideOnLoginPage),\n BackChannelSupported = config.Apply(config => config.BackChannelSupported),\n DisablePostBindingResponse = config.Apply(config => config.DisablePostBindingResponse),\n DisablePostBindingAuthnRequest = config.Apply(config => config.DisablePostBindingAuthnRequest),\n DisablePostBindingLogout = config.Apply(config => config.DisablePostBindingLogout),\n WantAssertionsEncrypted = config.Apply(config => config.WantAssertionsEncrypted),\n DisableForceAuthentication = config.Apply(config => config.DisableForceAuthentication),\n GuiOrder = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.GuiOrder == \"\" ? null : config1.GuiOrder;\n }),\n XmlSigKeyInfoKeyNameTransformer = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.XmlSigKeyInfoKeyNameTransformer == \"\" ? null : config1.XmlSigKeyInfoKeyNameTransformer;\n }),\n SigningCertificate = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SigningCertificate == \"\" ? null : config1.SigningCertificate;\n }),\n AllowedClockSkew = config.Apply(config => config.AllowedClockSkew),\n SamlMetadataUrl = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SamlMetadataUrl == \"\" ? null : config1.SamlMetadataUrl;\n }),\n Base64SamlMetadataDocument = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.Base64SamlMetadataDocument == \"\" ? null : config1.Base64SamlMetadataDocument;\n }),\n LdapGroupAttribute = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.LdapGroupAttribute == \"\" ? null : config1.LdapGroupAttribute;\n }),\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsomeDataSourceName, err := cyral.GetSamlConfiguration(ctx, &cyral.GetSamlConfigurationArgs{\n\t\t\tSamlMetadataUrl: pulumi.StringRef(\"some_metadata_url\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tconfig := someDataSourceName\n\t\tvar tmp0 pulumi.String\n\t\tif config.SingleLogoutServiceUrl == \"\" {\n\t\t\ttmp0 = nil\n\t\t} else {\n\t\t\ttmp0 = pulumi.String(config.SingleLogoutServiceUrl)\n\t\t}\n\t\tvar tmp1 pulumi.String\n\t\tif config.SyncMode == \"\" {\n\t\t\ttmp1 = nil\n\t\t} else {\n\t\t\ttmp1 = pulumi.String(config.SyncMode)\n\t\t}\n\t\tvar tmp2 pulumi.String\n\t\tif config.NameIdPolicyFormat == \"\" {\n\t\t\ttmp2 = nil\n\t\t} else {\n\t\t\ttmp2 = pulumi.String(config.NameIdPolicyFormat)\n\t\t}\n\t\tvar tmp3 pulumi.String\n\t\tif config.PrincipalType == \"\" {\n\t\t\ttmp3 = nil\n\t\t} else {\n\t\t\ttmp3 = pulumi.String(config.PrincipalType)\n\t\t}\n\t\tvar tmp4 pulumi.String\n\t\tif config.SignatureType == \"\" {\n\t\t\ttmp4 = nil\n\t\t} else {\n\t\t\ttmp4 = pulumi.String(config.SignatureType)\n\t\t}\n\t\tvar tmp5 pulumi.String\n\t\tif config.SamlXmlKeyNameTranformer == \"\" {\n\t\t\ttmp5 = nil\n\t\t} else {\n\t\t\ttmp5 = pulumi.String(config.SamlXmlKeyNameTranformer)\n\t\t}\n\t\tvar tmp6 pulumi.String\n\t\tif config.GuiOrder == \"\" {\n\t\t\ttmp6 = nil\n\t\t} else {\n\t\t\ttmp6 = pulumi.String(config.GuiOrder)\n\t\t}\n\t\tvar tmp7 pulumi.String\n\t\tif config.XmlSigKeyInfoKeyNameTransformer == \"\" {\n\t\t\ttmp7 = nil\n\t\t} else {\n\t\t\ttmp7 = pulumi.String(config.XmlSigKeyInfoKeyNameTransformer)\n\t\t}\n\t\tvar tmp8 pulumi.String\n\t\tif config.SigningCertificate == \"\" {\n\t\t\ttmp8 = nil\n\t\t} else {\n\t\t\ttmp8 = pulumi.String(config.SigningCertificate)\n\t\t}\n\t\tvar tmp9 pulumi.String\n\t\tif config.SamlMetadataUrl == \"\" {\n\t\t\ttmp9 = nil\n\t\t} else {\n\t\t\ttmp9 = pulumi.String(config.SamlMetadataUrl)\n\t\t}\n\t\tvar tmp10 pulumi.String\n\t\tif config.Base64SamlMetadataDocument == \"\" {\n\t\t\ttmp10 = nil\n\t\t} else {\n\t\t\ttmp10 = pulumi.String(config.Base64SamlMetadataDocument)\n\t\t}\n\t\tvar tmp11 pulumi.String\n\t\tif config.LdapGroupAttribute == \"\" {\n\t\t\ttmp11 = nil\n\t\t} else {\n\t\t\ttmp11 = pulumi.String(config.LdapGroupAttribute)\n\t\t}\n\t\t_, err = cyral.NewIntegrationIdpForgerock(ctx, \"someResourceName\", &cyral.IntegrationIdpForgerockArgs{\n\t\t\tSamlp: &cyral.IntegrationIdpForgerockSamlpArgs{\n\t\t\t\tProviderId: pulumi.String(\"saml\"),\n\t\t\t\tDisabled: pulumi.Bool(false),\n\t\t\t\tFirstBrokerLoginFlowAlias: pulumi.String(\"SAML_First_Broker\"),\n\t\t\t\tPostBrokerLoginFlowAlias: pulumi.String(\"\"),\n\t\t\t\tDisplayName: pulumi.String(\"Custom-Forgerock\"),\n\t\t\t\tStoreToken: pulumi.Bool(false),\n\t\t\t\tAddReadTokenRoleOnCreate: pulumi.Bool(false),\n\t\t\t\tTrustEmail: pulumi.Bool(false),\n\t\t\t\tLinkOnly: pulumi.Bool(false),\n\t\t\t\tConfig: &cyral.IntegrationIdpForgerockSamlpConfigArgs{\n\t\t\t\t\tSingleSignOnServiceUrl: pulumi.String(config.SingleSignOnServiceUrl),\n\t\t\t\t\tSingleLogoutServiceUrl: pulumi.String(tmp0),\n\t\t\t\t\tDisableUsingJwksUrl: pulumi.Bool(config.DisableUsingJwksUrl),\n\t\t\t\t\tSyncMode: pulumi.String(tmp1),\n\t\t\t\t\tNameIdPolicyFormat: pulumi.String(tmp2),\n\t\t\t\t\tPrincipalType: pulumi.String(tmp3),\n\t\t\t\t\tSignatureType: pulumi.String(tmp4),\n\t\t\t\t\tSamlXmlKeyNameTranformer: pulumi.String(tmp5),\n\t\t\t\t\tHideOnLoginPage: pulumi.Bool(config.HideOnLoginPage),\n\t\t\t\t\tBackChannelSupported: pulumi.Bool(config.BackChannelSupported),\n\t\t\t\t\tDisablePostBindingResponse: pulumi.Bool(config.DisablePostBindingResponse),\n\t\t\t\t\tDisablePostBindingAuthnRequest: pulumi.Bool(config.DisablePostBindingAuthnRequest),\n\t\t\t\t\tDisablePostBindingLogout: pulumi.Bool(config.DisablePostBindingLogout),\n\t\t\t\t\tWantAssertionsEncrypted: pulumi.Bool(config.WantAssertionsEncrypted),\n\t\t\t\t\tDisableForceAuthentication: pulumi.Bool(config.DisableForceAuthentication),\n\t\t\t\t\tGuiOrder: pulumi.String(tmp6),\n\t\t\t\t\tXmlSigKeyInfoKeyNameTransformer: pulumi.String(tmp7),\n\t\t\t\t\tSigningCertificate: pulumi.String(tmp8),\n\t\t\t\t\tAllowedClockSkew: pulumi.Float64(config.AllowedClockSkew),\n\t\t\t\t\tSamlMetadataUrl: pulumi.String(tmp9),\n\t\t\t\t\tBase64SamlMetadataDocument: pulumi.String(tmp10),\n\t\t\t\t\tLdapGroupAttribute: pulumi.String(tmp11),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.CyralFunctions;\nimport com.pulumi.cyral.inputs.GetSamlConfigurationArgs;\nimport com.pulumi.cyral.IntegrationIdpForgerock;\nimport com.pulumi.cyral.IntegrationIdpForgerockArgs;\nimport com.pulumi.cyral.inputs.IntegrationIdpForgerockSamlpArgs;\nimport com.pulumi.cyral.inputs.IntegrationIdpForgerockSamlpConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var someDataSourceName = CyralFunctions.getSamlConfiguration(GetSamlConfigurationArgs.builder()\n .samlMetadataUrl(\"some_metadata_url\")\n .build());\n\n final var config = someDataSourceName.applyValue(getSamlConfigurationResult -> getSamlConfigurationResult);\n\n var someResourceName = new IntegrationIdpForgerock(\"someResourceName\", IntegrationIdpForgerockArgs.builder()\n .samlp(IntegrationIdpForgerockSamlpArgs.builder()\n .providerId(\"saml\")\n .disabled(false)\n .firstBrokerLoginFlowAlias(\"SAML_First_Broker\")\n .postBrokerLoginFlowAlias(\"\")\n .displayName(\"Custom-Forgerock\")\n .storeToken(false)\n .addReadTokenRoleOnCreate(false)\n .trustEmail(false)\n .linkOnly(false)\n .config(IntegrationIdpForgerockSamlpConfigArgs.builder()\n .singleSignOnServiceUrl(config.singleSignOnServiceUrl())\n .singleLogoutServiceUrl(config.singleLogoutServiceUrl() == \"\" ? null : config.singleLogoutServiceUrl())\n .disableUsingJwksUrl(config.disableUsingJwksUrl())\n .syncMode(config.syncMode() == \"\" ? null : config.syncMode())\n .nameIdPolicyFormat(config.nameIdPolicyFormat() == \"\" ? null : config.nameIdPolicyFormat())\n .principalType(config.principalType() == \"\" ? null : config.principalType())\n .signatureType(config.signatureType() == \"\" ? null : config.signatureType())\n .samlXmlKeyNameTranformer(config.samlXmlKeyNameTranformer() == \"\" ? null : config.samlXmlKeyNameTranformer())\n .hideOnLoginPage(config.hideOnLoginPage())\n .backChannelSupported(config.backChannelSupported())\n .disablePostBindingResponse(config.disablePostBindingResponse())\n .disablePostBindingAuthnRequest(config.disablePostBindingAuthnRequest())\n .disablePostBindingLogout(config.disablePostBindingLogout())\n .wantAssertionsEncrypted(config.wantAssertionsEncrypted())\n .disableForceAuthentication(config.disableForceAuthentication())\n .guiOrder(config.guiOrder() == \"\" ? null : config.guiOrder())\n .xmlSigKeyInfoKeyNameTransformer(config.xmlSigKeyInfoKeyNameTransformer() == \"\" ? null : config.xmlSigKeyInfoKeyNameTransformer())\n .signingCertificate(config.signingCertificate() == \"\" ? null : config.signingCertificate())\n .allowedClockSkew(config.allowedClockSkew())\n .samlMetadataUrl(config.samlMetadataUrl() == \"\" ? null : config.samlMetadataUrl())\n .base64SamlMetadataDocument(config.base64SamlMetadataDocument() == \"\" ? null : config.base64SamlMetadataDocument())\n .ldapGroupAttribute(config.ldapGroupAttribute() == \"\" ? null : config.ldapGroupAttribute())\n .build())\n .build())\n .build());\n\n }\n}\n```\n\n\n> When using the SAML Configuration Data Source to configure this IdP Integration resource, consider verifying if the `string` attributes are `empty` like in the example above so that the resource arguments can be used with their default values, instead of setting them as empty.\n", "properties": { "draftAlias": { "type": "string", "description": "An `alias` that uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the same `alias`. Defaults to `\"\"`.\n" }, "samlp": { "$ref": "#/types/cyral:index%2FIntegrationIdpForgerockSamlp:IntegrationIdpForgerockSamlp", "description": "It contains the top-level configuration for an identity provider.\n" } }, "type": "object", "required": [ "samlp" ], "inputProperties": { "draftAlias": { "type": "string", "description": "An `alias` that uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the same `alias`. Defaults to `\"\"`.\n" }, "samlp": { "$ref": "#/types/cyral:index%2FIntegrationIdpForgerockSamlp:IntegrationIdpForgerockSamlp", "description": "It contains the top-level configuration for an identity provider.\n" } }, "requiredInputs": [ "samlp" ], "stateInputs": { "description": "Input properties used for looking up and filtering IntegrationIdpForgerock resources.\n", "properties": { "draftAlias": { "type": "string", "description": "An `alias` that uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the same `alias`. Defaults to `\"\"`.\n" }, "samlp": { "$ref": "#/types/cyral:index%2FIntegrationIdpForgerockSamlp:IntegrationIdpForgerockSamlp", "description": "It contains the top-level configuration for an identity provider.\n" } }, "type": "object" } }, "cyral:index/integrationIdpGsuite:IntegrationIdpGsuite": { "description": "## # cyral.IntegrationIdpGsuite (Resource)\n\n> **DEPRECATED** Use resource and data source `cyral.IntegrationIdpSaml` instead.\n\n## Example Usage\n\n### Integration with Default Configurationg\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst someResourceName = new cyral.IntegrationIdpGsuite(\"someResourceName\", {samlp: {\n config: {\n singleSignOnServiceUrl: \"some_sso_url\",\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsome_resource_name = cyral.IntegrationIdpGsuite(\"someResourceName\", samlp={\n \"config\": {\n \"single_sign_on_service_url\": \"some_sso_url\",\n },\n})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var someResourceName = new Cyral.IntegrationIdpGsuite(\"someResourceName\", new()\n {\n Samlp = new Cyral.Inputs.IntegrationIdpGsuiteSamlpArgs\n {\n Config = new Cyral.Inputs.IntegrationIdpGsuiteSamlpConfigArgs\n {\n SingleSignOnServiceUrl = \"some_sso_url\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cyral.NewIntegrationIdpGsuite(ctx, \"someResourceName\", &cyral.IntegrationIdpGsuiteArgs{\n\t\t\tSamlp: &cyral.IntegrationIdpGsuiteSamlpArgs{\n\t\t\t\tConfig: &cyral.IntegrationIdpGsuiteSamlpConfigArgs{\n\t\t\t\t\tSingleSignOnServiceUrl: pulumi.String(\"some_sso_url\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.IntegrationIdpGsuite;\nimport com.pulumi.cyral.IntegrationIdpGsuiteArgs;\nimport com.pulumi.cyral.inputs.IntegrationIdpGsuiteSamlpArgs;\nimport com.pulumi.cyral.inputs.IntegrationIdpGsuiteSamlpConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var someResourceName = new IntegrationIdpGsuite(\"someResourceName\", IntegrationIdpGsuiteArgs.builder()\n .samlp(IntegrationIdpGsuiteSamlpArgs.builder()\n .config(IntegrationIdpGsuiteSamlpConfigArgs.builder()\n .singleSignOnServiceUrl(\"some_sso_url\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n someResourceName:\n type: cyral:IntegrationIdpGsuite\n properties:\n samlp:\n config:\n singleSignOnServiceUrl: some_sso_url\n```\n\n\n### Integration using SAML Configuration Data Source\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst someDataSourceName = cyral.getSamlConfiguration({\n samlMetadataUrl: \"some_metadata_url\",\n});\nconst config = someDataSourceName;\nconst someResourceName = new cyral.IntegrationIdpGsuite(\"someResourceName\", {samlp: {\n providerId: \"saml\",\n disabled: false,\n firstBrokerLoginFlowAlias: \"SAML_First_Broker\",\n postBrokerLoginFlowAlias: \"\",\n displayName: \"Custom-GSuite\",\n storeToken: false,\n addReadTokenRoleOnCreate: false,\n trustEmail: false,\n linkOnly: false,\n config: {\n singleSignOnServiceUrl: config.then(config => config.singleSignOnServiceUrl),\n singleLogoutServiceUrl: Promise.all([config, config]).then(([config, config1]) => config.singleLogoutServiceUrl == \"\" ? undefined : config1.singleLogoutServiceUrl),\n disableUsingJwksUrl: config.then(config => config.disableUsingJwksUrl),\n syncMode: Promise.all([config, config]).then(([config, config1]) => config.syncMode == \"\" ? undefined : config1.syncMode),\n nameIdPolicyFormat: Promise.all([config, config]).then(([config, config1]) => config.nameIdPolicyFormat == \"\" ? undefined : config1.nameIdPolicyFormat),\n principalType: Promise.all([config, config]).then(([config, config1]) => config.principalType == \"\" ? undefined : config1.principalType),\n signatureType: Promise.all([config, config]).then(([config, config1]) => config.signatureType == \"\" ? undefined : config1.signatureType),\n samlXmlKeyNameTranformer: Promise.all([config, config]).then(([config, config1]) => config.samlXmlKeyNameTranformer == \"\" ? undefined : config1.samlXmlKeyNameTranformer),\n hideOnLoginPage: config.then(config => config.hideOnLoginPage),\n backChannelSupported: config.then(config => config.backChannelSupported),\n disablePostBindingResponse: config.then(config => config.disablePostBindingResponse),\n disablePostBindingAuthnRequest: config.then(config => config.disablePostBindingAuthnRequest),\n disablePostBindingLogout: config.then(config => config.disablePostBindingLogout),\n wantAssertionsEncrypted: config.then(config => config.wantAssertionsEncrypted),\n disableForceAuthentication: config.then(config => config.disableForceAuthentication),\n guiOrder: Promise.all([config, config]).then(([config, config1]) => config.guiOrder == \"\" ? undefined : config1.guiOrder),\n xmlSigKeyInfoKeyNameTransformer: Promise.all([config, config]).then(([config, config1]) => config.xmlSigKeyInfoKeyNameTransformer == \"\" ? undefined : config1.xmlSigKeyInfoKeyNameTransformer),\n signingCertificate: Promise.all([config, config]).then(([config, config1]) => config.signingCertificate == \"\" ? undefined : config1.signingCertificate),\n allowedClockSkew: config.then(config => config.allowedClockSkew),\n samlMetadataUrl: Promise.all([config, config]).then(([config, config1]) => config.samlMetadataUrl == \"\" ? undefined : config1.samlMetadataUrl),\n base64SamlMetadataDocument: Promise.all([config, config]).then(([config, config1]) => config.base64SamlMetadataDocument == \"\" ? undefined : config1.base64SamlMetadataDocument),\n ldapGroupAttribute: Promise.all([config, config]).then(([config, config1]) => config.ldapGroupAttribute == \"\" ? undefined : config1.ldapGroupAttribute),\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsome_data_source_name = cyral.get_saml_configuration(saml_metadata_url=\"some_metadata_url\")\nconfig = some_data_source_name\nsome_resource_name = cyral.IntegrationIdpGsuite(\"someResourceName\", samlp={\n \"provider_id\": \"saml\",\n \"disabled\": False,\n \"first_broker_login_flow_alias\": \"SAML_First_Broker\",\n \"post_broker_login_flow_alias\": \"\",\n \"display_name\": \"Custom-GSuite\",\n \"store_token\": False,\n \"add_read_token_role_on_create\": False,\n \"trust_email\": False,\n \"link_only\": False,\n \"config\": {\n \"single_sign_on_service_url\": config.single_sign_on_service_url,\n \"single_logout_service_url\": None if config.single_logout_service_url == \"\" else config.single_logout_service_url,\n \"disable_using_jwks_url\": config.disable_using_jwks_url,\n \"sync_mode\": None if config.sync_mode == \"\" else config.sync_mode,\n \"name_id_policy_format\": None if config.name_id_policy_format == \"\" else config.name_id_policy_format,\n \"principal_type\": None if config.principal_type == \"\" else config.principal_type,\n \"signature_type\": None if config.signature_type == \"\" else config.signature_type,\n \"saml_xml_key_name_tranformer\": None if config.saml_xml_key_name_tranformer == \"\" else config.saml_xml_key_name_tranformer,\n \"hide_on_login_page\": config.hide_on_login_page,\n \"back_channel_supported\": config.back_channel_supported,\n \"disable_post_binding_response\": config.disable_post_binding_response,\n \"disable_post_binding_authn_request\": config.disable_post_binding_authn_request,\n \"disable_post_binding_logout\": config.disable_post_binding_logout,\n \"want_assertions_encrypted\": config.want_assertions_encrypted,\n \"disable_force_authentication\": config.disable_force_authentication,\n \"gui_order\": None if config.gui_order == \"\" else config.gui_order,\n \"xml_sig_key_info_key_name_transformer\": None if config.xml_sig_key_info_key_name_transformer == \"\" else config.xml_sig_key_info_key_name_transformer,\n \"signing_certificate\": None if config.signing_certificate == \"\" else config.signing_certificate,\n \"allowed_clock_skew\": config.allowed_clock_skew,\n \"saml_metadata_url\": None if config.saml_metadata_url == \"\" else config.saml_metadata_url,\n \"base64_saml_metadata_document\": None if config.base64_saml_metadata_document == \"\" else config.base64_saml_metadata_document,\n \"ldap_group_attribute\": None if config.ldap_group_attribute == \"\" else config.ldap_group_attribute,\n },\n})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var someDataSourceName = Cyral.GetSamlConfiguration.Invoke(new()\n {\n SamlMetadataUrl = \"some_metadata_url\",\n });\n\n var config = someDataSourceName;\n\n var someResourceName = new Cyral.IntegrationIdpGsuite(\"someResourceName\", new()\n {\n Samlp = new Cyral.Inputs.IntegrationIdpGsuiteSamlpArgs\n {\n ProviderId = \"saml\",\n Disabled = false,\n FirstBrokerLoginFlowAlias = \"SAML_First_Broker\",\n PostBrokerLoginFlowAlias = \"\",\n DisplayName = \"Custom-GSuite\",\n StoreToken = false,\n AddReadTokenRoleOnCreate = false,\n TrustEmail = false,\n LinkOnly = false,\n Config = new Cyral.Inputs.IntegrationIdpGsuiteSamlpConfigArgs\n {\n SingleSignOnServiceUrl = config.Apply(config => config.SingleSignOnServiceUrl),\n SingleLogoutServiceUrl = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SingleLogoutServiceUrl == \"\" ? null : config1.SingleLogoutServiceUrl;\n }),\n DisableUsingJwksUrl = config.Apply(config => config.DisableUsingJwksUrl),\n SyncMode = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SyncMode == \"\" ? null : config1.SyncMode;\n }),\n NameIdPolicyFormat = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.NameIdPolicyFormat == \"\" ? null : config1.NameIdPolicyFormat;\n }),\n PrincipalType = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.PrincipalType == \"\" ? null : config1.PrincipalType;\n }),\n SignatureType = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SignatureType == \"\" ? null : config1.SignatureType;\n }),\n SamlXmlKeyNameTranformer = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SamlXmlKeyNameTranformer == \"\" ? null : config1.SamlXmlKeyNameTranformer;\n }),\n HideOnLoginPage = config.Apply(config => config.HideOnLoginPage),\n BackChannelSupported = config.Apply(config => config.BackChannelSupported),\n DisablePostBindingResponse = config.Apply(config => config.DisablePostBindingResponse),\n DisablePostBindingAuthnRequest = config.Apply(config => config.DisablePostBindingAuthnRequest),\n DisablePostBindingLogout = config.Apply(config => config.DisablePostBindingLogout),\n WantAssertionsEncrypted = config.Apply(config => config.WantAssertionsEncrypted),\n DisableForceAuthentication = config.Apply(config => config.DisableForceAuthentication),\n GuiOrder = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.GuiOrder == \"\" ? null : config1.GuiOrder;\n }),\n XmlSigKeyInfoKeyNameTransformer = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.XmlSigKeyInfoKeyNameTransformer == \"\" ? null : config1.XmlSigKeyInfoKeyNameTransformer;\n }),\n SigningCertificate = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SigningCertificate == \"\" ? null : config1.SigningCertificate;\n }),\n AllowedClockSkew = config.Apply(config => config.AllowedClockSkew),\n SamlMetadataUrl = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SamlMetadataUrl == \"\" ? null : config1.SamlMetadataUrl;\n }),\n Base64SamlMetadataDocument = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.Base64SamlMetadataDocument == \"\" ? null : config1.Base64SamlMetadataDocument;\n }),\n LdapGroupAttribute = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.LdapGroupAttribute == \"\" ? null : config1.LdapGroupAttribute;\n }),\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsomeDataSourceName, err := cyral.GetSamlConfiguration(ctx, &cyral.GetSamlConfigurationArgs{\n\t\t\tSamlMetadataUrl: pulumi.StringRef(\"some_metadata_url\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tconfig := someDataSourceName\n\t\tvar tmp0 pulumi.String\n\t\tif config.SingleLogoutServiceUrl == \"\" {\n\t\t\ttmp0 = nil\n\t\t} else {\n\t\t\ttmp0 = pulumi.String(config.SingleLogoutServiceUrl)\n\t\t}\n\t\tvar tmp1 pulumi.String\n\t\tif config.SyncMode == \"\" {\n\t\t\ttmp1 = nil\n\t\t} else {\n\t\t\ttmp1 = pulumi.String(config.SyncMode)\n\t\t}\n\t\tvar tmp2 pulumi.String\n\t\tif config.NameIdPolicyFormat == \"\" {\n\t\t\ttmp2 = nil\n\t\t} else {\n\t\t\ttmp2 = pulumi.String(config.NameIdPolicyFormat)\n\t\t}\n\t\tvar tmp3 pulumi.String\n\t\tif config.PrincipalType == \"\" {\n\t\t\ttmp3 = nil\n\t\t} else {\n\t\t\ttmp3 = pulumi.String(config.PrincipalType)\n\t\t}\n\t\tvar tmp4 pulumi.String\n\t\tif config.SignatureType == \"\" {\n\t\t\ttmp4 = nil\n\t\t} else {\n\t\t\ttmp4 = pulumi.String(config.SignatureType)\n\t\t}\n\t\tvar tmp5 pulumi.String\n\t\tif config.SamlXmlKeyNameTranformer == \"\" {\n\t\t\ttmp5 = nil\n\t\t} else {\n\t\t\ttmp5 = pulumi.String(config.SamlXmlKeyNameTranformer)\n\t\t}\n\t\tvar tmp6 pulumi.String\n\t\tif config.GuiOrder == \"\" {\n\t\t\ttmp6 = nil\n\t\t} else {\n\t\t\ttmp6 = pulumi.String(config.GuiOrder)\n\t\t}\n\t\tvar tmp7 pulumi.String\n\t\tif config.XmlSigKeyInfoKeyNameTransformer == \"\" {\n\t\t\ttmp7 = nil\n\t\t} else {\n\t\t\ttmp7 = pulumi.String(config.XmlSigKeyInfoKeyNameTransformer)\n\t\t}\n\t\tvar tmp8 pulumi.String\n\t\tif config.SigningCertificate == \"\" {\n\t\t\ttmp8 = nil\n\t\t} else {\n\t\t\ttmp8 = pulumi.String(config.SigningCertificate)\n\t\t}\n\t\tvar tmp9 pulumi.String\n\t\tif config.SamlMetadataUrl == \"\" {\n\t\t\ttmp9 = nil\n\t\t} else {\n\t\t\ttmp9 = pulumi.String(config.SamlMetadataUrl)\n\t\t}\n\t\tvar tmp10 pulumi.String\n\t\tif config.Base64SamlMetadataDocument == \"\" {\n\t\t\ttmp10 = nil\n\t\t} else {\n\t\t\ttmp10 = pulumi.String(config.Base64SamlMetadataDocument)\n\t\t}\n\t\tvar tmp11 pulumi.String\n\t\tif config.LdapGroupAttribute == \"\" {\n\t\t\ttmp11 = nil\n\t\t} else {\n\t\t\ttmp11 = pulumi.String(config.LdapGroupAttribute)\n\t\t}\n\t\t_, err = cyral.NewIntegrationIdpGsuite(ctx, \"someResourceName\", &cyral.IntegrationIdpGsuiteArgs{\n\t\t\tSamlp: &cyral.IntegrationIdpGsuiteSamlpArgs{\n\t\t\t\tProviderId: pulumi.String(\"saml\"),\n\t\t\t\tDisabled: pulumi.Bool(false),\n\t\t\t\tFirstBrokerLoginFlowAlias: pulumi.String(\"SAML_First_Broker\"),\n\t\t\t\tPostBrokerLoginFlowAlias: pulumi.String(\"\"),\n\t\t\t\tDisplayName: pulumi.String(\"Custom-GSuite\"),\n\t\t\t\tStoreToken: pulumi.Bool(false),\n\t\t\t\tAddReadTokenRoleOnCreate: pulumi.Bool(false),\n\t\t\t\tTrustEmail: pulumi.Bool(false),\n\t\t\t\tLinkOnly: pulumi.Bool(false),\n\t\t\t\tConfig: &cyral.IntegrationIdpGsuiteSamlpConfigArgs{\n\t\t\t\t\tSingleSignOnServiceUrl: pulumi.String(config.SingleSignOnServiceUrl),\n\t\t\t\t\tSingleLogoutServiceUrl: pulumi.String(tmp0),\n\t\t\t\t\tDisableUsingJwksUrl: pulumi.Bool(config.DisableUsingJwksUrl),\n\t\t\t\t\tSyncMode: pulumi.String(tmp1),\n\t\t\t\t\tNameIdPolicyFormat: pulumi.String(tmp2),\n\t\t\t\t\tPrincipalType: pulumi.String(tmp3),\n\t\t\t\t\tSignatureType: pulumi.String(tmp4),\n\t\t\t\t\tSamlXmlKeyNameTranformer: pulumi.String(tmp5),\n\t\t\t\t\tHideOnLoginPage: pulumi.Bool(config.HideOnLoginPage),\n\t\t\t\t\tBackChannelSupported: pulumi.Bool(config.BackChannelSupported),\n\t\t\t\t\tDisablePostBindingResponse: pulumi.Bool(config.DisablePostBindingResponse),\n\t\t\t\t\tDisablePostBindingAuthnRequest: pulumi.Bool(config.DisablePostBindingAuthnRequest),\n\t\t\t\t\tDisablePostBindingLogout: pulumi.Bool(config.DisablePostBindingLogout),\n\t\t\t\t\tWantAssertionsEncrypted: pulumi.Bool(config.WantAssertionsEncrypted),\n\t\t\t\t\tDisableForceAuthentication: pulumi.Bool(config.DisableForceAuthentication),\n\t\t\t\t\tGuiOrder: pulumi.String(tmp6),\n\t\t\t\t\tXmlSigKeyInfoKeyNameTransformer: pulumi.String(tmp7),\n\t\t\t\t\tSigningCertificate: pulumi.String(tmp8),\n\t\t\t\t\tAllowedClockSkew: pulumi.Float64(config.AllowedClockSkew),\n\t\t\t\t\tSamlMetadataUrl: pulumi.String(tmp9),\n\t\t\t\t\tBase64SamlMetadataDocument: pulumi.String(tmp10),\n\t\t\t\t\tLdapGroupAttribute: pulumi.String(tmp11),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.CyralFunctions;\nimport com.pulumi.cyral.inputs.GetSamlConfigurationArgs;\nimport com.pulumi.cyral.IntegrationIdpGsuite;\nimport com.pulumi.cyral.IntegrationIdpGsuiteArgs;\nimport com.pulumi.cyral.inputs.IntegrationIdpGsuiteSamlpArgs;\nimport com.pulumi.cyral.inputs.IntegrationIdpGsuiteSamlpConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var someDataSourceName = CyralFunctions.getSamlConfiguration(GetSamlConfigurationArgs.builder()\n .samlMetadataUrl(\"some_metadata_url\")\n .build());\n\n final var config = someDataSourceName.applyValue(getSamlConfigurationResult -> getSamlConfigurationResult);\n\n var someResourceName = new IntegrationIdpGsuite(\"someResourceName\", IntegrationIdpGsuiteArgs.builder()\n .samlp(IntegrationIdpGsuiteSamlpArgs.builder()\n .providerId(\"saml\")\n .disabled(false)\n .firstBrokerLoginFlowAlias(\"SAML_First_Broker\")\n .postBrokerLoginFlowAlias(\"\")\n .displayName(\"Custom-GSuite\")\n .storeToken(false)\n .addReadTokenRoleOnCreate(false)\n .trustEmail(false)\n .linkOnly(false)\n .config(IntegrationIdpGsuiteSamlpConfigArgs.builder()\n .singleSignOnServiceUrl(config.singleSignOnServiceUrl())\n .singleLogoutServiceUrl(config.singleLogoutServiceUrl() == \"\" ? null : config.singleLogoutServiceUrl())\n .disableUsingJwksUrl(config.disableUsingJwksUrl())\n .syncMode(config.syncMode() == \"\" ? null : config.syncMode())\n .nameIdPolicyFormat(config.nameIdPolicyFormat() == \"\" ? null : config.nameIdPolicyFormat())\n .principalType(config.principalType() == \"\" ? null : config.principalType())\n .signatureType(config.signatureType() == \"\" ? null : config.signatureType())\n .samlXmlKeyNameTranformer(config.samlXmlKeyNameTranformer() == \"\" ? null : config.samlXmlKeyNameTranformer())\n .hideOnLoginPage(config.hideOnLoginPage())\n .backChannelSupported(config.backChannelSupported())\n .disablePostBindingResponse(config.disablePostBindingResponse())\n .disablePostBindingAuthnRequest(config.disablePostBindingAuthnRequest())\n .disablePostBindingLogout(config.disablePostBindingLogout())\n .wantAssertionsEncrypted(config.wantAssertionsEncrypted())\n .disableForceAuthentication(config.disableForceAuthentication())\n .guiOrder(config.guiOrder() == \"\" ? null : config.guiOrder())\n .xmlSigKeyInfoKeyNameTransformer(config.xmlSigKeyInfoKeyNameTransformer() == \"\" ? null : config.xmlSigKeyInfoKeyNameTransformer())\n .signingCertificate(config.signingCertificate() == \"\" ? null : config.signingCertificate())\n .allowedClockSkew(config.allowedClockSkew())\n .samlMetadataUrl(config.samlMetadataUrl() == \"\" ? null : config.samlMetadataUrl())\n .base64SamlMetadataDocument(config.base64SamlMetadataDocument() == \"\" ? null : config.base64SamlMetadataDocument())\n .ldapGroupAttribute(config.ldapGroupAttribute() == \"\" ? null : config.ldapGroupAttribute())\n .build())\n .build())\n .build());\n\n }\n}\n```\n\n\n> When using the SAML Configuration Data Source to configure this IdP Integration resource, consider verifying if the `string` attributes are `empty` like in the example above so that the resource arguments can be used with their default values, instead of setting them as empty.\n", "properties": { "draftAlias": { "type": "string", "description": "An `alias` that uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the same `alias`. Defaults to `\"\"`.\n" }, "samlp": { "$ref": "#/types/cyral:index%2FIntegrationIdpGsuiteSamlp:IntegrationIdpGsuiteSamlp", "description": "It contains the top-level configuration for an identity provider.\n" } }, "type": "object", "required": [ "samlp" ], "inputProperties": { "draftAlias": { "type": "string", "description": "An `alias` that uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the same `alias`. Defaults to `\"\"`.\n" }, "samlp": { "$ref": "#/types/cyral:index%2FIntegrationIdpGsuiteSamlp:IntegrationIdpGsuiteSamlp", "description": "It contains the top-level configuration for an identity provider.\n" } }, "requiredInputs": [ "samlp" ], "stateInputs": { "description": "Input properties used for looking up and filtering IntegrationIdpGsuite resources.\n", "properties": { "draftAlias": { "type": "string", "description": "An `alias` that uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the same `alias`. Defaults to `\"\"`.\n" }, "samlp": { "$ref": "#/types/cyral:index%2FIntegrationIdpGsuiteSamlp:IntegrationIdpGsuiteSamlp", "description": "It contains the top-level configuration for an identity provider.\n" } }, "type": "object" } }, "cyral:index/integrationIdpOkta:IntegrationIdpOkta": { "description": "## # cyral.IntegrationIdpOkta (Resource)\n\n> **DEPRECATED** Use resource and data source `cyral.IntegrationIdpSaml` instead.\n\nSee also Cyral IdP Integration Module for Okta.\nThis module encapsulates both Okta and Cyral providers and creates all the necessary configuration to get\nOkta integrated to Cyral and ready to be used with a single `pulumi up` execution.\n\n## Example Usage\n\n### Integration with Default Configuration\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst someResourceName = new cyral.IntegrationIdpOkta(\"someResourceName\", {samlp: {\n config: {\n singleSignOnServiceUrl: \"some_sso_url\",\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsome_resource_name = cyral.IntegrationIdpOkta(\"someResourceName\", samlp={\n \"config\": {\n \"single_sign_on_service_url\": \"some_sso_url\",\n },\n})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var someResourceName = new Cyral.IntegrationIdpOkta(\"someResourceName\", new()\n {\n Samlp = new Cyral.Inputs.IntegrationIdpOktaSamlpArgs\n {\n Config = new Cyral.Inputs.IntegrationIdpOktaSamlpConfigArgs\n {\n SingleSignOnServiceUrl = \"some_sso_url\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cyral.NewIntegrationIdpOkta(ctx, \"someResourceName\", &cyral.IntegrationIdpOktaArgs{\n\t\t\tSamlp: &cyral.IntegrationIdpOktaSamlpArgs{\n\t\t\t\tConfig: &cyral.IntegrationIdpOktaSamlpConfigArgs{\n\t\t\t\t\tSingleSignOnServiceUrl: pulumi.String(\"some_sso_url\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.IntegrationIdpOkta;\nimport com.pulumi.cyral.IntegrationIdpOktaArgs;\nimport com.pulumi.cyral.inputs.IntegrationIdpOktaSamlpArgs;\nimport com.pulumi.cyral.inputs.IntegrationIdpOktaSamlpConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var someResourceName = new IntegrationIdpOkta(\"someResourceName\", IntegrationIdpOktaArgs.builder()\n .samlp(IntegrationIdpOktaSamlpArgs.builder()\n .config(IntegrationIdpOktaSamlpConfigArgs.builder()\n .singleSignOnServiceUrl(\"some_sso_url\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n someResourceName:\n type: cyral:IntegrationIdpOkta\n properties:\n samlp:\n config:\n singleSignOnServiceUrl: some_sso_url\n```\n\n\n### Integration using SAML Configuration Data Source\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst someDataSourceName = cyral.getSamlConfiguration({\n samlMetadataUrl: \"some_metadata_url\",\n});\nconst config = someDataSourceName;\nconst someResourceName = new cyral.IntegrationIdpOkta(\"someResourceName\", {\n draftAlias: \"some_existing_okta_draft_alias\",\n samlp: {\n providerId: \"saml\",\n disabled: false,\n firstBrokerLoginFlowAlias: \"SAML_First_Broker\",\n postBrokerLoginFlowAlias: \"\",\n displayName: \"Custom-Okta\",\n storeToken: false,\n addReadTokenRoleOnCreate: false,\n trustEmail: false,\n linkOnly: false,\n config: {\n singleSignOnServiceUrl: config.then(config => config.singleSignOnServiceUrl),\n singleLogoutServiceUrl: Promise.all([config, config]).then(([config, config1]) => config.singleLogoutServiceUrl == \"\" ? undefined : config1.singleLogoutServiceUrl),\n disableUsingJwksUrl: config.then(config => config.disableUsingJwksUrl),\n syncMode: Promise.all([config, config]).then(([config, config1]) => config.syncMode == \"\" ? undefined : config1.syncMode),\n nameIdPolicyFormat: Promise.all([config, config]).then(([config, config1]) => config.nameIdPolicyFormat == \"\" ? undefined : config1.nameIdPolicyFormat),\n principalType: Promise.all([config, config]).then(([config, config1]) => config.principalType == \"\" ? undefined : config1.principalType),\n signatureType: Promise.all([config, config]).then(([config, config1]) => config.signatureType == \"\" ? undefined : config1.signatureType),\n samlXmlKeyNameTranformer: Promise.all([config, config]).then(([config, config1]) => config.samlXmlKeyNameTranformer == \"\" ? undefined : config1.samlXmlKeyNameTranformer),\n hideOnLoginPage: config.then(config => config.hideOnLoginPage),\n backChannelSupported: config.then(config => config.backChannelSupported),\n disablePostBindingResponse: config.then(config => config.disablePostBindingResponse),\n disablePostBindingAuthnRequest: config.then(config => config.disablePostBindingAuthnRequest),\n disablePostBindingLogout: config.then(config => config.disablePostBindingLogout),\n wantAssertionsEncrypted: config.then(config => config.wantAssertionsEncrypted),\n disableForceAuthentication: config.then(config => config.disableForceAuthentication),\n guiOrder: Promise.all([config, config]).then(([config, config1]) => config.guiOrder == \"\" ? undefined : config1.guiOrder),\n xmlSigKeyInfoKeyNameTransformer: Promise.all([config, config]).then(([config, config1]) => config.xmlSigKeyInfoKeyNameTransformer == \"\" ? undefined : config1.xmlSigKeyInfoKeyNameTransformer),\n signingCertificate: Promise.all([config, config]).then(([config, config1]) => config.signingCertificate == \"\" ? undefined : config1.signingCertificate),\n allowedClockSkew: config.then(config => config.allowedClockSkew),\n samlMetadataUrl: Promise.all([config, config]).then(([config, config1]) => config.samlMetadataUrl == \"\" ? undefined : config1.samlMetadataUrl),\n base64SamlMetadataDocument: Promise.all([config, config]).then(([config, config1]) => config.base64SamlMetadataDocument == \"\" ? undefined : config1.base64SamlMetadataDocument),\n ldapGroupAttribute: Promise.all([config, config]).then(([config, config1]) => config.ldapGroupAttribute == \"\" ? undefined : config1.ldapGroupAttribute),\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsome_data_source_name = cyral.get_saml_configuration(saml_metadata_url=\"some_metadata_url\")\nconfig = some_data_source_name\nsome_resource_name = cyral.IntegrationIdpOkta(\"someResourceName\",\n draft_alias=\"some_existing_okta_draft_alias\",\n samlp={\n \"provider_id\": \"saml\",\n \"disabled\": False,\n \"first_broker_login_flow_alias\": \"SAML_First_Broker\",\n \"post_broker_login_flow_alias\": \"\",\n \"display_name\": \"Custom-Okta\",\n \"store_token\": False,\n \"add_read_token_role_on_create\": False,\n \"trust_email\": False,\n \"link_only\": False,\n \"config\": {\n \"single_sign_on_service_url\": config.single_sign_on_service_url,\n \"single_logout_service_url\": None if config.single_logout_service_url == \"\" else config.single_logout_service_url,\n \"disable_using_jwks_url\": config.disable_using_jwks_url,\n \"sync_mode\": None if config.sync_mode == \"\" else config.sync_mode,\n \"name_id_policy_format\": None if config.name_id_policy_format == \"\" else config.name_id_policy_format,\n \"principal_type\": None if config.principal_type == \"\" else config.principal_type,\n \"signature_type\": None if config.signature_type == \"\" else config.signature_type,\n \"saml_xml_key_name_tranformer\": None if config.saml_xml_key_name_tranformer == \"\" else config.saml_xml_key_name_tranformer,\n \"hide_on_login_page\": config.hide_on_login_page,\n \"back_channel_supported\": config.back_channel_supported,\n \"disable_post_binding_response\": config.disable_post_binding_response,\n \"disable_post_binding_authn_request\": config.disable_post_binding_authn_request,\n \"disable_post_binding_logout\": config.disable_post_binding_logout,\n \"want_assertions_encrypted\": config.want_assertions_encrypted,\n \"disable_force_authentication\": config.disable_force_authentication,\n \"gui_order\": None if config.gui_order == \"\" else config.gui_order,\n \"xml_sig_key_info_key_name_transformer\": None if config.xml_sig_key_info_key_name_transformer == \"\" else config.xml_sig_key_info_key_name_transformer,\n \"signing_certificate\": None if config.signing_certificate == \"\" else config.signing_certificate,\n \"allowed_clock_skew\": config.allowed_clock_skew,\n \"saml_metadata_url\": None if config.saml_metadata_url == \"\" else config.saml_metadata_url,\n \"base64_saml_metadata_document\": None if config.base64_saml_metadata_document == \"\" else config.base64_saml_metadata_document,\n \"ldap_group_attribute\": None if config.ldap_group_attribute == \"\" else config.ldap_group_attribute,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var someDataSourceName = Cyral.GetSamlConfiguration.Invoke(new()\n {\n SamlMetadataUrl = \"some_metadata_url\",\n });\n\n var config = someDataSourceName;\n\n var someResourceName = new Cyral.IntegrationIdpOkta(\"someResourceName\", new()\n {\n DraftAlias = \"some_existing_okta_draft_alias\",\n Samlp = new Cyral.Inputs.IntegrationIdpOktaSamlpArgs\n {\n ProviderId = \"saml\",\n Disabled = false,\n FirstBrokerLoginFlowAlias = \"SAML_First_Broker\",\n PostBrokerLoginFlowAlias = \"\",\n DisplayName = \"Custom-Okta\",\n StoreToken = false,\n AddReadTokenRoleOnCreate = false,\n TrustEmail = false,\n LinkOnly = false,\n Config = new Cyral.Inputs.IntegrationIdpOktaSamlpConfigArgs\n {\n SingleSignOnServiceUrl = config.Apply(config => config.SingleSignOnServiceUrl),\n SingleLogoutServiceUrl = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SingleLogoutServiceUrl == \"\" ? null : config1.SingleLogoutServiceUrl;\n }),\n DisableUsingJwksUrl = config.Apply(config => config.DisableUsingJwksUrl),\n SyncMode = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SyncMode == \"\" ? null : config1.SyncMode;\n }),\n NameIdPolicyFormat = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.NameIdPolicyFormat == \"\" ? null : config1.NameIdPolicyFormat;\n }),\n PrincipalType = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.PrincipalType == \"\" ? null : config1.PrincipalType;\n }),\n SignatureType = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SignatureType == \"\" ? null : config1.SignatureType;\n }),\n SamlXmlKeyNameTranformer = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SamlXmlKeyNameTranformer == \"\" ? null : config1.SamlXmlKeyNameTranformer;\n }),\n HideOnLoginPage = config.Apply(config => config.HideOnLoginPage),\n BackChannelSupported = config.Apply(config => config.BackChannelSupported),\n DisablePostBindingResponse = config.Apply(config => config.DisablePostBindingResponse),\n DisablePostBindingAuthnRequest = config.Apply(config => config.DisablePostBindingAuthnRequest),\n DisablePostBindingLogout = config.Apply(config => config.DisablePostBindingLogout),\n WantAssertionsEncrypted = config.Apply(config => config.WantAssertionsEncrypted),\n DisableForceAuthentication = config.Apply(config => config.DisableForceAuthentication),\n GuiOrder = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.GuiOrder == \"\" ? null : config1.GuiOrder;\n }),\n XmlSigKeyInfoKeyNameTransformer = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.XmlSigKeyInfoKeyNameTransformer == \"\" ? null : config1.XmlSigKeyInfoKeyNameTransformer;\n }),\n SigningCertificate = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SigningCertificate == \"\" ? null : config1.SigningCertificate;\n }),\n AllowedClockSkew = config.Apply(config => config.AllowedClockSkew),\n SamlMetadataUrl = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SamlMetadataUrl == \"\" ? null : config1.SamlMetadataUrl;\n }),\n Base64SamlMetadataDocument = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.Base64SamlMetadataDocument == \"\" ? null : config1.Base64SamlMetadataDocument;\n }),\n LdapGroupAttribute = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.LdapGroupAttribute == \"\" ? null : config1.LdapGroupAttribute;\n }),\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsomeDataSourceName, err := cyral.GetSamlConfiguration(ctx, &cyral.GetSamlConfigurationArgs{\n\t\t\tSamlMetadataUrl: pulumi.StringRef(\"some_metadata_url\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tconfig := someDataSourceName\n\t\tvar tmp0 pulumi.String\n\t\tif config.SingleLogoutServiceUrl == \"\" {\n\t\t\ttmp0 = nil\n\t\t} else {\n\t\t\ttmp0 = pulumi.String(config.SingleLogoutServiceUrl)\n\t\t}\n\t\tvar tmp1 pulumi.String\n\t\tif config.SyncMode == \"\" {\n\t\t\ttmp1 = nil\n\t\t} else {\n\t\t\ttmp1 = pulumi.String(config.SyncMode)\n\t\t}\n\t\tvar tmp2 pulumi.String\n\t\tif config.NameIdPolicyFormat == \"\" {\n\t\t\ttmp2 = nil\n\t\t} else {\n\t\t\ttmp2 = pulumi.String(config.NameIdPolicyFormat)\n\t\t}\n\t\tvar tmp3 pulumi.String\n\t\tif config.PrincipalType == \"\" {\n\t\t\ttmp3 = nil\n\t\t} else {\n\t\t\ttmp3 = pulumi.String(config.PrincipalType)\n\t\t}\n\t\tvar tmp4 pulumi.String\n\t\tif config.SignatureType == \"\" {\n\t\t\ttmp4 = nil\n\t\t} else {\n\t\t\ttmp4 = pulumi.String(config.SignatureType)\n\t\t}\n\t\tvar tmp5 pulumi.String\n\t\tif config.SamlXmlKeyNameTranformer == \"\" {\n\t\t\ttmp5 = nil\n\t\t} else {\n\t\t\ttmp5 = pulumi.String(config.SamlXmlKeyNameTranformer)\n\t\t}\n\t\tvar tmp6 pulumi.String\n\t\tif config.GuiOrder == \"\" {\n\t\t\ttmp6 = nil\n\t\t} else {\n\t\t\ttmp6 = pulumi.String(config.GuiOrder)\n\t\t}\n\t\tvar tmp7 pulumi.String\n\t\tif config.XmlSigKeyInfoKeyNameTransformer == \"\" {\n\t\t\ttmp7 = nil\n\t\t} else {\n\t\t\ttmp7 = pulumi.String(config.XmlSigKeyInfoKeyNameTransformer)\n\t\t}\n\t\tvar tmp8 pulumi.String\n\t\tif config.SigningCertificate == \"\" {\n\t\t\ttmp8 = nil\n\t\t} else {\n\t\t\ttmp8 = pulumi.String(config.SigningCertificate)\n\t\t}\n\t\tvar tmp9 pulumi.String\n\t\tif config.SamlMetadataUrl == \"\" {\n\t\t\ttmp9 = nil\n\t\t} else {\n\t\t\ttmp9 = pulumi.String(config.SamlMetadataUrl)\n\t\t}\n\t\tvar tmp10 pulumi.String\n\t\tif config.Base64SamlMetadataDocument == \"\" {\n\t\t\ttmp10 = nil\n\t\t} else {\n\t\t\ttmp10 = pulumi.String(config.Base64SamlMetadataDocument)\n\t\t}\n\t\tvar tmp11 pulumi.String\n\t\tif config.LdapGroupAttribute == \"\" {\n\t\t\ttmp11 = nil\n\t\t} else {\n\t\t\ttmp11 = pulumi.String(config.LdapGroupAttribute)\n\t\t}\n\t\t_, err = cyral.NewIntegrationIdpOkta(ctx, \"someResourceName\", &cyral.IntegrationIdpOktaArgs{\n\t\t\tDraftAlias: pulumi.String(\"some_existing_okta_draft_alias\"),\n\t\t\tSamlp: &cyral.IntegrationIdpOktaSamlpArgs{\n\t\t\t\tProviderId: pulumi.String(\"saml\"),\n\t\t\t\tDisabled: pulumi.Bool(false),\n\t\t\t\tFirstBrokerLoginFlowAlias: pulumi.String(\"SAML_First_Broker\"),\n\t\t\t\tPostBrokerLoginFlowAlias: pulumi.String(\"\"),\n\t\t\t\tDisplayName: pulumi.String(\"Custom-Okta\"),\n\t\t\t\tStoreToken: pulumi.Bool(false),\n\t\t\t\tAddReadTokenRoleOnCreate: pulumi.Bool(false),\n\t\t\t\tTrustEmail: pulumi.Bool(false),\n\t\t\t\tLinkOnly: pulumi.Bool(false),\n\t\t\t\tConfig: &cyral.IntegrationIdpOktaSamlpConfigArgs{\n\t\t\t\t\tSingleSignOnServiceUrl: pulumi.String(config.SingleSignOnServiceUrl),\n\t\t\t\t\tSingleLogoutServiceUrl: pulumi.String(tmp0),\n\t\t\t\t\tDisableUsingJwksUrl: pulumi.Bool(config.DisableUsingJwksUrl),\n\t\t\t\t\tSyncMode: pulumi.String(tmp1),\n\t\t\t\t\tNameIdPolicyFormat: pulumi.String(tmp2),\n\t\t\t\t\tPrincipalType: pulumi.String(tmp3),\n\t\t\t\t\tSignatureType: pulumi.String(tmp4),\n\t\t\t\t\tSamlXmlKeyNameTranformer: pulumi.String(tmp5),\n\t\t\t\t\tHideOnLoginPage: pulumi.Bool(config.HideOnLoginPage),\n\t\t\t\t\tBackChannelSupported: pulumi.Bool(config.BackChannelSupported),\n\t\t\t\t\tDisablePostBindingResponse: pulumi.Bool(config.DisablePostBindingResponse),\n\t\t\t\t\tDisablePostBindingAuthnRequest: pulumi.Bool(config.DisablePostBindingAuthnRequest),\n\t\t\t\t\tDisablePostBindingLogout: pulumi.Bool(config.DisablePostBindingLogout),\n\t\t\t\t\tWantAssertionsEncrypted: pulumi.Bool(config.WantAssertionsEncrypted),\n\t\t\t\t\tDisableForceAuthentication: pulumi.Bool(config.DisableForceAuthentication),\n\t\t\t\t\tGuiOrder: pulumi.String(tmp6),\n\t\t\t\t\tXmlSigKeyInfoKeyNameTransformer: pulumi.String(tmp7),\n\t\t\t\t\tSigningCertificate: pulumi.String(tmp8),\n\t\t\t\t\tAllowedClockSkew: pulumi.Float64(config.AllowedClockSkew),\n\t\t\t\t\tSamlMetadataUrl: pulumi.String(tmp9),\n\t\t\t\t\tBase64SamlMetadataDocument: pulumi.String(tmp10),\n\t\t\t\t\tLdapGroupAttribute: pulumi.String(tmp11),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.CyralFunctions;\nimport com.pulumi.cyral.inputs.GetSamlConfigurationArgs;\nimport com.pulumi.cyral.IntegrationIdpOkta;\nimport com.pulumi.cyral.IntegrationIdpOktaArgs;\nimport com.pulumi.cyral.inputs.IntegrationIdpOktaSamlpArgs;\nimport com.pulumi.cyral.inputs.IntegrationIdpOktaSamlpConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var someDataSourceName = CyralFunctions.getSamlConfiguration(GetSamlConfigurationArgs.builder()\n .samlMetadataUrl(\"some_metadata_url\")\n .build());\n\n final var config = someDataSourceName.applyValue(getSamlConfigurationResult -> getSamlConfigurationResult);\n\n var someResourceName = new IntegrationIdpOkta(\"someResourceName\", IntegrationIdpOktaArgs.builder()\n .draftAlias(\"some_existing_okta_draft_alias\")\n .samlp(IntegrationIdpOktaSamlpArgs.builder()\n .providerId(\"saml\")\n .disabled(false)\n .firstBrokerLoginFlowAlias(\"SAML_First_Broker\")\n .postBrokerLoginFlowAlias(\"\")\n .displayName(\"Custom-Okta\")\n .storeToken(false)\n .addReadTokenRoleOnCreate(false)\n .trustEmail(false)\n .linkOnly(false)\n .config(IntegrationIdpOktaSamlpConfigArgs.builder()\n .singleSignOnServiceUrl(config.singleSignOnServiceUrl())\n .singleLogoutServiceUrl(config.singleLogoutServiceUrl() == \"\" ? null : config.singleLogoutServiceUrl())\n .disableUsingJwksUrl(config.disableUsingJwksUrl())\n .syncMode(config.syncMode() == \"\" ? null : config.syncMode())\n .nameIdPolicyFormat(config.nameIdPolicyFormat() == \"\" ? null : config.nameIdPolicyFormat())\n .principalType(config.principalType() == \"\" ? null : config.principalType())\n .signatureType(config.signatureType() == \"\" ? null : config.signatureType())\n .samlXmlKeyNameTranformer(config.samlXmlKeyNameTranformer() == \"\" ? null : config.samlXmlKeyNameTranformer())\n .hideOnLoginPage(config.hideOnLoginPage())\n .backChannelSupported(config.backChannelSupported())\n .disablePostBindingResponse(config.disablePostBindingResponse())\n .disablePostBindingAuthnRequest(config.disablePostBindingAuthnRequest())\n .disablePostBindingLogout(config.disablePostBindingLogout())\n .wantAssertionsEncrypted(config.wantAssertionsEncrypted())\n .disableForceAuthentication(config.disableForceAuthentication())\n .guiOrder(config.guiOrder() == \"\" ? null : config.guiOrder())\n .xmlSigKeyInfoKeyNameTransformer(config.xmlSigKeyInfoKeyNameTransformer() == \"\" ? null : config.xmlSigKeyInfoKeyNameTransformer())\n .signingCertificate(config.signingCertificate() == \"\" ? null : config.signingCertificate())\n .allowedClockSkew(config.allowedClockSkew())\n .samlMetadataUrl(config.samlMetadataUrl() == \"\" ? null : config.samlMetadataUrl())\n .base64SamlMetadataDocument(config.base64SamlMetadataDocument() == \"\" ? null : config.base64SamlMetadataDocument())\n .ldapGroupAttribute(config.ldapGroupAttribute() == \"\" ? null : config.ldapGroupAttribute())\n .build())\n .build())\n .build());\n\n }\n}\n```\n\n\n> When using the SAML Configuration Data Source to configure this IdP Integration resource, consider verifying if the `string` attributes are `empty` like in the example above so that the resource arguments can be used with their default values, instead of setting them as empty.\n", "properties": { "draftAlias": { "type": "string", "description": "An `alias` that uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the same `alias`. Defaults to `\"\"`.\n" }, "samlp": { "$ref": "#/types/cyral:index%2FIntegrationIdpOktaSamlp:IntegrationIdpOktaSamlp", "description": "It contains the top-level configuration for an identity provider.\n" } }, "type": "object", "required": [ "samlp" ], "inputProperties": { "draftAlias": { "type": "string", "description": "An `alias` that uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the same `alias`. Defaults to `\"\"`.\n" }, "samlp": { "$ref": "#/types/cyral:index%2FIntegrationIdpOktaSamlp:IntegrationIdpOktaSamlp", "description": "It contains the top-level configuration for an identity provider.\n" } }, "requiredInputs": [ "samlp" ], "stateInputs": { "description": "Input properties used for looking up and filtering IntegrationIdpOkta resources.\n", "properties": { "draftAlias": { "type": "string", "description": "An `alias` that uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the same `alias`. Defaults to `\"\"`.\n" }, "samlp": { "$ref": "#/types/cyral:index%2FIntegrationIdpOktaSamlp:IntegrationIdpOktaSamlp", "description": "It contains the top-level configuration for an identity provider.\n" } }, "type": "object" } }, "cyral:index/integrationIdpPingOne:IntegrationIdpPingOne": { "description": "## # cyral.IntegrationIdpPingOne (Resource)\n\n> **DEPRECATED** Use resource and data source `cyral.IntegrationIdpSaml` instead.\n\n## Example Usage\n\n### Integration with Default Configuration\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst someResourceName = new cyral.IntegrationIdpPingOne(\"someResourceName\", {samlp: {\n config: {\n singleSignOnServiceUrl: \"some_sso_url\",\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsome_resource_name = cyral.IntegrationIdpPingOne(\"someResourceName\", samlp={\n \"config\": {\n \"single_sign_on_service_url\": \"some_sso_url\",\n },\n})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var someResourceName = new Cyral.IntegrationIdpPingOne(\"someResourceName\", new()\n {\n Samlp = new Cyral.Inputs.IntegrationIdpPingOneSamlpArgs\n {\n Config = new Cyral.Inputs.IntegrationIdpPingOneSamlpConfigArgs\n {\n SingleSignOnServiceUrl = \"some_sso_url\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cyral.NewIntegrationIdpPingOne(ctx, \"someResourceName\", &cyral.IntegrationIdpPingOneArgs{\n\t\t\tSamlp: &cyral.IntegrationIdpPingOneSamlpArgs{\n\t\t\t\tConfig: &cyral.IntegrationIdpPingOneSamlpConfigArgs{\n\t\t\t\t\tSingleSignOnServiceUrl: pulumi.String(\"some_sso_url\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.IntegrationIdpPingOne;\nimport com.pulumi.cyral.IntegrationIdpPingOneArgs;\nimport com.pulumi.cyral.inputs.IntegrationIdpPingOneSamlpArgs;\nimport com.pulumi.cyral.inputs.IntegrationIdpPingOneSamlpConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var someResourceName = new IntegrationIdpPingOne(\"someResourceName\", IntegrationIdpPingOneArgs.builder()\n .samlp(IntegrationIdpPingOneSamlpArgs.builder()\n .config(IntegrationIdpPingOneSamlpConfigArgs.builder()\n .singleSignOnServiceUrl(\"some_sso_url\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n someResourceName:\n type: cyral:IntegrationIdpPingOne\n properties:\n samlp:\n config:\n singleSignOnServiceUrl: some_sso_url\n```\n\n\n### Integration using SAML Configuration Data Source\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst someDataSourceName = cyral.getSamlConfiguration({\n samlMetadataUrl: \"some_metadata_url\",\n});\nconst config = someDataSourceName;\nconst someResourceName = new cyral.IntegrationIdpPingOne(\"someResourceName\", {\n draftAlias: \"some_existing_ping_one_draft_alias\",\n samlp: {\n providerId: \"saml\",\n disabled: false,\n firstBrokerLoginFlowAlias: \"SAML_First_Broker\",\n postBrokerLoginFlowAlias: \"\",\n displayName: \"Custom-PingOne\",\n storeToken: false,\n addReadTokenRoleOnCreate: false,\n trustEmail: false,\n linkOnly: false,\n config: {\n singleSignOnServiceUrl: config.then(config => config.singleSignOnServiceUrl),\n singleLogoutServiceUrl: Promise.all([config, config]).then(([config, config1]) => config.singleLogoutServiceUrl == \"\" ? undefined : config1.singleLogoutServiceUrl),\n disableUsingJwksUrl: config.then(config => config.disableUsingJwksUrl),\n syncMode: Promise.all([config, config]).then(([config, config1]) => config.syncMode == \"\" ? undefined : config1.syncMode),\n nameIdPolicyFormat: Promise.all([config, config]).then(([config, config1]) => config.nameIdPolicyFormat == \"\" ? undefined : config1.nameIdPolicyFormat),\n principalType: Promise.all([config, config]).then(([config, config1]) => config.principalType == \"\" ? undefined : config1.principalType),\n signatureType: Promise.all([config, config]).then(([config, config1]) => config.signatureType == \"\" ? undefined : config1.signatureType),\n samlXmlKeyNameTranformer: Promise.all([config, config]).then(([config, config1]) => config.samlXmlKeyNameTranformer == \"\" ? undefined : config1.samlXmlKeyNameTranformer),\n hideOnLoginPage: config.then(config => config.hideOnLoginPage),\n backChannelSupported: config.then(config => config.backChannelSupported),\n disablePostBindingResponse: config.then(config => config.disablePostBindingResponse),\n disablePostBindingAuthnRequest: config.then(config => config.disablePostBindingAuthnRequest),\n disablePostBindingLogout: config.then(config => config.disablePostBindingLogout),\n wantAssertionsEncrypted: config.then(config => config.wantAssertionsEncrypted),\n disableForceAuthentication: config.then(config => config.disableForceAuthentication),\n guiOrder: Promise.all([config, config]).then(([config, config1]) => config.guiOrder == \"\" ? undefined : config1.guiOrder),\n xmlSigKeyInfoKeyNameTransformer: Promise.all([config, config]).then(([config, config1]) => config.xmlSigKeyInfoKeyNameTransformer == \"\" ? undefined : config1.xmlSigKeyInfoKeyNameTransformer),\n signingCertificate: Promise.all([config, config]).then(([config, config1]) => config.signingCertificate == \"\" ? undefined : config1.signingCertificate),\n allowedClockSkew: config.then(config => config.allowedClockSkew),\n samlMetadataUrl: Promise.all([config, config]).then(([config, config1]) => config.samlMetadataUrl == \"\" ? undefined : config1.samlMetadataUrl),\n base64SamlMetadataDocument: Promise.all([config, config]).then(([config, config1]) => config.base64SamlMetadataDocument == \"\" ? undefined : config1.base64SamlMetadataDocument),\n ldapGroupAttribute: Promise.all([config, config]).then(([config, config1]) => config.ldapGroupAttribute == \"\" ? undefined : config1.ldapGroupAttribute),\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsome_data_source_name = cyral.get_saml_configuration(saml_metadata_url=\"some_metadata_url\")\nconfig = some_data_source_name\nsome_resource_name = cyral.IntegrationIdpPingOne(\"someResourceName\",\n draft_alias=\"some_existing_ping_one_draft_alias\",\n samlp={\n \"provider_id\": \"saml\",\n \"disabled\": False,\n \"first_broker_login_flow_alias\": \"SAML_First_Broker\",\n \"post_broker_login_flow_alias\": \"\",\n \"display_name\": \"Custom-PingOne\",\n \"store_token\": False,\n \"add_read_token_role_on_create\": False,\n \"trust_email\": False,\n \"link_only\": False,\n \"config\": {\n \"single_sign_on_service_url\": config.single_sign_on_service_url,\n \"single_logout_service_url\": None if config.single_logout_service_url == \"\" else config.single_logout_service_url,\n \"disable_using_jwks_url\": config.disable_using_jwks_url,\n \"sync_mode\": None if config.sync_mode == \"\" else config.sync_mode,\n \"name_id_policy_format\": None if config.name_id_policy_format == \"\" else config.name_id_policy_format,\n \"principal_type\": None if config.principal_type == \"\" else config.principal_type,\n \"signature_type\": None if config.signature_type == \"\" else config.signature_type,\n \"saml_xml_key_name_tranformer\": None if config.saml_xml_key_name_tranformer == \"\" else config.saml_xml_key_name_tranformer,\n \"hide_on_login_page\": config.hide_on_login_page,\n \"back_channel_supported\": config.back_channel_supported,\n \"disable_post_binding_response\": config.disable_post_binding_response,\n \"disable_post_binding_authn_request\": config.disable_post_binding_authn_request,\n \"disable_post_binding_logout\": config.disable_post_binding_logout,\n \"want_assertions_encrypted\": config.want_assertions_encrypted,\n \"disable_force_authentication\": config.disable_force_authentication,\n \"gui_order\": None if config.gui_order == \"\" else config.gui_order,\n \"xml_sig_key_info_key_name_transformer\": None if config.xml_sig_key_info_key_name_transformer == \"\" else config.xml_sig_key_info_key_name_transformer,\n \"signing_certificate\": None if config.signing_certificate == \"\" else config.signing_certificate,\n \"allowed_clock_skew\": config.allowed_clock_skew,\n \"saml_metadata_url\": None if config.saml_metadata_url == \"\" else config.saml_metadata_url,\n \"base64_saml_metadata_document\": None if config.base64_saml_metadata_document == \"\" else config.base64_saml_metadata_document,\n \"ldap_group_attribute\": None if config.ldap_group_attribute == \"\" else config.ldap_group_attribute,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var someDataSourceName = Cyral.GetSamlConfiguration.Invoke(new()\n {\n SamlMetadataUrl = \"some_metadata_url\",\n });\n\n var config = someDataSourceName;\n\n var someResourceName = new Cyral.IntegrationIdpPingOne(\"someResourceName\", new()\n {\n DraftAlias = \"some_existing_ping_one_draft_alias\",\n Samlp = new Cyral.Inputs.IntegrationIdpPingOneSamlpArgs\n {\n ProviderId = \"saml\",\n Disabled = false,\n FirstBrokerLoginFlowAlias = \"SAML_First_Broker\",\n PostBrokerLoginFlowAlias = \"\",\n DisplayName = \"Custom-PingOne\",\n StoreToken = false,\n AddReadTokenRoleOnCreate = false,\n TrustEmail = false,\n LinkOnly = false,\n Config = new Cyral.Inputs.IntegrationIdpPingOneSamlpConfigArgs\n {\n SingleSignOnServiceUrl = config.Apply(config => config.SingleSignOnServiceUrl),\n SingleLogoutServiceUrl = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SingleLogoutServiceUrl == \"\" ? null : config1.SingleLogoutServiceUrl;\n }),\n DisableUsingJwksUrl = config.Apply(config => config.DisableUsingJwksUrl),\n SyncMode = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SyncMode == \"\" ? null : config1.SyncMode;\n }),\n NameIdPolicyFormat = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.NameIdPolicyFormat == \"\" ? null : config1.NameIdPolicyFormat;\n }),\n PrincipalType = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.PrincipalType == \"\" ? null : config1.PrincipalType;\n }),\n SignatureType = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SignatureType == \"\" ? null : config1.SignatureType;\n }),\n SamlXmlKeyNameTranformer = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SamlXmlKeyNameTranformer == \"\" ? null : config1.SamlXmlKeyNameTranformer;\n }),\n HideOnLoginPage = config.Apply(config => config.HideOnLoginPage),\n BackChannelSupported = config.Apply(config => config.BackChannelSupported),\n DisablePostBindingResponse = config.Apply(config => config.DisablePostBindingResponse),\n DisablePostBindingAuthnRequest = config.Apply(config => config.DisablePostBindingAuthnRequest),\n DisablePostBindingLogout = config.Apply(config => config.DisablePostBindingLogout),\n WantAssertionsEncrypted = config.Apply(config => config.WantAssertionsEncrypted),\n DisableForceAuthentication = config.Apply(config => config.DisableForceAuthentication),\n GuiOrder = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.GuiOrder == \"\" ? null : config1.GuiOrder;\n }),\n XmlSigKeyInfoKeyNameTransformer = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.XmlSigKeyInfoKeyNameTransformer == \"\" ? null : config1.XmlSigKeyInfoKeyNameTransformer;\n }),\n SigningCertificate = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SigningCertificate == \"\" ? null : config1.SigningCertificate;\n }),\n AllowedClockSkew = config.Apply(config => config.AllowedClockSkew),\n SamlMetadataUrl = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.SamlMetadataUrl == \"\" ? null : config1.SamlMetadataUrl;\n }),\n Base64SamlMetadataDocument = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.Base64SamlMetadataDocument == \"\" ? null : config1.Base64SamlMetadataDocument;\n }),\n LdapGroupAttribute = Output.Tuple(config, config).Apply(values =>\n {\n var config = values.Item1;\n var config1 = values.Item2;\n return config.LdapGroupAttribute == \"\" ? null : config1.LdapGroupAttribute;\n }),\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsomeDataSourceName, err := cyral.GetSamlConfiguration(ctx, &cyral.GetSamlConfigurationArgs{\n\t\t\tSamlMetadataUrl: pulumi.StringRef(\"some_metadata_url\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tconfig := someDataSourceName\n\t\tvar tmp0 pulumi.String\n\t\tif config.SingleLogoutServiceUrl == \"\" {\n\t\t\ttmp0 = nil\n\t\t} else {\n\t\t\ttmp0 = pulumi.String(config.SingleLogoutServiceUrl)\n\t\t}\n\t\tvar tmp1 pulumi.String\n\t\tif config.SyncMode == \"\" {\n\t\t\ttmp1 = nil\n\t\t} else {\n\t\t\ttmp1 = pulumi.String(config.SyncMode)\n\t\t}\n\t\tvar tmp2 pulumi.String\n\t\tif config.NameIdPolicyFormat == \"\" {\n\t\t\ttmp2 = nil\n\t\t} else {\n\t\t\ttmp2 = pulumi.String(config.NameIdPolicyFormat)\n\t\t}\n\t\tvar tmp3 pulumi.String\n\t\tif config.PrincipalType == \"\" {\n\t\t\ttmp3 = nil\n\t\t} else {\n\t\t\ttmp3 = pulumi.String(config.PrincipalType)\n\t\t}\n\t\tvar tmp4 pulumi.String\n\t\tif config.SignatureType == \"\" {\n\t\t\ttmp4 = nil\n\t\t} else {\n\t\t\ttmp4 = pulumi.String(config.SignatureType)\n\t\t}\n\t\tvar tmp5 pulumi.String\n\t\tif config.SamlXmlKeyNameTranformer == \"\" {\n\t\t\ttmp5 = nil\n\t\t} else {\n\t\t\ttmp5 = pulumi.String(config.SamlXmlKeyNameTranformer)\n\t\t}\n\t\tvar tmp6 pulumi.String\n\t\tif config.GuiOrder == \"\" {\n\t\t\ttmp6 = nil\n\t\t} else {\n\t\t\ttmp6 = pulumi.String(config.GuiOrder)\n\t\t}\n\t\tvar tmp7 pulumi.String\n\t\tif config.XmlSigKeyInfoKeyNameTransformer == \"\" {\n\t\t\ttmp7 = nil\n\t\t} else {\n\t\t\ttmp7 = pulumi.String(config.XmlSigKeyInfoKeyNameTransformer)\n\t\t}\n\t\tvar tmp8 pulumi.String\n\t\tif config.SigningCertificate == \"\" {\n\t\t\ttmp8 = nil\n\t\t} else {\n\t\t\ttmp8 = pulumi.String(config.SigningCertificate)\n\t\t}\n\t\tvar tmp9 pulumi.String\n\t\tif config.SamlMetadataUrl == \"\" {\n\t\t\ttmp9 = nil\n\t\t} else {\n\t\t\ttmp9 = pulumi.String(config.SamlMetadataUrl)\n\t\t}\n\t\tvar tmp10 pulumi.String\n\t\tif config.Base64SamlMetadataDocument == \"\" {\n\t\t\ttmp10 = nil\n\t\t} else {\n\t\t\ttmp10 = pulumi.String(config.Base64SamlMetadataDocument)\n\t\t}\n\t\tvar tmp11 pulumi.String\n\t\tif config.LdapGroupAttribute == \"\" {\n\t\t\ttmp11 = nil\n\t\t} else {\n\t\t\ttmp11 = pulumi.String(config.LdapGroupAttribute)\n\t\t}\n\t\t_, err = cyral.NewIntegrationIdpPingOne(ctx, \"someResourceName\", &cyral.IntegrationIdpPingOneArgs{\n\t\t\tDraftAlias: pulumi.String(\"some_existing_ping_one_draft_alias\"),\n\t\t\tSamlp: &cyral.IntegrationIdpPingOneSamlpArgs{\n\t\t\t\tProviderId: pulumi.String(\"saml\"),\n\t\t\t\tDisabled: pulumi.Bool(false),\n\t\t\t\tFirstBrokerLoginFlowAlias: pulumi.String(\"SAML_First_Broker\"),\n\t\t\t\tPostBrokerLoginFlowAlias: pulumi.String(\"\"),\n\t\t\t\tDisplayName: pulumi.String(\"Custom-PingOne\"),\n\t\t\t\tStoreToken: pulumi.Bool(false),\n\t\t\t\tAddReadTokenRoleOnCreate: pulumi.Bool(false),\n\t\t\t\tTrustEmail: pulumi.Bool(false),\n\t\t\t\tLinkOnly: pulumi.Bool(false),\n\t\t\t\tConfig: &cyral.IntegrationIdpPingOneSamlpConfigArgs{\n\t\t\t\t\tSingleSignOnServiceUrl: pulumi.String(config.SingleSignOnServiceUrl),\n\t\t\t\t\tSingleLogoutServiceUrl: pulumi.String(tmp0),\n\t\t\t\t\tDisableUsingJwksUrl: pulumi.Bool(config.DisableUsingJwksUrl),\n\t\t\t\t\tSyncMode: pulumi.String(tmp1),\n\t\t\t\t\tNameIdPolicyFormat: pulumi.String(tmp2),\n\t\t\t\t\tPrincipalType: pulumi.String(tmp3),\n\t\t\t\t\tSignatureType: pulumi.String(tmp4),\n\t\t\t\t\tSamlXmlKeyNameTranformer: pulumi.String(tmp5),\n\t\t\t\t\tHideOnLoginPage: pulumi.Bool(config.HideOnLoginPage),\n\t\t\t\t\tBackChannelSupported: pulumi.Bool(config.BackChannelSupported),\n\t\t\t\t\tDisablePostBindingResponse: pulumi.Bool(config.DisablePostBindingResponse),\n\t\t\t\t\tDisablePostBindingAuthnRequest: pulumi.Bool(config.DisablePostBindingAuthnRequest),\n\t\t\t\t\tDisablePostBindingLogout: pulumi.Bool(config.DisablePostBindingLogout),\n\t\t\t\t\tWantAssertionsEncrypted: pulumi.Bool(config.WantAssertionsEncrypted),\n\t\t\t\t\tDisableForceAuthentication: pulumi.Bool(config.DisableForceAuthentication),\n\t\t\t\t\tGuiOrder: pulumi.String(tmp6),\n\t\t\t\t\tXmlSigKeyInfoKeyNameTransformer: pulumi.String(tmp7),\n\t\t\t\t\tSigningCertificate: pulumi.String(tmp8),\n\t\t\t\t\tAllowedClockSkew: pulumi.Float64(config.AllowedClockSkew),\n\t\t\t\t\tSamlMetadataUrl: pulumi.String(tmp9),\n\t\t\t\t\tBase64SamlMetadataDocument: pulumi.String(tmp10),\n\t\t\t\t\tLdapGroupAttribute: pulumi.String(tmp11),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.CyralFunctions;\nimport com.pulumi.cyral.inputs.GetSamlConfigurationArgs;\nimport com.pulumi.cyral.IntegrationIdpPingOne;\nimport com.pulumi.cyral.IntegrationIdpPingOneArgs;\nimport com.pulumi.cyral.inputs.IntegrationIdpPingOneSamlpArgs;\nimport com.pulumi.cyral.inputs.IntegrationIdpPingOneSamlpConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var someDataSourceName = CyralFunctions.getSamlConfiguration(GetSamlConfigurationArgs.builder()\n .samlMetadataUrl(\"some_metadata_url\")\n .build());\n\n final var config = someDataSourceName.applyValue(getSamlConfigurationResult -> getSamlConfigurationResult);\n\n var someResourceName = new IntegrationIdpPingOne(\"someResourceName\", IntegrationIdpPingOneArgs.builder()\n .draftAlias(\"some_existing_ping_one_draft_alias\")\n .samlp(IntegrationIdpPingOneSamlpArgs.builder()\n .providerId(\"saml\")\n .disabled(false)\n .firstBrokerLoginFlowAlias(\"SAML_First_Broker\")\n .postBrokerLoginFlowAlias(\"\")\n .displayName(\"Custom-PingOne\")\n .storeToken(false)\n .addReadTokenRoleOnCreate(false)\n .trustEmail(false)\n .linkOnly(false)\n .config(IntegrationIdpPingOneSamlpConfigArgs.builder()\n .singleSignOnServiceUrl(config.singleSignOnServiceUrl())\n .singleLogoutServiceUrl(config.singleLogoutServiceUrl() == \"\" ? null : config.singleLogoutServiceUrl())\n .disableUsingJwksUrl(config.disableUsingJwksUrl())\n .syncMode(config.syncMode() == \"\" ? null : config.syncMode())\n .nameIdPolicyFormat(config.nameIdPolicyFormat() == \"\" ? null : config.nameIdPolicyFormat())\n .principalType(config.principalType() == \"\" ? null : config.principalType())\n .signatureType(config.signatureType() == \"\" ? null : config.signatureType())\n .samlXmlKeyNameTranformer(config.samlXmlKeyNameTranformer() == \"\" ? null : config.samlXmlKeyNameTranformer())\n .hideOnLoginPage(config.hideOnLoginPage())\n .backChannelSupported(config.backChannelSupported())\n .disablePostBindingResponse(config.disablePostBindingResponse())\n .disablePostBindingAuthnRequest(config.disablePostBindingAuthnRequest())\n .disablePostBindingLogout(config.disablePostBindingLogout())\n .wantAssertionsEncrypted(config.wantAssertionsEncrypted())\n .disableForceAuthentication(config.disableForceAuthentication())\n .guiOrder(config.guiOrder() == \"\" ? null : config.guiOrder())\n .xmlSigKeyInfoKeyNameTransformer(config.xmlSigKeyInfoKeyNameTransformer() == \"\" ? null : config.xmlSigKeyInfoKeyNameTransformer())\n .signingCertificate(config.signingCertificate() == \"\" ? null : config.signingCertificate())\n .allowedClockSkew(config.allowedClockSkew())\n .samlMetadataUrl(config.samlMetadataUrl() == \"\" ? null : config.samlMetadataUrl())\n .base64SamlMetadataDocument(config.base64SamlMetadataDocument() == \"\" ? null : config.base64SamlMetadataDocument())\n .ldapGroupAttribute(config.ldapGroupAttribute() == \"\" ? null : config.ldapGroupAttribute())\n .build())\n .build())\n .build());\n\n }\n}\n```\n\n\n> When using the SAML Configuration Data Source to configure this IdP Integration resource, consider verifying if the `string` attributes are `empty` like in the example above so that the resource arguments can be used with their default values, instead of setting them as empty.\n", "properties": { "draftAlias": { "type": "string", "description": "An `alias` that uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the same `alias`. Defaults to `\"\"`.\n" }, "samlp": { "$ref": "#/types/cyral:index%2FIntegrationIdpPingOneSamlp:IntegrationIdpPingOneSamlp", "description": "It contains the top-level configuration for an identity provider.\n" } }, "type": "object", "required": [ "samlp" ], "inputProperties": { "draftAlias": { "type": "string", "description": "An `alias` that uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the same `alias`. Defaults to `\"\"`.\n" }, "samlp": { "$ref": "#/types/cyral:index%2FIntegrationIdpPingOneSamlp:IntegrationIdpPingOneSamlp", "description": "It contains the top-level configuration for an identity provider.\n" } }, "requiredInputs": [ "samlp" ], "stateInputs": { "description": "Input properties used for looking up and filtering IntegrationIdpPingOne resources.\n", "properties": { "draftAlias": { "type": "string", "description": "An `alias` that uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the same `alias`. Defaults to `\"\"`.\n" }, "samlp": { "$ref": "#/types/cyral:index%2FIntegrationIdpPingOneSamlp:IntegrationIdpPingOneSamlp", "description": "It contains the top-level configuration for an identity provider.\n" } }, "type": "object" } }, "cyral:index/integrationIdpSaml:IntegrationIdpSaml": { "description": "## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst exampleDraft = new cyral.IntegrationIdpSamlDraft(\"exampleDraft\", {\n displayName: \"example-okta-integration\",\n idpType: \"okta\",\n});\n// Here goes IdP provider configuration to obtain SAML\n// metadata. Use the attribute `sp_metadata` of the SAML\n// draft above to obtain the Cyral SP SAML metadata you will\n// need to provide your IdP with.\n//\n// ...\n//#\nconst exampleIntegration = new cyral.IntegrationIdpSaml(\"exampleIntegration\", {\n samlDraftId: exampleDraft.id,\n idpMetadataUrl: \"https://dev-123456.okta.com/app/1234567890/sso/saml/metadata\",\n});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nexample_draft = cyral.IntegrationIdpSamlDraft(\"exampleDraft\",\n display_name=\"example-okta-integration\",\n idp_type=\"okta\")\n# Here goes IdP provider configuration to obtain SAML\n# metadata. Use the attribute `sp_metadata` of the SAML\n# draft above to obtain the Cyral SP SAML metadata you will\n# need to provide your IdP with.\n#\n# ...\n##\nexample_integration = cyral.IntegrationIdpSaml(\"exampleIntegration\",\n saml_draft_id=example_draft.id,\n idp_metadata_url=\"https://dev-123456.okta.com/app/1234567890/sso/saml/metadata\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var exampleDraft = new Cyral.IntegrationIdpSamlDraft(\"exampleDraft\", new()\n {\n DisplayName = \"example-okta-integration\",\n IdpType = \"okta\",\n });\n\n // Here goes IdP provider configuration to obtain SAML\n // metadata. Use the attribute `sp_metadata` of the SAML\n // draft above to obtain the Cyral SP SAML metadata you will\n // need to provide your IdP with.\n //\n // ...\n //#\n var exampleIntegration = new Cyral.IntegrationIdpSaml(\"exampleIntegration\", new()\n {\n SamlDraftId = exampleDraft.Id,\n IdpMetadataUrl = \"https://dev-123456.okta.com/app/1234567890/sso/saml/metadata\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleDraft, err := cyral.NewIntegrationIdpSamlDraft(ctx, \"exampleDraft\", &cyral.IntegrationIdpSamlDraftArgs{\n\t\t\tDisplayName: pulumi.String(\"example-okta-integration\"),\n\t\t\tIdpType: pulumi.String(\"okta\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cyral.NewIntegrationIdpSaml(ctx, \"exampleIntegration\", &cyral.IntegrationIdpSamlArgs{\n\t\t\tSamlDraftId: exampleDraft.ID(),\n\t\t\tIdpMetadataUrl: pulumi.String(\"https://dev-123456.okta.com/app/1234567890/sso/saml/metadata\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.IntegrationIdpSamlDraft;\nimport com.pulumi.cyral.IntegrationIdpSamlDraftArgs;\nimport com.pulumi.cyral.IntegrationIdpSaml;\nimport com.pulumi.cyral.IntegrationIdpSamlArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleDraft = new IntegrationIdpSamlDraft(\"exampleDraft\", IntegrationIdpSamlDraftArgs.builder()\n .displayName(\"example-okta-integration\")\n .idpType(\"okta\")\n .build());\n\n // Here goes IdP provider configuration to obtain SAML\n // metadata. Use the attribute `sp_metadata` of the SAML\n // draft above to obtain the Cyral SP SAML metadata you will\n // need to provide your IdP with.\n //\n // ...\n //#\n var exampleIntegration = new IntegrationIdpSaml(\"exampleIntegration\", IntegrationIdpSamlArgs.builder()\n .samlDraftId(exampleDraft.id())\n .idpMetadataUrl(\"https://dev-123456.okta.com/app/1234567890/sso/saml/metadata\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleDraft: # Here goes IdP provider configuration to obtain SAML\n # metadata. Use the attribute `sp_metadata` of the SAML\n # draft above to obtain the Cyral SP SAML metadata you will\n # need to provide your IdP with.\n #\n # ...\n ##\n type: cyral:IntegrationIdpSamlDraft\n properties:\n displayName: example-okta-integration\n idpType: okta\n exampleIntegration:\n type: cyral:IntegrationIdpSaml\n properties:\n samlDraftId: ${exampleDraft.id}\n # This is the IdP metadata URL. You may choose instead to\n # # provide the base64-encoded metadata XML document using\n # # the argument `idp_metadata_document`.\n idpMetadataUrl: https://dev-123456.okta.com/app/1234567890/sso/saml/metadata\n```\n\n", "properties": { "idpMetadataUrl": { "type": "string", "description": "The web address of an IdP SAML Metadata XML document. Conflicts with `idp_metadata_xml`.\n" }, "idpMetadataXml": { "type": "string", "description": "Full SAML metadata XML document. Must be base64 encoded. Conflicts with `idp_metadata_url`.\n" }, "samlDraftId": { "type": "string", "description": "A valid id for a SAML Draft. Must be at least 5 character long. See attribute `id` in resource `cyral.IntegrationIdpSamlDraft`.\n" }, "singleSignOnServiceUrl": { "type": "string", "description": "The IdP’s Single Sign-on Service (SSO) URL, where Cyral SP will send SAML AuthnRequests via SAML-POST binding.\n" } }, "type": "object", "required": [ "samlDraftId", "singleSignOnServiceUrl" ], "inputProperties": { "idpMetadataUrl": { "type": "string", "description": "The web address of an IdP SAML Metadata XML document. Conflicts with `idp_metadata_xml`.\n" }, "idpMetadataXml": { "type": "string", "description": "Full SAML metadata XML document. Must be base64 encoded. Conflicts with `idp_metadata_url`.\n" }, "samlDraftId": { "type": "string", "description": "A valid id for a SAML Draft. Must be at least 5 character long. See attribute `id` in resource `cyral.IntegrationIdpSamlDraft`.\n" } }, "requiredInputs": [ "samlDraftId" ], "stateInputs": { "description": "Input properties used for looking up and filtering IntegrationIdpSaml resources.\n", "properties": { "idpMetadataUrl": { "type": "string", "description": "The web address of an IdP SAML Metadata XML document. Conflicts with `idp_metadata_xml`.\n" }, "idpMetadataXml": { "type": "string", "description": "Full SAML metadata XML document. Must be base64 encoded. Conflicts with `idp_metadata_url`.\n" }, "samlDraftId": { "type": "string", "description": "A valid id for a SAML Draft. Must be at least 5 character long. See attribute `id` in resource `cyral.IntegrationIdpSamlDraft`.\n" }, "singleSignOnServiceUrl": { "type": "string", "description": "The IdP’s Single Sign-on Service (SSO) URL, where Cyral SP will send SAML AuthnRequests via SAML-POST binding.\n" } }, "type": "object" } }, "cyral:index/integrationIdpSamlDraft:IntegrationIdpSamlDraft": { "description": "## # cyral.IntegrationIdpSamlDraft (Resource)\n\nManages SAML IdP integration drafts.\n\nSee also the remaining SAML-related resources and data sources.\n\n> If using this resource in conjunction with\n`cyral.IntegrationIdpSaml`, please see the note at the beginning of\ncyral_integration_idp_saml.\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst exampleDraft = new cyral.IntegrationIdpSamlDraft(\"exampleDraft\", {\n attributes: {\n email: \"some-email\",\n firstName: \"some-first-name\",\n groups: \"some-group\",\n lastName: \"some-last-name\",\n },\n disableIdpInitiatedLogin: false,\n displayName: \"example-okta-integration\",\n idpType: \"okta\",\n});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nexample_draft = cyral.IntegrationIdpSamlDraft(\"exampleDraft\",\n attributes={\n \"email\": \"some-email\",\n \"first_name\": \"some-first-name\",\n \"groups\": \"some-group\",\n \"last_name\": \"some-last-name\",\n },\n disable_idp_initiated_login=False,\n display_name=\"example-okta-integration\",\n idp_type=\"okta\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var exampleDraft = new Cyral.IntegrationIdpSamlDraft(\"exampleDraft\", new()\n {\n Attributes = new Cyral.Inputs.IntegrationIdpSamlDraftAttributesArgs\n {\n Email = \"some-email\",\n FirstName = \"some-first-name\",\n Groups = \"some-group\",\n LastName = \"some-last-name\",\n },\n DisableIdpInitiatedLogin = false,\n DisplayName = \"example-okta-integration\",\n IdpType = \"okta\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cyral.NewIntegrationIdpSamlDraft(ctx, \"exampleDraft\", &cyral.IntegrationIdpSamlDraftArgs{\n\t\t\tAttributes: &cyral.IntegrationIdpSamlDraftAttributesArgs{\n\t\t\t\tEmail: pulumi.String(\"some-email\"),\n\t\t\t\tFirstName: pulumi.String(\"some-first-name\"),\n\t\t\t\tGroups: pulumi.String(\"some-group\"),\n\t\t\t\tLastName: pulumi.String(\"some-last-name\"),\n\t\t\t},\n\t\t\tDisableIdpInitiatedLogin: pulumi.Bool(false),\n\t\t\tDisplayName: pulumi.String(\"example-okta-integration\"),\n\t\t\tIdpType: pulumi.String(\"okta\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.IntegrationIdpSamlDraft;\nimport com.pulumi.cyral.IntegrationIdpSamlDraftArgs;\nimport com.pulumi.cyral.inputs.IntegrationIdpSamlDraftAttributesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleDraft = new IntegrationIdpSamlDraft(\"exampleDraft\", IntegrationIdpSamlDraftArgs.builder()\n .attributes(IntegrationIdpSamlDraftAttributesArgs.builder()\n .email(\"some-email\")\n .firstName(\"some-first-name\")\n .groups(\"some-group\")\n .lastName(\"some-last-name\")\n .build())\n .disableIdpInitiatedLogin(false)\n .displayName(\"example-okta-integration\")\n .idpType(\"okta\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleDraft:\n type: cyral:IntegrationIdpSamlDraft\n properties:\n attributes:\n email: some-email\n firstName: some-first-name\n groups: some-group\n lastName: some-last-name\n disableIdpInitiatedLogin: false\n displayName: example-okta-integration\n idpType: okta\n```\n\n", "properties": { "attributes": { "$ref": "#/types/cyral:index%2FIntegrationIdpSamlDraftAttributes:IntegrationIdpSamlDraftAttributes", "description": "SAML Attribute names for the identity attributes required by the Cyral SP. Each attribute name MUST be at least 3 characters long.\n" }, "disableIdpInitiatedLogin": { "type": "boolean", "description": "Whether or not IdP-Initiated login should be disabled for this generic SAML integration draft. Defaults to `false`.\n" }, "displayName": { "type": "string", "description": "Display name used in the Cyral control plane.\n" }, "idpType": { "type": "string", "description": "Identity provider type. The value provided can be used as a filter when retrieving SAML integrations. See data source `cyral.IntegrationIdpSaml`.\n" }, "serviceProviderMetadatas": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FIntegrationIdpSamlDraftServiceProviderMetadata:IntegrationIdpSamlDraftServiceProviderMetadata" }, "description": "The SP Metadata fields describing the Cyral service provider for this integration.\n" }, "spMetadata": { "type": "string", "description": "The SP Metadata document describing the Cyral service provider for this integration.\n", "deprecationMessage": "Deprecated" } }, "type": "object", "required": [ "displayName", "serviceProviderMetadatas", "spMetadata" ], "inputProperties": { "attributes": { "$ref": "#/types/cyral:index%2FIntegrationIdpSamlDraftAttributes:IntegrationIdpSamlDraftAttributes", "description": "SAML Attribute names for the identity attributes required by the Cyral SP. Each attribute name MUST be at least 3 characters long.\n" }, "disableIdpInitiatedLogin": { "type": "boolean", "description": "Whether or not IdP-Initiated login should be disabled for this generic SAML integration draft. Defaults to `false`.\n" }, "displayName": { "type": "string", "description": "Display name used in the Cyral control plane.\n" }, "idpType": { "type": "string", "description": "Identity provider type. The value provided can be used as a filter when retrieving SAML integrations. See data source `cyral.IntegrationIdpSaml`.\n" } }, "requiredInputs": [ "displayName" ], "stateInputs": { "description": "Input properties used for looking up and filtering IntegrationIdpSamlDraft resources.\n", "properties": { "attributes": { "$ref": "#/types/cyral:index%2FIntegrationIdpSamlDraftAttributes:IntegrationIdpSamlDraftAttributes", "description": "SAML Attribute names for the identity attributes required by the Cyral SP. Each attribute name MUST be at least 3 characters long.\n" }, "disableIdpInitiatedLogin": { "type": "boolean", "description": "Whether or not IdP-Initiated login should be disabled for this generic SAML integration draft. Defaults to `false`.\n" }, "displayName": { "type": "string", "description": "Display name used in the Cyral control plane.\n" }, "idpType": { "type": "string", "description": "Identity provider type. The value provided can be used as a filter when retrieving SAML integrations. See data source `cyral.IntegrationIdpSaml`.\n" }, "serviceProviderMetadatas": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FIntegrationIdpSamlDraftServiceProviderMetadata:IntegrationIdpSamlDraftServiceProviderMetadata" }, "description": "The SP Metadata fields describing the Cyral service provider for this integration.\n" }, "spMetadata": { "type": "string", "description": "The SP Metadata document describing the Cyral service provider for this integration.\n", "deprecationMessage": "Deprecated" } }, "type": "object" } }, "cyral:index/integrationLogging:IntegrationLogging": { "description": "## # cyral.IntegrationLogging (Resource)\n\nManages a logging integration that can be used to push logs from Cyral to the corresponding logging system (E.g.: AWS CloudWatch, Splunk, SumoLogic, etc).\n\n> Import ID syntax is `{logging_integration_id}`.\n\n## Example Usage\n\nSee the list of all the supported logging integrations in the resource schema.\nRefer to our [public docs](https://cyral.com/docs/integrations/siem/) for more information.\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst cloudwatchLogGroupName = \"cyral-example-loggroup\";\nconst cloudwatch = new cyral.IntegrationLogging(\"cloudwatch\", {cloudwatch: {\n region: \"us-east-1\",\n group: cloudwatchLogGroupName,\n stream: \"cyral-sidecar\",\n}});\nconst sidecar = new cyral.Sidecar(\"sidecar\", {\n deploymentMethod: \"terraform\",\n activityLogIntegrationId: cloudwatch.id,\n});\nconst creds = new cyral.SidecarCredentials(\"creds\", {sidecarId: sidecar.id});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\ncloudwatch_log_group_name = \"cyral-example-loggroup\"\ncloudwatch = cyral.IntegrationLogging(\"cloudwatch\", cloudwatch={\n \"region\": \"us-east-1\",\n \"group\": cloudwatch_log_group_name,\n \"stream\": \"cyral-sidecar\",\n})\nsidecar = cyral.Sidecar(\"sidecar\",\n deployment_method=\"terraform\",\n activity_log_integration_id=cloudwatch.id)\ncreds = cyral.SidecarCredentials(\"creds\", sidecar_id=sidecar.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var cloudwatchLogGroupName = \"cyral-example-loggroup\";\n\n var cloudwatch = new Cyral.IntegrationLogging(\"cloudwatch\", new()\n {\n Cloudwatch = new Cyral.Inputs.IntegrationLoggingCloudwatchArgs\n {\n Region = \"us-east-1\",\n Group = cloudwatchLogGroupName,\n Stream = \"cyral-sidecar\",\n },\n });\n\n var sidecar = new Cyral.Sidecar(\"sidecar\", new()\n {\n DeploymentMethod = \"terraform\",\n ActivityLogIntegrationId = cloudwatch.Id,\n });\n\n var creds = new Cyral.SidecarCredentials(\"creds\", new()\n {\n SidecarId = sidecar.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcloudwatchLogGroupName := \"cyral-example-loggroup\"\n\t\tcloudwatch, err := cyral.NewIntegrationLogging(ctx, \"cloudwatch\", &cyral.IntegrationLoggingArgs{\n\t\t\tCloudwatch: &cyral.IntegrationLoggingCloudwatchArgs{\n\t\t\t\tRegion: pulumi.String(\"us-east-1\"),\n\t\t\t\tGroup: pulumi.String(cloudwatchLogGroupName),\n\t\t\t\tStream: pulumi.String(\"cyral-sidecar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsidecar, err := cyral.NewSidecar(ctx, \"sidecar\", &cyral.SidecarArgs{\n\t\t\tDeploymentMethod: pulumi.String(\"terraform\"),\n\t\t\tActivityLogIntegrationId: cloudwatch.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cyral.NewSidecarCredentials(ctx, \"creds\", &cyral.SidecarCredentialsArgs{\n\t\t\tSidecarId: sidecar.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.IntegrationLogging;\nimport com.pulumi.cyral.IntegrationLoggingArgs;\nimport com.pulumi.cyral.inputs.IntegrationLoggingCloudwatchArgs;\nimport com.pulumi.cyral.Sidecar;\nimport com.pulumi.cyral.SidecarArgs;\nimport com.pulumi.cyral.SidecarCredentials;\nimport com.pulumi.cyral.SidecarCredentialsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var cloudwatchLogGroupName = \"cyral-example-loggroup\";\n\n var cloudwatch = new IntegrationLogging(\"cloudwatch\", IntegrationLoggingArgs.builder()\n .cloudwatch(IntegrationLoggingCloudwatchArgs.builder()\n .region(\"us-east-1\")\n .group(cloudwatchLogGroupName)\n .stream(\"cyral-sidecar\")\n .build())\n .build());\n\n var sidecar = new Sidecar(\"sidecar\", SidecarArgs.builder()\n .deploymentMethod(\"terraform\")\n .activityLogIntegrationId(cloudwatch.id())\n .build());\n\n var creds = new SidecarCredentials(\"creds\", SidecarCredentialsArgs.builder()\n .sidecarId(sidecar.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sidecar:\n type: cyral:Sidecar\n properties:\n deploymentMethod: terraform\n activityLogIntegrationId: ${cloudwatch.id}\n cloudwatch:\n type: cyral:IntegrationLogging\n properties:\n cloudwatch:\n region: us-east-1\n group: ${cloudwatchLogGroupName}\n stream: cyral-sidecar\n creds:\n type: cyral:SidecarCredentials\n properties:\n sidecarId: ${sidecar.id}\nvariables:\n cloudwatchLogGroupName: cyral-example-loggroup\n```\n\n\n### Custom Integration\n\nAdvanced users can use the \"Fluent Bit\" logging integration to customize how the sidecar sends logs to\ntheir log management destination. Using the `fluent_bit` block, users can provide a customized Fluent Bit\nconfiguration (in [\"classic mode\" INI format](https://docs.fluentbit.io/manual/administration/configuring-fluent-bit/classic-mode)),\nusing any combination of filter and output plugins. More information can be found in the official\nFluent Bit [documentation](https://docs.fluentbit.io/manual/concepts/data-pipeline) (see the \"Filter\"\nand \"Output\" sections).\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst s3 = new cyral.IntegrationLogging(\"s3\", {fluentBit: {\n config: `[OUTPUT]\n Name s3\n Match *\n Region us-east-2\n Bucket example-bucket\n Total_file_size 1M\n`,\n}});\n// Configures `my-sidecar-fluent-bit` to push logs to a bucket named\n// `example-bucket` in AWS S3.\nconst sidecarFluentBit = new cyral.Sidecar(\"sidecarFluentBit\", {\n deploymentMethod: \"terraform\",\n activityLogIntegrationId: s3.id,\n});\n// Configures a raw Splunk integration with no sidecar associated.\nconst splunkIntegration = new cyral.IntegrationLogging(\"splunkIntegration\", {splunk: {\n hostname: \"http://splunk.com\",\n hecPort: \"8088\",\n accessToken: \"XXXXXXXXXXX\",\n}});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\ns3 = cyral.IntegrationLogging(\"s3\", fluent_bit={\n \"config\": \"\"\"[OUTPUT]\n Name s3\n Match *\n Region us-east-2\n Bucket example-bucket\n Total_file_size 1M\n\"\"\",\n})\n# Configures `my-sidecar-fluent-bit` to push logs to a bucket named\n# `example-bucket` in AWS S3.\nsidecar_fluent_bit = cyral.Sidecar(\"sidecarFluentBit\",\n deployment_method=\"terraform\",\n activity_log_integration_id=s3.id)\n# Configures a raw Splunk integration with no sidecar associated.\nsplunk_integration = cyral.IntegrationLogging(\"splunkIntegration\", splunk={\n \"hostname\": \"http://splunk.com\",\n \"hec_port\": \"8088\",\n \"access_token\": \"XXXXXXXXXXX\",\n})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var s3 = new Cyral.IntegrationLogging(\"s3\", new()\n {\n FluentBit = new Cyral.Inputs.IntegrationLoggingFluentBitArgs\n {\n Config = @\"[OUTPUT]\n Name s3\n Match *\n Region us-east-2\n Bucket example-bucket\n Total_file_size 1M\n\",\n },\n });\n\n // Configures `my-sidecar-fluent-bit` to push logs to a bucket named\n // `example-bucket` in AWS S3.\n var sidecarFluentBit = new Cyral.Sidecar(\"sidecarFluentBit\", new()\n {\n DeploymentMethod = \"terraform\",\n ActivityLogIntegrationId = s3.Id,\n });\n\n // Configures a raw Splunk integration with no sidecar associated.\n var splunkIntegration = new Cyral.IntegrationLogging(\"splunkIntegration\", new()\n {\n Splunk = new Cyral.Inputs.IntegrationLoggingSplunkArgs\n {\n Hostname = \"http://splunk.com\",\n HecPort = \"8088\",\n AccessToken = \"XXXXXXXXXXX\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ts3, err := cyral.NewIntegrationLogging(ctx, \"s3\", &cyral.IntegrationLoggingArgs{\n\t\t\tFluentBit: &cyral.IntegrationLoggingFluentBitArgs{\n\t\t\t\tConfig: pulumi.String(`[OUTPUT]\n Name s3\n Match *\n Region us-east-2\n Bucket example-bucket\n Total_file_size 1M\n`),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Configures `my-sidecar-fluent-bit` to push logs to a bucket named\n\t\t// `example-bucket` in AWS S3.\n\t\t_, err = cyral.NewSidecar(ctx, \"sidecarFluentBit\", &cyral.SidecarArgs{\n\t\t\tDeploymentMethod: pulumi.String(\"terraform\"),\n\t\t\tActivityLogIntegrationId: s3.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Configures a raw Splunk integration with no sidecar associated.\n\t\t_, err = cyral.NewIntegrationLogging(ctx, \"splunkIntegration\", &cyral.IntegrationLoggingArgs{\n\t\t\tSplunk: &cyral.IntegrationLoggingSplunkArgs{\n\t\t\t\tHostname: pulumi.String(\"http://splunk.com\"),\n\t\t\t\tHecPort: pulumi.String(\"8088\"),\n\t\t\t\tAccessToken: pulumi.String(\"XXXXXXXXXXX\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.IntegrationLogging;\nimport com.pulumi.cyral.IntegrationLoggingArgs;\nimport com.pulumi.cyral.inputs.IntegrationLoggingFluentBitArgs;\nimport com.pulumi.cyral.Sidecar;\nimport com.pulumi.cyral.SidecarArgs;\nimport com.pulumi.cyral.inputs.IntegrationLoggingSplunkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var s3 = new IntegrationLogging(\"s3\", IntegrationLoggingArgs.builder()\n .fluentBit(IntegrationLoggingFluentBitArgs.builder()\n .config(\"\"\"\n[OUTPUT]\n Name s3\n Match *\n Region us-east-2\n Bucket example-bucket\n Total_file_size 1M\n \"\"\")\n .build())\n .build());\n\n // Configures `my-sidecar-fluent-bit` to push logs to a bucket named\n // `example-bucket` in AWS S3.\n var sidecarFluentBit = new Sidecar(\"sidecarFluentBit\", SidecarArgs.builder()\n .deploymentMethod(\"terraform\")\n .activityLogIntegrationId(s3.id())\n .build());\n\n // Configures a raw Splunk integration with no sidecar associated.\n var splunkIntegration = new IntegrationLogging(\"splunkIntegration\", IntegrationLoggingArgs.builder()\n .splunk(IntegrationLoggingSplunkArgs.builder()\n .hostname(\"http://splunk.com\")\n .hecPort(\"8088\")\n .accessToken(\"XXXXXXXXXXX\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Configures `my-sidecar-fluent-bit` to push logs to a bucket named\n # `example-bucket` in AWS S3.\n sidecarFluentBit:\n type: cyral:Sidecar\n properties:\n deploymentMethod: terraform\n activityLogIntegrationId: ${s3.id}\n s3:\n type: cyral:IntegrationLogging\n properties:\n fluentBit:\n config: |\n [OUTPUT]\n Name s3\n Match *\n Region us-east-2\n Bucket example-bucket\n Total_file_size 1M\n # Configures a raw Splunk integration with no sidecar associated.\n splunkIntegration:\n type: cyral:IntegrationLogging\n properties:\n splunk:\n hostname: http://splunk.com\n hecPort: '8088'\n accessToken: XXXXXXXXXXX\n```\n\n", "properties": { "cloudwatch": { "$ref": "#/types/cyral:index%2FIntegrationLoggingCloudwatch:IntegrationLoggingCloudwatch", "description": "Represents the configuration data required for the `AWS` CloudWatch log management system.\n" }, "datadog": { "$ref": "#/types/cyral:index%2FIntegrationLoggingDatadog:IntegrationLoggingDatadog", "description": "Represents the configuration data required for the Datadog's log management system.\n" }, "elk": { "$ref": "#/types/cyral:index%2FIntegrationLoggingElk:IntegrationLoggingElk", "description": "Represents the configuration data required for the ELK stack log management system.\n", "deprecationMessage": "Deprecated" }, "fluentBit": { "$ref": "#/types/cyral:index%2FIntegrationLoggingFluentBit:IntegrationLoggingFluentBit", "description": "Represents a custom Fluent Bit configuration which will be utilized by the sidecar's log shipper.\n" }, "name": { "type": "string", "description": "Name of the logging integration config.\n" }, "receiveAuditLogs": { "type": "boolean", "description": "Whether or not Cyral audit logs should be forwarded to this logging integration. Declaration not supported in conjunction with `fluent_bit` block.\n" }, "splunk": { "$ref": "#/types/cyral:index%2FIntegrationLoggingSplunk:IntegrationLoggingSplunk", "description": "Represents the configuration data required for the Splunk log management system.\n" }, "sumoLogic": { "$ref": "#/types/cyral:index%2FIntegrationLoggingSumoLogic:IntegrationLoggingSumoLogic", "description": "Represents the configuration data required for the Sumo Logic log management system.\n" } }, "type": "object", "required": [ "name" ], "inputProperties": { "cloudwatch": { "$ref": "#/types/cyral:index%2FIntegrationLoggingCloudwatch:IntegrationLoggingCloudwatch", "description": "Represents the configuration data required for the `AWS` CloudWatch log management system.\n" }, "datadog": { "$ref": "#/types/cyral:index%2FIntegrationLoggingDatadog:IntegrationLoggingDatadog", "description": "Represents the configuration data required for the Datadog's log management system.\n" }, "elk": { "$ref": "#/types/cyral:index%2FIntegrationLoggingElk:IntegrationLoggingElk", "description": "Represents the configuration data required for the ELK stack log management system.\n", "deprecationMessage": "Deprecated" }, "fluentBit": { "$ref": "#/types/cyral:index%2FIntegrationLoggingFluentBit:IntegrationLoggingFluentBit", "description": "Represents a custom Fluent Bit configuration which will be utilized by the sidecar's log shipper.\n" }, "name": { "type": "string", "description": "Name of the logging integration config.\n" }, "receiveAuditLogs": { "type": "boolean", "description": "Whether or not Cyral audit logs should be forwarded to this logging integration. Declaration not supported in conjunction with `fluent_bit` block.\n" }, "splunk": { "$ref": "#/types/cyral:index%2FIntegrationLoggingSplunk:IntegrationLoggingSplunk", "description": "Represents the configuration data required for the Splunk log management system.\n" }, "sumoLogic": { "$ref": "#/types/cyral:index%2FIntegrationLoggingSumoLogic:IntegrationLoggingSumoLogic", "description": "Represents the configuration data required for the Sumo Logic log management system.\n" } }, "stateInputs": { "description": "Input properties used for looking up and filtering IntegrationLogging resources.\n", "properties": { "cloudwatch": { "$ref": "#/types/cyral:index%2FIntegrationLoggingCloudwatch:IntegrationLoggingCloudwatch", "description": "Represents the configuration data required for the `AWS` CloudWatch log management system.\n" }, "datadog": { "$ref": "#/types/cyral:index%2FIntegrationLoggingDatadog:IntegrationLoggingDatadog", "description": "Represents the configuration data required for the Datadog's log management system.\n" }, "elk": { "$ref": "#/types/cyral:index%2FIntegrationLoggingElk:IntegrationLoggingElk", "description": "Represents the configuration data required for the ELK stack log management system.\n", "deprecationMessage": "Deprecated" }, "fluentBit": { "$ref": "#/types/cyral:index%2FIntegrationLoggingFluentBit:IntegrationLoggingFluentBit", "description": "Represents a custom Fluent Bit configuration which will be utilized by the sidecar's log shipper.\n" }, "name": { "type": "string", "description": "Name of the logging integration config.\n" }, "receiveAuditLogs": { "type": "boolean", "description": "Whether or not Cyral audit logs should be forwarded to this logging integration. Declaration not supported in conjunction with `fluent_bit` block.\n" }, "splunk": { "$ref": "#/types/cyral:index%2FIntegrationLoggingSplunk:IntegrationLoggingSplunk", "description": "Represents the configuration data required for the Splunk log management system.\n" }, "sumoLogic": { "$ref": "#/types/cyral:index%2FIntegrationLoggingSumoLogic:IntegrationLoggingSumoLogic", "description": "Represents the configuration data required for the Sumo Logic log management system.\n" } }, "type": "object" } }, "cyral:index/integrationLogstash:IntegrationLogstash": { "description": "> **DEPRECATED** Use resource `cyral.IntegrationLogging` instead.\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst someResourceName = new cyral.IntegrationLogstash(\"someResourceName\", {\n endpoint: \"\",\n useMutualAuthentication: false,\n usePrivateCertificateChain: false,\n useTls: false,\n});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsome_resource_name = cyral.IntegrationLogstash(\"someResourceName\",\n endpoint=\"\",\n use_mutual_authentication=False,\n use_private_certificate_chain=False,\n use_tls=False)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var someResourceName = new Cyral.IntegrationLogstash(\"someResourceName\", new()\n {\n Endpoint = \"\",\n UseMutualAuthentication = false,\n UsePrivateCertificateChain = false,\n UseTls = false,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cyral.NewIntegrationLogstash(ctx, \"someResourceName\", &cyral.IntegrationLogstashArgs{\n\t\t\tEndpoint: pulumi.String(\"\"),\n\t\t\tUseMutualAuthentication: pulumi.Bool(false),\n\t\t\tUsePrivateCertificateChain: pulumi.Bool(false),\n\t\t\tUseTls: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.IntegrationLogstash;\nimport com.pulumi.cyral.IntegrationLogstashArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var someResourceName = new IntegrationLogstash(\"someResourceName\", IntegrationLogstashArgs.builder()\n .endpoint(\"\")\n .useMutualAuthentication(false)\n .usePrivateCertificateChain(false)\n .useTls(false)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n someResourceName:\n type: cyral:IntegrationLogstash\n properties:\n endpoint: \"\"\n useMutualAuthentication: false\n usePrivateCertificateChain: false\n useTls: false\n```\n\n", "properties": { "endpoint": { "type": "string", "description": "The endpoint used to connect to Logstash.\n", "secret": true }, "name": { "type": "string", "description": "Integration name that will be used internally in the control plane.\n" }, "useMutualAuthentication": { "type": "boolean", "description": "Logstash configured to use mutual authentication.\n" }, "usePrivateCertificateChain": { "type": "boolean", "description": "Logstash configured to use private certificate chain.\n" }, "useTls": { "type": "boolean", "description": "Logstash configured to use mutual TLS.\n" } }, "type": "object", "required": [ "endpoint", "name", "useMutualAuthentication", "usePrivateCertificateChain", "useTls" ], "inputProperties": { "endpoint": { "type": "string", "description": "The endpoint used to connect to Logstash.\n", "secret": true }, "name": { "type": "string", "description": "Integration name that will be used internally in the control plane.\n" }, "useMutualAuthentication": { "type": "boolean", "description": "Logstash configured to use mutual authentication.\n" }, "usePrivateCertificateChain": { "type": "boolean", "description": "Logstash configured to use private certificate chain.\n" }, "useTls": { "type": "boolean", "description": "Logstash configured to use mutual TLS.\n" } }, "requiredInputs": [ "endpoint", "useMutualAuthentication", "usePrivateCertificateChain", "useTls" ], "stateInputs": { "description": "Input properties used for looking up and filtering IntegrationLogstash resources.\n", "properties": { "endpoint": { "type": "string", "description": "The endpoint used to connect to Logstash.\n", "secret": true }, "name": { "type": "string", "description": "Integration name that will be used internally in the control plane.\n" }, "useMutualAuthentication": { "type": "boolean", "description": "Logstash configured to use mutual authentication.\n" }, "usePrivateCertificateChain": { "type": "boolean", "description": "Logstash configured to use private certificate chain.\n" }, "useTls": { "type": "boolean", "description": "Logstash configured to use mutual TLS.\n" } }, "type": "object" } }, "cyral:index/integrationLooker:IntegrationLooker": { "description": "> **DEPRECATED** Integration no longer supported.\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst someResourceName = new cyral.IntegrationLooker(\"someResourceName\", {\n clientId: \"\",\n clientSecret: \"\",\n url: \"\",\n});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsome_resource_name = cyral.IntegrationLooker(\"someResourceName\",\n client_id=\"\",\n client_secret=\"\",\n url=\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var someResourceName = new Cyral.IntegrationLooker(\"someResourceName\", new()\n {\n ClientId = \"\",\n ClientSecret = \"\",\n Url = \"\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cyral.NewIntegrationLooker(ctx, \"someResourceName\", &cyral.IntegrationLookerArgs{\n\t\t\tClientId: pulumi.String(\"\"),\n\t\t\tClientSecret: pulumi.String(\"\"),\n\t\t\tUrl: pulumi.String(\"\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.IntegrationLooker;\nimport com.pulumi.cyral.IntegrationLookerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var someResourceName = new IntegrationLooker(\"someResourceName\", IntegrationLookerArgs.builder()\n .clientId(\"\")\n .clientSecret(\"\")\n .url(\"\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n someResourceName:\n type: cyral:IntegrationLooker\n properties:\n clientId: \"\"\n clientSecret: \"\"\n url: \"\"\n```\n\n", "properties": { "clientId": { "type": "string", "description": "Looker client id.\n", "secret": true }, "clientSecret": { "type": "string", "description": "Looker client secret.\n", "secret": true }, "url": { "type": "string", "description": "Looker integration url.\n" } }, "type": "object", "required": [ "clientId", "clientSecret", "url" ], "inputProperties": { "clientId": { "type": "string", "description": "Looker client id.\n", "secret": true }, "clientSecret": { "type": "string", "description": "Looker client secret.\n", "secret": true }, "url": { "type": "string", "description": "Looker integration url.\n" } }, "requiredInputs": [ "clientId", "clientSecret", "url" ], "stateInputs": { "description": "Input properties used for looking up and filtering IntegrationLooker resources.\n", "properties": { "clientId": { "type": "string", "description": "Looker client id.\n", "secret": true }, "clientSecret": { "type": "string", "description": "Looker client secret.\n", "secret": true }, "url": { "type": "string", "description": "Looker integration url.\n" } }, "type": "object" } }, "cyral:index/integrationMfaDuo:IntegrationMfaDuo": { "description": "Manages [integration with Duo MFA](https://cyral.com/docs/integrations/authentication/mfa/duo).\n", "properties": { "apiHostname": { "type": "string", "description": "API hostname obtained from Duo management console.\n" }, "integrationKey": { "type": "string", "description": "Integration key name obtained from Duo management console.\n" }, "name": { "type": "string", "description": "Integration display name that will be used in the control plane.\n" }, "secretKey": { "type": "string", "description": "Secret key obtained from Duo management console.\n", "secret": true } }, "type": "object", "required": [ "apiHostname", "integrationKey", "name", "secretKey" ], "inputProperties": { "apiHostname": { "type": "string", "description": "API hostname obtained from Duo management console.\n" }, "integrationKey": { "type": "string", "description": "Integration key name obtained from Duo management console.\n" }, "name": { "type": "string", "description": "Integration display name that will be used in the control plane.\n" }, "secretKey": { "type": "string", "description": "Secret key obtained from Duo management console.\n", "secret": true } }, "requiredInputs": [ "apiHostname", "integrationKey", "secretKey" ], "stateInputs": { "description": "Input properties used for looking up and filtering IntegrationMfaDuo resources.\n", "properties": { "apiHostname": { "type": "string", "description": "API hostname obtained from Duo management console.\n" }, "integrationKey": { "type": "string", "description": "Integration key name obtained from Duo management console.\n" }, "name": { "type": "string", "description": "Integration display name that will be used in the control plane.\n" }, "secretKey": { "type": "string", "description": "Secret key obtained from Duo management console.\n", "secret": true } }, "type": "object" } }, "cyral:index/integrationMicrosoftTeams:IntegrationMicrosoftTeams": { "description": "Manages [integration with Microsoft Teams](https://cyral.com/docs/integrations/alerting/microsoft-teams).\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst someResourceName = new cyral.IntegrationMicrosoftTeams(\"someResourceName\", {url: \"\"});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsome_resource_name = cyral.IntegrationMicrosoftTeams(\"someResourceName\", url=\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var someResourceName = new Cyral.IntegrationMicrosoftTeams(\"someResourceName\", new()\n {\n Url = \"\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cyral.NewIntegrationMicrosoftTeams(ctx, \"someResourceName\", &cyral.IntegrationMicrosoftTeamsArgs{\n\t\t\tUrl: pulumi.String(\"\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.IntegrationMicrosoftTeams;\nimport com.pulumi.cyral.IntegrationMicrosoftTeamsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var someResourceName = new IntegrationMicrosoftTeams(\"someResourceName\", IntegrationMicrosoftTeamsArgs.builder()\n .url(\"\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n someResourceName:\n type: cyral:IntegrationMicrosoftTeams\n properties:\n url: \"\"\n```\n\n", "properties": { "name": { "type": "string", "description": "Integration name that will be used internally in the control plane.\n" }, "url": { "type": "string", "description": "Microsoft Teams webhook URL.\n", "secret": true } }, "type": "object", "required": [ "name", "url" ], "inputProperties": { "name": { "type": "string", "description": "Integration name that will be used internally in the control plane.\n" }, "url": { "type": "string", "description": "Microsoft Teams webhook URL.\n", "secret": true } }, "requiredInputs": [ "url" ], "stateInputs": { "description": "Input properties used for looking up and filtering IntegrationMicrosoftTeams resources.\n", "properties": { "name": { "type": "string", "description": "Integration name that will be used internally in the control plane.\n" }, "url": { "type": "string", "description": "Microsoft Teams webhook URL.\n", "secret": true } }, "type": "object" } }, "cyral:index/integrationPagerDuty:IntegrationPagerDuty": { "description": "Manages [integration with PagerDuty](https://cyral.com/docs/integrations/incident-response/pagerduty).\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst someResourceName = new cyral.IntegrationPagerDuty(\"someResourceName\", {apiToken: \"\"});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsome_resource_name = cyral.IntegrationPagerDuty(\"someResourceName\", api_token=\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var someResourceName = new Cyral.IntegrationPagerDuty(\"someResourceName\", new()\n {\n ApiToken = \"\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cyral.NewIntegrationPagerDuty(ctx, \"someResourceName\", &cyral.IntegrationPagerDutyArgs{\n\t\t\tApiToken: pulumi.String(\"\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.IntegrationPagerDuty;\nimport com.pulumi.cyral.IntegrationPagerDutyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var someResourceName = new IntegrationPagerDuty(\"someResourceName\", IntegrationPagerDutyArgs.builder()\n .apiToken(\"\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n someResourceName:\n type: cyral:IntegrationPagerDuty\n properties:\n apiToken: \"\"\n```\n\n", "properties": { "apiToken": { "type": "string", "description": "API token for the PagerDuty integration.\n", "secret": true }, "name": { "type": "string", "description": "Integration display name that will be used in the control plane.\n" } }, "type": "object", "required": [ "apiToken", "name" ], "inputProperties": { "apiToken": { "type": "string", "description": "API token for the PagerDuty integration.\n", "secret": true }, "name": { "type": "string", "description": "Integration display name that will be used in the control plane.\n" } }, "requiredInputs": [ "apiToken" ], "stateInputs": { "description": "Input properties used for looking up and filtering IntegrationPagerDuty resources.\n", "properties": { "apiToken": { "type": "string", "description": "API token for the PagerDuty integration.\n", "secret": true }, "name": { "type": "string", "description": "Integration display name that will be used in the control plane.\n" } }, "type": "object" } }, "cyral:index/integrationSlackAlerts:IntegrationSlackAlerts": { "description": "Manages [integration with Slack to push alerts](https://cyral.com/docs/integrations/alerting/slack).\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst someResourceName = new cyral.IntegrationSlackAlerts(\"someResourceName\", {url: \"\"});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsome_resource_name = cyral.IntegrationSlackAlerts(\"someResourceName\", url=\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var someResourceName = new Cyral.IntegrationSlackAlerts(\"someResourceName\", new()\n {\n Url = \"\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cyral.NewIntegrationSlackAlerts(ctx, \"someResourceName\", &cyral.IntegrationSlackAlertsArgs{\n\t\t\tUrl: pulumi.String(\"\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.IntegrationSlackAlerts;\nimport com.pulumi.cyral.IntegrationSlackAlertsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var someResourceName = new IntegrationSlackAlerts(\"someResourceName\", IntegrationSlackAlertsArgs.builder()\n .url(\"\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n someResourceName:\n type: cyral:IntegrationSlackAlerts\n properties:\n url: \"\"\n```\n\n", "properties": { "name": { "type": "string", "description": "Integration name that will be used internally in the control plane.\n" }, "url": { "type": "string", "description": "Slack Alert Webhook url.\n", "secret": true } }, "type": "object", "required": [ "name", "url" ], "inputProperties": { "name": { "type": "string", "description": "Integration name that will be used internally in the control plane.\n" }, "url": { "type": "string", "description": "Slack Alert Webhook url.\n", "secret": true } }, "requiredInputs": [ "url" ], "stateInputs": { "description": "Input properties used for looking up and filtering IntegrationSlackAlerts resources.\n", "properties": { "name": { "type": "string", "description": "Integration name that will be used internally in the control plane.\n" }, "url": { "type": "string", "description": "Slack Alert Webhook url.\n", "secret": true } }, "type": "object" } }, "cyral:index/integrationSplunk:IntegrationSplunk": { "description": "> **DEPRECATED** Use resource `cyral.IntegrationLogging` instead.\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst someResourceName = new cyral.IntegrationSplunk(\"someResourceName\", {\n accessToken: \"\",\n host: \"\",\n index: \"\",\n port: 0,\n useTls: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsome_resource_name = cyral.IntegrationSplunk(\"someResourceName\",\n access_token=\"\",\n host=\"\",\n index=\"\",\n port=0,\n use_tls=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var someResourceName = new Cyral.IntegrationSplunk(\"someResourceName\", new()\n {\n AccessToken = \"\",\n Host = \"\",\n Index = \"\",\n Port = 0,\n UseTls = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cyral.NewIntegrationSplunk(ctx, \"someResourceName\", &cyral.IntegrationSplunkArgs{\n\t\t\tAccessToken: pulumi.String(\"\"),\n\t\t\tHost: pulumi.String(\"\"),\n\t\t\tIndex: pulumi.String(\"\"),\n\t\t\tPort: pulumi.Float64(0),\n\t\t\tUseTls: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.IntegrationSplunk;\nimport com.pulumi.cyral.IntegrationSplunkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var someResourceName = new IntegrationSplunk(\"someResourceName\", IntegrationSplunkArgs.builder()\n .accessToken(\"\")\n .host(\"\")\n .index(\"\")\n .port(0)\n .useTls(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n someResourceName:\n type: cyral:IntegrationSplunk\n properties:\n accessToken: \"\"\n host: \"\"\n index: \"\"\n port: 0\n useTls: true\n```\n\n", "properties": { "accessToken": { "type": "string", "description": "Splunk access token.\n", "secret": true }, "host": { "type": "string", "description": "Splunk host.\n" }, "index": { "type": "string", "description": "Splunk data index name.\n" }, "name": { "type": "string", "description": "Integration name that will be used internally in the control plane.\n" }, "port": { "type": "number", "description": "Splunk host port.\n" }, "useTls": { "type": "boolean", "description": "Should the communication with Splunk use TLS encryption?\n" } }, "type": "object", "required": [ "accessToken", "host", "index", "name", "port", "useTls" ], "inputProperties": { "accessToken": { "type": "string", "description": "Splunk access token.\n", "secret": true }, "host": { "type": "string", "description": "Splunk host.\n" }, "index": { "type": "string", "description": "Splunk data index name.\n" }, "name": { "type": "string", "description": "Integration name that will be used internally in the control plane.\n" }, "port": { "type": "number", "description": "Splunk host port.\n" }, "useTls": { "type": "boolean", "description": "Should the communication with Splunk use TLS encryption?\n" } }, "requiredInputs": [ "accessToken", "host", "index", "port", "useTls" ], "stateInputs": { "description": "Input properties used for looking up and filtering IntegrationSplunk resources.\n", "properties": { "accessToken": { "type": "string", "description": "Splunk access token.\n", "secret": true }, "host": { "type": "string", "description": "Splunk host.\n" }, "index": { "type": "string", "description": "Splunk data index name.\n" }, "name": { "type": "string", "description": "Integration name that will be used internally in the control plane.\n" }, "port": { "type": "number", "description": "Splunk host port.\n" }, "useTls": { "type": "boolean", "description": "Should the communication with Splunk use TLS encryption?\n" } }, "type": "object" } }, "cyral:index/integrationSumoLogic:IntegrationSumoLogic": { "description": "> **DEPRECATED** Use resource `cyral.IntegrationLogging` instead.\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst someResourceName = new cyral.IntegrationSumoLogic(\"someResourceName\", {address: \"\"});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsome_resource_name = cyral.IntegrationSumoLogic(\"someResourceName\", address=\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var someResourceName = new Cyral.IntegrationSumoLogic(\"someResourceName\", new()\n {\n Address = \"\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cyral.NewIntegrationSumoLogic(ctx, \"someResourceName\", &cyral.IntegrationSumoLogicArgs{\n\t\t\tAddress: pulumi.String(\"\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.IntegrationSumoLogic;\nimport com.pulumi.cyral.IntegrationSumoLogicArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var someResourceName = new IntegrationSumoLogic(\"someResourceName\", IntegrationSumoLogicArgs.builder()\n .address(\"\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n someResourceName:\n type: cyral:IntegrationSumoLogic\n properties:\n address: \"\"\n```\n\n", "properties": { "address": { "type": "string", "description": "Sumo Logic address.\n", "secret": true }, "name": { "type": "string", "description": "Integration name that will be used internally in the control plane.\n" } }, "type": "object", "required": [ "address", "name" ], "inputProperties": { "address": { "type": "string", "description": "Sumo Logic address.\n", "secret": true }, "name": { "type": "string", "description": "Integration name that will be used internally in the control plane.\n" } }, "requiredInputs": [ "address" ], "stateInputs": { "description": "Input properties used for looking up and filtering IntegrationSumoLogic resources.\n", "properties": { "address": { "type": "string", "description": "Sumo Logic address.\n", "secret": true }, "name": { "type": "string", "description": "Integration name that will be used internally in the control plane.\n" } }, "type": "object" } }, "cyral:index/policy:Policy": { "description": "> **DEPRECATED** For control planes `>= v4.15`, use resource `cyral.PolicyV2` instead.\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst _this = new cyral.Policy(\"this\", {\n datas: [\"EMAIL\"],\n description: \"This is my first policy\",\n enabled: true,\n metadataTags: [\"Risk Level 1\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nthis = cyral.Policy(\"this\",\n datas=[\"EMAIL\"],\n description=\"This is my first policy\",\n enabled=True,\n metadata_tags=[\"Risk Level 1\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var @this = new Cyral.Policy(\"this\", new()\n {\n Datas = new[]\n {\n \"EMAIL\",\n },\n Description = \"This is my first policy\",\n Enabled = true,\n MetadataTags = new[]\n {\n \"Risk Level 1\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cyral.NewPolicy(ctx, \"this\", &cyral.PolicyArgs{\n\t\t\tDatas: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"EMAIL\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"This is my first policy\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tMetadataTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"Risk Level 1\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.Policy;\nimport com.pulumi.cyral.PolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var this_ = new Policy(\"this\", PolicyArgs.builder()\n .datas(\"EMAIL\")\n .description(\"This is my first policy\")\n .enabled(true)\n .metadataTags(\"Risk Level 1\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n this:\n type: cyral:Policy\n properties:\n datas:\n - EMAIL\n description: This is my first policy\n enabled: true\n metadataTags:\n - Risk Level 1\n```\n\n", "properties": { "created": { "type": "string", "description": "Timestamp for the policy creation.\n" }, "dataLabelTags": { "type": "array", "items": { "type": "string" }, "description": "List of tags that represent sets of data labels (established in your data map) that are used to specify the collections of data labels that the policy manages. For more information, see [The tags block of a policy](https://cyral.com/docs/policy/policy-structure#the-tags-block-of-a-policy)\n" }, "datas": { "type": "array", "items": { "type": "string" }, "description": "List that specify which data fields a policy manages. Each field is represented by the LABEL you established for it in your data map. The actual location of that data (the names of fields, columns, or databases that hold it) is listed in the data map.\n" }, "description": { "type": "string", "description": "String that describes the policy (ex: `your_policy_description`).\n" }, "enabled": { "type": "boolean", "description": "Boolean that causes a policy to be enabled or disabled.\n" }, "lastUpdated": { "type": "string", "description": "Timestamp for the last update performed in this policy.\n" }, "metadataTags": { "type": "array", "items": { "type": "string" }, "description": "Metadata tags that can be used to organize and/or classify your policies (ex: `[your_tag1, your_tag2]`).\n" }, "name": { "type": "string", "description": "Policy name that will be used internally in Control Plane (ex: `your_policy_name`).\n" }, "policyId": { "type": "string", "description": "The ID of this resource.\n" }, "tags": { "type": "array", "items": { "type": "string" }, "description": "Metadata tags that can be used to organize and/or classify your policies (ex: `[your_tag1, your_tag2]`).\n", "deprecationMessage": "Deprecated" }, "type": { "type": "string", "description": "Policy type.\n" }, "version": { "type": "string", "description": "Incremental counter for every update on the policy.\n" } }, "type": "object", "required": [ "created", "lastUpdated", "name", "policyId", "type", "version" ], "inputProperties": { "dataLabelTags": { "type": "array", "items": { "type": "string" }, "description": "List of tags that represent sets of data labels (established in your data map) that are used to specify the collections of data labels that the policy manages. For more information, see [The tags block of a policy](https://cyral.com/docs/policy/policy-structure#the-tags-block-of-a-policy)\n" }, "datas": { "type": "array", "items": { "type": "string" }, "description": "List that specify which data fields a policy manages. Each field is represented by the LABEL you established for it in your data map. The actual location of that data (the names of fields, columns, or databases that hold it) is listed in the data map.\n" }, "description": { "type": "string", "description": "String that describes the policy (ex: `your_policy_description`).\n" }, "enabled": { "type": "boolean", "description": "Boolean that causes a policy to be enabled or disabled.\n" }, "metadataTags": { "type": "array", "items": { "type": "string" }, "description": "Metadata tags that can be used to organize and/or classify your policies (ex: `[your_tag1, your_tag2]`).\n" }, "name": { "type": "string", "description": "Policy name that will be used internally in Control Plane (ex: `your_policy_name`).\n" }, "policyId": { "type": "string", "description": "The ID of this resource.\n" }, "tags": { "type": "array", "items": { "type": "string" }, "description": "Metadata tags that can be used to organize and/or classify your policies (ex: `[your_tag1, your_tag2]`).\n", "deprecationMessage": "Deprecated" } }, "stateInputs": { "description": "Input properties used for looking up and filtering Policy resources.\n", "properties": { "created": { "type": "string", "description": "Timestamp for the policy creation.\n" }, "dataLabelTags": { "type": "array", "items": { "type": "string" }, "description": "List of tags that represent sets of data labels (established in your data map) that are used to specify the collections of data labels that the policy manages. For more information, see [The tags block of a policy](https://cyral.com/docs/policy/policy-structure#the-tags-block-of-a-policy)\n" }, "datas": { "type": "array", "items": { "type": "string" }, "description": "List that specify which data fields a policy manages. Each field is represented by the LABEL you established for it in your data map. The actual location of that data (the names of fields, columns, or databases that hold it) is listed in the data map.\n" }, "description": { "type": "string", "description": "String that describes the policy (ex: `your_policy_description`).\n" }, "enabled": { "type": "boolean", "description": "Boolean that causes a policy to be enabled or disabled.\n" }, "lastUpdated": { "type": "string", "description": "Timestamp for the last update performed in this policy.\n" }, "metadataTags": { "type": "array", "items": { "type": "string" }, "description": "Metadata tags that can be used to organize and/or classify your policies (ex: `[your_tag1, your_tag2]`).\n" }, "name": { "type": "string", "description": "Policy name that will be used internally in Control Plane (ex: `your_policy_name`).\n" }, "policyId": { "type": "string", "description": "The ID of this resource.\n" }, "tags": { "type": "array", "items": { "type": "string" }, "description": "Metadata tags that can be used to organize and/or classify your policies (ex: `[your_tag1, your_tag2]`).\n", "deprecationMessage": "Deprecated" }, "type": { "type": "string", "description": "Policy type.\n" }, "version": { "type": "string", "description": "Incremental counter for every update on the policy.\n" } }, "type": "object" } }, "cyral:index/policyRule:PolicyRule": { "description": "## # cyral.PolicyRule (Resource)\n\n> **DEPRECATED** For control planes `>= v4.15`, use resource `cyral.PolicyV2` instead.\n\n> Import ID syntax is `{policy_id}/{policy_rule_id}`, where `{policy_rule_id}` is the ID of the policy rule in the Cyral Control Plane.\n\n", "properties": { "cyralPolicyRuleId": { "type": "string", "description": "The ID of this resource.\n" }, "deletes": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FPolicyRuleDelete:PolicyRuleDelete" }, "description": "A contexted rule for accesses of the type `delete`.\n" }, "hosts": { "type": "array", "items": { "type": "string" }, "description": "Hosts specification that limits access to only those users connecting from a certain network location.\n" }, "identities": { "$ref": "#/types/cyral:index%2FPolicyRuleIdentities:PolicyRuleIdentities", "description": "Identities specifies the people, applications, or groups this rule applies to. Every rule except your default rule has one. It can have 4 fields: `db_roles`, `groups`, `users` and `services`.\n" }, "policyId": { "type": "string", "description": "The ID of the policy you are adding this rule to.\n" }, "policyRuleId": { "type": "string", "description": "The ID of the policy rule.\n" }, "reads": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FPolicyRuleRead:PolicyRuleRead" }, "description": "A contexted rule for accesses of the type `read`.\n" }, "updates": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FPolicyRuleUpdate:PolicyRuleUpdate" }, "description": "A contexted rule for accesses of the type `update`.\n" } }, "type": "object", "required": [ "cyralPolicyRuleId", "policyId", "policyRuleId" ], "inputProperties": { "cyralPolicyRuleId": { "type": "string", "description": "The ID of this resource.\n" }, "deletes": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FPolicyRuleDelete:PolicyRuleDelete" }, "description": "A contexted rule for accesses of the type `delete`.\n" }, "hosts": { "type": "array", "items": { "type": "string" }, "description": "Hosts specification that limits access to only those users connecting from a certain network location.\n" }, "identities": { "$ref": "#/types/cyral:index%2FPolicyRuleIdentities:PolicyRuleIdentities", "description": "Identities specifies the people, applications, or groups this rule applies to. Every rule except your default rule has one. It can have 4 fields: `db_roles`, `groups`, `users` and `services`.\n" }, "policyId": { "type": "string", "description": "The ID of the policy you are adding this rule to.\n" }, "reads": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FPolicyRuleRead:PolicyRuleRead" }, "description": "A contexted rule for accesses of the type `read`.\n" }, "updates": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FPolicyRuleUpdate:PolicyRuleUpdate" }, "description": "A contexted rule for accesses of the type `update`.\n" } }, "requiredInputs": [ "policyId" ], "stateInputs": { "description": "Input properties used for looking up and filtering PolicyRule resources.\n", "properties": { "cyralPolicyRuleId": { "type": "string", "description": "The ID of this resource.\n" }, "deletes": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FPolicyRuleDelete:PolicyRuleDelete" }, "description": "A contexted rule for accesses of the type `delete`.\n" }, "hosts": { "type": "array", "items": { "type": "string" }, "description": "Hosts specification that limits access to only those users connecting from a certain network location.\n" }, "identities": { "$ref": "#/types/cyral:index%2FPolicyRuleIdentities:PolicyRuleIdentities", "description": "Identities specifies the people, applications, or groups this rule applies to. Every rule except your default rule has one. It can have 4 fields: `db_roles`, `groups`, `users` and `services`.\n" }, "policyId": { "type": "string", "description": "The ID of the policy you are adding this rule to.\n" }, "policyRuleId": { "type": "string", "description": "The ID of the policy rule.\n" }, "reads": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FPolicyRuleRead:PolicyRuleRead" }, "description": "A contexted rule for accesses of the type `read`.\n" }, "updates": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FPolicyRuleUpdate:PolicyRuleUpdate" }, "description": "A contexted rule for accesses of the type `update`.\n" } }, "type": "object" } }, "cyral:index/policySet:PolicySet": { "description": "## # cyral.PolicySet (Resource)\n\nThis resource allows management of policy sets in the Cyral platform.\n\n> Import ID syntax is `{policy_set_id}`.\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst myrepo = new cyral.Repository(\"myrepo\", {\n type: \"mongodb\",\n repoNodes: [{\n name: \"node-1\",\n host: \"mongodb.cyral.com\",\n port: 27017,\n }],\n mongodbSettings: {\n serverType: \"standalone\",\n },\n});\nconst repoLockdownExample = new cyral.PolicySet(\"repoLockdownExample\", {\n wizardId: \"repo-lockdown\",\n description: \"This default policy will block by default all queries for myrepo except the ones not parsed by Cyral\",\n enabled: true,\n tags: [\n \"default block\",\n \"fail open\",\n ],\n scope: {\n repoIds: [myrepo.id],\n },\n wizardParameters: JSON.stringify({\n denyByDefault: true,\n failClosed: false,\n }),\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_cyral as cyral\n\nmyrepo = cyral.Repository(\"myrepo\",\n type=\"mongodb\",\n repo_nodes=[{\n \"name\": \"node-1\",\n \"host\": \"mongodb.cyral.com\",\n \"port\": 27017,\n }],\n mongodb_settings={\n \"server_type\": \"standalone\",\n })\nrepo_lockdown_example = cyral.PolicySet(\"repoLockdownExample\",\n wizard_id=\"repo-lockdown\",\n description=\"This default policy will block by default all queries for myrepo except the ones not parsed by Cyral\",\n enabled=True,\n tags=[\n \"default block\",\n \"fail open\",\n ],\n scope={\n \"repo_ids\": [myrepo.id],\n },\n wizard_parameters=json.dumps({\n \"denyByDefault\": True,\n \"failClosed\": False,\n }))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var myrepo = new Cyral.Repository(\"myrepo\", new()\n {\n Type = \"mongodb\",\n RepoNodes = new[]\n {\n new Cyral.Inputs.RepositoryRepoNodeArgs\n {\n Name = \"node-1\",\n Host = \"mongodb.cyral.com\",\n Port = 27017,\n },\n },\n MongodbSettings = new Cyral.Inputs.RepositoryMongodbSettingsArgs\n {\n ServerType = \"standalone\",\n },\n });\n\n var repoLockdownExample = new Cyral.PolicySet(\"repoLockdownExample\", new()\n {\n WizardId = \"repo-lockdown\",\n Description = \"This default policy will block by default all queries for myrepo except the ones not parsed by Cyral\",\n Enabled = true,\n Tags = new[]\n {\n \"default block\",\n \"fail open\",\n },\n Scope = new Cyral.Inputs.PolicySetScopeArgs\n {\n RepoIds = new[]\n {\n myrepo.Id,\n },\n },\n WizardParameters = JsonSerializer.Serialize(new Dictionary\n {\n [\"denyByDefault\"] = true,\n [\"failClosed\"] = false,\n }),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyrepo, err := cyral.NewRepository(ctx, \"myrepo\", &cyral.RepositoryArgs{\n\t\t\tType: pulumi.String(\"mongodb\"),\n\t\t\tRepoNodes: cyral.RepositoryRepoNodeArray{\n\t\t\t\t&cyral.RepositoryRepoNodeArgs{\n\t\t\t\t\tName: pulumi.String(\"node-1\"),\n\t\t\t\t\tHost: pulumi.String(\"mongodb.cyral.com\"),\n\t\t\t\t\tPort: pulumi.Float64(27017),\n\t\t\t\t},\n\t\t\t},\n\t\t\tMongodbSettings: &cyral.RepositoryMongodbSettingsArgs{\n\t\t\t\tServerType: pulumi.String(\"standalone\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"denyByDefault\": true,\n\t\t\t\"failClosed\": false,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = cyral.NewPolicySet(ctx, \"repoLockdownExample\", &cyral.PolicySetArgs{\n\t\t\tWizardId: pulumi.String(\"repo-lockdown\"),\n\t\t\tDescription: pulumi.String(\"This default policy will block by default all queries for myrepo except the ones not parsed by Cyral\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"default block\"),\n\t\t\t\tpulumi.String(\"fail open\"),\n\t\t\t},\n\t\t\tScope: &cyral.PolicySetScopeArgs{\n\t\t\t\tRepoIds: pulumi.StringArray{\n\t\t\t\t\tmyrepo.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tWizardParameters: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.Repository;\nimport com.pulumi.cyral.RepositoryArgs;\nimport com.pulumi.cyral.inputs.RepositoryRepoNodeArgs;\nimport com.pulumi.cyral.inputs.RepositoryMongodbSettingsArgs;\nimport com.pulumi.cyral.PolicySet;\nimport com.pulumi.cyral.PolicySetArgs;\nimport com.pulumi.cyral.inputs.PolicySetScopeArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myrepo = new Repository(\"myrepo\", RepositoryArgs.builder()\n .type(\"mongodb\")\n .repoNodes(RepositoryRepoNodeArgs.builder()\n .name(\"node-1\")\n .host(\"mongodb.cyral.com\")\n .port(27017)\n .build())\n .mongodbSettings(RepositoryMongodbSettingsArgs.builder()\n .serverType(\"standalone\")\n .build())\n .build());\n\n var repoLockdownExample = new PolicySet(\"repoLockdownExample\", PolicySetArgs.builder()\n .wizardId(\"repo-lockdown\")\n .description(\"This default policy will block by default all queries for myrepo except the ones not parsed by Cyral\")\n .enabled(true)\n .tags( \n \"default block\",\n \"fail open\")\n .scope(PolicySetScopeArgs.builder()\n .repoIds(myrepo.id())\n .build())\n .wizardParameters(serializeJson(\n jsonObject(\n jsonProperty(\"denyByDefault\", true),\n jsonProperty(\"failClosed\", false)\n )))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myrepo:\n type: cyral:Repository\n properties:\n type: mongodb\n repoNodes:\n - name: node-1\n host: mongodb.cyral.com\n port: 27017\n mongodbSettings:\n serverType: standalone\n repoLockdownExample:\n type: cyral:PolicySet\n properties:\n wizardId: repo-lockdown\n description: This default policy will block by default all queries for myrepo except the ones not parsed by Cyral\n enabled: true\n tags:\n - default block\n - fail open\n scope:\n repoIds:\n - ${myrepo.id}\n wizardParameters:\n fn::toJSON:\n denyByDefault: true\n failClosed: false\n```\n\n\n## Available Policy Wizards\n\nThe following policy wizards are available for creating policy sets. The wizard parameters,\nspecified as a JSON object, are described below for each wizard as well.\n\n> You can also use the Cyral API `GET` `/v1/regopolicies/templates` to retrieve all existing templates and their corresponding parameters schema.\n\n### Data Firewall (data-firewall) - Ensure that sensitive data can only be read by specified individuals.\n\n- `dataset` (String) Data Set (table, collection, etc.) to which the policy applies.\n- `dataFilter` (String) Data filter that will be applied when anyone tries to read the specified data labels from the data set.\n- `substitutionQuery` (String) A query that will be used to replace all occurrences of the dataset in the original query. Only one of `dataFilter` and `substitutionQuery` can be specified.\n- `excludedIdentities` (Object) Identities that will be excluded from this policy. See identityList.\n\n### Data Masking (data-masking) - Mask fields for specific users and applications.\n\n- `maskType` (String) Mask Type (E.g.: `null`, `constant`, `format-preserving`).\n- `maskArguments` (Array) Mask Argument associated to the given Mask Type (E.g.: Replacement Value).\n- `tags` (Array) Data Tags to which the policy applies.\n- `labels` (Array) Data Labels to which the policy applies.\n- `identities` (Object) Identities to which the policy applies. If empty, the policy will apply to all identities. See identities.\n- `dbAccounts` (Object) Database Accounts to which the policy applies. If empty, the policy will apply to any database account. See dbAccounts.\n\n### Data Protection (data-protection) - Guard against reads and writes of specified tables or fields.\n\n- `block` (Boolean) Policy action to block.\n- `governedOperations` (Array) Operations governed by this policy, can be one or more of: `read`, `update`, `delete`, and `insert`.\n- `tags` (Array) Data Tags to which the policy applies.\n- `labels` (Array) Data Labels to which the policy applies.\n- `datasets` (Array) Data Sets (tables, collections, etc.) to which the policy applies.\n- `identities` (Object) Identities to which the policy applies. If empty, the policy will be applied to all identities. See identities.\n- `dbAccounts` (Object) Database Accounts to which the policy applies. If empty, the policy will be applied to any database account. See dbAccounts.\n\n### Object Protection (object-protection) - Guards against operations like create, drop, and alter for specified object types.\n\n- `objectType` (String) The type of object to monitor or protect. The only value currently supported is `role/user`.\n- `block` (Boolean) Indicates whether unauthorized operations should be blocked. If true, operations violating the policy are prevented.\n- `governedOperations` (Array) Operations governed by this policy, can be one or more of: `create`, `drop`, and `alter`.\n- `identities` (Object) Identities to which the policy applies. If empty, the policy will be applied to all identities. See identities.\n- `dbAccounts` (Object) Database Accounts to which the policy applies. If empty, the policy will be applied to any database account. See dbAccounts.\n- `alertSeverity` (String) Alert severity. Allowed values are: `low`, `medium`, `high`.\n\n### Rate Limit (rate-limit) - Implement threshold on sensitive data reads over a period of time.\n\n- `rateLimit` (Integer) Maximum number of rows that can be returned per hour. Note: the value must be an integer greater than zero.\n- `enforce` (Boolean) Whether to enforce the policy, if false, only alerts will be raised on policy violations.\n- `tags` (Array) Data Tags to which the policy applies.\n- `labels` (Array) Data Labels to which the policy applies.\n- `identities` (Object) Identities to which the policy applies. If empty, the policy will be applied to all identities. See identities.\n- `dbAccounts` (Object) Database Accounts to which the policy applies. If empty, the policy will be applied to any database account. See dbAccounts.\n\n### Read Limit (read-limit) - Prevent certain data from being read beyond a specified limit.\n\n- `rowLimit` (Integer) Maximum number of rows that can be read per query. Note: the value must be an integer greater than zero.\n- `enforce` (Boolean) Whether to enforce the policy, if false, only alerts will be raised on policy violations.\n- `tags` (Array) Data Tags to which the policy applies.\n- `labels` (Array) Data Labels to which the policy applies.\n- `datasets` (Array) Data Sets (tables, collections, etc.) to which the policy applies.\n- `identities` (Object) Identities to which the policy applies. If empty, the policy will be applied to all identities. See identities.\n- `dbAccounts` (Object) Database Accounts to which the policy applies. If empty, the policy will be applied to any database account. See dbAccounts.\n\n### Repository Lockdown (repo-lockdown) - Deny all statements that are not allowed by some policy and/or not understood by Cyral.\n\n- `failClosed` (Boolean) Whether to fail closed, if true, all statements that are not understood by Cyral will be blocked.\n- `denyByDefault` (Boolean) Whether to deny all statements by default, if true, all statements that are not explicitly allowed by some policy will be blocked.\n\n### Repository Protection (repository-protection) - Alert when more than a specified number of records are updated, deleted, or inserted in specified datasets.\n\n- `rowLimit` (Integer) Maximum number of rows that can be modified per query. Note: the value must be an integer greater than zero.\n- `governedOperations` (Array) Operations governed by this policy, can be one or more of: `update`, `delete` and `insert`.\n- `datasets` (Array) Data Sets (tables, collections, etc.) to which the policy applies.\n- `identities` (Object) Identities to which the policy applies. If empty, the policy will be applied to all identities. See identities.\n- `dbAccounts` (Object) Database Accounts to which the policy applies. If empty, the policy will be applied to any database account. See dbAccounts.\n\n### Schema Protection (schema-protection) - Protect database schema against unauthorized creation, deletion, or modification of tables and views.\n\n- `block` (Boolean) Whether to block unauthorized schema changes.\n- `schemas` (Array) Schemas to which the policy applies.\n- `excludedIdentities` (Object) Identities that are exempt from the policy. See identities.\n\n### Service Account Abuse (service-account-abuse) - Ensure service accounts can only be used by intended applications.\n\n- `block` (Boolean) Policy action to enforce.\n- `serviceAccounts` (Array) Service accounts for which end user attribution is always required.\n- `alertSeverity` (String) Alert severity. Allowed values are: `low`, `medium`, `high`.\n\n### Stored Procedure Governance (stored-procedure-governance) - Restrict execution of stored procedures..\n\n- `enforced` (Boolean) Whether to enforce the policy, if false, only alerts will be raised on policy violations.\n- `governedProcedures` (Array) Stored procedures to which the policy applies.\n- `identities` (Object) Identities to which the policy applies. If empty, the policy will be applied to all identities. See identities.\n- `dbAccounts` (Object) Database Accounts to which the policy applies. If empty, the policy will be applied to any database account. See dbAccounts.\n- `alertSeverity` (String) Alert severity. Allowed values are: `low`, `medium`, `high`.\n\n### User Segmentation (user-segmentation) - Restrict specific users to a subset of data.\n\n- `dataset` (String) Data Set (table, collection, etc.) to which the policy applies.\n- `dataFilter` (String) Data filter that will be applied when anyone tries to read the specified data labels from the data set.\n- `substitutionQuery` (String) A query that will be used to replace all occurrences of the dataset in the original query. Only one of `dataFilter` and `substitutionQuery` can be specified.\n- `includedIdentities` (Object) Identities that cannot see restricted records. See identityList.\n- `includedDbAccounts` (Array) Database accounts cannot see restricted records.\n\n\n\n### Objects\n\n\n\n- `identities` (Object) Identities. See properties below:\n - `included` (Object) Included Identities. See identityList.\n - `excluded` (Object) Excluded Identities. See identityList.\n \n- `dbAccounts` (Object) Database Accounts. See properties below:\n - `included` (Array) Included Database Accounts.\n - `excluded` (Array) Excluded Database Accounts.\n \n- `identityList` (Object) Identity List. See properties below:\n - `userNames` (Array) Identity Emails.\n - `emails` (Array) Identity Usernames.\n - `groups` (Array) Identity Groups.\n", "properties": { "created": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Information about when and by whom the policy set was created.\n" }, "description": { "type": "string", "description": "Description of the policy set.\n" }, "enabled": { "type": "boolean", "description": "Indicates if the policy set is enabled.\n" }, "lastUpdated": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Information about when and by whom the policy set was last updated.\n" }, "name": { "type": "string", "description": "Name of the policy set.\n" }, "policies": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FPolicySetPolicy:PolicySetPolicy" }, "description": "List of policies that comprise the policy set.\n" }, "scope": { "$ref": "#/types/cyral:index%2FPolicySetScope:PolicySetScope", "description": "Scope of the policy set.\n" }, "tags": { "type": "array", "items": { "type": "string" }, "description": "Tags associated with the policy set.\n" }, "wizardId": { "type": "string", "description": "The ID of the policy wizard used to create this policy set.\n" }, "wizardParameters": { "type": "string", "description": "Parameters passed to the wizard while creating the policy set.\n" } }, "type": "object", "required": [ "created", "lastUpdated", "name", "policies", "wizardId", "wizardParameters" ], "inputProperties": { "description": { "type": "string", "description": "Description of the policy set.\n" }, "enabled": { "type": "boolean", "description": "Indicates if the policy set is enabled.\n" }, "name": { "type": "string", "description": "Name of the policy set.\n" }, "scope": { "$ref": "#/types/cyral:index%2FPolicySetScope:PolicySetScope", "description": "Scope of the policy set.\n" }, "tags": { "type": "array", "items": { "type": "string" }, "description": "Tags associated with the policy set.\n" }, "wizardId": { "type": "string", "description": "The ID of the policy wizard used to create this policy set.\n" }, "wizardParameters": { "type": "string", "description": "Parameters passed to the wizard while creating the policy set.\n" } }, "requiredInputs": [ "wizardId", "wizardParameters" ], "stateInputs": { "description": "Input properties used for looking up and filtering PolicySet resources.\n", "properties": { "created": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Information about when and by whom the policy set was created.\n" }, "description": { "type": "string", "description": "Description of the policy set.\n" }, "enabled": { "type": "boolean", "description": "Indicates if the policy set is enabled.\n" }, "lastUpdated": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Information about when and by whom the policy set was last updated.\n" }, "name": { "type": "string", "description": "Name of the policy set.\n" }, "policies": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FPolicySetPolicy:PolicySetPolicy" }, "description": "List of policies that comprise the policy set.\n" }, "scope": { "$ref": "#/types/cyral:index%2FPolicySetScope:PolicySetScope", "description": "Scope of the policy set.\n" }, "tags": { "type": "array", "items": { "type": "string" }, "description": "Tags associated with the policy set.\n" }, "wizardId": { "type": "string", "description": "The ID of the policy wizard used to create this policy set.\n" }, "wizardParameters": { "type": "string", "description": "Parameters passed to the wizard while creating the policy set.\n" } }, "type": "object" } }, "cyral:index/policyV2:PolicyV2": { "description": "## # cyral.PolicyV2 (Resource)\n\nThis resource allows management of various types of policies in the Cyral platform. Policies can be used to define access controls, data governance rules to ensure compliance and security within your database environment.\n\n> Import ID syntax is `{policy_type}/{policy_id}`, where `{policy_type}` is one of [local, global] `{policy_id}` is the ID of the policy in the Cyral Control Plane.\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst myrepo = new cyral.Repository(\"myrepo\", {\n type: \"mongodb\",\n repoNodes: [{\n name: \"node-1\",\n host: \"mongodb.cyral.com\",\n port: 27017,\n }],\n mongodbSettings: {\n serverType: \"standalone\",\n },\n});\nconst localPolicyExample = new cyral.PolicyV2(\"localPolicyExample\", {\n description: \"Local policy to allow gym users to read their own data\",\n enabled: true,\n tags: [\n \"gym\",\n \"local\",\n ],\n scopes: [{\n repoIds: [myrepo.id],\n }],\n document: JSON.stringify({\n governedData: {\n locations: [\"gym_db.users\"],\n },\n readRules: [{\n conditions: [{\n attribute: \"identity.userGroups\",\n operator: \"contains\",\n value: \"users\",\n }],\n constraints: {\n datasetRewrite: \"SELECT * FROM ${dataset} WHERE email = '${identity.endUserEmail}'\",\n },\n }],\n }),\n enforced: true,\n type: \"local\",\n});\nconst globalPolicyExample = new cyral.PolicyV2(\"globalPolicyExample\", {\n description: \"Global policy for finance users with row limit for PII data\",\n enabled: true,\n tags: [\n \"finance\",\n \"global\",\n ],\n scopes: [{\n repoIds: [myrepo.id],\n }],\n document: JSON.stringify({\n governedData: {\n tags: [\"PII\"],\n },\n readRules: [\n {\n conditions: [{\n attribute: \"identity.userGroups\",\n operator: \"contains\",\n value: \"finance\",\n }],\n constraints: {\n maxRows: 5,\n },\n },\n {\n conditions: [],\n constraints: {},\n },\n ],\n }),\n enforced: true,\n type: \"global\",\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_cyral as cyral\n\nmyrepo = cyral.Repository(\"myrepo\",\n type=\"mongodb\",\n repo_nodes=[{\n \"name\": \"node-1\",\n \"host\": \"mongodb.cyral.com\",\n \"port\": 27017,\n }],\n mongodb_settings={\n \"server_type\": \"standalone\",\n })\nlocal_policy_example = cyral.PolicyV2(\"localPolicyExample\",\n description=\"Local policy to allow gym users to read their own data\",\n enabled=True,\n tags=[\n \"gym\",\n \"local\",\n ],\n scopes=[{\n \"repo_ids\": [myrepo.id],\n }],\n document=json.dumps({\n \"governedData\": {\n \"locations\": [\"gym_db.users\"],\n },\n \"readRules\": [{\n \"conditions\": [{\n \"attribute\": \"identity.userGroups\",\n \"operator\": \"contains\",\n \"value\": \"users\",\n }],\n \"constraints\": {\n \"datasetRewrite\": \"SELECT * FROM ${dataset} WHERE email = '${identity.endUserEmail}'\",\n },\n }],\n }),\n enforced=True,\n type=\"local\")\nglobal_policy_example = cyral.PolicyV2(\"globalPolicyExample\",\n description=\"Global policy for finance users with row limit for PII data\",\n enabled=True,\n tags=[\n \"finance\",\n \"global\",\n ],\n scopes=[{\n \"repo_ids\": [myrepo.id],\n }],\n document=json.dumps({\n \"governedData\": {\n \"tags\": [\"PII\"],\n },\n \"readRules\": [\n {\n \"conditions\": [{\n \"attribute\": \"identity.userGroups\",\n \"operator\": \"contains\",\n \"value\": \"finance\",\n }],\n \"constraints\": {\n \"maxRows\": 5,\n },\n },\n {\n \"conditions\": [],\n \"constraints\": {},\n },\n ],\n }),\n enforced=True,\n type=\"global\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var myrepo = new Cyral.Repository(\"myrepo\", new()\n {\n Type = \"mongodb\",\n RepoNodes = new[]\n {\n new Cyral.Inputs.RepositoryRepoNodeArgs\n {\n Name = \"node-1\",\n Host = \"mongodb.cyral.com\",\n Port = 27017,\n },\n },\n MongodbSettings = new Cyral.Inputs.RepositoryMongodbSettingsArgs\n {\n ServerType = \"standalone\",\n },\n });\n\n var localPolicyExample = new Cyral.PolicyV2(\"localPolicyExample\", new()\n {\n Description = \"Local policy to allow gym users to read their own data\",\n Enabled = true,\n Tags = new[]\n {\n \"gym\",\n \"local\",\n },\n Scopes = new[]\n {\n new Cyral.Inputs.PolicyV2ScopeArgs\n {\n RepoIds = new[]\n {\n myrepo.Id,\n },\n },\n },\n Document = JsonSerializer.Serialize(new Dictionary\n {\n [\"governedData\"] = new Dictionary\n {\n [\"locations\"] = new[]\n {\n \"gym_db.users\",\n },\n },\n [\"readRules\"] = new[]\n {\n new Dictionary\n {\n [\"conditions\"] = new[]\n {\n new Dictionary\n {\n [\"attribute\"] = \"identity.userGroups\",\n [\"operator\"] = \"contains\",\n [\"value\"] = \"users\",\n },\n },\n [\"constraints\"] = new Dictionary\n {\n [\"datasetRewrite\"] = \"SELECT * FROM ${dataset} WHERE email = '${identity.endUserEmail}'\",\n },\n },\n },\n }),\n Enforced = true,\n Type = \"local\",\n });\n\n var globalPolicyExample = new Cyral.PolicyV2(\"globalPolicyExample\", new()\n {\n Description = \"Global policy for finance users with row limit for PII data\",\n Enabled = true,\n Tags = new[]\n {\n \"finance\",\n \"global\",\n },\n Scopes = new[]\n {\n new Cyral.Inputs.PolicyV2ScopeArgs\n {\n RepoIds = new[]\n {\n myrepo.Id,\n },\n },\n },\n Document = JsonSerializer.Serialize(new Dictionary\n {\n [\"governedData\"] = new Dictionary\n {\n [\"tags\"] = new[]\n {\n \"PII\",\n },\n },\n [\"readRules\"] = new[]\n {\n new Dictionary\n {\n [\"conditions\"] = new[]\n {\n new Dictionary\n {\n [\"attribute\"] = \"identity.userGroups\",\n [\"operator\"] = \"contains\",\n [\"value\"] = \"finance\",\n },\n },\n [\"constraints\"] = new Dictionary\n {\n [\"maxRows\"] = 5,\n },\n },\n new Dictionary\n {\n [\"conditions\"] = new[]\n {\n },\n [\"constraints\"] = new Dictionary\n {\n },\n },\n },\n }),\n Enforced = true,\n Type = \"global\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyrepo, err := cyral.NewRepository(ctx, \"myrepo\", &cyral.RepositoryArgs{\n\t\t\tType: pulumi.String(\"mongodb\"),\n\t\t\tRepoNodes: cyral.RepositoryRepoNodeArray{\n\t\t\t\t&cyral.RepositoryRepoNodeArgs{\n\t\t\t\t\tName: pulumi.String(\"node-1\"),\n\t\t\t\t\tHost: pulumi.String(\"mongodb.cyral.com\"),\n\t\t\t\t\tPort: pulumi.Float64(27017),\n\t\t\t\t},\n\t\t\t},\n\t\t\tMongodbSettings: &cyral.RepositoryMongodbSettingsArgs{\n\t\t\t\tServerType: pulumi.String(\"standalone\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"governedData\": map[string]interface{}{\n\t\t\t\t\"locations\": []string{\n\t\t\t\t\t\"gym_db.users\",\n\t\t\t\t},\n\t\t\t},\n\t\t\t\"readRules\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"conditions\": []map[string]interface{}{\n\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\"attribute\": \"identity.userGroups\",\n\t\t\t\t\t\t\t\"operator\": \"contains\",\n\t\t\t\t\t\t\t\"value\": \"users\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\"constraints\": map[string]interface{}{\n\t\t\t\t\t\t\"datasetRewrite\": \"SELECT * FROM ${dataset} WHERE email = '${identity.endUserEmail}'\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = cyral.NewPolicyV2(ctx, \"localPolicyExample\", &cyral.PolicyV2Args{\n\t\t\tDescription: pulumi.String(\"Local policy to allow gym users to read their own data\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"gym\"),\n\t\t\t\tpulumi.String(\"local\"),\n\t\t\t},\n\t\t\tScopes: cyral.PolicyV2ScopeArray{\n\t\t\t\t&cyral.PolicyV2ScopeArgs{\n\t\t\t\t\tRepoIds: pulumi.StringArray{\n\t\t\t\t\t\tmyrepo.ID(),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDocument: pulumi.String(json0),\n\t\t\tEnforced: pulumi.Bool(true),\n\t\t\tType: pulumi.String(\"local\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON1, err := json.Marshal(map[string]interface{}{\n\t\t\t\"governedData\": map[string]interface{}{\n\t\t\t\t\"tags\": []string{\n\t\t\t\t\t\"PII\",\n\t\t\t\t},\n\t\t\t},\n\t\t\t\"readRules\": []interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"conditions\": []map[string]interface{}{\n\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\"attribute\": \"identity.userGroups\",\n\t\t\t\t\t\t\t\"operator\": \"contains\",\n\t\t\t\t\t\t\t\"value\": \"finance\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\"constraints\": map[string]interface{}{\n\t\t\t\t\t\t\"maxRows\": 5,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"conditions\": []interface{}{},\n\t\t\t\t\t\"constraints\": map[string]interface{}{},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson1 := string(tmpJSON1)\n\t\t_, err = cyral.NewPolicyV2(ctx, \"globalPolicyExample\", &cyral.PolicyV2Args{\n\t\t\tDescription: pulumi.String(\"Global policy for finance users with row limit for PII data\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"finance\"),\n\t\t\t\tpulumi.String(\"global\"),\n\t\t\t},\n\t\t\tScopes: cyral.PolicyV2ScopeArray{\n\t\t\t\t&cyral.PolicyV2ScopeArgs{\n\t\t\t\t\tRepoIds: pulumi.StringArray{\n\t\t\t\t\t\tmyrepo.ID(),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDocument: pulumi.String(json1),\n\t\t\tEnforced: pulumi.Bool(true),\n\t\t\tType: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.Repository;\nimport com.pulumi.cyral.RepositoryArgs;\nimport com.pulumi.cyral.inputs.RepositoryRepoNodeArgs;\nimport com.pulumi.cyral.inputs.RepositoryMongodbSettingsArgs;\nimport com.pulumi.cyral.PolicyV2;\nimport com.pulumi.cyral.PolicyV2Args;\nimport com.pulumi.cyral.inputs.PolicyV2ScopeArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myrepo = new Repository(\"myrepo\", RepositoryArgs.builder()\n .type(\"mongodb\")\n .repoNodes(RepositoryRepoNodeArgs.builder()\n .name(\"node-1\")\n .host(\"mongodb.cyral.com\")\n .port(27017)\n .build())\n .mongodbSettings(RepositoryMongodbSettingsArgs.builder()\n .serverType(\"standalone\")\n .build())\n .build());\n\n var localPolicyExample = new PolicyV2(\"localPolicyExample\", PolicyV2Args.builder()\n .description(\"Local policy to allow gym users to read their own data\")\n .enabled(true)\n .tags( \n \"gym\",\n \"local\")\n .scopes(PolicyV2ScopeArgs.builder()\n .repoIds(myrepo.id())\n .build())\n .document(serializeJson(\n jsonObject(\n jsonProperty(\"governedData\", jsonObject(\n jsonProperty(\"locations\", jsonArray(\"gym_db.users\"))\n )),\n jsonProperty(\"readRules\", jsonArray(jsonObject(\n jsonProperty(\"conditions\", jsonArray(jsonObject(\n jsonProperty(\"attribute\", \"identity.userGroups\"),\n jsonProperty(\"operator\", \"contains\"),\n jsonProperty(\"value\", \"users\")\n ))),\n jsonProperty(\"constraints\", jsonObject(\n jsonProperty(\"datasetRewrite\", \"SELECT * FROM ${dataset} WHERE email = '${identity.endUserEmail}'\")\n ))\n )))\n )))\n .enforced(true)\n .type(\"local\")\n .build());\n\n var globalPolicyExample = new PolicyV2(\"globalPolicyExample\", PolicyV2Args.builder()\n .description(\"Global policy for finance users with row limit for PII data\")\n .enabled(true)\n .tags( \n \"finance\",\n \"global\")\n .scopes(PolicyV2ScopeArgs.builder()\n .repoIds(myrepo.id())\n .build())\n .document(serializeJson(\n jsonObject(\n jsonProperty(\"governedData\", jsonObject(\n jsonProperty(\"tags\", jsonArray(\"PII\"))\n )),\n jsonProperty(\"readRules\", jsonArray(\n jsonObject(\n jsonProperty(\"conditions\", jsonArray(jsonObject(\n jsonProperty(\"attribute\", \"identity.userGroups\"),\n jsonProperty(\"operator\", \"contains\"),\n jsonProperty(\"value\", \"finance\")\n ))),\n jsonProperty(\"constraints\", jsonObject(\n jsonProperty(\"maxRows\", 5)\n ))\n ), \n jsonObject(\n jsonProperty(\"conditions\", jsonArray(\n )),\n jsonProperty(\"constraints\", jsonObject(\n\n ))\n )\n ))\n )))\n .enforced(true)\n .type(\"global\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myrepo:\n type: cyral:Repository\n properties:\n type: mongodb\n repoNodes:\n - name: node-1\n host: mongodb.cyral.com\n port: 27017\n mongodbSettings:\n serverType: standalone\n localPolicyExample:\n type: cyral:PolicyV2\n properties:\n description: Local policy to allow gym users to read their own data\n enabled: true\n tags:\n - gym\n - local\n scopes:\n - repoIds:\n - ${myrepo.id}\n document:\n fn::toJSON:\n governedData:\n locations:\n - gym_db.users\n readRules:\n - conditions:\n - attribute: identity.userGroups\n operator: contains\n value: users\n constraints:\n datasetRewrite: SELECT * FROM $${dataset} WHERE email = '$${identity.endUserEmail}'\n enforced: true\n type: local\n globalPolicyExample:\n type: cyral:PolicyV2\n properties:\n description: Global policy for finance users with row limit for PII data\n enabled: true\n tags:\n - finance\n - global\n scopes:\n - repoIds:\n - ${myrepo.id}\n document:\n fn::toJSON:\n governedData:\n tags:\n - PII\n readRules:\n - conditions:\n - attribute: identity.userGroups\n operator: contains\n value: finance\n constraints:\n maxRows: 5\n - conditions: []\n constraints: {}\n enforced: true\n type: global\n```\n\n", "properties": { "created": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Information about when and by whom the policy was created.\n" }, "description": { "type": "string", "description": "Description of the policy.\n" }, "document": { "type": "string", "description": "The actual policy document in JSON format. It must conform to the schema for the policy type.\n" }, "enabled": { "type": "boolean", "description": "Indicates if the policy is enabled.\n" }, "enforced": { "type": "boolean", "description": "Indicates if the policy is enforced. If not enforced, no action is taken based on the policy, but alerts are triggered for violations.\n" }, "lastUpdated": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Information about when and by whom the policy was last updated.\n" }, "name": { "type": "string", "description": "Name of the policy.\n" }, "scopes": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FPolicyV2Scope:PolicyV2Scope" }, "description": "Scope of the policy. If empty or omitted, all repositories are in scope.\n" }, "tags": { "type": "array", "items": { "type": "string" }, "description": "Tags associated with the policy to categorize it.\n" }, "type": { "type": "string", "description": "Type of the policy, one of [`local`, `global`]\n" }, "validFrom": { "type": "string", "description": "Time when the policy comes into effect. If omitted, the policy is in effect immediately.\n" }, "validUntil": { "type": "string", "description": "Time after which the policy is no longer in effect. If omitted, the policy is in effect indefinitely.\n" } }, "type": "object", "required": [ "created", "document", "lastUpdated", "name", "type" ], "inputProperties": { "description": { "type": "string", "description": "Description of the policy.\n" }, "document": { "type": "string", "description": "The actual policy document in JSON format. It must conform to the schema for the policy type.\n" }, "enabled": { "type": "boolean", "description": "Indicates if the policy is enabled.\n" }, "enforced": { "type": "boolean", "description": "Indicates if the policy is enforced. If not enforced, no action is taken based on the policy, but alerts are triggered for violations.\n" }, "name": { "type": "string", "description": "Name of the policy.\n" }, "scopes": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FPolicyV2Scope:PolicyV2Scope" }, "description": "Scope of the policy. If empty or omitted, all repositories are in scope.\n" }, "tags": { "type": "array", "items": { "type": "string" }, "description": "Tags associated with the policy to categorize it.\n" }, "type": { "type": "string", "description": "Type of the policy, one of [`local`, `global`]\n" }, "validFrom": { "type": "string", "description": "Time when the policy comes into effect. If omitted, the policy is in effect immediately.\n" }, "validUntil": { "type": "string", "description": "Time after which the policy is no longer in effect. If omitted, the policy is in effect indefinitely.\n" } }, "requiredInputs": [ "document", "type" ], "stateInputs": { "description": "Input properties used for looking up and filtering PolicyV2 resources.\n", "properties": { "created": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Information about when and by whom the policy was created.\n" }, "description": { "type": "string", "description": "Description of the policy.\n" }, "document": { "type": "string", "description": "The actual policy document in JSON format. It must conform to the schema for the policy type.\n" }, "enabled": { "type": "boolean", "description": "Indicates if the policy is enabled.\n" }, "enforced": { "type": "boolean", "description": "Indicates if the policy is enforced. If not enforced, no action is taken based on the policy, but alerts are triggered for violations.\n" }, "lastUpdated": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Information about when and by whom the policy was last updated.\n" }, "name": { "type": "string", "description": "Name of the policy.\n" }, "scopes": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FPolicyV2Scope:PolicyV2Scope" }, "description": "Scope of the policy. If empty or omitted, all repositories are in scope.\n" }, "tags": { "type": "array", "items": { "type": "string" }, "description": "Tags associated with the policy to categorize it.\n" }, "type": { "type": "string", "description": "Type of the policy, one of [`local`, `global`]\n" }, "validFrom": { "type": "string", "description": "Time when the policy comes into effect. If omitted, the policy is in effect immediately.\n" }, "validUntil": { "type": "string", "description": "Time after which the policy is no longer in effect. If omitted, the policy is in effect indefinitely.\n" } }, "type": "object" } }, "cyral:index/regoPolicyInstance:RegoPolicyInstance": { "description": "## # cyral.RegoPolicyInstance (Resource)\n\nManages a Rego Policy instance.\n\n> **Note** This resource can be used to create repo-level policies by specifying the repo IDs associated to the policy `scope`. For more information, see the scope field.\n\n> Import ID syntax is `{category}/{policy_id}`.\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\n//## Global rego policy instance\nconst policyRegoPolicyInstance = new cyral.RegoPolicyInstance(\"policyRegoPolicyInstance\", {\n category: \"SECURITY\",\n description: \"Policy to govern user management operations\",\n templateId: \"object-protection\",\n parameters: JSON.stringify({\n objectType: \"role/user\",\n block: true,\n monitorCreates: true,\n monitorAlters: true,\n monitorDrops: true,\n identities: {\n excluded: {\n groups: [\"dba\"],\n },\n },\n }),\n enabled: true,\n tags: [\n \"tag1\",\n \"tag2\",\n ],\n});\nexport const policyLastUpdated = policyRegoPolicyInstance.lastUpdateds;\nexport const policyCreated = policyRegoPolicyInstance.createds;\n//## Repo-level policy\nconst repo = new cyral.Repository(\"repo\", {\n type: \"mysql\",\n repoNodes: [{\n host: \"mysql.cyral.com\",\n port: 3306,\n }],\n});\nconst policyIndex_regoPolicyInstanceRegoPolicyInstance = new cyral.RegoPolicyInstance(\"policyIndex/regoPolicyInstanceRegoPolicyInstance\", {\n category: \"SECURITY\",\n description: \"Policy to govern user management operations\",\n templateId: \"object-protection\",\n parameters: JSON.stringify({\n objectType: \"role/user\",\n block: true,\n monitorCreates: true,\n monitorAlters: true,\n monitorDrops: true,\n identities: {\n excluded: {\n groups: [\"dba\"],\n },\n },\n }),\n enabled: true,\n scope: {\n repoIds: [repo.id],\n },\n tags: [\n \"tag1\",\n \"tag2\",\n ],\n});\n//## Rego policy instance with duration\nconst policyCyralIndex_regoPolicyInstanceRegoPolicyInstance = new cyral.RegoPolicyInstance(\"policyCyralIndex/regoPolicyInstanceRegoPolicyInstance\", {\n category: \"SECURITY\",\n description: \"Policy to govern user management operations\",\n templateId: \"object-protection\",\n parameters: JSON.stringify({\n objectType: \"role/user\",\n block: true,\n monitorCreates: true,\n monitorAlters: true,\n monitorDrops: true,\n identities: {\n excluded: {\n groups: [\"dba\"],\n },\n },\n }),\n enabled: true,\n tags: [\n \"tag1\",\n \"tag2\",\n ],\n duration: \"10s\",\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_cyral as cyral\n\n### Global rego policy instance\npolicy_rego_policy_instance = cyral.RegoPolicyInstance(\"policyRegoPolicyInstance\",\n category=\"SECURITY\",\n description=\"Policy to govern user management operations\",\n template_id=\"object-protection\",\n parameters=json.dumps({\n \"objectType\": \"role/user\",\n \"block\": True,\n \"monitorCreates\": True,\n \"monitorAlters\": True,\n \"monitorDrops\": True,\n \"identities\": {\n \"excluded\": {\n \"groups\": [\"dba\"],\n },\n },\n }),\n enabled=True,\n tags=[\n \"tag1\",\n \"tag2\",\n ])\npulumi.export(\"policyLastUpdated\", policy_rego_policy_instance.last_updateds)\npulumi.export(\"policyCreated\", policy_rego_policy_instance.createds)\n### Repo-level policy\nrepo = cyral.Repository(\"repo\",\n type=\"mysql\",\n repo_nodes=[{\n \"host\": \"mysql.cyral.com\",\n \"port\": 3306,\n }])\npolicy_index_rego_policy_instance_rego_policy_instance = cyral.RegoPolicyInstance(\"policyIndex/regoPolicyInstanceRegoPolicyInstance\",\n category=\"SECURITY\",\n description=\"Policy to govern user management operations\",\n template_id=\"object-protection\",\n parameters=json.dumps({\n \"objectType\": \"role/user\",\n \"block\": True,\n \"monitorCreates\": True,\n \"monitorAlters\": True,\n \"monitorDrops\": True,\n \"identities\": {\n \"excluded\": {\n \"groups\": [\"dba\"],\n },\n },\n }),\n enabled=True,\n scope={\n \"repo_ids\": [repo.id],\n },\n tags=[\n \"tag1\",\n \"tag2\",\n ])\n### Rego policy instance with duration\npolicy_cyral_index_rego_policy_instance_rego_policy_instance = cyral.RegoPolicyInstance(\"policyCyralIndex/regoPolicyInstanceRegoPolicyInstance\",\n category=\"SECURITY\",\n description=\"Policy to govern user management operations\",\n template_id=\"object-protection\",\n parameters=json.dumps({\n \"objectType\": \"role/user\",\n \"block\": True,\n \"monitorCreates\": True,\n \"monitorAlters\": True,\n \"monitorDrops\": True,\n \"identities\": {\n \"excluded\": {\n \"groups\": [\"dba\"],\n },\n },\n }),\n enabled=True,\n tags=[\n \"tag1\",\n \"tag2\",\n ],\n duration=\"10s\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n //## Global rego policy instance\n var policyRegoPolicyInstance = new Cyral.RegoPolicyInstance(\"policyRegoPolicyInstance\", new()\n {\n Category = \"SECURITY\",\n Description = \"Policy to govern user management operations\",\n TemplateId = \"object-protection\",\n Parameters = JsonSerializer.Serialize(new Dictionary\n {\n [\"objectType\"] = \"role/user\",\n [\"block\"] = true,\n [\"monitorCreates\"] = true,\n [\"monitorAlters\"] = true,\n [\"monitorDrops\"] = true,\n [\"identities\"] = new Dictionary\n {\n [\"excluded\"] = new Dictionary\n {\n [\"groups\"] = new[]\n {\n \"dba\",\n },\n },\n },\n }),\n Enabled = true,\n Tags = new[]\n {\n \"tag1\",\n \"tag2\",\n },\n });\n\n //## Repo-level policy\n var repo = new Cyral.Repository(\"repo\", new()\n {\n Type = \"mysql\",\n RepoNodes = new[]\n {\n new Cyral.Inputs.RepositoryRepoNodeArgs\n {\n Host = \"mysql.cyral.com\",\n Port = 3306,\n },\n },\n });\n\n var policyIndex_regoPolicyInstanceRegoPolicyInstance = new Cyral.RegoPolicyInstance(\"policyIndex/regoPolicyInstanceRegoPolicyInstance\", new()\n {\n Category = \"SECURITY\",\n Description = \"Policy to govern user management operations\",\n TemplateId = \"object-protection\",\n Parameters = JsonSerializer.Serialize(new Dictionary\n {\n [\"objectType\"] = \"role/user\",\n [\"block\"] = true,\n [\"monitorCreates\"] = true,\n [\"monitorAlters\"] = true,\n [\"monitorDrops\"] = true,\n [\"identities\"] = new Dictionary\n {\n [\"excluded\"] = new Dictionary\n {\n [\"groups\"] = new[]\n {\n \"dba\",\n },\n },\n },\n }),\n Enabled = true,\n Scope = new Cyral.Inputs.RegoPolicyInstanceScopeArgs\n {\n RepoIds = new[]\n {\n repo.Id,\n },\n },\n Tags = new[]\n {\n \"tag1\",\n \"tag2\",\n },\n });\n\n //## Rego policy instance with duration\n var policyCyralIndex_regoPolicyInstanceRegoPolicyInstance = new Cyral.RegoPolicyInstance(\"policyCyralIndex/regoPolicyInstanceRegoPolicyInstance\", new()\n {\n Category = \"SECURITY\",\n Description = \"Policy to govern user management operations\",\n TemplateId = \"object-protection\",\n Parameters = JsonSerializer.Serialize(new Dictionary\n {\n [\"objectType\"] = \"role/user\",\n [\"block\"] = true,\n [\"monitorCreates\"] = true,\n [\"monitorAlters\"] = true,\n [\"monitorDrops\"] = true,\n [\"identities\"] = new Dictionary\n {\n [\"excluded\"] = new Dictionary\n {\n [\"groups\"] = new[]\n {\n \"dba\",\n },\n },\n },\n }),\n Enabled = true,\n Tags = new[]\n {\n \"tag1\",\n \"tag2\",\n },\n Duration = \"10s\",\n });\n\n return new Dictionary\n {\n [\"policyLastUpdated\"] = policyRegoPolicyInstance.LastUpdateds,\n [\"policyCreated\"] = policyRegoPolicyInstance.Createds,\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"objectType\": \"role/user\",\n\t\t\t\"block\": true,\n\t\t\t\"monitorCreates\": true,\n\t\t\t\"monitorAlters\": true,\n\t\t\t\"monitorDrops\": true,\n\t\t\t\"identities\": map[string]interface{}{\n\t\t\t\t\"excluded\": map[string]interface{}{\n\t\t\t\t\t\"groups\": []string{\n\t\t\t\t\t\t\"dba\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t// ## Global rego policy instance\n\t\tpolicyRegoPolicyInstance, err := cyral.NewRegoPolicyInstance(ctx, \"policyRegoPolicyInstance\", &cyral.RegoPolicyInstanceArgs{\n\t\t\tCategory: pulumi.String(\"SECURITY\"),\n\t\t\tDescription: pulumi.String(\"Policy to govern user management operations\"),\n\t\t\tTemplateId: pulumi.String(\"object-protection\"),\n\t\t\tParameters: pulumi.String(json0),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"tag1\"),\n\t\t\t\tpulumi.String(\"tag2\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"policyLastUpdated\", policyRegoPolicyInstance.LastUpdateds)\n\t\tctx.Export(\"policyCreated\", policyRegoPolicyInstance.Createds)\n\t\t// ## Repo-level policy\n\t\trepo, err := cyral.NewRepository(ctx, \"repo\", &cyral.RepositoryArgs{\n\t\t\tType: pulumi.String(\"mysql\"),\n\t\t\tRepoNodes: cyral.RepositoryRepoNodeArray{\n\t\t\t\t&cyral.RepositoryRepoNodeArgs{\n\t\t\t\t\tHost: pulumi.String(\"mysql.cyral.com\"),\n\t\t\t\t\tPort: pulumi.Float64(3306),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON1, err := json.Marshal(map[string]interface{}{\n\t\t\t\"objectType\": \"role/user\",\n\t\t\t\"block\": true,\n\t\t\t\"monitorCreates\": true,\n\t\t\t\"monitorAlters\": true,\n\t\t\t\"monitorDrops\": true,\n\t\t\t\"identities\": map[string]interface{}{\n\t\t\t\t\"excluded\": map[string]interface{}{\n\t\t\t\t\t\"groups\": []string{\n\t\t\t\t\t\t\"dba\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson1 := string(tmpJSON1)\n\t\t_, err = cyral.NewRegoPolicyInstance(ctx, \"policyIndex/regoPolicyInstanceRegoPolicyInstance\", &cyral.RegoPolicyInstanceArgs{\n\t\t\tCategory: pulumi.String(\"SECURITY\"),\n\t\t\tDescription: pulumi.String(\"Policy to govern user management operations\"),\n\t\t\tTemplateId: pulumi.String(\"object-protection\"),\n\t\t\tParameters: pulumi.String(json1),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tScope: &cyral.RegoPolicyInstanceScopeArgs{\n\t\t\t\tRepoIds: pulumi.StringArray{\n\t\t\t\t\trepo.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"tag1\"),\n\t\t\t\tpulumi.String(\"tag2\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON2, err := json.Marshal(map[string]interface{}{\n\t\t\t\"objectType\": \"role/user\",\n\t\t\t\"block\": true,\n\t\t\t\"monitorCreates\": true,\n\t\t\t\"monitorAlters\": true,\n\t\t\t\"monitorDrops\": true,\n\t\t\t\"identities\": map[string]interface{}{\n\t\t\t\t\"excluded\": map[string]interface{}{\n\t\t\t\t\t\"groups\": []string{\n\t\t\t\t\t\t\"dba\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson2 := string(tmpJSON2)\n\t\t// ## Rego policy instance with duration\n\t\t_, err = cyral.NewRegoPolicyInstance(ctx, \"policyCyralIndex/regoPolicyInstanceRegoPolicyInstance\", &cyral.RegoPolicyInstanceArgs{\n\t\t\tCategory: pulumi.String(\"SECURITY\"),\n\t\t\tDescription: pulumi.String(\"Policy to govern user management operations\"),\n\t\t\tTemplateId: pulumi.String(\"object-protection\"),\n\t\t\tParameters: pulumi.String(json2),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"tag1\"),\n\t\t\t\tpulumi.String(\"tag2\"),\n\t\t\t},\n\t\t\tDuration: pulumi.String(\"10s\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.RegoPolicyInstance;\nimport com.pulumi.cyral.RegoPolicyInstanceArgs;\nimport com.pulumi.cyral.Repository;\nimport com.pulumi.cyral.RepositoryArgs;\nimport com.pulumi.cyral.inputs.RepositoryRepoNodeArgs;\nimport com.pulumi.cyral.inputs.RegoPolicyInstanceScopeArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n //## Global rego policy instance\n var policyRegoPolicyInstance = new RegoPolicyInstance(\"policyRegoPolicyInstance\", RegoPolicyInstanceArgs.builder()\n .category(\"SECURITY\")\n .description(\"Policy to govern user management operations\")\n .templateId(\"object-protection\")\n .parameters(serializeJson(\n jsonObject(\n jsonProperty(\"objectType\", \"role/user\"),\n jsonProperty(\"block\", true),\n jsonProperty(\"monitorCreates\", true),\n jsonProperty(\"monitorAlters\", true),\n jsonProperty(\"monitorDrops\", true),\n jsonProperty(\"identities\", jsonObject(\n jsonProperty(\"excluded\", jsonObject(\n jsonProperty(\"groups\", jsonArray(\"dba\"))\n ))\n ))\n )))\n .enabled(true)\n .tags( \n \"tag1\",\n \"tag2\")\n .build());\n\n ctx.export(\"policyLastUpdated\", policyRegoPolicyInstance.lastUpdateds());\n ctx.export(\"policyCreated\", policyRegoPolicyInstance.createds());\n //## Repo-level policy\n var repo = new Repository(\"repo\", RepositoryArgs.builder()\n .type(\"mysql\")\n .repoNodes(RepositoryRepoNodeArgs.builder()\n .host(\"mysql.cyral.com\")\n .port(3306)\n .build())\n .build());\n\n var policyIndex_regoPolicyInstanceRegoPolicyInstance = new RegoPolicyInstance(\"policyIndex/regoPolicyInstanceRegoPolicyInstance\", RegoPolicyInstanceArgs.builder()\n .category(\"SECURITY\")\n .description(\"Policy to govern user management operations\")\n .templateId(\"object-protection\")\n .parameters(serializeJson(\n jsonObject(\n jsonProperty(\"objectType\", \"role/user\"),\n jsonProperty(\"block\", true),\n jsonProperty(\"monitorCreates\", true),\n jsonProperty(\"monitorAlters\", true),\n jsonProperty(\"monitorDrops\", true),\n jsonProperty(\"identities\", jsonObject(\n jsonProperty(\"excluded\", jsonObject(\n jsonProperty(\"groups\", jsonArray(\"dba\"))\n ))\n ))\n )))\n .enabled(true)\n .scope(RegoPolicyInstanceScopeArgs.builder()\n .repoIds(repo.id())\n .build())\n .tags( \n \"tag1\",\n \"tag2\")\n .build());\n\n //## Rego policy instance with duration\n var policyCyralIndex_regoPolicyInstanceRegoPolicyInstance = new RegoPolicyInstance(\"policyCyralIndex/regoPolicyInstanceRegoPolicyInstance\", RegoPolicyInstanceArgs.builder()\n .category(\"SECURITY\")\n .description(\"Policy to govern user management operations\")\n .templateId(\"object-protection\")\n .parameters(serializeJson(\n jsonObject(\n jsonProperty(\"objectType\", \"role/user\"),\n jsonProperty(\"block\", true),\n jsonProperty(\"monitorCreates\", true),\n jsonProperty(\"monitorAlters\", true),\n jsonProperty(\"monitorDrops\", true),\n jsonProperty(\"identities\", jsonObject(\n jsonProperty(\"excluded\", jsonObject(\n jsonProperty(\"groups\", jsonArray(\"dba\"))\n ))\n ))\n )))\n .enabled(true)\n .tags( \n \"tag1\",\n \"tag2\")\n .duration(\"10s\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n ### Global rego policy instance\n policyRegoPolicyInstance:\n type: cyral:RegoPolicyInstance\n properties:\n category: SECURITY\n description: Policy to govern user management operations\n templateId: object-protection\n parameters:\n fn::toJSON:\n objectType: role/user\n block: true\n monitorCreates: true\n monitorAlters: true\n monitorDrops: true\n identities:\n excluded:\n groups:\n - dba\n enabled: true\n tags:\n - tag1\n - tag2\n ### Repo-level policy\n repo:\n type: cyral:Repository\n properties:\n type: mysql\n repoNodes:\n - host: mysql.cyral.com\n port: 3306\n policyIndex/regoPolicyInstanceRegoPolicyInstance:\n type: cyral:RegoPolicyInstance\n properties:\n category: SECURITY\n description: Policy to govern user management operations\n templateId: object-protection\n parameters:\n fn::toJSON:\n objectType: role/user\n block: true\n monitorCreates: true\n monitorAlters: true\n monitorDrops: true\n identities:\n excluded:\n groups:\n - dba\n enabled: true\n scope:\n repoIds:\n - ${repo.id}\n tags:\n - tag1\n - tag2\n ### Rego policy instance with duration\n policyCyralIndex/regoPolicyInstanceRegoPolicyInstance:\n type: cyral:RegoPolicyInstance\n properties:\n category: SECURITY\n description: Policy to govern user management operations\n templateId: object-protection\n parameters:\n fn::toJSON:\n objectType: role/user\n block: true\n monitorCreates: true\n monitorAlters: true\n monitorDrops: true\n identities:\n excluded:\n groups:\n - dba\n enabled: true\n tags:\n - tag1\n - tag2\n duration: 10s\noutputs:\n policyLastUpdated: ${policyRegoPolicyInstance.lastUpdateds}\n policyCreated: ${policyRegoPolicyInstance.createds}\n```\n\n\n## Template Parameters\n\nAll templates use parameters defined as JSON, below is a list of all the corresponding parameters for the predefined templates.\n\n> You can also use the Cyral API `GET` `/v1/regopolicies/templates` to retrieve all existing templates and their corresponding parameters schema.\n\n### Fail Closed (fail-closed) - Protect against statements that are not understood by Cyral.\n\n- `block` (Boolean) Indicates whether unauthorized operations should be blocked. If true, operations violating the policy are prevented.\n- `identities` (Object) Defines users, groups, or emails that are included or excluded from the policy. If included identities are defined, only those users are exempt from policy enforcement. Excluded identities are always subject to the policy. See identities.\n- `dbAccounts` (Object) Defines database accounts to include or exclude from the policy. Excluded accounts are not subject to the policy, while included accounts must adhere to it. See dbAccounts.\n- `alertSeverity` (String) Policy action to alert, using the respective severity. Allowed values are: `low`, `medium`, `high`.\n\n### Object Protection (object-protection) - Guards against operations like create, drop, and alter for specified object types.\n\n- `objectType` (String) The type of object to monitor or protect. Supported types include tables, views, roles/users, and schemas. Specific actions depend on the object type.\n- `block` (Boolean) Indicates whether unauthorized operations should be blocked. If true, operations violating the policy are prevented.\n- `monitorCreates` (Boolean) Specifies whether to monitor 'CREATE' operations for the defined object type. Applies only to relevant object types.\n- `monitorDrops` (Boolean) Specifies whether to monitor 'DROP' operations for the defined object type. Applies only to relevant object types.\n- `monitorAlters` (Boolean) Specifies whether to monitor 'ALTER' operations for the defined object type. Applies only to relevant object types.\n- `objects` (Array) A list of specific objects (e.g., tables or views) to monitor or protect. Required for 'table' or 'view' object types. Not applicable to 'role/user' or 'schema'.\n- `identities` (Object) Defines users, groups, or emails that are included or excluded from the policy. If included identities are defined, only those users are exempt from policy enforcement. Excluded identities are always subject to the policy. See identities.\n- `dbAccounts` (Object) Defines database accounts to include or exclude from the policy. Excluded accounts are not subject to the policy, while included accounts must adhere to it. See dbAccounts.\n- `alertSeverity` (String) Policy action to alert, using the respective severity. Allowed values are: `low`, `medium`, `high`.\n\n### Service Account Abuse (service-account-abuse) - Ensure service accounts can only be used by intended applications.\n\n- `block` (Boolean) Policy action to enforce.\n- `serviceAccounts` (Array) Service accounts for which end user attribution is always required.\n- `alertSeverity` (String) Policy action to alert, using the respective severity. Allowed values are: `low`, `medium`, `high`.\n\n### Stored Procedure Governance (stored-procedure-governance) - Restrict execution of stored procedures.\n\n- `governedProcedures` (Array) List of stored procedures to be governed.\n- `enforce` (Boolean) Whether to enforce the policy, if false, only alerts will be raised on policy violations.\n- `identities` (Object) Defines users, groups, or emails that are included or excluded from the policy. If included identities are defined, only those users are exempt from policy enforcement. Excluded identities are always subject to the policy. See identities.\n- `dbAccounts` (Object) Defines database accounts to include or exclude from the policy. Excluded accounts are not subject to the policy, while included accounts must adhere to it. See dbAccounts.\n- `alertSeverity` (String) Policy action to alert, using the respective severity. Allowed values are: `low`, `medium`, `high`.\n\n### Ungoverned Statements (ungoverned-statements) - Control execution of statements not governed by other policies.\n\n- `block` (Boolean) Indicates whether unauthorized operations should be blocked. If true, operations violating the policy are prevented.\n- `identities` (Object) Defines users, groups, or emails that are included or excluded from the policy. If included identities are defined, only those users are exempt from policy enforcement. Excluded identities are always subject to the policy. See identities.\n- `dbAccounts` (Object) Defines database accounts to include or exclude from the policy. Excluded accounts are not subject to the policy, while included accounts must adhere to it. See dbAccounts.\n- `alertSeverity` (String) Policy action to alert, using the respective severity. Allowed values are: `low`, `medium`, `high`.\n\n### Deprecated policy templates\n\nThe remaining list of policy templates have been deprecated in v4.18.X of the Cyral Control Plane\nand can not be used for creating new policies. Managing existing policy instances is still supported.\nPlease visit `cyral.PolicySet`\nresource to find replacements for the deprecated policy templates.\n\n#### Data Firewall (data-firewall)\n\n- `dataSet` (String) Data Set.\n- `dataFilter` (String) Data filter that will be applied when anyone tries to read the specified data labels from the data set.\n- `tags` (Array) Tags.\n- `labels` (Array) Data Labels.\n- `excludedIdentities` (Object) Identities that will be excluded from this policy. See identityList.\n\n#### Data Masking (data-masking)\n\n- `maskType` (String) Mask Type (E.g.: `NULL_MASK`, `CONSTANT_MASK`, `MASK`).\n- `maskArguments` (Array) Mask Argument associated to the given Mask Type (E.g.: Replacement Value).\n- `tags` (Array) Tags.\n- `labels` (Array) Data Labels.\n- `identities` (Object) Identities associated to the policy. If empty, the policy will be associated to all identities. See identities.\n- `dbAccounts` (Object) Database Accounts associated to the policy. If empty, the policy will be associated to any database account. See dbAccounts.\n\n#### Data Protection (data-protection)\n\n- `block` (Boolean) Policy action to block.\n- `monitorReads` (Boolean) Monitor read operations.\n- `monitorUpdates` (Boolean) Monitor update operations.\n- `monitorDeletes` (Boolean) Monitor delete operations.\n- `tags` (Array) Tags.\n- `labels` (Array) Data Labels.\n- `identities` (Object) Identities associated to the policy. If empty, the policy will be associated to all identities. See identities.\n- `dbAccounts` (Object) Database Accounts associated to the policy. If empty, the policy will be associated to any database account. See dbAccounts.\n- `alertSeverity` (String) Policy action to alert, using the respective severity. Allowed values are: `low`, `medium`, `high`.\n\n#### Ephemeral Grant (EphemeralGrantPolicy)\n\n- `repoAccount` (String) Repository Account Name.\n- `repo` (String) Repository Name.\n- `allowedSensitiveAttributes` (Array) Allowed Sensitive Attributes.\n\n#### Rate Limit (rate-limit)\n\n- `rateLimit` (Integer) Maximum number of rows that can be returned per hour. Note: the value must be an integer greater than zero.\n- `block` (Boolean) Policy action to enforce.\n- `tags` (Array) Tags.\n- `labels` (Array) Data Labels.\n- `identities` (Object) Identities associated to the policy. If empty, the policy will be associated to all identities. See identities.\n- `dbAccounts` (Object) Database Accounts associated to the policy. If empty, the policy will be associated to any database account. See dbAccounts.\n- `alertSeverity` (String) Policy action to alert, using the respective severity. Allowed values are: `low`, `medium`, `high`.\n\n#### Read Limit (read-limit)\n\n- `rowLimit` (Integer) Maximum number of rows that can be read per query. Note: the value must be an integer greater than zero.\n- `block` (Boolean) Policy action to enforce.\n- `appliesToAllData` (Boolean) Whether the policy should apply to the entire repository data.\n- `tags` (Array) Tags.\n- `labels` (Array) Data Labels.\n- `identities` (Object) Identities associated to the policy. If empty, the policy will be associated to all identities. See identities.\n- `dbAccounts` (Object) Database Accounts associated to the policy. If empty, the policy will be associated to any database account. See dbAccounts.\n- `alertSeverity` (String) Policy action to alert, using the respective severity. Allowed values are: `low`, `medium`, `high`.\n\n#### Repository Protection (repository-protection)\n\n- `rowLimit` (Integer) Maximum number of rows that can be modified per query. Note: the value must be an integer greater than zero.\n- `monitorUpdates` (Boolean) Monitor update operations.\n- `monitorDeletes` (Boolean) Monitor delete operations.\n- `identities` (Object) Identities associated to the policy. If empty, the policy will be associated to all identities. See identities.\n- `dbAccounts` (Object) Database Accounts associated to the policy. If empty, the policy will be associated to any database account. See dbAccounts.\n- `alertSeverity` (String) Policy action to alert, using the respective severity. Allowed values are: `low`, `medium`, `high`.\n\n#### User Segmentation (user-segmentation)\n\n- `dataSet` (String) Data Set.\n- `dataFilter` (String) Data filter that will be applied when anyone tries to read the specified data labels from the data set.\n- `tags` (Array) Tags.\n- `labels` (Array) Data Labels.\n- `includedIdentities` (Object) Identities that cannot see restricted records. See identityList.\n- `includedDbAccounts` (Array) Database accounts cannot see restricted records.\n\n\n\n### Objects\n\n\n\n- `identities` (Object) Identities. See properties below:\n - `included` (Object) Included Identities. See identityList.\n - `excluded` (Object) Excluded Identities. See identityList.\n \n- `dbAccounts` (Object) Database Accounts. See properties below:\n - `included` (Array) Included Database Accounts.\n - `excluded` (Array) Excluded Database Accounts.\n \n- `identityList` (Object) Identity List. See properties below:\n - `userNames` (Array) Identity Emails.\n - `emails` (Array) Identity Usernames.\n - `groups` (Array) Identity Groups.\n", "properties": { "category": { "type": "string", "description": "Policy category. List of supported categories: - `SECURITY` - `GRANT` - `USER_DEFINED`\n" }, "createds": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FRegoPolicyInstanceCreated:RegoPolicyInstanceCreated" }, "description": "Information regarding the policy creation.\n" }, "description": { "type": "string", "description": "Policy description.\n" }, "duration": { "type": "string", "description": "Policy duration. The policy expires after the duration specified. Should follow the protobuf duration string format,\nwhich corresponds to a sequence of decimal numbers suffixed by a 's' at the end, representing the duration in seconds.\nFor example: `300s`, `60s`, `10.50s`, etc.\n" }, "enabled": { "type": "boolean", "description": "Enable/disable the policy. Defaults to `false` (Disabled).\n" }, "lastUpdateds": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FRegoPolicyInstanceLastUpdated:RegoPolicyInstanceLastUpdated" }, "description": "Information regarding the policy last update.\n" }, "name": { "type": "string", "description": "Policy name.\n" }, "parameters": { "type": "string", "description": "Policy parameters. The parameters vary based on the policy template schema.\n" }, "policyId": { "type": "string", "description": "ID of this rego policy instance in Cyral environment.\n" }, "scope": { "$ref": "#/types/cyral:index%2FRegoPolicyInstanceScope:RegoPolicyInstanceScope", "description": "Determines the scope that the policy applies to. It can be used to create a repo-level policy by specifying the\ncorresponding `repo_ids` that this policy should be applied.\n" }, "tags": { "type": "array", "items": { "type": "string" }, "description": "Tags that can be used to categorize the policy.\n" }, "templateId": { "type": "string", "description": "Policy template identifier. Predefined templates are: - `data-firewall` - `data-masking` - `data-protection` -\n`EphemeralGrantPolicy` - `rate-limit` - `read-limit` - `repository-protection` - `service-account-abuse` -\n`user-segmentation`\n" } }, "type": "object", "required": [ "category", "createds", "lastUpdateds", "name", "policyId", "templateId" ], "inputProperties": { "category": { "type": "string", "description": "Policy category. List of supported categories: - `SECURITY` - `GRANT` - `USER_DEFINED`\n" }, "description": { "type": "string", "description": "Policy description.\n" }, "duration": { "type": "string", "description": "Policy duration. The policy expires after the duration specified. Should follow the protobuf duration string format,\nwhich corresponds to a sequence of decimal numbers suffixed by a 's' at the end, representing the duration in seconds.\nFor example: `300s`, `60s`, `10.50s`, etc.\n" }, "enabled": { "type": "boolean", "description": "Enable/disable the policy. Defaults to `false` (Disabled).\n" }, "name": { "type": "string", "description": "Policy name.\n" }, "parameters": { "type": "string", "description": "Policy parameters. The parameters vary based on the policy template schema.\n" }, "scope": { "$ref": "#/types/cyral:index%2FRegoPolicyInstanceScope:RegoPolicyInstanceScope", "description": "Determines the scope that the policy applies to. It can be used to create a repo-level policy by specifying the\ncorresponding `repo_ids` that this policy should be applied.\n" }, "tags": { "type": "array", "items": { "type": "string" }, "description": "Tags that can be used to categorize the policy.\n" }, "templateId": { "type": "string", "description": "Policy template identifier. Predefined templates are: - `data-firewall` - `data-masking` - `data-protection` -\n`EphemeralGrantPolicy` - `rate-limit` - `read-limit` - `repository-protection` - `service-account-abuse` -\n`user-segmentation`\n" } }, "requiredInputs": [ "category", "templateId" ], "stateInputs": { "description": "Input properties used for looking up and filtering RegoPolicyInstance resources.\n", "properties": { "category": { "type": "string", "description": "Policy category. List of supported categories: - `SECURITY` - `GRANT` - `USER_DEFINED`\n" }, "createds": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FRegoPolicyInstanceCreated:RegoPolicyInstanceCreated" }, "description": "Information regarding the policy creation.\n" }, "description": { "type": "string", "description": "Policy description.\n" }, "duration": { "type": "string", "description": "Policy duration. The policy expires after the duration specified. Should follow the protobuf duration string format,\nwhich corresponds to a sequence of decimal numbers suffixed by a 's' at the end, representing the duration in seconds.\nFor example: `300s`, `60s`, `10.50s`, etc.\n" }, "enabled": { "type": "boolean", "description": "Enable/disable the policy. Defaults to `false` (Disabled).\n" }, "lastUpdateds": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FRegoPolicyInstanceLastUpdated:RegoPolicyInstanceLastUpdated" }, "description": "Information regarding the policy last update.\n" }, "name": { "type": "string", "description": "Policy name.\n" }, "parameters": { "type": "string", "description": "Policy parameters. The parameters vary based on the policy template schema.\n" }, "policyId": { "type": "string", "description": "ID of this rego policy instance in Cyral environment.\n" }, "scope": { "$ref": "#/types/cyral:index%2FRegoPolicyInstanceScope:RegoPolicyInstanceScope", "description": "Determines the scope that the policy applies to. It can be used to create a repo-level policy by specifying the\ncorresponding `repo_ids` that this policy should be applied.\n" }, "tags": { "type": "array", "items": { "type": "string" }, "description": "Tags that can be used to categorize the policy.\n" }, "templateId": { "type": "string", "description": "Policy template identifier. Predefined templates are: - `data-firewall` - `data-masking` - `data-protection` -\n`EphemeralGrantPolicy` - `rate-limit` - `read-limit` - `repository-protection` - `service-account-abuse` -\n`user-segmentation`\n" } }, "type": "object" } }, "cyral:index/repository:Repository": { "description": "## # cyral.Repository (Resource)\n\nManages [repositories](https://cyral.com/docs/how-to/track-repos/).\n\n> Import ID syntax is `{repository_id}`.\n\n## Example Usage\n\nMore complex examples using `cyral.Repository` resource are available in the `Guides` section:\n\n- Create an AWS EC2 sidecar to protect PostgreSQL and MySQL databases\n- Setup SSO access to MongoDB cluster using Okta IdP\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\n//## Minimal Repository\nconst minimalRepo = new cyral.Repository(\"minimalRepo\", {\n mongodbSettings: {\n serverType: \"standalone\",\n },\n repoNodes: [{\n host: \"mongodb.cyral.com\",\n name: \"node-1\",\n port: 27017,\n }],\n type: \"mongodb\",\n});\n//## Repository with Connection Draining and Labels\nconst repoWithConnDraining = new cyral.Repository(\"repoWithConnDraining\", {\n connectionDraining: {\n auto: true,\n waitTime: 30,\n },\n labels: [\n \"single-node\",\n \"us-east-1\",\n ],\n mongodbSettings: {\n serverType: \"standalone\",\n },\n repoNodes: [{\n host: \"mongodb.cyral.com\",\n name: \"node-1\",\n port: 27017,\n }],\n type: \"mongodb\",\n});\n//## Multi-Node MongoDB Repository with Replicaset\nconst multiNodeMongoRepo = new cyral.Repository(\"multiNodeMongoRepo\", {\n labels: [\n \"multi-node\",\n \"us-east-2\",\n ],\n mongodbSettings: {\n replicaSetName: \"some-replica-set\",\n serverType: \"replicaset\",\n },\n repoNodes: [\n {\n host: \"mongodb-node1.cyral.com\",\n name: \"node-1\",\n port: 27017,\n },\n {\n host: \"mongodb-node2.cyral.com\",\n name: \"node-2\",\n port: 27017,\n },\n {\n dynamic: true,\n name: \"node-3\",\n },\n ],\n type: \"mongodb\",\n});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\n### Minimal Repository\nminimal_repo = cyral.Repository(\"minimalRepo\",\n mongodb_settings={\n \"server_type\": \"standalone\",\n },\n repo_nodes=[{\n \"host\": \"mongodb.cyral.com\",\n \"name\": \"node-1\",\n \"port\": 27017,\n }],\n type=\"mongodb\")\n### Repository with Connection Draining and Labels\nrepo_with_conn_draining = cyral.Repository(\"repoWithConnDraining\",\n connection_draining={\n \"auto\": True,\n \"wait_time\": 30,\n },\n labels=[\n \"single-node\",\n \"us-east-1\",\n ],\n mongodb_settings={\n \"server_type\": \"standalone\",\n },\n repo_nodes=[{\n \"host\": \"mongodb.cyral.com\",\n \"name\": \"node-1\",\n \"port\": 27017,\n }],\n type=\"mongodb\")\n### Multi-Node MongoDB Repository with Replicaset\nmulti_node_mongo_repo = cyral.Repository(\"multiNodeMongoRepo\",\n labels=[\n \"multi-node\",\n \"us-east-2\",\n ],\n mongodb_settings={\n \"replica_set_name\": \"some-replica-set\",\n \"server_type\": \"replicaset\",\n },\n repo_nodes=[\n {\n \"host\": \"mongodb-node1.cyral.com\",\n \"name\": \"node-1\",\n \"port\": 27017,\n },\n {\n \"host\": \"mongodb-node2.cyral.com\",\n \"name\": \"node-2\",\n \"port\": 27017,\n },\n {\n \"dynamic\": True,\n \"name\": \"node-3\",\n },\n ],\n type=\"mongodb\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n //## Minimal Repository\n var minimalRepo = new Cyral.Repository(\"minimalRepo\", new()\n {\n MongodbSettings = new Cyral.Inputs.RepositoryMongodbSettingsArgs\n {\n ServerType = \"standalone\",\n },\n RepoNodes = new[]\n {\n new Cyral.Inputs.RepositoryRepoNodeArgs\n {\n Host = \"mongodb.cyral.com\",\n Name = \"node-1\",\n Port = 27017,\n },\n },\n Type = \"mongodb\",\n });\n\n //## Repository with Connection Draining and Labels\n var repoWithConnDraining = new Cyral.Repository(\"repoWithConnDraining\", new()\n {\n ConnectionDraining = new Cyral.Inputs.RepositoryConnectionDrainingArgs\n {\n Auto = true,\n WaitTime = 30,\n },\n Labels = new[]\n {\n \"single-node\",\n \"us-east-1\",\n },\n MongodbSettings = new Cyral.Inputs.RepositoryMongodbSettingsArgs\n {\n ServerType = \"standalone\",\n },\n RepoNodes = new[]\n {\n new Cyral.Inputs.RepositoryRepoNodeArgs\n {\n Host = \"mongodb.cyral.com\",\n Name = \"node-1\",\n Port = 27017,\n },\n },\n Type = \"mongodb\",\n });\n\n //## Multi-Node MongoDB Repository with Replicaset\n var multiNodeMongoRepo = new Cyral.Repository(\"multiNodeMongoRepo\", new()\n {\n Labels = new[]\n {\n \"multi-node\",\n \"us-east-2\",\n },\n MongodbSettings = new Cyral.Inputs.RepositoryMongodbSettingsArgs\n {\n ReplicaSetName = \"some-replica-set\",\n ServerType = \"replicaset\",\n },\n RepoNodes = new[]\n {\n new Cyral.Inputs.RepositoryRepoNodeArgs\n {\n Host = \"mongodb-node1.cyral.com\",\n Name = \"node-1\",\n Port = 27017,\n },\n new Cyral.Inputs.RepositoryRepoNodeArgs\n {\n Host = \"mongodb-node2.cyral.com\",\n Name = \"node-2\",\n Port = 27017,\n },\n new Cyral.Inputs.RepositoryRepoNodeArgs\n {\n Dynamic = true,\n Name = \"node-3\",\n },\n },\n Type = \"mongodb\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// ## Minimal Repository\n\t\t_, err := cyral.NewRepository(ctx, \"minimalRepo\", &cyral.RepositoryArgs{\n\t\t\tMongodbSettings: &cyral.RepositoryMongodbSettingsArgs{\n\t\t\t\tServerType: pulumi.String(\"standalone\"),\n\t\t\t},\n\t\t\tRepoNodes: cyral.RepositoryRepoNodeArray{\n\t\t\t\t&cyral.RepositoryRepoNodeArgs{\n\t\t\t\t\tHost: pulumi.String(\"mongodb.cyral.com\"),\n\t\t\t\t\tName: pulumi.String(\"node-1\"),\n\t\t\t\t\tPort: pulumi.Float64(27017),\n\t\t\t\t},\n\t\t\t},\n\t\t\tType: pulumi.String(\"mongodb\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// ## Repository with Connection Draining and Labels\n\t\t_, err = cyral.NewRepository(ctx, \"repoWithConnDraining\", &cyral.RepositoryArgs{\n\t\t\tConnectionDraining: &cyral.RepositoryConnectionDrainingArgs{\n\t\t\t\tAuto: pulumi.Bool(true),\n\t\t\t\tWaitTime: pulumi.Float64(30),\n\t\t\t},\n\t\t\tLabels: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"single-node\"),\n\t\t\t\tpulumi.String(\"us-east-1\"),\n\t\t\t},\n\t\t\tMongodbSettings: &cyral.RepositoryMongodbSettingsArgs{\n\t\t\t\tServerType: pulumi.String(\"standalone\"),\n\t\t\t},\n\t\t\tRepoNodes: cyral.RepositoryRepoNodeArray{\n\t\t\t\t&cyral.RepositoryRepoNodeArgs{\n\t\t\t\t\tHost: pulumi.String(\"mongodb.cyral.com\"),\n\t\t\t\t\tName: pulumi.String(\"node-1\"),\n\t\t\t\t\tPort: pulumi.Float64(27017),\n\t\t\t\t},\n\t\t\t},\n\t\t\tType: pulumi.String(\"mongodb\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// ## Multi-Node MongoDB Repository with Replicaset\n\t\t_, err = cyral.NewRepository(ctx, \"multiNodeMongoRepo\", &cyral.RepositoryArgs{\n\t\t\tLabels: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"multi-node\"),\n\t\t\t\tpulumi.String(\"us-east-2\"),\n\t\t\t},\n\t\t\tMongodbSettings: &cyral.RepositoryMongodbSettingsArgs{\n\t\t\t\tReplicaSetName: pulumi.String(\"some-replica-set\"),\n\t\t\t\tServerType: pulumi.String(\"replicaset\"),\n\t\t\t},\n\t\t\tRepoNodes: cyral.RepositoryRepoNodeArray{\n\t\t\t\t&cyral.RepositoryRepoNodeArgs{\n\t\t\t\t\tHost: pulumi.String(\"mongodb-node1.cyral.com\"),\n\t\t\t\t\tName: pulumi.String(\"node-1\"),\n\t\t\t\t\tPort: pulumi.Float64(27017),\n\t\t\t\t},\n\t\t\t\t&cyral.RepositoryRepoNodeArgs{\n\t\t\t\t\tHost: pulumi.String(\"mongodb-node2.cyral.com\"),\n\t\t\t\t\tName: pulumi.String(\"node-2\"),\n\t\t\t\t\tPort: pulumi.Float64(27017),\n\t\t\t\t},\n\t\t\t\t&cyral.RepositoryRepoNodeArgs{\n\t\t\t\t\tDynamic: pulumi.Bool(true),\n\t\t\t\t\tName: pulumi.String(\"node-3\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tType: pulumi.String(\"mongodb\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.Repository;\nimport com.pulumi.cyral.RepositoryArgs;\nimport com.pulumi.cyral.inputs.RepositoryMongodbSettingsArgs;\nimport com.pulumi.cyral.inputs.RepositoryRepoNodeArgs;\nimport com.pulumi.cyral.inputs.RepositoryConnectionDrainingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n //## Minimal Repository\n var minimalRepo = new Repository(\"minimalRepo\", RepositoryArgs.builder()\n .mongodbSettings(RepositoryMongodbSettingsArgs.builder()\n .serverType(\"standalone\")\n .build())\n .repoNodes(RepositoryRepoNodeArgs.builder()\n .host(\"mongodb.cyral.com\")\n .name(\"node-1\")\n .port(27017)\n .build())\n .type(\"mongodb\")\n .build());\n\n //## Repository with Connection Draining and Labels\n var repoWithConnDraining = new Repository(\"repoWithConnDraining\", RepositoryArgs.builder()\n .connectionDraining(RepositoryConnectionDrainingArgs.builder()\n .auto(true)\n .waitTime(30)\n .build())\n .labels( \n \"single-node\",\n \"us-east-1\")\n .mongodbSettings(RepositoryMongodbSettingsArgs.builder()\n .serverType(\"standalone\")\n .build())\n .repoNodes(RepositoryRepoNodeArgs.builder()\n .host(\"mongodb.cyral.com\")\n .name(\"node-1\")\n .port(27017)\n .build())\n .type(\"mongodb\")\n .build());\n\n //## Multi-Node MongoDB Repository with Replicaset\n var multiNodeMongoRepo = new Repository(\"multiNodeMongoRepo\", RepositoryArgs.builder()\n .labels( \n \"multi-node\",\n \"us-east-2\")\n .mongodbSettings(RepositoryMongodbSettingsArgs.builder()\n .replicaSetName(\"some-replica-set\")\n .serverType(\"replicaset\")\n .build())\n .repoNodes( \n RepositoryRepoNodeArgs.builder()\n .host(\"mongodb-node1.cyral.com\")\n .name(\"node-1\")\n .port(27017)\n .build(),\n RepositoryRepoNodeArgs.builder()\n .host(\"mongodb-node2.cyral.com\")\n .name(\"node-2\")\n .port(27017)\n .build(),\n RepositoryRepoNodeArgs.builder()\n .dynamic(true)\n .name(\"node-3\")\n .build())\n .type(\"mongodb\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n ## Minimal Repository\n minimalRepo:\n type: cyral:Repository\n properties:\n mongodbSettings:\n serverType: standalone\n repoNodes:\n - host: mongodb.cyral.com\n name: node-1\n port: 27017\n type: mongodb\n ## Repository with Connection Draining and Labels\n repoWithConnDraining:\n type: cyral:Repository\n properties:\n connectionDraining:\n auto: true\n waitTime: 30\n labels:\n - single-node\n - us-east-1\n mongodbSettings:\n serverType: standalone\n repoNodes:\n - host: mongodb.cyral.com\n name: node-1\n port: 27017\n type: mongodb\n ## Multi-Node MongoDB Repository with Replicaset\n multiNodeMongoRepo:\n type: cyral:Repository\n properties:\n labels:\n - multi-node\n - us-east-2\n mongodbSettings:\n replicaSetName: some-replica-set\n serverType: replicaset\n repoNodes:\n - host: mongodb-node1.cyral.com\n name: node-1\n port: 27017\n - host: mongodb-node2.cyral.com\n name: node-2\n port: 27017\n - dynamic: true\n name: node-3\n type: mongodb\n```\n\n", "properties": { "connectionDraining": { "$ref": "#/types/cyral:index%2FRepositoryConnectionDraining:RepositoryConnectionDraining", "description": "Parameters related to connection draining.\n" }, "labels": { "type": "array", "items": { "type": "string" }, "description": "Labels enable you to categorize your repository.\n" }, "mongodbSettings": { "$ref": "#/types/cyral:index%2FRepositoryMongodbSettings:RepositoryMongodbSettings", "description": "Parameters related to MongoDB repositories.\n" }, "name": { "type": "string", "description": "Repository name that will be used internally in the control plane (ex: `your_repo_name`).\n" }, "redshiftSettings": { "$ref": "#/types/cyral:index%2FRepositoryRedshiftSettings:RepositoryRedshiftSettings", "description": "Parameters related to Redshift repositories.\n" }, "repoNodes": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FRepositoryRepoNode:RepositoryRepoNode" }, "description": "List of nodes for this repository.\n" }, "type": { "type": "string", "description": "Repository type. List of supported types: - `denodo` - `dremio` - `dynamodb` - `dynamodbstreams` - `galera` - `mariadb`\n- `mongodb` - `mysql` - `oracle` - `postgresql` - `redshift` - `s3` - `snowflake` - `sqlserver`\n" } }, "type": "object", "required": [ "name", "repoNodes", "type" ], "inputProperties": { "connectionDraining": { "$ref": "#/types/cyral:index%2FRepositoryConnectionDraining:RepositoryConnectionDraining", "description": "Parameters related to connection draining.\n" }, "labels": { "type": "array", "items": { "type": "string" }, "description": "Labels enable you to categorize your repository.\n" }, "mongodbSettings": { "$ref": "#/types/cyral:index%2FRepositoryMongodbSettings:RepositoryMongodbSettings", "description": "Parameters related to MongoDB repositories.\n" }, "name": { "type": "string", "description": "Repository name that will be used internally in the control plane (ex: `your_repo_name`).\n" }, "redshiftSettings": { "$ref": "#/types/cyral:index%2FRepositoryRedshiftSettings:RepositoryRedshiftSettings", "description": "Parameters related to Redshift repositories.\n" }, "repoNodes": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FRepositoryRepoNode:RepositoryRepoNode" }, "description": "List of nodes for this repository.\n" }, "type": { "type": "string", "description": "Repository type. List of supported types: - `denodo` - `dremio` - `dynamodb` - `dynamodbstreams` - `galera` - `mariadb`\n- `mongodb` - `mysql` - `oracle` - `postgresql` - `redshift` - `s3` - `snowflake` - `sqlserver`\n" } }, "requiredInputs": [ "repoNodes", "type" ], "stateInputs": { "description": "Input properties used for looking up and filtering Repository resources.\n", "properties": { "connectionDraining": { "$ref": "#/types/cyral:index%2FRepositoryConnectionDraining:RepositoryConnectionDraining", "description": "Parameters related to connection draining.\n" }, "labels": { "type": "array", "items": { "type": "string" }, "description": "Labels enable you to categorize your repository.\n" }, "mongodbSettings": { "$ref": "#/types/cyral:index%2FRepositoryMongodbSettings:RepositoryMongodbSettings", "description": "Parameters related to MongoDB repositories.\n" }, "name": { "type": "string", "description": "Repository name that will be used internally in the control plane (ex: `your_repo_name`).\n" }, "redshiftSettings": { "$ref": "#/types/cyral:index%2FRepositoryRedshiftSettings:RepositoryRedshiftSettings", "description": "Parameters related to Redshift repositories.\n" }, "repoNodes": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FRepositoryRepoNode:RepositoryRepoNode" }, "description": "List of nodes for this repository.\n" }, "type": { "type": "string", "description": "Repository type. List of supported types: - `denodo` - `dremio` - `dynamodb` - `dynamodbstreams` - `galera` - `mariadb`\n- `mongodb` - `mysql` - `oracle` - `postgresql` - `redshift` - `s3` - `snowflake` - `sqlserver`\n" } }, "type": "object" } }, "cyral:index/repositoryAccessGateway:RepositoryAccessGateway": { "description": "## # cyral.RepositoryAccessGateway (Resource)\n\nManages the sidecar and binding set as the access gateway for cyral_repositories.\n\n> Import ID syntax is `{repository_id}`.\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\n// Create a repository\nconst repo = new cyral.Repository(\"repo\", {\n type: \"mongodb\",\n repoNodes: [{\n host: \"mongodb.cyral.com\",\n port: 27017,\n }],\n});\n// Create a sidecar\nconst sidecar = new cyral.Sidecar(\"sidecar\", {deploymentMethod: \"docker\"});\n// Create a listener for the sidecar\nconst listener = new cyral.SidecarListener(\"listener\", {\n sidecarId: sidecar.id,\n repoTypes: [\"mongodb\"],\n networkAddress: {\n port: 27017,\n },\n});\n// Bind the sidecar listener to the repository\nconst binding = new cyral.RepositoryBinding(\"binding\", {\n sidecarId: sidecar.id,\n repositoryId: repo.id,\n enabled: true,\n listenerBindings: [{\n listenerId: listener.listenerId,\n nodeIndex: 0,\n }],\n});\n// Set the sidecar and binding as the access gateway\n// for the repository.\nconst accessGateway = new cyral.RepositoryAccessGateway(\"accessGateway\", {\n repositoryId: repo.id,\n sidecarId: sidecar.id,\n bindingId: binding.bindingId,\n});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\n# Create a repository\nrepo = cyral.Repository(\"repo\",\n type=\"mongodb\",\n repo_nodes=[{\n \"host\": \"mongodb.cyral.com\",\n \"port\": 27017,\n }])\n# Create a sidecar\nsidecar = cyral.Sidecar(\"sidecar\", deployment_method=\"docker\")\n# Create a listener for the sidecar\nlistener = cyral.SidecarListener(\"listener\",\n sidecar_id=sidecar.id,\n repo_types=[\"mongodb\"],\n network_address={\n \"port\": 27017,\n })\n# Bind the sidecar listener to the repository\nbinding = cyral.RepositoryBinding(\"binding\",\n sidecar_id=sidecar.id,\n repository_id=repo.id,\n enabled=True,\n listener_bindings=[{\n \"listener_id\": listener.listener_id,\n \"node_index\": 0,\n }])\n# Set the sidecar and binding as the access gateway\n# for the repository.\naccess_gateway = cyral.RepositoryAccessGateway(\"accessGateway\",\n repository_id=repo.id,\n sidecar_id=sidecar.id,\n binding_id=binding.binding_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n // Create a repository\n var repo = new Cyral.Repository(\"repo\", new()\n {\n Type = \"mongodb\",\n RepoNodes = new[]\n {\n new Cyral.Inputs.RepositoryRepoNodeArgs\n {\n Host = \"mongodb.cyral.com\",\n Port = 27017,\n },\n },\n });\n\n // Create a sidecar\n var sidecar = new Cyral.Sidecar(\"sidecar\", new()\n {\n DeploymentMethod = \"docker\",\n });\n\n // Create a listener for the sidecar\n var listener = new Cyral.SidecarListener(\"listener\", new()\n {\n SidecarId = sidecar.Id,\n RepoTypes = new[]\n {\n \"mongodb\",\n },\n NetworkAddress = new Cyral.Inputs.SidecarListenerNetworkAddressArgs\n {\n Port = 27017,\n },\n });\n\n // Bind the sidecar listener to the repository\n var binding = new Cyral.RepositoryBinding(\"binding\", new()\n {\n SidecarId = sidecar.Id,\n RepositoryId = repo.Id,\n Enabled = true,\n ListenerBindings = new[]\n {\n new Cyral.Inputs.RepositoryBindingListenerBindingArgs\n {\n ListenerId = listener.ListenerId,\n NodeIndex = 0,\n },\n },\n });\n\n // Set the sidecar and binding as the access gateway\n // for the repository.\n var accessGateway = new Cyral.RepositoryAccessGateway(\"accessGateway\", new()\n {\n RepositoryId = repo.Id,\n SidecarId = sidecar.Id,\n BindingId = binding.BindingId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Create a repository\n\t\trepo, err := cyral.NewRepository(ctx, \"repo\", &cyral.RepositoryArgs{\n\t\t\tType: pulumi.String(\"mongodb\"),\n\t\t\tRepoNodes: cyral.RepositoryRepoNodeArray{\n\t\t\t\t&cyral.RepositoryRepoNodeArgs{\n\t\t\t\t\tHost: pulumi.String(\"mongodb.cyral.com\"),\n\t\t\t\t\tPort: pulumi.Float64(27017),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a sidecar\n\t\tsidecar, err := cyral.NewSidecar(ctx, \"sidecar\", &cyral.SidecarArgs{\n\t\t\tDeploymentMethod: pulumi.String(\"docker\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a listener for the sidecar\n\t\tlistener, err := cyral.NewSidecarListener(ctx, \"listener\", &cyral.SidecarListenerArgs{\n\t\t\tSidecarId: sidecar.ID(),\n\t\t\tRepoTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"mongodb\"),\n\t\t\t},\n\t\t\tNetworkAddress: &cyral.SidecarListenerNetworkAddressArgs{\n\t\t\t\tPort: pulumi.Float64(27017),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Bind the sidecar listener to the repository\n\t\tbinding, err := cyral.NewRepositoryBinding(ctx, \"binding\", &cyral.RepositoryBindingArgs{\n\t\t\tSidecarId: sidecar.ID(),\n\t\t\tRepositoryId: repo.ID(),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tListenerBindings: cyral.RepositoryBindingListenerBindingArray{\n\t\t\t\t&cyral.RepositoryBindingListenerBindingArgs{\n\t\t\t\t\tListenerId: listener.ListenerId,\n\t\t\t\t\tNodeIndex: pulumi.Float64(0),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Set the sidecar and binding as the access gateway\n\t\t// for the repository.\n\t\t_, err = cyral.NewRepositoryAccessGateway(ctx, \"accessGateway\", &cyral.RepositoryAccessGatewayArgs{\n\t\t\tRepositoryId: repo.ID(),\n\t\t\tSidecarId: sidecar.ID(),\n\t\t\tBindingId: binding.BindingId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.Repository;\nimport com.pulumi.cyral.RepositoryArgs;\nimport com.pulumi.cyral.inputs.RepositoryRepoNodeArgs;\nimport com.pulumi.cyral.Sidecar;\nimport com.pulumi.cyral.SidecarArgs;\nimport com.pulumi.cyral.SidecarListener;\nimport com.pulumi.cyral.SidecarListenerArgs;\nimport com.pulumi.cyral.inputs.SidecarListenerNetworkAddressArgs;\nimport com.pulumi.cyral.RepositoryBinding;\nimport com.pulumi.cyral.RepositoryBindingArgs;\nimport com.pulumi.cyral.inputs.RepositoryBindingListenerBindingArgs;\nimport com.pulumi.cyral.RepositoryAccessGateway;\nimport com.pulumi.cyral.RepositoryAccessGatewayArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Create a repository\n var repo = new Repository(\"repo\", RepositoryArgs.builder()\n .type(\"mongodb\")\n .repoNodes(RepositoryRepoNodeArgs.builder()\n .host(\"mongodb.cyral.com\")\n .port(27017)\n .build())\n .build());\n\n // Create a sidecar\n var sidecar = new Sidecar(\"sidecar\", SidecarArgs.builder()\n .deploymentMethod(\"docker\")\n .build());\n\n // Create a listener for the sidecar\n var listener = new SidecarListener(\"listener\", SidecarListenerArgs.builder()\n .sidecarId(sidecar.id())\n .repoTypes(\"mongodb\")\n .networkAddress(SidecarListenerNetworkAddressArgs.builder()\n .port(27017)\n .build())\n .build());\n\n // Bind the sidecar listener to the repository\n var binding = new RepositoryBinding(\"binding\", RepositoryBindingArgs.builder()\n .sidecarId(sidecar.id())\n .repositoryId(repo.id())\n .enabled(true)\n .listenerBindings(RepositoryBindingListenerBindingArgs.builder()\n .listenerId(listener.listenerId())\n .nodeIndex(0)\n .build())\n .build());\n\n // Set the sidecar and binding as the access gateway\n // for the repository.\n var accessGateway = new RepositoryAccessGateway(\"accessGateway\", RepositoryAccessGatewayArgs.builder()\n .repositoryId(repo.id())\n .sidecarId(sidecar.id())\n .bindingId(binding.bindingId())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a repository\n repo:\n type: cyral:Repository\n properties:\n type: mongodb\n repoNodes:\n - host: mongodb.cyral.com\n port: 27017\n # Create a sidecar\n sidecar:\n type: cyral:Sidecar\n properties:\n deploymentMethod: docker\n # Create a listener for the sidecar\n listener:\n type: cyral:SidecarListener\n properties:\n sidecarId: ${sidecar.id}\n repoTypes:\n - mongodb\n networkAddress:\n port: 27017\n # Bind the sidecar listener to the repository\n binding:\n type: cyral:RepositoryBinding\n properties:\n sidecarId: ${sidecar.id}\n repositoryId: ${repo.id}\n enabled: true\n listenerBindings:\n - listenerId: ${listener.listenerId}\n nodeIndex: 0\n # Set the sidecar and binding as the access gateway\n # for the repository.\n accessGateway:\n type: cyral:RepositoryAccessGateway\n properties:\n repositoryId: ${repo.id}\n sidecarId: ${sidecar.id}\n bindingId: ${binding.bindingId}\n```\n\n", "properties": { "bindingId": { "type": "string" }, "repositoryAccessGatewayId": { "type": "string", "description": "The ID of this resource.\n" }, "repositoryId": { "type": "string", "description": "ID of the repository the access gateway is associated with. This is also the import ID for this resource.\n" }, "sidecarId": { "type": "string", "description": "ID of the sidecar that will be set as the access gateway for the given repository.\n" } }, "type": "object", "required": [ "bindingId", "repositoryAccessGatewayId", "repositoryId", "sidecarId" ], "inputProperties": { "bindingId": { "type": "string" }, "repositoryAccessGatewayId": { "type": "string", "description": "The ID of this resource.\n" }, "repositoryId": { "type": "string", "description": "ID of the repository the access gateway is associated with. This is also the import ID for this resource.\n" }, "sidecarId": { "type": "string", "description": "ID of the sidecar that will be set as the access gateway for the given repository.\n" } }, "requiredInputs": [ "bindingId", "repositoryId", "sidecarId" ], "stateInputs": { "description": "Input properties used for looking up and filtering RepositoryAccessGateway resources.\n", "properties": { "bindingId": { "type": "string" }, "repositoryAccessGatewayId": { "type": "string", "description": "The ID of this resource.\n" }, "repositoryId": { "type": "string", "description": "ID of the repository the access gateway is associated with. This is also the import ID for this resource.\n" }, "sidecarId": { "type": "string", "description": "ID of the sidecar that will be set as the access gateway for the given repository.\n" } }, "type": "object" } }, "cyral:index/repositoryAccessRules:RepositoryAccessRules": { "description": "## # cyral.RepositoryAccessRules (Resource)\n\nManage access rules\n\n> Import ID syntax is `{repository_id}/{user_account_id}`.\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst someResourceName = new cyral.RepositoryAccessRules(\"someResourceName\", {\n repositoryId: \"\",\n rules: [\n {\n config: {\n policyIds: [\n \"policy1\",\n \"policy2\",\n ],\n },\n identity: {\n name: \"\",\n type: \"username|email|group\",\n },\n validFrom: \"2022-09-19T23:50:48.606Z\",\n validUntil: \"2022-10-10T00:00:00Z\",\n },\n {\n identity: {\n name: \"\",\n type: \"username|email|group\",\n },\n },\n {\n config: {\n policyIds: [\"some_mfa_policy\"],\n },\n identity: {\n name: \"\",\n type: \"username|email|group\",\n },\n },\n ],\n userAccountId: \"\",\n});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsome_resource_name = cyral.RepositoryAccessRules(\"someResourceName\",\n repository_id=\"\",\n rules=[\n {\n \"config\": {\n \"policy_ids\": [\n \"policy1\",\n \"policy2\",\n ],\n },\n \"identity\": {\n \"name\": \"\",\n \"type\": \"username|email|group\",\n },\n \"valid_from\": \"2022-09-19T23:50:48.606Z\",\n \"valid_until\": \"2022-10-10T00:00:00Z\",\n },\n {\n \"identity\": {\n \"name\": \"\",\n \"type\": \"username|email|group\",\n },\n },\n {\n \"config\": {\n \"policy_ids\": [\"some_mfa_policy\"],\n },\n \"identity\": {\n \"name\": \"\",\n \"type\": \"username|email|group\",\n },\n },\n ],\n user_account_id=\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var someResourceName = new Cyral.RepositoryAccessRules(\"someResourceName\", new()\n {\n RepositoryId = \"\",\n Rules = new[]\n {\n new Cyral.Inputs.RepositoryAccessRulesRuleArgs\n {\n Config = new Cyral.Inputs.RepositoryAccessRulesRuleConfigArgs\n {\n PolicyIds = new[]\n {\n \"policy1\",\n \"policy2\",\n },\n },\n Identity = new Cyral.Inputs.RepositoryAccessRulesRuleIdentityArgs\n {\n Name = \"\",\n Type = \"username|email|group\",\n },\n ValidFrom = \"2022-09-19T23:50:48.606Z\",\n ValidUntil = \"2022-10-10T00:00:00Z\",\n },\n new Cyral.Inputs.RepositoryAccessRulesRuleArgs\n {\n Identity = new Cyral.Inputs.RepositoryAccessRulesRuleIdentityArgs\n {\n Name = \"\",\n Type = \"username|email|group\",\n },\n },\n new Cyral.Inputs.RepositoryAccessRulesRuleArgs\n {\n Config = new Cyral.Inputs.RepositoryAccessRulesRuleConfigArgs\n {\n PolicyIds = new[]\n {\n \"some_mfa_policy\",\n },\n },\n Identity = new Cyral.Inputs.RepositoryAccessRulesRuleIdentityArgs\n {\n Name = \"\",\n Type = \"username|email|group\",\n },\n },\n },\n UserAccountId = \"\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cyral.NewRepositoryAccessRules(ctx, \"someResourceName\", &cyral.RepositoryAccessRulesArgs{\n\t\t\tRepositoryId: pulumi.String(\"\"),\n\t\t\tRules: cyral.RepositoryAccessRulesRuleArray{\n\t\t\t\t&cyral.RepositoryAccessRulesRuleArgs{\n\t\t\t\t\tConfig: &cyral.RepositoryAccessRulesRuleConfigArgs{\n\t\t\t\t\t\tPolicyIds: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"policy1\"),\n\t\t\t\t\t\t\tpulumi.String(\"policy2\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tIdentity: &cyral.RepositoryAccessRulesRuleIdentityArgs{\n\t\t\t\t\t\tName: pulumi.String(\"\"),\n\t\t\t\t\t\tType: pulumi.String(\"username|email|group\"),\n\t\t\t\t\t},\n\t\t\t\t\tValidFrom: pulumi.String(\"2022-09-19T23:50:48.606Z\"),\n\t\t\t\t\tValidUntil: pulumi.String(\"2022-10-10T00:00:00Z\"),\n\t\t\t\t},\n\t\t\t\t&cyral.RepositoryAccessRulesRuleArgs{\n\t\t\t\t\tIdentity: &cyral.RepositoryAccessRulesRuleIdentityArgs{\n\t\t\t\t\t\tName: pulumi.String(\"\"),\n\t\t\t\t\t\tType: pulumi.String(\"username|email|group\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&cyral.RepositoryAccessRulesRuleArgs{\n\t\t\t\t\tConfig: &cyral.RepositoryAccessRulesRuleConfigArgs{\n\t\t\t\t\t\tPolicyIds: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"some_mfa_policy\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tIdentity: &cyral.RepositoryAccessRulesRuleIdentityArgs{\n\t\t\t\t\t\tName: pulumi.String(\"\"),\n\t\t\t\t\t\tType: pulumi.String(\"username|email|group\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tUserAccountId: pulumi.String(\"\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.RepositoryAccessRules;\nimport com.pulumi.cyral.RepositoryAccessRulesArgs;\nimport com.pulumi.cyral.inputs.RepositoryAccessRulesRuleArgs;\nimport com.pulumi.cyral.inputs.RepositoryAccessRulesRuleConfigArgs;\nimport com.pulumi.cyral.inputs.RepositoryAccessRulesRuleIdentityArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var someResourceName = new RepositoryAccessRules(\"someResourceName\", RepositoryAccessRulesArgs.builder()\n .repositoryId(\"\")\n .rules( \n RepositoryAccessRulesRuleArgs.builder()\n .config(RepositoryAccessRulesRuleConfigArgs.builder()\n .policyIds( \n \"policy1\",\n \"policy2\")\n .build())\n .identity(RepositoryAccessRulesRuleIdentityArgs.builder()\n .name(\"\")\n .type(\"username|email|group\")\n .build())\n .validFrom(\"2022-09-19T23:50:48.606Z\")\n .validUntil(\"2022-10-10T00:00:00Z\")\n .build(),\n RepositoryAccessRulesRuleArgs.builder()\n .identity(RepositoryAccessRulesRuleIdentityArgs.builder()\n .name(\"\")\n .type(\"username|email|group\")\n .build())\n .build(),\n RepositoryAccessRulesRuleArgs.builder()\n .config(RepositoryAccessRulesRuleConfigArgs.builder()\n .policyIds(\"some_mfa_policy\")\n .build())\n .identity(RepositoryAccessRulesRuleIdentityArgs.builder()\n .name(\"\")\n .type(\"username|email|group\")\n .build())\n .build())\n .userAccountId(\"\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n someResourceName:\n type: cyral:RepositoryAccessRules\n properties:\n repositoryId: \"\"\n rules:\n - config:\n policyIds:\n - policy1\n - policy2\n identity:\n name: \"\"\n type: username|email|group\n validFrom: 2022-09-19T23:50:48.606Z\n validUntil: 2022-10-10T00:00:00Z\n - identity:\n name: \"\"\n type: username|email|group\n - config:\n policyIds:\n - some_mfa_policy\n identity:\n name: \"\"\n type: username|email|group\n userAccountId: \"\"\n```\n\n", "properties": { "repositoryId": { "type": "string", "description": "ID of the repository.\n" }, "rules": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FRepositoryAccessRulesRule:RepositoryAccessRulesRule" }, "description": "A list of access rules. The order in which access rules are declared dictates the precedence of the rules (first one has\nthe highest priority)\n" }, "userAccountId": { "type": "string", "description": "ID of the database account. This should be the attribute `user_account_id` of the resource\n`cyral.RepositoryUserAccount`.\n" } }, "type": "object", "required": [ "repositoryId", "rules", "userAccountId" ], "inputProperties": { "repositoryId": { "type": "string", "description": "ID of the repository.\n" }, "rules": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FRepositoryAccessRulesRule:RepositoryAccessRulesRule" }, "description": "A list of access rules. The order in which access rules are declared dictates the precedence of the rules (first one has\nthe highest priority)\n" }, "userAccountId": { "type": "string", "description": "ID of the database account. This should be the attribute `user_account_id` of the resource\n`cyral.RepositoryUserAccount`.\n" } }, "requiredInputs": [ "repositoryId", "rules", "userAccountId" ], "stateInputs": { "description": "Input properties used for looking up and filtering RepositoryAccessRules resources.\n", "properties": { "repositoryId": { "type": "string", "description": "ID of the repository.\n" }, "rules": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FRepositoryAccessRulesRule:RepositoryAccessRulesRule" }, "description": "A list of access rules. The order in which access rules are declared dictates the precedence of the rules (first one has\nthe highest priority)\n" }, "userAccountId": { "type": "string", "description": "ID of the database account. This should be the attribute `user_account_id` of the resource\n`cyral.RepositoryUserAccount`.\n" } }, "type": "object" } }, "cyral:index/repositoryBinding:RepositoryBinding": { "description": "## # cyral.RepositoryBinding (Resource)\n\nManages [cyral repository to sidecar bindings](https://cyral.com/docs/sidecars/manage/bind-repo/).\n\n> Import ID syntax is `{sidecar_id}/{binding_id}`.\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst sidecar = new cyral.Sidecar(\"sidecar\", {deploymentMethod: \"terraform\"});\nconst repoMongodb = new cyral.Repository(\"repoMongodb\", {\n type: \"mongodb\",\n repoNodes: [{\n name: \"single-node-mongo\",\n host: \"mongodb.cyral.com\",\n port: 27017,\n }],\n mongodbSettings: {\n serverType: \"standalone\",\n },\n});\nconst repoPg = new cyral.Repository(\"repoPg\", {\n type: \"postgresql\",\n repoNodes: [{\n host: \"pg.cyral.com\",\n port: 5432,\n }],\n});\nconst listenerMongodb = new cyral.SidecarListener(\"listenerMongodb\", {\n sidecarId: sidecar.id,\n repoTypes: [\"mongodb\"],\n networkAddress: {\n port: 27017,\n },\n});\nconst listenerPg = new cyral.SidecarListener(\"listenerPg\", {\n sidecarId: sidecar.id,\n repoTypes: [\"postgresql\"],\n networkAddress: {\n port: 5434,\n },\n});\nconst bindingMongodb = new cyral.RepositoryBinding(\"bindingMongodb\", {\n sidecarId: sidecar.id,\n repositoryId: repoMongodb.id,\n listenerBindings: [{\n listenerId: listenerMongodb.listenerId,\n nodeIndex: 0,\n }],\n});\nconst bindingPg = new cyral.RepositoryBinding(\"bindingPg\", {\n sidecarId: sidecar.id,\n repositoryId: repoPg.id,\n listenerBindings: [{\n listenerId: listenerPg.listenerId,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsidecar = cyral.Sidecar(\"sidecar\", deployment_method=\"terraform\")\nrepo_mongodb = cyral.Repository(\"repoMongodb\",\n type=\"mongodb\",\n repo_nodes=[{\n \"name\": \"single-node-mongo\",\n \"host\": \"mongodb.cyral.com\",\n \"port\": 27017,\n }],\n mongodb_settings={\n \"server_type\": \"standalone\",\n })\nrepo_pg = cyral.Repository(\"repoPg\",\n type=\"postgresql\",\n repo_nodes=[{\n \"host\": \"pg.cyral.com\",\n \"port\": 5432,\n }])\nlistener_mongodb = cyral.SidecarListener(\"listenerMongodb\",\n sidecar_id=sidecar.id,\n repo_types=[\"mongodb\"],\n network_address={\n \"port\": 27017,\n })\nlistener_pg = cyral.SidecarListener(\"listenerPg\",\n sidecar_id=sidecar.id,\n repo_types=[\"postgresql\"],\n network_address={\n \"port\": 5434,\n })\nbinding_mongodb = cyral.RepositoryBinding(\"bindingMongodb\",\n sidecar_id=sidecar.id,\n repository_id=repo_mongodb.id,\n listener_bindings=[{\n \"listener_id\": listener_mongodb.listener_id,\n \"node_index\": 0,\n }])\nbinding_pg = cyral.RepositoryBinding(\"bindingPg\",\n sidecar_id=sidecar.id,\n repository_id=repo_pg.id,\n listener_bindings=[{\n \"listener_id\": listener_pg.listener_id,\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var sidecar = new Cyral.Sidecar(\"sidecar\", new()\n {\n DeploymentMethod = \"terraform\",\n });\n\n var repoMongodb = new Cyral.Repository(\"repoMongodb\", new()\n {\n Type = \"mongodb\",\n RepoNodes = new[]\n {\n new Cyral.Inputs.RepositoryRepoNodeArgs\n {\n Name = \"single-node-mongo\",\n Host = \"mongodb.cyral.com\",\n Port = 27017,\n },\n },\n MongodbSettings = new Cyral.Inputs.RepositoryMongodbSettingsArgs\n {\n ServerType = \"standalone\",\n },\n });\n\n var repoPg = new Cyral.Repository(\"repoPg\", new()\n {\n Type = \"postgresql\",\n RepoNodes = new[]\n {\n new Cyral.Inputs.RepositoryRepoNodeArgs\n {\n Host = \"pg.cyral.com\",\n Port = 5432,\n },\n },\n });\n\n var listenerMongodb = new Cyral.SidecarListener(\"listenerMongodb\", new()\n {\n SidecarId = sidecar.Id,\n RepoTypes = new[]\n {\n \"mongodb\",\n },\n NetworkAddress = new Cyral.Inputs.SidecarListenerNetworkAddressArgs\n {\n Port = 27017,\n },\n });\n\n var listenerPg = new Cyral.SidecarListener(\"listenerPg\", new()\n {\n SidecarId = sidecar.Id,\n RepoTypes = new[]\n {\n \"postgresql\",\n },\n NetworkAddress = new Cyral.Inputs.SidecarListenerNetworkAddressArgs\n {\n Port = 5434,\n },\n });\n\n var bindingMongodb = new Cyral.RepositoryBinding(\"bindingMongodb\", new()\n {\n SidecarId = sidecar.Id,\n RepositoryId = repoMongodb.Id,\n ListenerBindings = new[]\n {\n new Cyral.Inputs.RepositoryBindingListenerBindingArgs\n {\n ListenerId = listenerMongodb.ListenerId,\n NodeIndex = 0,\n },\n },\n });\n\n var bindingPg = new Cyral.RepositoryBinding(\"bindingPg\", new()\n {\n SidecarId = sidecar.Id,\n RepositoryId = repoPg.Id,\n ListenerBindings = new[]\n {\n new Cyral.Inputs.RepositoryBindingListenerBindingArgs\n {\n ListenerId = listenerPg.ListenerId,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsidecar, err := cyral.NewSidecar(ctx, \"sidecar\", &cyral.SidecarArgs{\n\t\t\tDeploymentMethod: pulumi.String(\"terraform\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trepoMongodb, err := cyral.NewRepository(ctx, \"repoMongodb\", &cyral.RepositoryArgs{\n\t\t\tType: pulumi.String(\"mongodb\"),\n\t\t\tRepoNodes: cyral.RepositoryRepoNodeArray{\n\t\t\t\t&cyral.RepositoryRepoNodeArgs{\n\t\t\t\t\tName: pulumi.String(\"single-node-mongo\"),\n\t\t\t\t\tHost: pulumi.String(\"mongodb.cyral.com\"),\n\t\t\t\t\tPort: pulumi.Float64(27017),\n\t\t\t\t},\n\t\t\t},\n\t\t\tMongodbSettings: &cyral.RepositoryMongodbSettingsArgs{\n\t\t\t\tServerType: pulumi.String(\"standalone\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trepoPg, err := cyral.NewRepository(ctx, \"repoPg\", &cyral.RepositoryArgs{\n\t\t\tType: pulumi.String(\"postgresql\"),\n\t\t\tRepoNodes: cyral.RepositoryRepoNodeArray{\n\t\t\t\t&cyral.RepositoryRepoNodeArgs{\n\t\t\t\t\tHost: pulumi.String(\"pg.cyral.com\"),\n\t\t\t\t\tPort: pulumi.Float64(5432),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlistenerMongodb, err := cyral.NewSidecarListener(ctx, \"listenerMongodb\", &cyral.SidecarListenerArgs{\n\t\t\tSidecarId: sidecar.ID(),\n\t\t\tRepoTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"mongodb\"),\n\t\t\t},\n\t\t\tNetworkAddress: &cyral.SidecarListenerNetworkAddressArgs{\n\t\t\t\tPort: pulumi.Float64(27017),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlistenerPg, err := cyral.NewSidecarListener(ctx, \"listenerPg\", &cyral.SidecarListenerArgs{\n\t\t\tSidecarId: sidecar.ID(),\n\t\t\tRepoTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"postgresql\"),\n\t\t\t},\n\t\t\tNetworkAddress: &cyral.SidecarListenerNetworkAddressArgs{\n\t\t\t\tPort: pulumi.Float64(5434),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cyral.NewRepositoryBinding(ctx, \"bindingMongodb\", &cyral.RepositoryBindingArgs{\n\t\t\tSidecarId: sidecar.ID(),\n\t\t\tRepositoryId: repoMongodb.ID(),\n\t\t\tListenerBindings: cyral.RepositoryBindingListenerBindingArray{\n\t\t\t\t&cyral.RepositoryBindingListenerBindingArgs{\n\t\t\t\t\tListenerId: listenerMongodb.ListenerId,\n\t\t\t\t\tNodeIndex: pulumi.Float64(0),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cyral.NewRepositoryBinding(ctx, \"bindingPg\", &cyral.RepositoryBindingArgs{\n\t\t\tSidecarId: sidecar.ID(),\n\t\t\tRepositoryId: repoPg.ID(),\n\t\t\tListenerBindings: cyral.RepositoryBindingListenerBindingArray{\n\t\t\t\t&cyral.RepositoryBindingListenerBindingArgs{\n\t\t\t\t\tListenerId: listenerPg.ListenerId,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.Sidecar;\nimport com.pulumi.cyral.SidecarArgs;\nimport com.pulumi.cyral.Repository;\nimport com.pulumi.cyral.RepositoryArgs;\nimport com.pulumi.cyral.inputs.RepositoryRepoNodeArgs;\nimport com.pulumi.cyral.inputs.RepositoryMongodbSettingsArgs;\nimport com.pulumi.cyral.SidecarListener;\nimport com.pulumi.cyral.SidecarListenerArgs;\nimport com.pulumi.cyral.inputs.SidecarListenerNetworkAddressArgs;\nimport com.pulumi.cyral.RepositoryBinding;\nimport com.pulumi.cyral.RepositoryBindingArgs;\nimport com.pulumi.cyral.inputs.RepositoryBindingListenerBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sidecar = new Sidecar(\"sidecar\", SidecarArgs.builder()\n .deploymentMethod(\"terraform\")\n .build());\n\n var repoMongodb = new Repository(\"repoMongodb\", RepositoryArgs.builder()\n .type(\"mongodb\")\n .repoNodes(RepositoryRepoNodeArgs.builder()\n .name(\"single-node-mongo\")\n .host(\"mongodb.cyral.com\")\n .port(27017)\n .build())\n .mongodbSettings(RepositoryMongodbSettingsArgs.builder()\n .serverType(\"standalone\")\n .build())\n .build());\n\n var repoPg = new Repository(\"repoPg\", RepositoryArgs.builder()\n .type(\"postgresql\")\n .repoNodes(RepositoryRepoNodeArgs.builder()\n .host(\"pg.cyral.com\")\n .port(5432)\n .build())\n .build());\n\n var listenerMongodb = new SidecarListener(\"listenerMongodb\", SidecarListenerArgs.builder()\n .sidecarId(sidecar.id())\n .repoTypes(\"mongodb\")\n .networkAddress(SidecarListenerNetworkAddressArgs.builder()\n .port(27017)\n .build())\n .build());\n\n var listenerPg = new SidecarListener(\"listenerPg\", SidecarListenerArgs.builder()\n .sidecarId(sidecar.id())\n .repoTypes(\"postgresql\")\n .networkAddress(SidecarListenerNetworkAddressArgs.builder()\n .port(5434)\n .build())\n .build());\n\n var bindingMongodb = new RepositoryBinding(\"bindingMongodb\", RepositoryBindingArgs.builder()\n .sidecarId(sidecar.id())\n .repositoryId(repoMongodb.id())\n .listenerBindings(RepositoryBindingListenerBindingArgs.builder()\n .listenerId(listenerMongodb.listenerId())\n .nodeIndex(0)\n .build())\n .build());\n\n var bindingPg = new RepositoryBinding(\"bindingPg\", RepositoryBindingArgs.builder()\n .sidecarId(sidecar.id())\n .repositoryId(repoPg.id())\n .listenerBindings(RepositoryBindingListenerBindingArgs.builder()\n .listenerId(listenerPg.listenerId())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sidecar:\n type: cyral:Sidecar\n properties:\n deploymentMethod: terraform\n repoMongodb:\n type: cyral:Repository\n properties:\n type: mongodb\n repoNodes:\n - name: single-node-mongo\n host: mongodb.cyral.com\n port: 27017\n mongodbSettings:\n serverType: standalone\n repoPg:\n type: cyral:Repository\n properties:\n type: postgresql\n repoNodes:\n - host: pg.cyral.com\n port: 5432\n listenerMongodb:\n type: cyral:SidecarListener\n properties:\n sidecarId: ${sidecar.id}\n repoTypes:\n - mongodb\n networkAddress:\n port: 27017\n listenerPg:\n type: cyral:SidecarListener\n properties:\n sidecarId: ${sidecar.id}\n repoTypes:\n - postgresql\n networkAddress:\n port: 5434\n bindingMongodb:\n type: cyral:RepositoryBinding\n properties:\n sidecarId: ${sidecar.id}\n repositoryId: ${repoMongodb.id}\n listenerBindings:\n - listenerId: ${listenerMongodb.listenerId}\n nodeIndex: 0\n bindingPg:\n type: cyral:RepositoryBinding\n properties:\n sidecarId: ${sidecar.id}\n repositoryId: ${repoPg.id}\n listenerBindings:\n - listenerId: ${listenerPg.listenerId}\n```\n\n", "properties": { "bindingId": { "type": "string", "description": "ID of the binding. Computed and assigned to binding at the time of creation.\n" }, "enabled": { "type": "boolean", "description": "Enable or disable all listener bindings.\n" }, "listenerBindings": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FRepositoryBindingListenerBinding:RepositoryBindingListenerBinding" }, "description": "The configuration for listeners associated with the binding. At least one `listener_binding` is required.\n" }, "repositoryBindingId": { "type": "string", "description": "The ID of this resource.\n" }, "repositoryId": { "type": "string", "description": "ID of the repository that will be bound to the sidecar.\n" }, "sidecarId": { "type": "string", "description": "ID of the sidecar that will be bound to the given repository.\n" } }, "type": "object", "required": [ "bindingId", "listenerBindings", "repositoryBindingId", "repositoryId", "sidecarId" ], "inputProperties": { "enabled": { "type": "boolean", "description": "Enable or disable all listener bindings.\n" }, "listenerBindings": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FRepositoryBindingListenerBinding:RepositoryBindingListenerBinding" }, "description": "The configuration for listeners associated with the binding. At least one `listener_binding` is required.\n" }, "repositoryBindingId": { "type": "string", "description": "The ID of this resource.\n" }, "repositoryId": { "type": "string", "description": "ID of the repository that will be bound to the sidecar.\n" }, "sidecarId": { "type": "string", "description": "ID of the sidecar that will be bound to the given repository.\n" } }, "requiredInputs": [ "listenerBindings", "repositoryId", "sidecarId" ], "stateInputs": { "description": "Input properties used for looking up and filtering RepositoryBinding resources.\n", "properties": { "bindingId": { "type": "string", "description": "ID of the binding. Computed and assigned to binding at the time of creation.\n" }, "enabled": { "type": "boolean", "description": "Enable or disable all listener bindings.\n" }, "listenerBindings": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FRepositoryBindingListenerBinding:RepositoryBindingListenerBinding" }, "description": "The configuration for listeners associated with the binding. At least one `listener_binding` is required.\n" }, "repositoryBindingId": { "type": "string", "description": "The ID of this resource.\n" }, "repositoryId": { "type": "string", "description": "ID of the repository that will be bound to the sidecar.\n" }, "sidecarId": { "type": "string", "description": "ID of the sidecar that will be bound to the given repository.\n" } }, "type": "object" } }, "cyral:index/repositoryConfAnalysis:RepositoryConfAnalysis": { "description": "Manages Repository Analysis Configuration. This resource allows configuring [Data Activity Logs](https://cyral.com/docs/data-repos/config/#data-activity-logs), [Alerts](https://cyral.com/docs/data-repos/config/#alerts) and [Policy Enforcement](https://cyral.com/docs/data-repos/config/#policy-enforcement) settings for Data Repositories.\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\n//## All Config enabled\nconst allConfAnalysisEnabled = new cyral.RepositoryConfAnalysis(\"allConfAnalysisEnabled\", {\n repositoryId: cyral_repository.SOME_REPOSITORY_RESOURCE_NAME.id,\n redact: \"all\",\n alertOnViolation: true,\n disablePreConfiguredAlerts: false,\n blockOnViolation: true,\n disableFilterAnalysis: false,\n enableDatasetRewrites: true,\n enableDataMasking: true,\n maskAllOccurrences: true,\n commentAnnotationGroups: [\"identity\"],\n logGroups: [\"everything\"],\n});\n//## All Config disabled\nconst allConfAnalysisDisabled = new cyral.RepositoryConfAnalysis(\"allConfAnalysisDisabled\", {\n repositoryId: cyral_repository.SOME_REPOSITORY_RESOURCE_NAME.id,\n redact: \"none\",\n alertOnViolation: false,\n disablePreConfiguredAlerts: true,\n blockOnViolation: false,\n disableFilterAnalysis: true,\n enableDatasetRewrites: false,\n enableDataMasking: false,\n maskAllOccurrences: false,\n commentAnnotationGroups: [],\n logGroups: [],\n});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\n### All Config enabled\nall_conf_analysis_enabled = cyral.RepositoryConfAnalysis(\"allConfAnalysisEnabled\",\n repository_id=cyral_repository[\"SOME_REPOSITORY_RESOURCE_NAME\"][\"id\"],\n redact=\"all\",\n alert_on_violation=True,\n disable_pre_configured_alerts=False,\n block_on_violation=True,\n disable_filter_analysis=False,\n enable_dataset_rewrites=True,\n enable_data_masking=True,\n mask_all_occurrences=True,\n comment_annotation_groups=[\"identity\"],\n log_groups=[\"everything\"])\n### All Config disabled\nall_conf_analysis_disabled = cyral.RepositoryConfAnalysis(\"allConfAnalysisDisabled\",\n repository_id=cyral_repository[\"SOME_REPOSITORY_RESOURCE_NAME\"][\"id\"],\n redact=\"none\",\n alert_on_violation=False,\n disable_pre_configured_alerts=True,\n block_on_violation=False,\n disable_filter_analysis=True,\n enable_dataset_rewrites=False,\n enable_data_masking=False,\n mask_all_occurrences=False,\n comment_annotation_groups=[],\n log_groups=[])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n //## All Config enabled\n var allConfAnalysisEnabled = new Cyral.RepositoryConfAnalysis(\"allConfAnalysisEnabled\", new()\n {\n RepositoryId = cyral_repository.SOME_REPOSITORY_RESOURCE_NAME.Id,\n Redact = \"all\",\n AlertOnViolation = true,\n DisablePreConfiguredAlerts = false,\n BlockOnViolation = true,\n DisableFilterAnalysis = false,\n EnableDatasetRewrites = true,\n EnableDataMasking = true,\n MaskAllOccurrences = true,\n CommentAnnotationGroups = new[]\n {\n \"identity\",\n },\n LogGroups = new[]\n {\n \"everything\",\n },\n });\n\n //## All Config disabled\n var allConfAnalysisDisabled = new Cyral.RepositoryConfAnalysis(\"allConfAnalysisDisabled\", new()\n {\n RepositoryId = cyral_repository.SOME_REPOSITORY_RESOURCE_NAME.Id,\n Redact = \"none\",\n AlertOnViolation = false,\n DisablePreConfiguredAlerts = true,\n BlockOnViolation = false,\n DisableFilterAnalysis = true,\n EnableDatasetRewrites = false,\n EnableDataMasking = false,\n MaskAllOccurrences = false,\n CommentAnnotationGroups = new[] {},\n LogGroups = new[] {},\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// ## All Config enabled\n\t\t_, err := cyral.NewRepositoryConfAnalysis(ctx, \"allConfAnalysisEnabled\", &cyral.RepositoryConfAnalysisArgs{\n\t\t\tRepositoryId: pulumi.Any(cyral_repository.SOME_REPOSITORY_RESOURCE_NAME.Id),\n\t\t\tRedact: pulumi.String(\"all\"),\n\t\t\tAlertOnViolation: pulumi.Bool(true),\n\t\t\tDisablePreConfiguredAlerts: pulumi.Bool(false),\n\t\t\tBlockOnViolation: pulumi.Bool(true),\n\t\t\tDisableFilterAnalysis: pulumi.Bool(false),\n\t\t\tEnableDatasetRewrites: pulumi.Bool(true),\n\t\t\tEnableDataMasking: pulumi.Bool(true),\n\t\t\tMaskAllOccurrences: pulumi.Bool(true),\n\t\t\tCommentAnnotationGroups: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"identity\"),\n\t\t\t},\n\t\t\tLogGroups: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"everything\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// ## All Config disabled\n\t\t_, err = cyral.NewRepositoryConfAnalysis(ctx, \"allConfAnalysisDisabled\", &cyral.RepositoryConfAnalysisArgs{\n\t\t\tRepositoryId: pulumi.Any(cyral_repository.SOME_REPOSITORY_RESOURCE_NAME.Id),\n\t\t\tRedact: pulumi.String(\"none\"),\n\t\t\tAlertOnViolation: pulumi.Bool(false),\n\t\t\tDisablePreConfiguredAlerts: pulumi.Bool(true),\n\t\t\tBlockOnViolation: pulumi.Bool(false),\n\t\t\tDisableFilterAnalysis: pulumi.Bool(true),\n\t\t\tEnableDatasetRewrites: pulumi.Bool(false),\n\t\t\tEnableDataMasking: pulumi.Bool(false),\n\t\t\tMaskAllOccurrences: pulumi.Bool(false),\n\t\t\tCommentAnnotationGroups: pulumi.StringArray{},\n\t\t\tLogGroups: pulumi.StringArray{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.RepositoryConfAnalysis;\nimport com.pulumi.cyral.RepositoryConfAnalysisArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n //## All Config enabled\n var allConfAnalysisEnabled = new RepositoryConfAnalysis(\"allConfAnalysisEnabled\", RepositoryConfAnalysisArgs.builder()\n .repositoryId(cyral_repository.SOME_REPOSITORY_RESOURCE_NAME().id())\n .redact(\"all\")\n .alertOnViolation(true)\n .disablePreConfiguredAlerts(false)\n .blockOnViolation(true)\n .disableFilterAnalysis(false)\n .enableDatasetRewrites(true)\n .enableDataMasking(true)\n .maskAllOccurrences(true)\n .commentAnnotationGroups(\"identity\")\n .logGroups(\"everything\")\n .build());\n\n //## All Config disabled\n var allConfAnalysisDisabled = new RepositoryConfAnalysis(\"allConfAnalysisDisabled\", RepositoryConfAnalysisArgs.builder()\n .repositoryId(cyral_repository.SOME_REPOSITORY_RESOURCE_NAME().id())\n .redact(\"none\")\n .alertOnViolation(false)\n .disablePreConfiguredAlerts(true)\n .blockOnViolation(false)\n .disableFilterAnalysis(true)\n .enableDatasetRewrites(false)\n .enableDataMasking(false)\n .maskAllOccurrences(false)\n .commentAnnotationGroups()\n .logGroups()\n .build());\n\n }\n}\n```\n```yaml\nresources:\n ### All Config enabled\n allConfAnalysisEnabled:\n type: cyral:RepositoryConfAnalysis\n properties:\n repositoryId: ${cyral_repository.SOME_REPOSITORY_RESOURCE_NAME.id}\n redact: all\n alertOnViolation: true\n disablePreConfiguredAlerts: false\n blockOnViolation: true\n disableFilterAnalysis: false\n enableDatasetRewrites: true\n enableDataMasking: true\n maskAllOccurrences: true\n commentAnnotationGroups:\n - identity\n logGroups:\n - everything\n ### All Config disabled\n allConfAnalysisDisabled:\n type: cyral:RepositoryConfAnalysis\n properties:\n repositoryId: ${cyral_repository.SOME_REPOSITORY_RESOURCE_NAME.id}\n redact: none\n alertOnViolation: false\n disablePreConfiguredAlerts: true\n blockOnViolation: false\n disableFilterAnalysis: true\n enableDatasetRewrites: false\n enableDataMasking: false\n maskAllOccurrences: false\n commentAnnotationGroups: []\n logGroups: []\n```\n\n", "properties": { "alertOnViolation": { "type": "boolean", "description": "If set to `true` it will enable alert on policy violations.\n" }, "blockOnViolation": { "type": "boolean", "description": "If set to `true` it will enable query blocking in case of a policy violation.\n" }, "commentAnnotationGroups": { "type": "array", "items": { "type": "string" }, "description": "Valid values are: `identity`, `client`, `repo`, `sidecar`. The default behavior is to set only the `identity` when this\noption is enabled, but you can also opt to add the contents of `client`, `repo`, `sidecar` logging blocks as query\ncomments. [Learn more](https://support.cyral.com/support/solutions/articles/44002218978).\n" }, "disableFilterAnalysis": { "type": "boolean", "description": "If set to `true` it will *disable* filter analysis.\n" }, "disablePreConfiguredAlerts": { "type": "boolean", "description": "If set to `true` it will *disable* preconfigured alerts.\n" }, "enableDataMasking": { "type": "boolean", "description": "If set to `true` it will allow policies to force the masking of specified data fields in the results of queries. [Learn\nmore](https://cyral.com/docs/using-cyral/masking/).\n" }, "enableDatasetRewrites": { "type": "boolean", "description": "If set to `true` it will enable rewriting queries.\n" }, "logGroups": { "type": "array", "items": { "type": "string" }, "description": "Responsible for configuring the Log Settings. Valid values are documented below. The `log_groups` list support the\nfollowing values: - `everything` - Enables all the Log Settings. - `dql` - Enables the `DQLs` setting for `all\nrequests`. - `dml` - Enables the `DMLs` setting for `all requests`. - `ddl` - Enables the `DDLs` setting for `all\nrequests`. - `sensitive & dql` - Enables the `DQLs` setting for `logged fields`. - `sensitive & dml` - Enables the\n`DMLs` setting for `logged fields`. - `sensitive & ddl` - Enables the `DDLs` setting for `logged fields`. - `privileged`\n- Enables the `Privileged commands` setting. - `port-scan` - Enables the `Port scans` setting. - `auth-failure` -\nEnables the `Authentication failures` setting. - `full-table-scan` - Enables the `Full scans` setting. - `violations` -\nEnables the `Policy violations` setting. - `connections` - Enables the `Connection activity` setting. - `sensitive` -\nLog all queries manipulating sensitive fields (watches) - `data-classification` - Log all queries whose response was\nautomatically classified as sensitive (credit card numbers, emails and so on). - `audit` - Log `sensitive`, `DQLs`,\n`DDLs`, `DMLs` and `privileged`. - `error` - Log analysis errors. - `new-connections` - Log new connections. -\n`closed-connections` - Log closed connections.\n" }, "maskAllOccurrences": { "type": "boolean", "description": "If set to `true` it will also mask filtering conditions like in `WHERE`, `HAVING` or `ON` clauses. **Note**: Enabling\nthis may cause some performance degradation on large tables. It is required to set `enable_data_masking=true` to use\nthis feature.\n" }, "redact": { "type": "string", "description": "Valid values are: `all`, `none` and `watched`. If set to `all` it will enable the redact of all literal values, `none`\nwill disable it, and `watched` will only redact values from tracked fields set in the Datamap.\n" }, "repositoryId": { "type": "string", "description": "The ID of an existing data repository resource that will be configured.\n" } }, "type": "object", "required": [ "repositoryId" ], "inputProperties": { "alertOnViolation": { "type": "boolean", "description": "If set to `true` it will enable alert on policy violations.\n" }, "blockOnViolation": { "type": "boolean", "description": "If set to `true` it will enable query blocking in case of a policy violation.\n" }, "commentAnnotationGroups": { "type": "array", "items": { "type": "string" }, "description": "Valid values are: `identity`, `client`, `repo`, `sidecar`. The default behavior is to set only the `identity` when this\noption is enabled, but you can also opt to add the contents of `client`, `repo`, `sidecar` logging blocks as query\ncomments. [Learn more](https://support.cyral.com/support/solutions/articles/44002218978).\n" }, "disableFilterAnalysis": { "type": "boolean", "description": "If set to `true` it will *disable* filter analysis.\n" }, "disablePreConfiguredAlerts": { "type": "boolean", "description": "If set to `true` it will *disable* preconfigured alerts.\n" }, "enableDataMasking": { "type": "boolean", "description": "If set to `true` it will allow policies to force the masking of specified data fields in the results of queries. [Learn\nmore](https://cyral.com/docs/using-cyral/masking/).\n" }, "enableDatasetRewrites": { "type": "boolean", "description": "If set to `true` it will enable rewriting queries.\n" }, "logGroups": { "type": "array", "items": { "type": "string" }, "description": "Responsible for configuring the Log Settings. Valid values are documented below. The `log_groups` list support the\nfollowing values: - `everything` - Enables all the Log Settings. - `dql` - Enables the `DQLs` setting for `all\nrequests`. - `dml` - Enables the `DMLs` setting for `all requests`. - `ddl` - Enables the `DDLs` setting for `all\nrequests`. - `sensitive & dql` - Enables the `DQLs` setting for `logged fields`. - `sensitive & dml` - Enables the\n`DMLs` setting for `logged fields`. - `sensitive & ddl` - Enables the `DDLs` setting for `logged fields`. - `privileged`\n- Enables the `Privileged commands` setting. - `port-scan` - Enables the `Port scans` setting. - `auth-failure` -\nEnables the `Authentication failures` setting. - `full-table-scan` - Enables the `Full scans` setting. - `violations` -\nEnables the `Policy violations` setting. - `connections` - Enables the `Connection activity` setting. - `sensitive` -\nLog all queries manipulating sensitive fields (watches) - `data-classification` - Log all queries whose response was\nautomatically classified as sensitive (credit card numbers, emails and so on). - `audit` - Log `sensitive`, `DQLs`,\n`DDLs`, `DMLs` and `privileged`. - `error` - Log analysis errors. - `new-connections` - Log new connections. -\n`closed-connections` - Log closed connections.\n" }, "maskAllOccurrences": { "type": "boolean", "description": "If set to `true` it will also mask filtering conditions like in `WHERE`, `HAVING` or `ON` clauses. **Note**: Enabling\nthis may cause some performance degradation on large tables. It is required to set `enable_data_masking=true` to use\nthis feature.\n" }, "redact": { "type": "string", "description": "Valid values are: `all`, `none` and `watched`. If set to `all` it will enable the redact of all literal values, `none`\nwill disable it, and `watched` will only redact values from tracked fields set in the Datamap.\n" }, "repositoryId": { "type": "string", "description": "The ID of an existing data repository resource that will be configured.\n" } }, "requiredInputs": [ "repositoryId" ], "stateInputs": { "description": "Input properties used for looking up and filtering RepositoryConfAnalysis resources.\n", "properties": { "alertOnViolation": { "type": "boolean", "description": "If set to `true` it will enable alert on policy violations.\n" }, "blockOnViolation": { "type": "boolean", "description": "If set to `true` it will enable query blocking in case of a policy violation.\n" }, "commentAnnotationGroups": { "type": "array", "items": { "type": "string" }, "description": "Valid values are: `identity`, `client`, `repo`, `sidecar`. The default behavior is to set only the `identity` when this\noption is enabled, but you can also opt to add the contents of `client`, `repo`, `sidecar` logging blocks as query\ncomments. [Learn more](https://support.cyral.com/support/solutions/articles/44002218978).\n" }, "disableFilterAnalysis": { "type": "boolean", "description": "If set to `true` it will *disable* filter analysis.\n" }, "disablePreConfiguredAlerts": { "type": "boolean", "description": "If set to `true` it will *disable* preconfigured alerts.\n" }, "enableDataMasking": { "type": "boolean", "description": "If set to `true` it will allow policies to force the masking of specified data fields in the results of queries. [Learn\nmore](https://cyral.com/docs/using-cyral/masking/).\n" }, "enableDatasetRewrites": { "type": "boolean", "description": "If set to `true` it will enable rewriting queries.\n" }, "logGroups": { "type": "array", "items": { "type": "string" }, "description": "Responsible for configuring the Log Settings. Valid values are documented below. The `log_groups` list support the\nfollowing values: - `everything` - Enables all the Log Settings. - `dql` - Enables the `DQLs` setting for `all\nrequests`. - `dml` - Enables the `DMLs` setting for `all requests`. - `ddl` - Enables the `DDLs` setting for `all\nrequests`. - `sensitive & dql` - Enables the `DQLs` setting for `logged fields`. - `sensitive & dml` - Enables the\n`DMLs` setting for `logged fields`. - `sensitive & ddl` - Enables the `DDLs` setting for `logged fields`. - `privileged`\n- Enables the `Privileged commands` setting. - `port-scan` - Enables the `Port scans` setting. - `auth-failure` -\nEnables the `Authentication failures` setting. - `full-table-scan` - Enables the `Full scans` setting. - `violations` -\nEnables the `Policy violations` setting. - `connections` - Enables the `Connection activity` setting. - `sensitive` -\nLog all queries manipulating sensitive fields (watches) - `data-classification` - Log all queries whose response was\nautomatically classified as sensitive (credit card numbers, emails and so on). - `audit` - Log `sensitive`, `DQLs`,\n`DDLs`, `DMLs` and `privileged`. - `error` - Log analysis errors. - `new-connections` - Log new connections. -\n`closed-connections` - Log closed connections.\n" }, "maskAllOccurrences": { "type": "boolean", "description": "If set to `true` it will also mask filtering conditions like in `WHERE`, `HAVING` or `ON` clauses. **Note**: Enabling\nthis may cause some performance degradation on large tables. It is required to set `enable_data_masking=true` to use\nthis feature.\n" }, "redact": { "type": "string", "description": "Valid values are: `all`, `none` and `watched`. If set to `all` it will enable the redact of all literal values, `none`\nwill disable it, and `watched` will only redact values from tracked fields set in the Datamap.\n" }, "repositoryId": { "type": "string", "description": "The ID of an existing data repository resource that will be configured.\n" } }, "type": "object" } }, "cyral:index/repositoryConfAuth:RepositoryConfAuth": { "description": "## # cyral.RepositoryConfAuth (Resource)\n\nManages Repository Analysis Configuration. This resource allows configuring Logs, Alerts, Analysis and Enforcement configurations for Data Repositories.[See also](https://cyral.com/docs/data-repos/config).\n\n> Import ID syntax is `{repository_id}`.\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst someResourceName = new cyral.RepositoryConfAuth(\"someResourceName\", {\n allowNativeAuth: true,\n clientTls: \"enable|disable\",\n identityProvider: \"\",\n repoTls: \"enable|disable|enableAndVerifyCert\",\n repositoryId: \"\",\n});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsome_resource_name = cyral.RepositoryConfAuth(\"someResourceName\",\n allow_native_auth=True,\n client_tls=\"enable|disable\",\n identity_provider=\"\",\n repo_tls=\"enable|disable|enableAndVerifyCert\",\n repository_id=\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var someResourceName = new Cyral.RepositoryConfAuth(\"someResourceName\", new()\n {\n AllowNativeAuth = true,\n ClientTls = \"enable|disable\",\n IdentityProvider = \"\",\n RepoTls = \"enable|disable|enableAndVerifyCert\",\n RepositoryId = \"\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cyral.NewRepositoryConfAuth(ctx, \"someResourceName\", &cyral.RepositoryConfAuthArgs{\n\t\t\tAllowNativeAuth: pulumi.Bool(true),\n\t\t\tClientTls: pulumi.String(\"enable|disable\"),\n\t\t\tIdentityProvider: pulumi.String(\"\"),\n\t\t\tRepoTls: pulumi.String(\"enable|disable|enableAndVerifyCert\"),\n\t\t\tRepositoryId: pulumi.String(\"\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.RepositoryConfAuth;\nimport com.pulumi.cyral.RepositoryConfAuthArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var someResourceName = new RepositoryConfAuth(\"someResourceName\", RepositoryConfAuthArgs.builder()\n .allowNativeAuth(true)\n .clientTls(\"enable|disable\")\n .identityProvider(\"\")\n .repoTls(\"enable|disable|enableAndVerifyCert\")\n .repositoryId(\"\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n someResourceName:\n type: cyral:RepositoryConfAuth\n properties:\n allowNativeAuth: true\n clientTls: enable|disable\n identityProvider: \"\"\n repoTls: enable|disable|enableAndVerifyCert\n repositoryId: \"\"\n```\n\n", "properties": { "allowNativeAuth": { "type": "boolean", "description": "Should the communication allow native authentication?\n" }, "authType": { "type": "string", "description": "Authentication type for this repository. **Note**: `AWS_IAM` is currently only supported by `mongodb` repo type. List of\nsupported values: - `ACCESS_TOKEN` - `AWS_IAM`\n" }, "clientTls": { "type": "string", "description": "Specifies whether the sidecar will require TLS communication with clients. Defaults to `disable`. List of supported\nvalues: - `enable` - `disable`\n" }, "identityProvider": { "type": "string", "description": "The semantics of this field changed in control planes `v4.13` and later. See how it should be configured depending on\nyour control plane version: - `v4.12` and below: - Provide the ID (Alias) of the identity provider integration to allow\nuser authentication using an IdP. - `v4.13` and later: - If not supplied, then end-user authentication is disabled. - If\nend-user authentication with Cyral Access Token is desired, then set to `ACCESS_TOKEN` or any other non-empty string. -\nIf end-user authentication with AWS IAM is desired, then this must be the ID of an AWS IAM integration, and the\n`auth_type` attribute must be set to `AWS_IAM`.\n" }, "repoTls": { "type": "string", "description": "Specifies whether the sidecar will communicate with the repository using TLS. Defaults to `disable`. List of supported\nvalues: - `enable` - `enableAndVerifyCert` - `disable`\n" }, "repositoryId": { "type": "string", "description": "The ID of the repository to be configured.\n" } }, "type": "object", "required": [ "repositoryId" ], "inputProperties": { "allowNativeAuth": { "type": "boolean", "description": "Should the communication allow native authentication?\n" }, "authType": { "type": "string", "description": "Authentication type for this repository. **Note**: `AWS_IAM` is currently only supported by `mongodb` repo type. List of\nsupported values: - `ACCESS_TOKEN` - `AWS_IAM`\n" }, "clientTls": { "type": "string", "description": "Specifies whether the sidecar will require TLS communication with clients. Defaults to `disable`. List of supported\nvalues: - `enable` - `disable`\n" }, "identityProvider": { "type": "string", "description": "The semantics of this field changed in control planes `v4.13` and later. See how it should be configured depending on\nyour control plane version: - `v4.12` and below: - Provide the ID (Alias) of the identity provider integration to allow\nuser authentication using an IdP. - `v4.13` and later: - If not supplied, then end-user authentication is disabled. - If\nend-user authentication with Cyral Access Token is desired, then set to `ACCESS_TOKEN` or any other non-empty string. -\nIf end-user authentication with AWS IAM is desired, then this must be the ID of an AWS IAM integration, and the\n`auth_type` attribute must be set to `AWS_IAM`.\n" }, "repoTls": { "type": "string", "description": "Specifies whether the sidecar will communicate with the repository using TLS. Defaults to `disable`. List of supported\nvalues: - `enable` - `enableAndVerifyCert` - `disable`\n" }, "repositoryId": { "type": "string", "description": "The ID of the repository to be configured.\n" } }, "requiredInputs": [ "repositoryId" ], "stateInputs": { "description": "Input properties used for looking up and filtering RepositoryConfAuth resources.\n", "properties": { "allowNativeAuth": { "type": "boolean", "description": "Should the communication allow native authentication?\n" }, "authType": { "type": "string", "description": "Authentication type for this repository. **Note**: `AWS_IAM` is currently only supported by `mongodb` repo type. List of\nsupported values: - `ACCESS_TOKEN` - `AWS_IAM`\n" }, "clientTls": { "type": "string", "description": "Specifies whether the sidecar will require TLS communication with clients. Defaults to `disable`. List of supported\nvalues: - `enable` - `disable`\n" }, "identityProvider": { "type": "string", "description": "The semantics of this field changed in control planes `v4.13` and later. See how it should be configured depending on\nyour control plane version: - `v4.12` and below: - Provide the ID (Alias) of the identity provider integration to allow\nuser authentication using an IdP. - `v4.13` and later: - If not supplied, then end-user authentication is disabled. - If\nend-user authentication with Cyral Access Token is desired, then set to `ACCESS_TOKEN` or any other non-empty string. -\nIf end-user authentication with AWS IAM is desired, then this must be the ID of an AWS IAM integration, and the\n`auth_type` attribute must be set to `AWS_IAM`.\n" }, "repoTls": { "type": "string", "description": "Specifies whether the sidecar will communicate with the repository using TLS. Defaults to `disable`. List of supported\nvalues: - `enable` - `enableAndVerifyCert` - `disable`\n" }, "repositoryId": { "type": "string", "description": "The ID of the repository to be configured.\n" } }, "type": "object" } }, "cyral:index/repositoryDatamap:RepositoryDatamap": { "description": "Manages [Data Map](https://cyral.com/docs/policy/datamap).\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\n// Create the repository\nconst example_pg = new cyral.Repository(\"example-pg\", {\n type: \"postgresql\",\n repoNodes: [{\n host: \"pg.example.com\",\n port: 5432,\n }],\n});\n// Create custom labels\nconst nAME = new cyral.Datalabel(\"nAME\", {\n description: \"Customer name\",\n tags: [\"PII\"],\n});\nconst dOB = new cyral.Datalabel(\"dOB\", {\n description: \"Customer date of birth\",\n tags: [\"PII\"],\n});\n// Create data map for the repository, using the custom labels\nconst example_pgDatamap = new cyral.RepositoryDatamap(\"example-pgDatamap\", {\n repositoryId: example_pg.id,\n mappings: [\n {\n label: nAME.name,\n attributes: [\n \"FINANCE.CUSTOMERS.FIRST_NAME\",\n \"FINANCE.CUSTOMERS.MIDDLE_NAME\",\n \"FINANCE.CUSTOMERS.LAST_NAME\",\n ],\n },\n {\n label: dOB.name,\n attributes: [\"FINANCE.CUSTOMERS.DOB\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\n# Create the repository\nexample_pg = cyral.Repository(\"example-pg\",\n type=\"postgresql\",\n repo_nodes=[{\n \"host\": \"pg.example.com\",\n \"port\": 5432,\n }])\n# Create custom labels\nn_ame = cyral.Datalabel(\"nAME\",\n description=\"Customer name\",\n tags=[\"PII\"])\nd_ob = cyral.Datalabel(\"dOB\",\n description=\"Customer date of birth\",\n tags=[\"PII\"])\n# Create data map for the repository, using the custom labels\nexample_pg_datamap = cyral.RepositoryDatamap(\"example-pgDatamap\",\n repository_id=example_pg.id,\n mappings=[\n {\n \"label\": n_ame.name,\n \"attributes\": [\n \"FINANCE.CUSTOMERS.FIRST_NAME\",\n \"FINANCE.CUSTOMERS.MIDDLE_NAME\",\n \"FINANCE.CUSTOMERS.LAST_NAME\",\n ],\n },\n {\n \"label\": d_ob.name,\n \"attributes\": [\"FINANCE.CUSTOMERS.DOB\"],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n // Create the repository\n var example_pg = new Cyral.Repository(\"example-pg\", new()\n {\n Type = \"postgresql\",\n RepoNodes = new[]\n {\n new Cyral.Inputs.RepositoryRepoNodeArgs\n {\n Host = \"pg.example.com\",\n Port = 5432,\n },\n },\n });\n\n // Create custom labels\n var nAME = new Cyral.Datalabel(\"nAME\", new()\n {\n Description = \"Customer name\",\n Tags = new[]\n {\n \"PII\",\n },\n });\n\n var dOB = new Cyral.Datalabel(\"dOB\", new()\n {\n Description = \"Customer date of birth\",\n Tags = new[]\n {\n \"PII\",\n },\n });\n\n // Create data map for the repository, using the custom labels\n var example_pgDatamap = new Cyral.RepositoryDatamap(\"example-pgDatamap\", new()\n {\n RepositoryId = example_pg.Id,\n Mappings = new[]\n {\n new Cyral.Inputs.RepositoryDatamapMappingArgs\n {\n Label = nAME.Name,\n Attributes = new[]\n {\n \"FINANCE.CUSTOMERS.FIRST_NAME\",\n \"FINANCE.CUSTOMERS.MIDDLE_NAME\",\n \"FINANCE.CUSTOMERS.LAST_NAME\",\n },\n },\n new Cyral.Inputs.RepositoryDatamapMappingArgs\n {\n Label = dOB.Name,\n Attributes = new[]\n {\n \"FINANCE.CUSTOMERS.DOB\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Create the repository\n\t\texample_pg, err := cyral.NewRepository(ctx, \"example-pg\", &cyral.RepositoryArgs{\n\t\t\tType: pulumi.String(\"postgresql\"),\n\t\t\tRepoNodes: cyral.RepositoryRepoNodeArray{\n\t\t\t\t&cyral.RepositoryRepoNodeArgs{\n\t\t\t\t\tHost: pulumi.String(\"pg.example.com\"),\n\t\t\t\t\tPort: pulumi.Float64(5432),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create custom labels\n\t\tnAME, err := cyral.NewDatalabel(ctx, \"nAME\", &cyral.DatalabelArgs{\n\t\t\tDescription: pulumi.String(\"Customer name\"),\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"PII\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdOB, err := cyral.NewDatalabel(ctx, \"dOB\", &cyral.DatalabelArgs{\n\t\t\tDescription: pulumi.String(\"Customer date of birth\"),\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"PII\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create data map for the repository, using the custom labels\n\t\t_, err = cyral.NewRepositoryDatamap(ctx, \"example-pgDatamap\", &cyral.RepositoryDatamapArgs{\n\t\t\tRepositoryId: example_pg.ID(),\n\t\t\tMappings: cyral.RepositoryDatamapMappingArray{\n\t\t\t\t&cyral.RepositoryDatamapMappingArgs{\n\t\t\t\t\tLabel: nAME.Name,\n\t\t\t\t\tAttributes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"FINANCE.CUSTOMERS.FIRST_NAME\"),\n\t\t\t\t\t\tpulumi.String(\"FINANCE.CUSTOMERS.MIDDLE_NAME\"),\n\t\t\t\t\t\tpulumi.String(\"FINANCE.CUSTOMERS.LAST_NAME\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&cyral.RepositoryDatamapMappingArgs{\n\t\t\t\t\tLabel: dOB.Name,\n\t\t\t\t\tAttributes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"FINANCE.CUSTOMERS.DOB\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.Repository;\nimport com.pulumi.cyral.RepositoryArgs;\nimport com.pulumi.cyral.inputs.RepositoryRepoNodeArgs;\nimport com.pulumi.cyral.Datalabel;\nimport com.pulumi.cyral.DatalabelArgs;\nimport com.pulumi.cyral.RepositoryDatamap;\nimport com.pulumi.cyral.RepositoryDatamapArgs;\nimport com.pulumi.cyral.inputs.RepositoryDatamapMappingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Create the repository\n var example_pg = new Repository(\"example-pg\", RepositoryArgs.builder()\n .type(\"postgresql\")\n .repoNodes(RepositoryRepoNodeArgs.builder()\n .host(\"pg.example.com\")\n .port(5432)\n .build())\n .build());\n\n // Create custom labels\n var nAME = new Datalabel(\"nAME\", DatalabelArgs.builder()\n .description(\"Customer name\")\n .tags(\"PII\")\n .build());\n\n var dOB = new Datalabel(\"dOB\", DatalabelArgs.builder()\n .description(\"Customer date of birth\")\n .tags(\"PII\")\n .build());\n\n // Create data map for the repository, using the custom labels\n var example_pgDatamap = new RepositoryDatamap(\"example-pgDatamap\", RepositoryDatamapArgs.builder()\n .repositoryId(example_pg.id())\n .mappings( \n RepositoryDatamapMappingArgs.builder()\n .label(nAME.name())\n .attributes( \n \"FINANCE.CUSTOMERS.FIRST_NAME\",\n \"FINANCE.CUSTOMERS.MIDDLE_NAME\",\n \"FINANCE.CUSTOMERS.LAST_NAME\")\n .build(),\n RepositoryDatamapMappingArgs.builder()\n .label(dOB.name())\n .attributes(\"FINANCE.CUSTOMERS.DOB\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create the repository\n example-pg:\n type: cyral:Repository\n properties:\n type: postgresql\n repoNodes:\n - host: pg.example.com\n port: 5432\n # Create custom labels\n nAME:\n type: cyral:Datalabel\n properties:\n description: Customer name\n tags:\n - PII\n dOB:\n type: cyral:Datalabel\n properties:\n description: Customer date of birth\n tags:\n - PII\n # Create data map for the repository, using the custom labels\n example-pgDatamap:\n type: cyral:RepositoryDatamap\n properties:\n repositoryId: ${[\"example-pg\"].id}\n mappings:\n - label: ${nAME.name}\n attributes:\n - FINANCE.CUSTOMERS.FIRST_NAME\n - FINANCE.CUSTOMERS.MIDDLE_NAME\n - FINANCE.CUSTOMERS.LAST_NAME\n - label: ${dOB.name}\n attributes:\n - FINANCE.CUSTOMERS.DOB\n```\n\n", "properties": { "mappings": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FRepositoryDatamapMapping:RepositoryDatamapMapping" }, "description": "Mapping of a label to a list of data locations (attributes).\n" }, "repositoryDatamapId": { "type": "string", "description": "The ID of this resource.\n" }, "repositoryId": { "type": "string", "description": "ID of the repository for which to configure a data map.\n" } }, "type": "object", "required": [ "mappings", "repositoryDatamapId", "repositoryId" ], "inputProperties": { "mappings": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FRepositoryDatamapMapping:RepositoryDatamapMapping" }, "description": "Mapping of a label to a list of data locations (attributes).\n" }, "repositoryDatamapId": { "type": "string", "description": "The ID of this resource.\n" }, "repositoryId": { "type": "string", "description": "ID of the repository for which to configure a data map.\n" } }, "requiredInputs": [ "mappings", "repositoryId" ], "stateInputs": { "description": "Input properties used for looking up and filtering RepositoryDatamap resources.\n", "properties": { "mappings": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FRepositoryDatamapMapping:RepositoryDatamapMapping" }, "description": "Mapping of a label to a list of data locations (attributes).\n" }, "repositoryDatamapId": { "type": "string", "description": "The ID of this resource.\n" }, "repositoryId": { "type": "string", "description": "ID of the repository for which to configure a data map.\n" } }, "type": "object" } }, "cyral:index/repositoryNetworkAccessPolicy:RepositoryNetworkAccessPolicy": { "description": "## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\n// Repository the policy refers to\nconst mySqlserverRepo = new cyral.Repository(\"mySqlserverRepo\", {\n type: \"sqlserver\",\n repoNodes: [{\n host: \"sqlserver.mycompany.com\",\n port: 1433,\n }],\n});\nconst confAuth = new cyral.RepositoryConfAuth(\"confAuth\", {\n repositoryId: mySqlserverRepo.id,\n allowNativeAuth: true,\n clientTls: \"enable\",\n repoTls: \"enable\",\n});\n// Allow access from IPs 1.2.3.4 and 4.3.2.1 for Admin database\n// account, and from any IP address for accounts Engineer and\n// Analyst.\nconst accessPolicy = new cyral.RepositoryNetworkAccessPolicy(\"accessPolicy\", {\n repositoryId: mySqlserverRepo.id,\n networkAccessRules: [\n {\n name: \"rule1\",\n dbAccounts: [\"Admin\"],\n sourceIps: [\n \"1.2.3.4\",\n \"4.3.2.1\",\n ],\n },\n {\n name: \"rule2\",\n dbAccounts: [\n \"Engineer\",\n \"Analyst\",\n ],\n },\n ],\n}, {\n dependsOn: [confAuth],\n});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\n# Repository the policy refers to\nmy_sqlserver_repo = cyral.Repository(\"mySqlserverRepo\",\n type=\"sqlserver\",\n repo_nodes=[{\n \"host\": \"sqlserver.mycompany.com\",\n \"port\": 1433,\n }])\nconf_auth = cyral.RepositoryConfAuth(\"confAuth\",\n repository_id=my_sqlserver_repo.id,\n allow_native_auth=True,\n client_tls=\"enable\",\n repo_tls=\"enable\")\n# Allow access from IPs 1.2.3.4 and 4.3.2.1 for Admin database\n# account, and from any IP address for accounts Engineer and\n# Analyst.\naccess_policy = cyral.RepositoryNetworkAccessPolicy(\"accessPolicy\",\n repository_id=my_sqlserver_repo.id,\n network_access_rules=[\n {\n \"name\": \"rule1\",\n \"db_accounts\": [\"Admin\"],\n \"source_ips\": [\n \"1.2.3.4\",\n \"4.3.2.1\",\n ],\n },\n {\n \"name\": \"rule2\",\n \"db_accounts\": [\n \"Engineer\",\n \"Analyst\",\n ],\n },\n ],\n opts = pulumi.ResourceOptions(depends_on=[conf_auth]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n // Repository the policy refers to\n var mySqlserverRepo = new Cyral.Repository(\"mySqlserverRepo\", new()\n {\n Type = \"sqlserver\",\n RepoNodes = new[]\n {\n new Cyral.Inputs.RepositoryRepoNodeArgs\n {\n Host = \"sqlserver.mycompany.com\",\n Port = 1433,\n },\n },\n });\n\n var confAuth = new Cyral.RepositoryConfAuth(\"confAuth\", new()\n {\n RepositoryId = mySqlserverRepo.Id,\n AllowNativeAuth = true,\n ClientTls = \"enable\",\n RepoTls = \"enable\",\n });\n\n // Allow access from IPs 1.2.3.4 and 4.3.2.1 for Admin database\n // account, and from any IP address for accounts Engineer and\n // Analyst.\n var accessPolicy = new Cyral.RepositoryNetworkAccessPolicy(\"accessPolicy\", new()\n {\n RepositoryId = mySqlserverRepo.Id,\n NetworkAccessRules = new[]\n {\n new Cyral.Inputs.RepositoryNetworkAccessPolicyNetworkAccessRuleArgs\n {\n Name = \"rule1\",\n DbAccounts = new[]\n {\n \"Admin\",\n },\n SourceIps = new[]\n {\n \"1.2.3.4\",\n \"4.3.2.1\",\n },\n },\n new Cyral.Inputs.RepositoryNetworkAccessPolicyNetworkAccessRuleArgs\n {\n Name = \"rule2\",\n DbAccounts = new[]\n {\n \"Engineer\",\n \"Analyst\",\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n confAuth,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Repository the policy refers to\n\t\tmySqlserverRepo, err := cyral.NewRepository(ctx, \"mySqlserverRepo\", &cyral.RepositoryArgs{\n\t\t\tType: pulumi.String(\"sqlserver\"),\n\t\t\tRepoNodes: cyral.RepositoryRepoNodeArray{\n\t\t\t\t&cyral.RepositoryRepoNodeArgs{\n\t\t\t\t\tHost: pulumi.String(\"sqlserver.mycompany.com\"),\n\t\t\t\t\tPort: pulumi.Float64(1433),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tconfAuth, err := cyral.NewRepositoryConfAuth(ctx, \"confAuth\", &cyral.RepositoryConfAuthArgs{\n\t\t\tRepositoryId: mySqlserverRepo.ID(),\n\t\t\tAllowNativeAuth: pulumi.Bool(true),\n\t\t\tClientTls: pulumi.String(\"enable\"),\n\t\t\tRepoTls: pulumi.String(\"enable\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Allow access from IPs 1.2.3.4 and 4.3.2.1 for Admin database\n\t\t// account, and from any IP address for accounts Engineer and\n\t\t// Analyst.\n\t\t_, err = cyral.NewRepositoryNetworkAccessPolicy(ctx, \"accessPolicy\", &cyral.RepositoryNetworkAccessPolicyArgs{\n\t\t\tRepositoryId: mySqlserverRepo.ID(),\n\t\t\tNetworkAccessRules: cyral.RepositoryNetworkAccessPolicyNetworkAccessRuleArray{\n\t\t\t\t&cyral.RepositoryNetworkAccessPolicyNetworkAccessRuleArgs{\n\t\t\t\t\tName: pulumi.String(\"rule1\"),\n\t\t\t\t\tDbAccounts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"Admin\"),\n\t\t\t\t\t},\n\t\t\t\t\tSourceIps: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"1.2.3.4\"),\n\t\t\t\t\t\tpulumi.String(\"4.3.2.1\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&cyral.RepositoryNetworkAccessPolicyNetworkAccessRuleArgs{\n\t\t\t\t\tName: pulumi.String(\"rule2\"),\n\t\t\t\t\tDbAccounts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"Engineer\"),\n\t\t\t\t\t\tpulumi.String(\"Analyst\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tconfAuth,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.Repository;\nimport com.pulumi.cyral.RepositoryArgs;\nimport com.pulumi.cyral.inputs.RepositoryRepoNodeArgs;\nimport com.pulumi.cyral.RepositoryConfAuth;\nimport com.pulumi.cyral.RepositoryConfAuthArgs;\nimport com.pulumi.cyral.RepositoryNetworkAccessPolicy;\nimport com.pulumi.cyral.RepositoryNetworkAccessPolicyArgs;\nimport com.pulumi.cyral.inputs.RepositoryNetworkAccessPolicyNetworkAccessRuleArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Repository the policy refers to\n var mySqlserverRepo = new Repository(\"mySqlserverRepo\", RepositoryArgs.builder()\n .type(\"sqlserver\")\n .repoNodes(RepositoryRepoNodeArgs.builder()\n .host(\"sqlserver.mycompany.com\")\n .port(1433)\n .build())\n .build());\n\n var confAuth = new RepositoryConfAuth(\"confAuth\", RepositoryConfAuthArgs.builder()\n .repositoryId(mySqlserverRepo.id())\n .allowNativeAuth(true)\n .clientTls(\"enable\")\n .repoTls(\"enable\")\n .build());\n\n // Allow access from IPs 1.2.3.4 and 4.3.2.1 for Admin database\n // account, and from any IP address for accounts Engineer and\n // Analyst.\n var accessPolicy = new RepositoryNetworkAccessPolicy(\"accessPolicy\", RepositoryNetworkAccessPolicyArgs.builder()\n .repositoryId(mySqlserverRepo.id())\n .networkAccessRules( \n RepositoryNetworkAccessPolicyNetworkAccessRuleArgs.builder()\n .name(\"rule1\")\n .dbAccounts(\"Admin\")\n .sourceIps( \n \"1.2.3.4\",\n \"4.3.2.1\")\n .build(),\n RepositoryNetworkAccessPolicyNetworkAccessRuleArgs.builder()\n .name(\"rule2\")\n .dbAccounts( \n \"Engineer\",\n \"Analyst\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(confAuth)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Repository the policy refers to\n mySqlserverRepo:\n type: cyral:Repository\n properties:\n type: sqlserver\n repoNodes:\n - host: sqlserver.mycompany.com\n port: 1433\n confAuth:\n type: cyral:RepositoryConfAuth\n properties:\n repositoryId: ${mySqlserverRepo.id}\n allowNativeAuth: true\n clientTls: enable\n repoTls: enable\n # Allow access from IPs 1.2.3.4 and 4.3.2.1 for Admin database\n # account, and from any IP address for accounts Engineer and\n # Analyst.\n accessPolicy:\n type: cyral:RepositoryNetworkAccessPolicy\n properties:\n repositoryId: ${mySqlserverRepo.id}\n networkAccessRules:\n - name: rule1\n dbAccounts:\n - Admin\n sourceIps:\n - 1.2.3.4\n - 4.3.2.1\n - name: rule2\n dbAccounts:\n - Engineer\n - Analyst\n options:\n dependsOn:\n - ${confAuth}\n```\n\n", "properties": { "enabled": { "type": "boolean", "description": "Is the network access policy enabled? Default is true.\n" }, "networkAccessRules": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FRepositoryNetworkAccessPolicyNetworkAccessRule:RepositoryNetworkAccessPolicyNetworkAccessRule" }, "description": "Network access policy that decides whether access should be granted based on a set of rules.\n" }, "networkAccessRulesBlockAccess": { "type": "boolean", "description": "Determines what happens if an incoming connection matches one of the rules in `network_access_rule`. If set to true, the connection is blocked if it matches some rule (and allowed otherwise). Otherwise set to false, the connection is allowed only if it matches some rule. Default is false.\n" }, "repositoryId": { "type": "string", "description": "ID of the repository for which to configure a network access policy.\n" } }, "type": "object", "required": [ "repositoryId" ], "inputProperties": { "enabled": { "type": "boolean", "description": "Is the network access policy enabled? Default is true.\n" }, "networkAccessRules": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FRepositoryNetworkAccessPolicyNetworkAccessRule:RepositoryNetworkAccessPolicyNetworkAccessRule" }, "description": "Network access policy that decides whether access should be granted based on a set of rules.\n" }, "networkAccessRulesBlockAccess": { "type": "boolean", "description": "Determines what happens if an incoming connection matches one of the rules in `network_access_rule`. If set to true, the connection is blocked if it matches some rule (and allowed otherwise). Otherwise set to false, the connection is allowed only if it matches some rule. Default is false.\n" }, "repositoryId": { "type": "string", "description": "ID of the repository for which to configure a network access policy.\n" } }, "requiredInputs": [ "repositoryId" ], "stateInputs": { "description": "Input properties used for looking up and filtering RepositoryNetworkAccessPolicy resources.\n", "properties": { "enabled": { "type": "boolean", "description": "Is the network access policy enabled? Default is true.\n" }, "networkAccessRules": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FRepositoryNetworkAccessPolicyNetworkAccessRule:RepositoryNetworkAccessPolicyNetworkAccessRule" }, "description": "Network access policy that decides whether access should be granted based on a set of rules.\n" }, "networkAccessRulesBlockAccess": { "type": "boolean", "description": "Determines what happens if an incoming connection matches one of the rules in `network_access_rule`. If set to true, the connection is blocked if it matches some rule (and allowed otherwise). Otherwise set to false, the connection is allowed only if it matches some rule. Default is false.\n" }, "repositoryId": { "type": "string", "description": "ID of the repository for which to configure a network access policy.\n" } }, "type": "object" } }, "cyral:index/repositoryUserAccount:RepositoryUserAccount": { "description": "## # cyral.RepositoryUserAccount (Resource)\n\n> **Warning** When referring to the user account ID in other resources, like `cyral.RepositoryAccessRules` for example,\nuse the read-only attribute `user_account_id` instead of `id`.\n\n> Import ID syntax is `{repository_id}/{user_account_id}`, where `{user_account_id}` is the ID of the user\naccount in the Cyral Control Plane.\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\n// Test Repo to use in examples.\nconst tfTestRepo = new cyral.Repository(\"tfTestRepo\", {\n type: \"postgresql\",\n repoNodes: [{\n host: \"postgresql.mycompany.com\",\n port: 5432,\n }],\n});\n// cyral_repository_user_account with auth scheme aws_iam\nconst awsIam = new cyral.RepositoryUserAccount(\"awsIam\", {\n repositoryId: tfTestRepo.id,\n authScheme: {\n awsIam: {\n roleArn: \"role_arn\",\n },\n },\n});\n// cyral_repository_user_account with auth scheme aws_secrets will be created\nconst awsSecrets = new cyral.RepositoryUserAccount(\"awsSecrets\", {\n repositoryId: tfTestRepo.id,\n authScheme: {\n awsSecretsManager: {\n secretArn: \"secret_arn\",\n },\n },\n});\n// cyral_repository_user_account with auth scheme env_var will be created\nconst envVar = new cyral.RepositoryUserAccount(\"envVar\", {\n repositoryId: tfTestRepo.id,\n authScheme: {\n environmentVariable: {\n variableName: \"some-env-var\",\n },\n },\n});\n// cyral_repository_user_account with auth scheme gcp_secrets will be created\nconst gcpSecrets = new cyral.RepositoryUserAccount(\"gcpSecrets\", {\n repositoryId: tfTestRepo.id,\n authScheme: {\n gcpSecretsManager: {\n secretName: \"secret_name\",\n },\n },\n});\n// cyral_repository_user_account with auth scheme azure_key_vault will be created\nconst azureKeyVault = new cyral.RepositoryUserAccount(\"azureKeyVault\", {\n repositoryId: tfTestRepo.id,\n authScheme: {\n azureKeyVault: {\n secretUrl: \"https://vaultName.vault.azure.net/secrets/secretName\",\n },\n },\n});\n// cyral_repository_user_account with auth scheme hashicorp will be created\nconst hashicorp = new cyral.RepositoryUserAccount(\"hashicorp\", {\n repositoryId: tfTestRepo.id,\n authScheme: {\n hashicorpVault: {\n path: \"some-path\",\n isDynamicUserAccount: false,\n },\n },\n});\n// cyral_repository_user_account with auth scheme kubernetes will be created\nconst kubernetes = new cyral.RepositoryUserAccount(\"kubernetes\", {\n repositoryId: tfTestRepo.id,\n authScheme: {\n kubernetesSecret: {\n secretKey: \"secret_key\",\n secretName: \"secret_name\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\n# Test Repo to use in examples.\ntf_test_repo = cyral.Repository(\"tfTestRepo\",\n type=\"postgresql\",\n repo_nodes=[{\n \"host\": \"postgresql.mycompany.com\",\n \"port\": 5432,\n }])\n# cyral_repository_user_account with auth scheme aws_iam\naws_iam = cyral.RepositoryUserAccount(\"awsIam\",\n repository_id=tf_test_repo.id,\n auth_scheme={\n \"aws_iam\": {\n \"role_arn\": \"role_arn\",\n },\n })\n# cyral_repository_user_account with auth scheme aws_secrets will be created\naws_secrets = cyral.RepositoryUserAccount(\"awsSecrets\",\n repository_id=tf_test_repo.id,\n auth_scheme={\n \"aws_secrets_manager\": {\n \"secret_arn\": \"secret_arn\",\n },\n })\n# cyral_repository_user_account with auth scheme env_var will be created\nenv_var = cyral.RepositoryUserAccount(\"envVar\",\n repository_id=tf_test_repo.id,\n auth_scheme={\n \"environment_variable\": {\n \"variable_name\": \"some-env-var\",\n },\n })\n# cyral_repository_user_account with auth scheme gcp_secrets will be created\ngcp_secrets = cyral.RepositoryUserAccount(\"gcpSecrets\",\n repository_id=tf_test_repo.id,\n auth_scheme={\n \"gcp_secrets_manager\": {\n \"secret_name\": \"secret_name\",\n },\n })\n# cyral_repository_user_account with auth scheme azure_key_vault will be created\nazure_key_vault = cyral.RepositoryUserAccount(\"azureKeyVault\",\n repository_id=tf_test_repo.id,\n auth_scheme={\n \"azure_key_vault\": {\n \"secret_url\": \"https://vaultName.vault.azure.net/secrets/secretName\",\n },\n })\n# cyral_repository_user_account with auth scheme hashicorp will be created\nhashicorp = cyral.RepositoryUserAccount(\"hashicorp\",\n repository_id=tf_test_repo.id,\n auth_scheme={\n \"hashicorp_vault\": {\n \"path\": \"some-path\",\n \"is_dynamic_user_account\": False,\n },\n })\n# cyral_repository_user_account with auth scheme kubernetes will be created\nkubernetes = cyral.RepositoryUserAccount(\"kubernetes\",\n repository_id=tf_test_repo.id,\n auth_scheme={\n \"kubernetes_secret\": {\n \"secret_key\": \"secret_key\",\n \"secret_name\": \"secret_name\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n // Test Repo to use in examples.\n var tfTestRepo = new Cyral.Repository(\"tfTestRepo\", new()\n {\n Type = \"postgresql\",\n RepoNodes = new[]\n {\n new Cyral.Inputs.RepositoryRepoNodeArgs\n {\n Host = \"postgresql.mycompany.com\",\n Port = 5432,\n },\n },\n });\n\n // cyral_repository_user_account with auth scheme aws_iam\n var awsIam = new Cyral.RepositoryUserAccount(\"awsIam\", new()\n {\n RepositoryId = tfTestRepo.Id,\n AuthScheme = new Cyral.Inputs.RepositoryUserAccountAuthSchemeArgs\n {\n AwsIam = new Cyral.Inputs.RepositoryUserAccountAuthSchemeAwsIamArgs\n {\n RoleArn = \"role_arn\",\n },\n },\n });\n\n // cyral_repository_user_account with auth scheme aws_secrets will be created\n var awsSecrets = new Cyral.RepositoryUserAccount(\"awsSecrets\", new()\n {\n RepositoryId = tfTestRepo.Id,\n AuthScheme = new Cyral.Inputs.RepositoryUserAccountAuthSchemeArgs\n {\n AwsSecretsManager = new Cyral.Inputs.RepositoryUserAccountAuthSchemeAwsSecretsManagerArgs\n {\n SecretArn = \"secret_arn\",\n },\n },\n });\n\n // cyral_repository_user_account with auth scheme env_var will be created\n var envVar = new Cyral.RepositoryUserAccount(\"envVar\", new()\n {\n RepositoryId = tfTestRepo.Id,\n AuthScheme = new Cyral.Inputs.RepositoryUserAccountAuthSchemeArgs\n {\n EnvironmentVariable = new Cyral.Inputs.RepositoryUserAccountAuthSchemeEnvironmentVariableArgs\n {\n VariableName = \"some-env-var\",\n },\n },\n });\n\n // cyral_repository_user_account with auth scheme gcp_secrets will be created\n var gcpSecrets = new Cyral.RepositoryUserAccount(\"gcpSecrets\", new()\n {\n RepositoryId = tfTestRepo.Id,\n AuthScheme = new Cyral.Inputs.RepositoryUserAccountAuthSchemeArgs\n {\n GcpSecretsManager = new Cyral.Inputs.RepositoryUserAccountAuthSchemeGcpSecretsManagerArgs\n {\n SecretName = \"secret_name\",\n },\n },\n });\n\n // cyral_repository_user_account with auth scheme azure_key_vault will be created\n var azureKeyVault = new Cyral.RepositoryUserAccount(\"azureKeyVault\", new()\n {\n RepositoryId = tfTestRepo.Id,\n AuthScheme = new Cyral.Inputs.RepositoryUserAccountAuthSchemeArgs\n {\n AzureKeyVault = new Cyral.Inputs.RepositoryUserAccountAuthSchemeAzureKeyVaultArgs\n {\n SecretUrl = \"https://vaultName.vault.azure.net/secrets/secretName\",\n },\n },\n });\n\n // cyral_repository_user_account with auth scheme hashicorp will be created\n var hashicorp = new Cyral.RepositoryUserAccount(\"hashicorp\", new()\n {\n RepositoryId = tfTestRepo.Id,\n AuthScheme = new Cyral.Inputs.RepositoryUserAccountAuthSchemeArgs\n {\n HashicorpVault = new Cyral.Inputs.RepositoryUserAccountAuthSchemeHashicorpVaultArgs\n {\n Path = \"some-path\",\n IsDynamicUserAccount = false,\n },\n },\n });\n\n // cyral_repository_user_account with auth scheme kubernetes will be created\n var kubernetes = new Cyral.RepositoryUserAccount(\"kubernetes\", new()\n {\n RepositoryId = tfTestRepo.Id,\n AuthScheme = new Cyral.Inputs.RepositoryUserAccountAuthSchemeArgs\n {\n KubernetesSecret = new Cyral.Inputs.RepositoryUserAccountAuthSchemeKubernetesSecretArgs\n {\n SecretKey = \"secret_key\",\n SecretName = \"secret_name\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Test Repo to use in examples.\n\t\ttfTestRepo, err := cyral.NewRepository(ctx, \"tfTestRepo\", &cyral.RepositoryArgs{\n\t\t\tType: pulumi.String(\"postgresql\"),\n\t\t\tRepoNodes: cyral.RepositoryRepoNodeArray{\n\t\t\t\t&cyral.RepositoryRepoNodeArgs{\n\t\t\t\t\tHost: pulumi.String(\"postgresql.mycompany.com\"),\n\t\t\t\t\tPort: pulumi.Float64(5432),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// cyral_repository_user_account with auth scheme aws_iam\n\t\t_, err = cyral.NewRepositoryUserAccount(ctx, \"awsIam\", &cyral.RepositoryUserAccountArgs{\n\t\t\tRepositoryId: tfTestRepo.ID(),\n\t\t\tAuthScheme: &cyral.RepositoryUserAccountAuthSchemeArgs{\n\t\t\t\tAwsIam: &cyral.RepositoryUserAccountAuthSchemeAwsIamArgs{\n\t\t\t\t\tRoleArn: pulumi.String(\"role_arn\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// cyral_repository_user_account with auth scheme aws_secrets will be created\n\t\t_, err = cyral.NewRepositoryUserAccount(ctx, \"awsSecrets\", &cyral.RepositoryUserAccountArgs{\n\t\t\tRepositoryId: tfTestRepo.ID(),\n\t\t\tAuthScheme: &cyral.RepositoryUserAccountAuthSchemeArgs{\n\t\t\t\tAwsSecretsManager: &cyral.RepositoryUserAccountAuthSchemeAwsSecretsManagerArgs{\n\t\t\t\t\tSecretArn: pulumi.String(\"secret_arn\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// cyral_repository_user_account with auth scheme env_var will be created\n\t\t_, err = cyral.NewRepositoryUserAccount(ctx, \"envVar\", &cyral.RepositoryUserAccountArgs{\n\t\t\tRepositoryId: tfTestRepo.ID(),\n\t\t\tAuthScheme: &cyral.RepositoryUserAccountAuthSchemeArgs{\n\t\t\t\tEnvironmentVariable: &cyral.RepositoryUserAccountAuthSchemeEnvironmentVariableArgs{\n\t\t\t\t\tVariableName: pulumi.String(\"some-env-var\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// cyral_repository_user_account with auth scheme gcp_secrets will be created\n\t\t_, err = cyral.NewRepositoryUserAccount(ctx, \"gcpSecrets\", &cyral.RepositoryUserAccountArgs{\n\t\t\tRepositoryId: tfTestRepo.ID(),\n\t\t\tAuthScheme: &cyral.RepositoryUserAccountAuthSchemeArgs{\n\t\t\t\tGcpSecretsManager: &cyral.RepositoryUserAccountAuthSchemeGcpSecretsManagerArgs{\n\t\t\t\t\tSecretName: pulumi.String(\"secret_name\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// cyral_repository_user_account with auth scheme azure_key_vault will be created\n\t\t_, err = cyral.NewRepositoryUserAccount(ctx, \"azureKeyVault\", &cyral.RepositoryUserAccountArgs{\n\t\t\tRepositoryId: tfTestRepo.ID(),\n\t\t\tAuthScheme: &cyral.RepositoryUserAccountAuthSchemeArgs{\n\t\t\t\tAzureKeyVault: &cyral.RepositoryUserAccountAuthSchemeAzureKeyVaultArgs{\n\t\t\t\t\tSecretUrl: pulumi.String(\"https://vaultName.vault.azure.net/secrets/secretName\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// cyral_repository_user_account with auth scheme hashicorp will be created\n\t\t_, err = cyral.NewRepositoryUserAccount(ctx, \"hashicorp\", &cyral.RepositoryUserAccountArgs{\n\t\t\tRepositoryId: tfTestRepo.ID(),\n\t\t\tAuthScheme: &cyral.RepositoryUserAccountAuthSchemeArgs{\n\t\t\t\tHashicorpVault: &cyral.RepositoryUserAccountAuthSchemeHashicorpVaultArgs{\n\t\t\t\t\tPath: pulumi.String(\"some-path\"),\n\t\t\t\t\tIsDynamicUserAccount: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// cyral_repository_user_account with auth scheme kubernetes will be created\n\t\t_, err = cyral.NewRepositoryUserAccount(ctx, \"kubernetes\", &cyral.RepositoryUserAccountArgs{\n\t\t\tRepositoryId: tfTestRepo.ID(),\n\t\t\tAuthScheme: &cyral.RepositoryUserAccountAuthSchemeArgs{\n\t\t\t\tKubernetesSecret: &cyral.RepositoryUserAccountAuthSchemeKubernetesSecretArgs{\n\t\t\t\t\tSecretKey: pulumi.String(\"secret_key\"),\n\t\t\t\t\tSecretName: pulumi.String(\"secret_name\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.Repository;\nimport com.pulumi.cyral.RepositoryArgs;\nimport com.pulumi.cyral.inputs.RepositoryRepoNodeArgs;\nimport com.pulumi.cyral.RepositoryUserAccount;\nimport com.pulumi.cyral.RepositoryUserAccountArgs;\nimport com.pulumi.cyral.inputs.RepositoryUserAccountAuthSchemeArgs;\nimport com.pulumi.cyral.inputs.RepositoryUserAccountAuthSchemeAwsIamArgs;\nimport com.pulumi.cyral.inputs.RepositoryUserAccountAuthSchemeAwsSecretsManagerArgs;\nimport com.pulumi.cyral.inputs.RepositoryUserAccountAuthSchemeEnvironmentVariableArgs;\nimport com.pulumi.cyral.inputs.RepositoryUserAccountAuthSchemeGcpSecretsManagerArgs;\nimport com.pulumi.cyral.inputs.RepositoryUserAccountAuthSchemeAzureKeyVaultArgs;\nimport com.pulumi.cyral.inputs.RepositoryUserAccountAuthSchemeHashicorpVaultArgs;\nimport com.pulumi.cyral.inputs.RepositoryUserAccountAuthSchemeKubernetesSecretArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Test Repo to use in examples.\n var tfTestRepo = new Repository(\"tfTestRepo\", RepositoryArgs.builder()\n .type(\"postgresql\")\n .repoNodes(RepositoryRepoNodeArgs.builder()\n .host(\"postgresql.mycompany.com\")\n .port(5432)\n .build())\n .build());\n\n // cyral_repository_user_account with auth scheme aws_iam\n var awsIam = new RepositoryUserAccount(\"awsIam\", RepositoryUserAccountArgs.builder()\n .repositoryId(tfTestRepo.id())\n .authScheme(RepositoryUserAccountAuthSchemeArgs.builder()\n .awsIam(RepositoryUserAccountAuthSchemeAwsIamArgs.builder()\n .roleArn(\"role_arn\")\n .build())\n .build())\n .build());\n\n // cyral_repository_user_account with auth scheme aws_secrets will be created\n var awsSecrets = new RepositoryUserAccount(\"awsSecrets\", RepositoryUserAccountArgs.builder()\n .repositoryId(tfTestRepo.id())\n .authScheme(RepositoryUserAccountAuthSchemeArgs.builder()\n .awsSecretsManager(RepositoryUserAccountAuthSchemeAwsSecretsManagerArgs.builder()\n .secretArn(\"secret_arn\")\n .build())\n .build())\n .build());\n\n // cyral_repository_user_account with auth scheme env_var will be created\n var envVar = new RepositoryUserAccount(\"envVar\", RepositoryUserAccountArgs.builder()\n .repositoryId(tfTestRepo.id())\n .authScheme(RepositoryUserAccountAuthSchemeArgs.builder()\n .environmentVariable(RepositoryUserAccountAuthSchemeEnvironmentVariableArgs.builder()\n .variableName(\"some-env-var\")\n .build())\n .build())\n .build());\n\n // cyral_repository_user_account with auth scheme gcp_secrets will be created\n var gcpSecrets = new RepositoryUserAccount(\"gcpSecrets\", RepositoryUserAccountArgs.builder()\n .repositoryId(tfTestRepo.id())\n .authScheme(RepositoryUserAccountAuthSchemeArgs.builder()\n .gcpSecretsManager(RepositoryUserAccountAuthSchemeGcpSecretsManagerArgs.builder()\n .secretName(\"secret_name\")\n .build())\n .build())\n .build());\n\n // cyral_repository_user_account with auth scheme azure_key_vault will be created\n var azureKeyVault = new RepositoryUserAccount(\"azureKeyVault\", RepositoryUserAccountArgs.builder()\n .repositoryId(tfTestRepo.id())\n .authScheme(RepositoryUserAccountAuthSchemeArgs.builder()\n .azureKeyVault(RepositoryUserAccountAuthSchemeAzureKeyVaultArgs.builder()\n .secretUrl(\"https://vaultName.vault.azure.net/secrets/secretName\")\n .build())\n .build())\n .build());\n\n // cyral_repository_user_account with auth scheme hashicorp will be created\n var hashicorp = new RepositoryUserAccount(\"hashicorp\", RepositoryUserAccountArgs.builder()\n .repositoryId(tfTestRepo.id())\n .authScheme(RepositoryUserAccountAuthSchemeArgs.builder()\n .hashicorpVault(RepositoryUserAccountAuthSchemeHashicorpVaultArgs.builder()\n .path(\"some-path\")\n .isDynamicUserAccount(false)\n .build())\n .build())\n .build());\n\n // cyral_repository_user_account with auth scheme kubernetes will be created\n var kubernetes = new RepositoryUserAccount(\"kubernetes\", RepositoryUserAccountArgs.builder()\n .repositoryId(tfTestRepo.id())\n .authScheme(RepositoryUserAccountAuthSchemeArgs.builder()\n .kubernetesSecret(RepositoryUserAccountAuthSchemeKubernetesSecretArgs.builder()\n .secretKey(\"secret_key\")\n .secretName(\"secret_name\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Test Repo to use in examples.\n tfTestRepo:\n type: cyral:Repository\n properties:\n type: postgresql\n repoNodes:\n - host: postgresql.mycompany.com\n port: 5432\n # cyral_repository_user_account with auth scheme aws_iam\n awsIam:\n type: cyral:RepositoryUserAccount\n properties:\n repositoryId: ${tfTestRepo.id}\n authScheme:\n awsIam:\n roleArn: role_arn\n # cyral_repository_user_account with auth scheme aws_secrets will be created\n awsSecrets:\n type: cyral:RepositoryUserAccount\n properties:\n repositoryId: ${tfTestRepo.id}\n authScheme:\n awsSecretsManager:\n secretArn: secret_arn\n # cyral_repository_user_account with auth scheme env_var will be created\n envVar:\n type: cyral:RepositoryUserAccount\n properties:\n repositoryId: ${tfTestRepo.id}\n authScheme:\n environmentVariable:\n variableName: some-env-var\n # cyral_repository_user_account with auth scheme gcp_secrets will be created\n gcpSecrets:\n type: cyral:RepositoryUserAccount\n properties:\n repositoryId: ${tfTestRepo.id}\n authScheme:\n gcpSecretsManager:\n secretName: secret_name\n # cyral_repository_user_account with auth scheme azure_key_vault will be created\n azureKeyVault:\n type: cyral:RepositoryUserAccount\n properties:\n repositoryId: ${tfTestRepo.id}\n authScheme:\n azureKeyVault:\n secretUrl: https://vaultName.vault.azure.net/secrets/secretName\n # cyral_repository_user_account with auth scheme hashicorp will be created\n hashicorp:\n type: cyral:RepositoryUserAccount\n properties:\n repositoryId: ${tfTestRepo.id}\n authScheme:\n hashicorpVault:\n path: some-path\n isDynamicUserAccount: false\n # cyral_repository_user_account with auth scheme kubernetes will be created\n kubernetes:\n type: cyral:RepositoryUserAccount\n properties:\n repositoryId: ${tfTestRepo.id}\n authScheme:\n kubernetesSecret:\n secretKey: secret_key\n secretName: secret_name\n```\n\n", "properties": { "approvalConfig": { "$ref": "#/types/cyral:index%2FRepositoryUserAccountApprovalConfig:RepositoryUserAccountApprovalConfig", "description": "Configurations related to Approvals.\n" }, "authDatabaseName": { "type": "string", "description": "The database name that this User Account is scoped to, for `cyral.Repository` types that support multiple databases.\n" }, "authScheme": { "$ref": "#/types/cyral:index%2FRepositoryUserAccountAuthScheme:RepositoryUserAccountAuthScheme" }, "name": { "type": "string", "description": "The name of the User Account.\n" }, "repositoryId": { "type": "string", "description": "ID of the repository.\n" }, "userAccountId": { "type": "string", "description": "ID of the user account.\n" } }, "type": "object", "required": [ "authScheme", "name", "repositoryId", "userAccountId" ], "inputProperties": { "approvalConfig": { "$ref": "#/types/cyral:index%2FRepositoryUserAccountApprovalConfig:RepositoryUserAccountApprovalConfig", "description": "Configurations related to Approvals.\n" }, "authDatabaseName": { "type": "string", "description": "The database name that this User Account is scoped to, for `cyral.Repository` types that support multiple databases.\n" }, "authScheme": { "$ref": "#/types/cyral:index%2FRepositoryUserAccountAuthScheme:RepositoryUserAccountAuthScheme" }, "name": { "type": "string", "description": "The name of the User Account.\n" }, "repositoryId": { "type": "string", "description": "ID of the repository.\n" } }, "requiredInputs": [ "authScheme", "repositoryId" ], "stateInputs": { "description": "Input properties used for looking up and filtering RepositoryUserAccount resources.\n", "properties": { "approvalConfig": { "$ref": "#/types/cyral:index%2FRepositoryUserAccountApprovalConfig:RepositoryUserAccountApprovalConfig", "description": "Configurations related to Approvals.\n" }, "authDatabaseName": { "type": "string", "description": "The database name that this User Account is scoped to, for `cyral.Repository` types that support multiple databases.\n" }, "authScheme": { "$ref": "#/types/cyral:index%2FRepositoryUserAccountAuthScheme:RepositoryUserAccountAuthScheme" }, "name": { "type": "string", "description": "The name of the User Account.\n" }, "repositoryId": { "type": "string", "description": "ID of the repository.\n" }, "userAccountId": { "type": "string", "description": "ID of the user account.\n" } }, "type": "object" } }, "cyral:index/role:Role": { "description": "Manages [roles for Cyral control plane users](https://cyral.com/docs/user-administration/manage-cyral-roles/#create-and-manage-administrator-roles-for-cyral-control-plane-users). See also: Role SSO Groups.\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\n//## Role with Custom Permissions Configuration\nconst someResourceName = new cyral.Role(\"someResourceName\", {permissions: {\n approvalManagement: false,\n modifyIntegrations: false,\n modifyPolicies: true,\n modifyRoles: false,\n modifySidecarsAndRepositories: true,\n modifyUsers: true,\n repoCrawler: false,\n viewAuditLogs: false,\n viewDatamaps: false,\n}});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\n### Role with Custom Permissions Configuration\nsome_resource_name = cyral.Role(\"someResourceName\", permissions={\n \"approval_management\": False,\n \"modify_integrations\": False,\n \"modify_policies\": True,\n \"modify_roles\": False,\n \"modify_sidecars_and_repositories\": True,\n \"modify_users\": True,\n \"repo_crawler\": False,\n \"view_audit_logs\": False,\n \"view_datamaps\": False,\n})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n //## Role with Custom Permissions Configuration\n var someResourceName = new Cyral.Role(\"someResourceName\", new()\n {\n Permissions = new Cyral.Inputs.RolePermissionsArgs\n {\n ApprovalManagement = false,\n ModifyIntegrations = false,\n ModifyPolicies = true,\n ModifyRoles = false,\n ModifySidecarsAndRepositories = true,\n ModifyUsers = true,\n RepoCrawler = false,\n ViewAuditLogs = false,\n ViewDatamaps = false,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// ## Role with Custom Permissions Configuration\n\t\t_, err := cyral.NewRole(ctx, \"someResourceName\", &cyral.RoleArgs{\n\t\t\tPermissions: &cyral.RolePermissionsArgs{\n\t\t\t\tApprovalManagement: pulumi.Bool(false),\n\t\t\t\tModifyIntegrations: pulumi.Bool(false),\n\t\t\t\tModifyPolicies: pulumi.Bool(true),\n\t\t\t\tModifyRoles: pulumi.Bool(false),\n\t\t\t\tModifySidecarsAndRepositories: pulumi.Bool(true),\n\t\t\t\tModifyUsers: pulumi.Bool(true),\n\t\t\t\tRepoCrawler: pulumi.Bool(false),\n\t\t\t\tViewAuditLogs: pulumi.Bool(false),\n\t\t\t\tViewDatamaps: pulumi.Bool(false),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.Role;\nimport com.pulumi.cyral.RoleArgs;\nimport com.pulumi.cyral.inputs.RolePermissionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n //## Role with Custom Permissions Configuration\n var someResourceName = new Role(\"someResourceName\", RoleArgs.builder()\n .permissions(RolePermissionsArgs.builder()\n .approvalManagement(false)\n .modifyIntegrations(false)\n .modifyPolicies(true)\n .modifyRoles(false)\n .modifySidecarsAndRepositories(true)\n .modifyUsers(true)\n .repoCrawler(false)\n .viewAuditLogs(false)\n .viewDatamaps(false)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n ## Role with Custom Permissions Configuration\n someResourceName:\n type: cyral:Role\n properties:\n permissions:\n approvalManagement: false\n modifyIntegrations: false\n modifyPolicies: true\n modifyRoles: false\n modifySidecarsAndRepositories: true\n modifyUsers: true\n repoCrawler: false\n viewAuditLogs: false\n viewDatamaps: false\n```\n\n", "properties": { "name": { "type": "string", "description": "The name of the role.\n" }, "permissions": { "$ref": "#/types/cyral:index%2FRolePermissions:RolePermissions", "description": "A block responsible for configuring the role permissions.\n" } }, "type": "object", "required": [ "name" ], "inputProperties": { "name": { "type": "string", "description": "The name of the role.\n" }, "permissions": { "$ref": "#/types/cyral:index%2FRolePermissions:RolePermissions", "description": "A block responsible for configuring the role permissions.\n" } }, "stateInputs": { "description": "Input properties used for looking up and filtering Role resources.\n", "properties": { "name": { "type": "string", "description": "The name of the role.\n" }, "permissions": { "$ref": "#/types/cyral:index%2FRolePermissions:RolePermissions", "description": "A block responsible for configuring the role permissions.\n" } }, "type": "object" } }, "cyral:index/roleSsoGroups:RoleSsoGroups": { "description": "Manages [mapping SSO groups to specific roles](https://cyral.com/docs/user-administration/manage-cyral-roles/#map-an-sso-group-to-a-cyral-administrator-role) on Cyral control plane. See also: Role.\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\n//## Role with Single SSO Group\nconst someIdpOktaIntegrationIdpOkta = new cyral.IntegrationIdpOkta(\"someIdpOktaIntegrationIdpOkta\", {samlp: {\n config: {\n singleSignOnServiceUrl: \"https://some-sso-url.com\",\n },\n}});\nconst someRoleRole = new cyral.Role(\"someRoleRole\", {});\nconst someRoleSsoGroupsRoleSsoGroups = new cyral.RoleSsoGroups(\"someRoleSsoGroupsRoleSsoGroups\", {\n roleId: someRoleRole.id,\n ssoGroups: [{\n groupName: \"Everyone\",\n idpId: someIdpOktaIntegrationIdpOkta.id,\n }],\n});\n//## Role with Multiple SSO Groups\nconst someIdpOktaIndex_integrationIdpOktaIntegrationIdpOkta = new cyral.IntegrationIdpOkta(\"someIdpOktaIndex/integrationIdpOktaIntegrationIdpOkta\", {samlp: {\n config: {\n singleSignOnServiceUrl: \"https://some-sso-url.com\",\n },\n}});\nconst someRoleIndex_roleRole = new cyral.Role(\"someRoleIndex/roleRole\", {});\nconst someRoleSsoGroupsIndex_roleSsoGroupsRoleSsoGroups = new cyral.RoleSsoGroups(\"someRoleSsoGroupsIndex/roleSsoGroupsRoleSsoGroups\", {\n roleId: someRoleRole.id,\n ssoGroups: [\n {\n groupName: \"Admin\",\n idpId: someIdpOktaIntegrationIdpOkta.id,\n },\n {\n groupName: \"Dev\",\n idpId: someIdpOktaIntegrationIdpOkta.id,\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\n### Role with Single SSO Group\nsome_idp_okta_integration_idp_okta = cyral.IntegrationIdpOkta(\"someIdpOktaIntegrationIdpOkta\", samlp={\n \"config\": {\n \"single_sign_on_service_url\": \"https://some-sso-url.com\",\n },\n})\nsome_role_role = cyral.Role(\"someRoleRole\")\nsome_role_sso_groups_role_sso_groups = cyral.RoleSsoGroups(\"someRoleSsoGroupsRoleSsoGroups\",\n role_id=some_role_role.id,\n sso_groups=[{\n \"group_name\": \"Everyone\",\n \"idp_id\": some_idp_okta_integration_idp_okta.id,\n }])\n### Role with Multiple SSO Groups\nsome_idp_okta_index_integration_idp_okta_integration_idp_okta = cyral.IntegrationIdpOkta(\"someIdpOktaIndex/integrationIdpOktaIntegrationIdpOkta\", samlp={\n \"config\": {\n \"single_sign_on_service_url\": \"https://some-sso-url.com\",\n },\n})\nsome_role_index_role_role = cyral.Role(\"someRoleIndex/roleRole\")\nsome_role_sso_groups_index_role_sso_groups_role_sso_groups = cyral.RoleSsoGroups(\"someRoleSsoGroupsIndex/roleSsoGroupsRoleSsoGroups\",\n role_id=some_role_role.id,\n sso_groups=[\n {\n \"group_name\": \"Admin\",\n \"idp_id\": some_idp_okta_integration_idp_okta.id,\n },\n {\n \"group_name\": \"Dev\",\n \"idp_id\": some_idp_okta_integration_idp_okta.id,\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n //## Role with Single SSO Group\n var someIdpOktaIntegrationIdpOkta = new Cyral.IntegrationIdpOkta(\"someIdpOktaIntegrationIdpOkta\", new()\n {\n Samlp = new Cyral.Inputs.IntegrationIdpOktaSamlpArgs\n {\n Config = new Cyral.Inputs.IntegrationIdpOktaSamlpConfigArgs\n {\n SingleSignOnServiceUrl = \"https://some-sso-url.com\",\n },\n },\n });\n\n var someRoleRole = new Cyral.Role(\"someRoleRole\");\n\n var someRoleSsoGroupsRoleSsoGroups = new Cyral.RoleSsoGroups(\"someRoleSsoGroupsRoleSsoGroups\", new()\n {\n RoleId = someRoleRole.Id,\n SsoGroups = new[]\n {\n new Cyral.Inputs.RoleSsoGroupsSsoGroupArgs\n {\n GroupName = \"Everyone\",\n IdpId = someIdpOktaIntegrationIdpOkta.Id,\n },\n },\n });\n\n //## Role with Multiple SSO Groups\n var someIdpOktaIndex_integrationIdpOktaIntegrationIdpOkta = new Cyral.IntegrationIdpOkta(\"someIdpOktaIndex/integrationIdpOktaIntegrationIdpOkta\", new()\n {\n Samlp = new Cyral.Inputs.IntegrationIdpOktaSamlpArgs\n {\n Config = new Cyral.Inputs.IntegrationIdpOktaSamlpConfigArgs\n {\n SingleSignOnServiceUrl = \"https://some-sso-url.com\",\n },\n },\n });\n\n var someRoleIndex_roleRole = new Cyral.Role(\"someRoleIndex/roleRole\");\n\n var someRoleSsoGroupsIndex_roleSsoGroupsRoleSsoGroups = new Cyral.RoleSsoGroups(\"someRoleSsoGroupsIndex/roleSsoGroupsRoleSsoGroups\", new()\n {\n RoleId = someRoleRole.Id,\n SsoGroups = new[]\n {\n new Cyral.Inputs.RoleSsoGroupsSsoGroupArgs\n {\n GroupName = \"Admin\",\n IdpId = someIdpOktaIntegrationIdpOkta.Id,\n },\n new Cyral.Inputs.RoleSsoGroupsSsoGroupArgs\n {\n GroupName = \"Dev\",\n IdpId = someIdpOktaIntegrationIdpOkta.Id,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// ## Role with Single SSO Group\n\t\tsomeIdpOktaIntegrationIdpOkta, err := cyral.NewIntegrationIdpOkta(ctx, \"someIdpOktaIntegrationIdpOkta\", &cyral.IntegrationIdpOktaArgs{\n\t\t\tSamlp: &cyral.IntegrationIdpOktaSamlpArgs{\n\t\t\t\tConfig: &cyral.IntegrationIdpOktaSamlpConfigArgs{\n\t\t\t\t\tSingleSignOnServiceUrl: pulumi.String(\"https://some-sso-url.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsomeRoleRole, err := cyral.NewRole(ctx, \"someRoleRole\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cyral.NewRoleSsoGroups(ctx, \"someRoleSsoGroupsRoleSsoGroups\", &cyral.RoleSsoGroupsArgs{\n\t\t\tRoleId: someRoleRole.ID(),\n\t\t\tSsoGroups: cyral.RoleSsoGroupsSsoGroupArray{\n\t\t\t\t&cyral.RoleSsoGroupsSsoGroupArgs{\n\t\t\t\t\tGroupName: pulumi.String(\"Everyone\"),\n\t\t\t\t\tIdpId: someIdpOktaIntegrationIdpOkta.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// ## Role with Multiple SSO Groups\n\t\t_, err = cyral.NewIntegrationIdpOkta(ctx, \"someIdpOktaIndex/integrationIdpOktaIntegrationIdpOkta\", &cyral.IntegrationIdpOktaArgs{\n\t\t\tSamlp: &cyral.IntegrationIdpOktaSamlpArgs{\n\t\t\t\tConfig: &cyral.IntegrationIdpOktaSamlpConfigArgs{\n\t\t\t\t\tSingleSignOnServiceUrl: pulumi.String(\"https://some-sso-url.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cyral.NewRole(ctx, \"someRoleIndex/roleRole\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cyral.NewRoleSsoGroups(ctx, \"someRoleSsoGroupsIndex/roleSsoGroupsRoleSsoGroups\", &cyral.RoleSsoGroupsArgs{\n\t\t\tRoleId: someRoleRole.ID(),\n\t\t\tSsoGroups: cyral.RoleSsoGroupsSsoGroupArray{\n\t\t\t\t&cyral.RoleSsoGroupsSsoGroupArgs{\n\t\t\t\t\tGroupName: pulumi.String(\"Admin\"),\n\t\t\t\t\tIdpId: someIdpOktaIntegrationIdpOkta.ID(),\n\t\t\t\t},\n\t\t\t\t&cyral.RoleSsoGroupsSsoGroupArgs{\n\t\t\t\t\tGroupName: pulumi.String(\"Dev\"),\n\t\t\t\t\tIdpId: someIdpOktaIntegrationIdpOkta.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.IntegrationIdpOkta;\nimport com.pulumi.cyral.IntegrationIdpOktaArgs;\nimport com.pulumi.cyral.inputs.IntegrationIdpOktaSamlpArgs;\nimport com.pulumi.cyral.inputs.IntegrationIdpOktaSamlpConfigArgs;\nimport com.pulumi.cyral.Role;\nimport com.pulumi.cyral.RoleSsoGroups;\nimport com.pulumi.cyral.RoleSsoGroupsArgs;\nimport com.pulumi.cyral.inputs.RoleSsoGroupsSsoGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n //## Role with Single SSO Group\n var someIdpOktaIntegrationIdpOkta = new IntegrationIdpOkta(\"someIdpOktaIntegrationIdpOkta\", IntegrationIdpOktaArgs.builder()\n .samlp(IntegrationIdpOktaSamlpArgs.builder()\n .config(IntegrationIdpOktaSamlpConfigArgs.builder()\n .singleSignOnServiceUrl(\"https://some-sso-url.com\")\n .build())\n .build())\n .build());\n\n var someRoleRole = new Role(\"someRoleRole\");\n\n var someRoleSsoGroupsRoleSsoGroups = new RoleSsoGroups(\"someRoleSsoGroupsRoleSsoGroups\", RoleSsoGroupsArgs.builder()\n .roleId(someRoleRole.id())\n .ssoGroups(RoleSsoGroupsSsoGroupArgs.builder()\n .groupName(\"Everyone\")\n .idpId(someIdpOktaIntegrationIdpOkta.id())\n .build())\n .build());\n\n //## Role with Multiple SSO Groups\n var someIdpOktaIndex_integrationIdpOktaIntegrationIdpOkta = new IntegrationIdpOkta(\"someIdpOktaIndex/integrationIdpOktaIntegrationIdpOkta\", IntegrationIdpOktaArgs.builder()\n .samlp(IntegrationIdpOktaSamlpArgs.builder()\n .config(IntegrationIdpOktaSamlpConfigArgs.builder()\n .singleSignOnServiceUrl(\"https://some-sso-url.com\")\n .build())\n .build())\n .build());\n\n var someRoleIndex_roleRole = new Role(\"someRoleIndex/roleRole\");\n\n var someRoleSsoGroupsIndex_roleSsoGroupsRoleSsoGroups = new RoleSsoGroups(\"someRoleSsoGroupsIndex/roleSsoGroupsRoleSsoGroups\", RoleSsoGroupsArgs.builder()\n .roleId(someRoleRole.id())\n .ssoGroups( \n RoleSsoGroupsSsoGroupArgs.builder()\n .groupName(\"Admin\")\n .idpId(someIdpOktaIntegrationIdpOkta.id())\n .build(),\n RoleSsoGroupsSsoGroupArgs.builder()\n .groupName(\"Dev\")\n .idpId(someIdpOktaIntegrationIdpOkta.id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n ### Role with Single SSO Group\n someIdpOktaIntegrationIdpOkta:\n type: cyral:IntegrationIdpOkta\n properties:\n samlp:\n config:\n singleSignOnServiceUrl: https://some-sso-url.com\n someRoleRole:\n type: cyral:Role\n someRoleSsoGroupsRoleSsoGroups:\n type: cyral:RoleSsoGroups\n properties:\n roleId: ${someRoleRole.id}\n ssoGroups:\n - groupName: Everyone\n idpId: ${someIdpOktaIntegrationIdpOkta.id}\n ### Role with Multiple SSO Groups\n someIdpOktaIndex/integrationIdpOktaIntegrationIdpOkta:\n type: cyral:IntegrationIdpOkta\n properties:\n samlp:\n config:\n singleSignOnServiceUrl: https://some-sso-url.com\n someRoleIndex/roleRole:\n type: cyral:Role\n someRoleSsoGroupsIndex/roleSsoGroupsRoleSsoGroups:\n type: cyral:RoleSsoGroups\n properties:\n roleId: ${someRoleRole.id}\n ssoGroups:\n - groupName: Admin\n idpId: ${someIdpOktaIntegrationIdpOkta.id}\n - groupName: Dev\n idpId: ${someIdpOktaIntegrationIdpOkta.id}\n```\n\n", "properties": { "roleId": { "type": "string", "description": "The ID of the role resource that will be configured.\n" }, "roleSsoGroupsId": { "type": "string", "description": "The ID of this resource.\n" }, "ssoGroups": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FRoleSsoGroupsSsoGroup:RoleSsoGroupsSsoGroup" }, "description": "A block responsible for mapping an SSO group to a role.\n" } }, "type": "object", "required": [ "roleId", "roleSsoGroupsId", "ssoGroups" ], "inputProperties": { "roleId": { "type": "string", "description": "The ID of the role resource that will be configured.\n" }, "roleSsoGroupsId": { "type": "string", "description": "The ID of this resource.\n" }, "ssoGroups": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FRoleSsoGroupsSsoGroup:RoleSsoGroupsSsoGroup" }, "description": "A block responsible for mapping an SSO group to a role.\n" } }, "requiredInputs": [ "roleId", "ssoGroups" ], "stateInputs": { "description": "Input properties used for looking up and filtering RoleSsoGroups resources.\n", "properties": { "roleId": { "type": "string", "description": "The ID of the role resource that will be configured.\n" }, "roleSsoGroupsId": { "type": "string", "description": "The ID of this resource.\n" }, "ssoGroups": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FRoleSsoGroupsSsoGroup:RoleSsoGroupsSsoGroup" }, "description": "A block responsible for mapping an SSO group to a role.\n" } }, "type": "object" } }, "cyral:index/serviceAccount:ServiceAccount": { "description": "## # cyral.ServiceAccount (Resource)\n\nManages a Cyral Service Account (A.k.a: [Cyral API Access Key](https://cyral.com/docs/api-ref/api-intro/#api-access-key)). See also data source `cyral.getPermission`.\n\n> **Note** This resource does not support importing, since the client secret cannot be read after the resource creation.\n\n", "properties": { "clientId": { "type": "string", "description": "The service account client ID.\n" }, "clientSecret": { "type": "string", "secret": true }, "displayName": { "type": "string", "description": "The service account display name.\n" }, "permissionIds": { "type": "array", "items": { "type": "string" }, "description": "A list of permission IDs that will be assigned to this service account. See also data source `cyral.getPermission`.\n" } }, "type": "object", "required": [ "clientId", "clientSecret", "displayName", "permissionIds" ], "inputProperties": { "displayName": { "type": "string", "description": "The service account display name.\n" }, "permissionIds": { "type": "array", "items": { "type": "string" }, "description": "A list of permission IDs that will be assigned to this service account. See also data source `cyral.getPermission`.\n" } }, "requiredInputs": [ "displayName", "permissionIds" ], "stateInputs": { "description": "Input properties used for looking up and filtering ServiceAccount resources.\n", "properties": { "clientId": { "type": "string", "description": "The service account client ID.\n" }, "clientSecret": { "type": "string", "secret": true }, "displayName": { "type": "string", "description": "The service account display name.\n" }, "permissionIds": { "type": "array", "items": { "type": "string" }, "description": "A list of permission IDs that will be assigned to this service account. See also data source `cyral.getPermission`.\n" } }, "type": "object" } }, "cyral:index/sidecar:Sidecar": { "description": "Manages [sidecars](https://cyral.com/docs/sidecars/manage).\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst someResourceName = new cyral.Sidecar(\"someResourceName\", {\n bypassMode: \"failover\",\n deploymentMethod: \"someValidMethod\",\n labels: [\n \"label1\",\n \"label2\",\n ],\n userEndpoint: \"\",\n});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsome_resource_name = cyral.Sidecar(\"someResourceName\",\n bypass_mode=\"failover\",\n deployment_method=\"someValidMethod\",\n labels=[\n \"label1\",\n \"label2\",\n ],\n user_endpoint=\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var someResourceName = new Cyral.Sidecar(\"someResourceName\", new()\n {\n BypassMode = \"failover\",\n DeploymentMethod = \"someValidMethod\",\n Labels = new[]\n {\n \"label1\",\n \"label2\",\n },\n UserEndpoint = \"\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cyral.NewSidecar(ctx, \"someResourceName\", &cyral.SidecarArgs{\n\t\t\tBypassMode: pulumi.String(\"failover\"),\n\t\t\tDeploymentMethod: pulumi.String(\"someValidMethod\"),\n\t\t\tLabels: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"label1\"),\n\t\t\t\tpulumi.String(\"label2\"),\n\t\t\t},\n\t\t\tUserEndpoint: pulumi.String(\"\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.Sidecar;\nimport com.pulumi.cyral.SidecarArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var someResourceName = new Sidecar(\"someResourceName\", SidecarArgs.builder()\n .bypassMode(\"failover\")\n .deploymentMethod(\"someValidMethod\")\n .labels( \n \"label1\",\n \"label2\")\n .userEndpoint(\"\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n someResourceName:\n type: cyral:Sidecar\n properties:\n bypassMode: failover\n deploymentMethod: someValidMethod\n labels:\n - label1\n - label2\n userEndpoint: \"\"\n```\n\n", "properties": { "activityLogIntegrationId": { "type": "string", "description": "ID of the log integration mapped to this sidecar, used for Cyral activity logs.\n" }, "bypassMode": { "type": "string", "description": "This argument lets you specify how to handle the connection in the event of an error in the sidecar during a user’s session. Valid modes are: `always`, `failover` or `never`. Defaults to `failover`. If `always` is specified, the sidecar will run in [passthrough mode](https://cyral.com/docs/sidecars/manage#passthrough-mode). If `failover` is specified, the sidecar will run in [resiliency mode](https://cyral.com/docs/sidecars/manage#resilient-mode-of-sidecar-operation). If `never` is specified and there is an error in the sidecar, connections to bound repositories will fail.\n" }, "certificateBundleSecrets": { "$ref": "#/types/cyral:index%2FSidecarCertificateBundleSecrets:SidecarCertificateBundleSecrets", "description": "Certificate Bundle Secret is a configuration that holds data about the location of a particular TLS certificate bundle in a secrets manager.\n", "deprecationMessage": "Deprecated" }, "deploymentMethod": { "type": "string" }, "diagnosticLogIntegrationId": { "type": "string", "description": "ID of the log integration mapped to this sidecar, used for sidecar diagnostic logs.\n" }, "labels": { "type": "array", "items": { "type": "string" }, "description": "Labels that can be attached to the sidecar and shown in the `Tags` field in the UI.\n" }, "logIntegrationId": { "type": "string", "description": "ID of the log integration mapped to this sidecar, used for Cyral activity logs.\n", "deprecationMessage": "Deprecated" }, "name": { "type": "string", "description": "Sidecar name that will be used internally in Control Plane (ex: `your_sidecar_name`).\n" }, "userEndpoint": { "type": "string", "description": "User-defined endpoint (also referred as `alias`) that can be used to override the sidecar DNS endpoint shown in the UI.\n" }, "vaultIntegrationId": { "type": "string", "description": "ID of the HashiCorp Vault integration to associate to this sidecar to be used for database account authentication.\n" } }, "type": "object", "required": [ "deploymentMethod", "name" ], "inputProperties": { "activityLogIntegrationId": { "type": "string", "description": "ID of the log integration mapped to this sidecar, used for Cyral activity logs.\n" }, "bypassMode": { "type": "string", "description": "This argument lets you specify how to handle the connection in the event of an error in the sidecar during a user’s session. Valid modes are: `always`, `failover` or `never`. Defaults to `failover`. If `always` is specified, the sidecar will run in [passthrough mode](https://cyral.com/docs/sidecars/manage#passthrough-mode). If `failover` is specified, the sidecar will run in [resiliency mode](https://cyral.com/docs/sidecars/manage#resilient-mode-of-sidecar-operation). If `never` is specified and there is an error in the sidecar, connections to bound repositories will fail.\n" }, "certificateBundleSecrets": { "$ref": "#/types/cyral:index%2FSidecarCertificateBundleSecrets:SidecarCertificateBundleSecrets", "description": "Certificate Bundle Secret is a configuration that holds data about the location of a particular TLS certificate bundle in a secrets manager.\n", "deprecationMessage": "Deprecated" }, "deploymentMethod": { "type": "string" }, "diagnosticLogIntegrationId": { "type": "string", "description": "ID of the log integration mapped to this sidecar, used for sidecar diagnostic logs.\n" }, "labels": { "type": "array", "items": { "type": "string" }, "description": "Labels that can be attached to the sidecar and shown in the `Tags` field in the UI.\n" }, "logIntegrationId": { "type": "string", "description": "ID of the log integration mapped to this sidecar, used for Cyral activity logs.\n", "deprecationMessage": "Deprecated" }, "name": { "type": "string", "description": "Sidecar name that will be used internally in Control Plane (ex: `your_sidecar_name`).\n" }, "userEndpoint": { "type": "string", "description": "User-defined endpoint (also referred as `alias`) that can be used to override the sidecar DNS endpoint shown in the UI.\n" }, "vaultIntegrationId": { "type": "string", "description": "ID of the HashiCorp Vault integration to associate to this sidecar to be used for database account authentication.\n" } }, "requiredInputs": [ "deploymentMethod" ], "stateInputs": { "description": "Input properties used for looking up and filtering Sidecar resources.\n", "properties": { "activityLogIntegrationId": { "type": "string", "description": "ID of the log integration mapped to this sidecar, used for Cyral activity logs.\n" }, "bypassMode": { "type": "string", "description": "This argument lets you specify how to handle the connection in the event of an error in the sidecar during a user’s session. Valid modes are: `always`, `failover` or `never`. Defaults to `failover`. If `always` is specified, the sidecar will run in [passthrough mode](https://cyral.com/docs/sidecars/manage#passthrough-mode). If `failover` is specified, the sidecar will run in [resiliency mode](https://cyral.com/docs/sidecars/manage#resilient-mode-of-sidecar-operation). If `never` is specified and there is an error in the sidecar, connections to bound repositories will fail.\n" }, "certificateBundleSecrets": { "$ref": "#/types/cyral:index%2FSidecarCertificateBundleSecrets:SidecarCertificateBundleSecrets", "description": "Certificate Bundle Secret is a configuration that holds data about the location of a particular TLS certificate bundle in a secrets manager.\n", "deprecationMessage": "Deprecated" }, "deploymentMethod": { "type": "string" }, "diagnosticLogIntegrationId": { "type": "string", "description": "ID of the log integration mapped to this sidecar, used for sidecar diagnostic logs.\n" }, "labels": { "type": "array", "items": { "type": "string" }, "description": "Labels that can be attached to the sidecar and shown in the `Tags` field in the UI.\n" }, "logIntegrationId": { "type": "string", "description": "ID of the log integration mapped to this sidecar, used for Cyral activity logs.\n", "deprecationMessage": "Deprecated" }, "name": { "type": "string", "description": "Sidecar name that will be used internally in Control Plane (ex: `your_sidecar_name`).\n" }, "userEndpoint": { "type": "string", "description": "User-defined endpoint (also referred as `alias`) that can be used to override the sidecar DNS endpoint shown in the UI.\n" }, "vaultIntegrationId": { "type": "string", "description": "ID of the HashiCorp Vault integration to associate to this sidecar to be used for database account authentication.\n" } }, "type": "object" } }, "cyral:index/sidecarCredentials:SidecarCredentials": { "description": "## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst someResourceName = new cyral.SidecarCredentials(\"someResourceName\", {sidecarId: cyral_sidecar.SOME_SIDECAR_RESOURCE_NAME.id});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsome_resource_name = cyral.SidecarCredentials(\"someResourceName\", sidecar_id=cyral_sidecar[\"SOME_SIDECAR_RESOURCE_NAME\"][\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var someResourceName = new Cyral.SidecarCredentials(\"someResourceName\", new()\n {\n SidecarId = cyral_sidecar.SOME_SIDECAR_RESOURCE_NAME.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cyral.NewSidecarCredentials(ctx, \"someResourceName\", &cyral.SidecarCredentialsArgs{\n\t\t\tSidecarId: pulumi.Any(cyral_sidecar.SOME_SIDECAR_RESOURCE_NAME.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.SidecarCredentials;\nimport com.pulumi.cyral.SidecarCredentialsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var someResourceName = new SidecarCredentials(\"someResourceName\", SidecarCredentialsArgs.builder()\n .sidecarId(cyral_sidecar.SOME_SIDECAR_RESOURCE_NAME().id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n someResourceName:\n type: cyral:SidecarCredentials\n properties:\n sidecarId: ${cyral_sidecar.SOME_SIDECAR_RESOURCE_NAME.id}\n```\n\n", "properties": { "clientId": { "type": "string", "description": "Sidecar client ID.\n" }, "clientSecret": { "type": "string", "description": "Sidecar client secret.\n", "secret": true }, "sidecarId": { "type": "string", "description": "ID of the sidecar to create new credentials.\n" } }, "type": "object", "required": [ "clientId", "clientSecret", "sidecarId" ], "inputProperties": { "sidecarId": { "type": "string", "description": "ID of the sidecar to create new credentials.\n" } }, "requiredInputs": [ "sidecarId" ], "stateInputs": { "description": "Input properties used for looking up and filtering SidecarCredentials resources.\n", "properties": { "clientId": { "type": "string", "description": "Sidecar client ID.\n" }, "clientSecret": { "type": "string", "description": "Sidecar client secret.\n", "secret": true }, "sidecarId": { "type": "string", "description": "ID of the sidecar to create new credentials.\n" } }, "type": "object" } }, "cyral:index/sidecarListener:SidecarListener": { "description": "## # cyral.SidecarListener (Resource)\n\nManages sidecar listeners.\n> **Warning** Multiple listeners can be associated to a single sidecar as long as `host` and `port` are unique. If `host` is omitted, then `port` must be unique.\n\n> Import ID syntax is `{sidecar_id}/{listener_id}`.\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst sidecar = new cyral.Sidecar(\"sidecar\", {deploymentMethod: \"docker\"});\n// Plain listener\nconst listener = new cyral.SidecarListener(\"listener\", {\n sidecarId: sidecar.id,\n repoTypes: [\"mongodb\"],\n networkAddress: {\n port: 27017,\n },\n});\n// Listener with MySQL Settings\nconst listenerMysql = new cyral.SidecarListener(\"listenerMysql\", {\n sidecarId: sidecar.id,\n repoTypes: [\"mysql\"],\n networkAddress: {\n port: 3306,\n },\n mysqlSettings: {\n dbVersion: \"8.0.4\",\n characterSet: \"utf8mb4_0900_ai_ci\",\n },\n});\n// Listener for S3 CLI and AWS SDK\nconst listenerS3CliSidecarListener = new cyral.SidecarListener(\"listenerS3CliSidecarListener\", {\n sidecarId: sidecar.id,\n repoTypes: [\"s3\"],\n networkAddress: {\n port: 443,\n },\n s3Settings: {\n proxyMode: true,\n },\n});\n// Listener for S3 browser (using port 444 assuming port\n// 443 is used for CLI)\nconst listenerS3CliIndex_sidecarListenerSidecarListener = new cyral.SidecarListener(\"listenerS3CliIndex/sidecarListenerSidecarListener\", {\n sidecarId: sidecar.id,\n repoTypes: [\"s3\"],\n networkAddress: {\n port: 444,\n },\n s3Settings: {\n proxyMode: false,\n },\n});\n// Listener with DynamoDB Settings\nconst listenerDynamodb = new cyral.SidecarListener(\"listenerDynamodb\", {\n sidecarId: sidecar.id,\n repoTypes: [\"dynamodb\"],\n networkAddress: {\n port: 8000,\n },\n dynamodbSettings: {\n proxyMode: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsidecar = cyral.Sidecar(\"sidecar\", deployment_method=\"docker\")\n# Plain listener\nlistener = cyral.SidecarListener(\"listener\",\n sidecar_id=sidecar.id,\n repo_types=[\"mongodb\"],\n network_address={\n \"port\": 27017,\n })\n# Listener with MySQL Settings\nlistener_mysql = cyral.SidecarListener(\"listenerMysql\",\n sidecar_id=sidecar.id,\n repo_types=[\"mysql\"],\n network_address={\n \"port\": 3306,\n },\n mysql_settings={\n \"db_version\": \"8.0.4\",\n \"character_set\": \"utf8mb4_0900_ai_ci\",\n })\n# Listener for S3 CLI and AWS SDK\nlistener_s3_cli_sidecar_listener = cyral.SidecarListener(\"listenerS3CliSidecarListener\",\n sidecar_id=sidecar.id,\n repo_types=[\"s3\"],\n network_address={\n \"port\": 443,\n },\n s3_settings={\n \"proxy_mode\": True,\n })\n# Listener for S3 browser (using port 444 assuming port\n# 443 is used for CLI)\nlistener_s3_cli_index_sidecar_listener_sidecar_listener = cyral.SidecarListener(\"listenerS3CliIndex/sidecarListenerSidecarListener\",\n sidecar_id=sidecar.id,\n repo_types=[\"s3\"],\n network_address={\n \"port\": 444,\n },\n s3_settings={\n \"proxy_mode\": False,\n })\n# Listener with DynamoDB Settings\nlistener_dynamodb = cyral.SidecarListener(\"listenerDynamodb\",\n sidecar_id=sidecar.id,\n repo_types=[\"dynamodb\"],\n network_address={\n \"port\": 8000,\n },\n dynamodb_settings={\n \"proxy_mode\": True,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() => \n{\n var sidecar = new Cyral.Sidecar(\"sidecar\", new()\n {\n DeploymentMethod = \"docker\",\n });\n\n // Plain listener\n var listener = new Cyral.SidecarListener(\"listener\", new()\n {\n SidecarId = sidecar.Id,\n RepoTypes = new[]\n {\n \"mongodb\",\n },\n NetworkAddress = new Cyral.Inputs.SidecarListenerNetworkAddressArgs\n {\n Port = 27017,\n },\n });\n\n // Listener with MySQL Settings\n var listenerMysql = new Cyral.SidecarListener(\"listenerMysql\", new()\n {\n SidecarId = sidecar.Id,\n RepoTypes = new[]\n {\n \"mysql\",\n },\n NetworkAddress = new Cyral.Inputs.SidecarListenerNetworkAddressArgs\n {\n Port = 3306,\n },\n MysqlSettings = new Cyral.Inputs.SidecarListenerMysqlSettingsArgs\n {\n DbVersion = \"8.0.4\",\n CharacterSet = \"utf8mb4_0900_ai_ci\",\n },\n });\n\n // Listener for S3 CLI and AWS SDK\n var listenerS3CliSidecarListener = new Cyral.SidecarListener(\"listenerS3CliSidecarListener\", new()\n {\n SidecarId = sidecar.Id,\n RepoTypes = new[]\n {\n \"s3\",\n },\n NetworkAddress = new Cyral.Inputs.SidecarListenerNetworkAddressArgs\n {\n Port = 443,\n },\n S3Settings = new Cyral.Inputs.SidecarListenerS3SettingsArgs\n {\n ProxyMode = true,\n },\n });\n\n // Listener for S3 browser (using port 444 assuming port\n // 443 is used for CLI)\n var listenerS3CliIndex_sidecarListenerSidecarListener = new Cyral.SidecarListener(\"listenerS3CliIndex/sidecarListenerSidecarListener\", new()\n {\n SidecarId = sidecar.Id,\n RepoTypes = new[]\n {\n \"s3\",\n },\n NetworkAddress = new Cyral.Inputs.SidecarListenerNetworkAddressArgs\n {\n Port = 444,\n },\n S3Settings = new Cyral.Inputs.SidecarListenerS3SettingsArgs\n {\n ProxyMode = false,\n },\n });\n\n // Listener with DynamoDB Settings\n var listenerDynamodb = new Cyral.SidecarListener(\"listenerDynamodb\", new()\n {\n SidecarId = sidecar.Id,\n RepoTypes = new[]\n {\n \"dynamodb\",\n },\n NetworkAddress = new Cyral.Inputs.SidecarListenerNetworkAddressArgs\n {\n Port = 8000,\n },\n DynamodbSettings = new Cyral.Inputs.SidecarListenerDynamodbSettingsArgs\n {\n ProxyMode = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsidecar, err := cyral.NewSidecar(ctx, \"sidecar\", &cyral.SidecarArgs{\n\t\t\tDeploymentMethod: pulumi.String(\"docker\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Plain listener\n\t\t_, err = cyral.NewSidecarListener(ctx, \"listener\", &cyral.SidecarListenerArgs{\n\t\t\tSidecarId: sidecar.ID(),\n\t\t\tRepoTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"mongodb\"),\n\t\t\t},\n\t\t\tNetworkAddress: &cyral.SidecarListenerNetworkAddressArgs{\n\t\t\t\tPort: pulumi.Float64(27017),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Listener with MySQL Settings\n\t\t_, err = cyral.NewSidecarListener(ctx, \"listenerMysql\", &cyral.SidecarListenerArgs{\n\t\t\tSidecarId: sidecar.ID(),\n\t\t\tRepoTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"mysql\"),\n\t\t\t},\n\t\t\tNetworkAddress: &cyral.SidecarListenerNetworkAddressArgs{\n\t\t\t\tPort: pulumi.Float64(3306),\n\t\t\t},\n\t\t\tMysqlSettings: &cyral.SidecarListenerMysqlSettingsArgs{\n\t\t\t\tDbVersion: pulumi.String(\"8.0.4\"),\n\t\t\t\tCharacterSet: pulumi.String(\"utf8mb4_0900_ai_ci\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Listener for S3 CLI and AWS SDK\n\t\t_, err = cyral.NewSidecarListener(ctx, \"listenerS3CliSidecarListener\", &cyral.SidecarListenerArgs{\n\t\t\tSidecarId: sidecar.ID(),\n\t\t\tRepoTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"s3\"),\n\t\t\t},\n\t\t\tNetworkAddress: &cyral.SidecarListenerNetworkAddressArgs{\n\t\t\t\tPort: pulumi.Float64(443),\n\t\t\t},\n\t\t\tS3Settings: &cyral.SidecarListenerS3SettingsArgs{\n\t\t\t\tProxyMode: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Listener for S3 browser (using port 444 assuming port\n\t\t// 443 is used for CLI)\n\t\t_, err = cyral.NewSidecarListener(ctx, \"listenerS3CliIndex/sidecarListenerSidecarListener\", &cyral.SidecarListenerArgs{\n\t\t\tSidecarId: sidecar.ID(),\n\t\t\tRepoTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"s3\"),\n\t\t\t},\n\t\t\tNetworkAddress: &cyral.SidecarListenerNetworkAddressArgs{\n\t\t\t\tPort: pulumi.Float64(444),\n\t\t\t},\n\t\t\tS3Settings: &cyral.SidecarListenerS3SettingsArgs{\n\t\t\t\tProxyMode: pulumi.Bool(false),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Listener with DynamoDB Settings\n\t\t_, err = cyral.NewSidecarListener(ctx, \"listenerDynamodb\", &cyral.SidecarListenerArgs{\n\t\t\tSidecarId: sidecar.ID(),\n\t\t\tRepoTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"dynamodb\"),\n\t\t\t},\n\t\t\tNetworkAddress: &cyral.SidecarListenerNetworkAddressArgs{\n\t\t\t\tPort: pulumi.Float64(8000),\n\t\t\t},\n\t\t\tDynamodbSettings: &cyral.SidecarListenerDynamodbSettingsArgs{\n\t\t\t\tProxyMode: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.Sidecar;\nimport com.pulumi.cyral.SidecarArgs;\nimport com.pulumi.cyral.SidecarListener;\nimport com.pulumi.cyral.SidecarListenerArgs;\nimport com.pulumi.cyral.inputs.SidecarListenerNetworkAddressArgs;\nimport com.pulumi.cyral.inputs.SidecarListenerMysqlSettingsArgs;\nimport com.pulumi.cyral.inputs.SidecarListenerS3SettingsArgs;\nimport com.pulumi.cyral.inputs.SidecarListenerDynamodbSettingsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sidecar = new Sidecar(\"sidecar\", SidecarArgs.builder()\n .deploymentMethod(\"docker\")\n .build());\n\n // Plain listener\n var listener = new SidecarListener(\"listener\", SidecarListenerArgs.builder()\n .sidecarId(sidecar.id())\n .repoTypes(\"mongodb\")\n .networkAddress(SidecarListenerNetworkAddressArgs.builder()\n .port(27017)\n .build())\n .build());\n\n // Listener with MySQL Settings\n var listenerMysql = new SidecarListener(\"listenerMysql\", SidecarListenerArgs.builder()\n .sidecarId(sidecar.id())\n .repoTypes(\"mysql\")\n .networkAddress(SidecarListenerNetworkAddressArgs.builder()\n .port(3306)\n .build())\n .mysqlSettings(SidecarListenerMysqlSettingsArgs.builder()\n .dbVersion(\"8.0.4\")\n .characterSet(\"utf8mb4_0900_ai_ci\")\n .build())\n .build());\n\n // Listener for S3 CLI and AWS SDK\n var listenerS3CliSidecarListener = new SidecarListener(\"listenerS3CliSidecarListener\", SidecarListenerArgs.builder()\n .sidecarId(sidecar.id())\n .repoTypes(\"s3\")\n .networkAddress(SidecarListenerNetworkAddressArgs.builder()\n .port(443)\n .build())\n .s3Settings(SidecarListenerS3SettingsArgs.builder()\n .proxyMode(true)\n .build())\n .build());\n\n // Listener for S3 browser (using port 444 assuming port\n // 443 is used for CLI)\n var listenerS3CliIndex_sidecarListenerSidecarListener = new SidecarListener(\"listenerS3CliIndex/sidecarListenerSidecarListener\", SidecarListenerArgs.builder()\n .sidecarId(sidecar.id())\n .repoTypes(\"s3\")\n .networkAddress(SidecarListenerNetworkAddressArgs.builder()\n .port(444)\n .build())\n .s3Settings(SidecarListenerS3SettingsArgs.builder()\n .proxyMode(false)\n .build())\n .build());\n\n // Listener with DynamoDB Settings\n var listenerDynamodb = new SidecarListener(\"listenerDynamodb\", SidecarListenerArgs.builder()\n .sidecarId(sidecar.id())\n .repoTypes(\"dynamodb\")\n .networkAddress(SidecarListenerNetworkAddressArgs.builder()\n .port(8000)\n .build())\n .dynamodbSettings(SidecarListenerDynamodbSettingsArgs.builder()\n .proxyMode(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sidecar:\n type: cyral:Sidecar\n properties:\n deploymentMethod: docker\n # Plain listener\n listener:\n type: cyral:SidecarListener\n properties:\n sidecarId: ${sidecar.id}\n repoTypes:\n - mongodb\n networkAddress:\n port: 27017\n # Listener with MySQL Settings\n listenerMysql:\n type: cyral:SidecarListener\n properties:\n sidecarId: ${sidecar.id}\n repoTypes:\n - mysql\n networkAddress:\n port: 3306\n mysqlSettings:\n dbVersion: 8.0.4\n characterSet: utf8mb4_0900_ai_ci\n # Listener for S3 CLI and AWS SDK\n listenerS3CliSidecarListener:\n type: cyral:SidecarListener\n properties:\n sidecarId: ${sidecar.id}\n repoTypes:\n - s3\n networkAddress:\n port: 443\n s3Settings:\n proxyMode: true\n # Listener for S3 browser (using port 444 assuming port\n # 443 is used for CLI)\n listenerS3CliIndex/sidecarListenerSidecarListener:\n type: cyral:SidecarListener\n properties:\n sidecarId: ${sidecar.id}\n repoTypes:\n - s3\n networkAddress:\n port: 444\n s3Settings:\n proxyMode: false\n # Listener with DynamoDB Settings\n listenerDynamodb:\n type: cyral:SidecarListener\n properties:\n sidecarId: ${sidecar.id}\n repoTypes:\n - dynamodb\n networkAddress:\n port: 8000\n dynamodbSettings:\n proxyMode: true\n```\n\n", "properties": { "dynamodbSettings": { "$ref": "#/types/cyral:index%2FSidecarListenerDynamodbSettings:SidecarListenerDynamodbSettings", "description": "DynamoDB settings.\n" }, "listenerId": { "type": "string", "description": "ID of the listener that will be bound to the sidecar.\n" }, "mysqlSettings": { "$ref": "#/types/cyral:index%2FSidecarListenerMysqlSettings:SidecarListenerMysqlSettings", "description": "MySQL settings represents the listener settings for a [`mysql`, `galera`, `mariadb`] data repository.\n" }, "networkAddress": { "$ref": "#/types/cyral:index%2FSidecarListenerNetworkAddress:SidecarListenerNetworkAddress", "description": "The network address that the sidecar listens on.\n" }, "repoTypes": { "type": "array", "items": { "type": "string" }, "description": "List of repository types that the listener supports. Currently limited to one repo type from supported repo types: -\n`denodo` - `dremio` - `dynamodb` - `dynamodbstreams` - `galera` - `mariadb` - `mongodb` - `mysql` - `oracle` -\n`postgresql` - `redshift` - `s3` - `snowflake` - `sqlserver`\n" }, "s3Settings": { "$ref": "#/types/cyral:index%2FSidecarListenerS3Settings:SidecarListenerS3Settings", "description": "S3 settings.\n" }, "sidecarId": { "type": "string", "description": "ID of the sidecar that the listener will be bound to.\n" }, "sidecarListenerId": { "type": "string" }, "sqlserverSettings": { "$ref": "#/types/cyral:index%2FSidecarListenerSqlserverSettings:SidecarListenerSqlserverSettings", "description": "SQL Server settings.\n" } }, "type": "object", "required": [ "listenerId", "networkAddress", "repoTypes", "sidecarId", "sidecarListenerId" ], "inputProperties": { "dynamodbSettings": { "$ref": "#/types/cyral:index%2FSidecarListenerDynamodbSettings:SidecarListenerDynamodbSettings", "description": "DynamoDB settings.\n" }, "mysqlSettings": { "$ref": "#/types/cyral:index%2FSidecarListenerMysqlSettings:SidecarListenerMysqlSettings", "description": "MySQL settings represents the listener settings for a [`mysql`, `galera`, `mariadb`] data repository.\n" }, "networkAddress": { "$ref": "#/types/cyral:index%2FSidecarListenerNetworkAddress:SidecarListenerNetworkAddress", "description": "The network address that the sidecar listens on.\n" }, "repoTypes": { "type": "array", "items": { "type": "string" }, "description": "List of repository types that the listener supports. Currently limited to one repo type from supported repo types: -\n`denodo` - `dremio` - `dynamodb` - `dynamodbstreams` - `galera` - `mariadb` - `mongodb` - `mysql` - `oracle` -\n`postgresql` - `redshift` - `s3` - `snowflake` - `sqlserver`\n" }, "s3Settings": { "$ref": "#/types/cyral:index%2FSidecarListenerS3Settings:SidecarListenerS3Settings", "description": "S3 settings.\n" }, "sidecarId": { "type": "string", "description": "ID of the sidecar that the listener will be bound to.\n" }, "sidecarListenerId": { "type": "string" }, "sqlserverSettings": { "$ref": "#/types/cyral:index%2FSidecarListenerSqlserverSettings:SidecarListenerSqlserverSettings", "description": "SQL Server settings.\n" } }, "requiredInputs": [ "networkAddress", "repoTypes", "sidecarId" ], "stateInputs": { "description": "Input properties used for looking up and filtering SidecarListener resources.\n", "properties": { "dynamodbSettings": { "$ref": "#/types/cyral:index%2FSidecarListenerDynamodbSettings:SidecarListenerDynamodbSettings", "description": "DynamoDB settings.\n" }, "listenerId": { "type": "string", "description": "ID of the listener that will be bound to the sidecar.\n" }, "mysqlSettings": { "$ref": "#/types/cyral:index%2FSidecarListenerMysqlSettings:SidecarListenerMysqlSettings", "description": "MySQL settings represents the listener settings for a [`mysql`, `galera`, `mariadb`] data repository.\n" }, "networkAddress": { "$ref": "#/types/cyral:index%2FSidecarListenerNetworkAddress:SidecarListenerNetworkAddress", "description": "The network address that the sidecar listens on.\n" }, "repoTypes": { "type": "array", "items": { "type": "string" }, "description": "List of repository types that the listener supports. Currently limited to one repo type from supported repo types: -\n`denodo` - `dremio` - `dynamodb` - `dynamodbstreams` - `galera` - `mariadb` - `mongodb` - `mysql` - `oracle` -\n`postgresql` - `redshift` - `s3` - `snowflake` - `sqlserver`\n" }, "s3Settings": { "$ref": "#/types/cyral:index%2FSidecarListenerS3Settings:SidecarListenerS3Settings", "description": "S3 settings.\n" }, "sidecarId": { "type": "string", "description": "ID of the sidecar that the listener will be bound to.\n" }, "sidecarListenerId": { "type": "string" }, "sqlserverSettings": { "$ref": "#/types/cyral:index%2FSidecarListenerSqlserverSettings:SidecarListenerSqlserverSettings", "description": "SQL Server settings.\n" } }, "type": "object" } } }, "functions": { "cyral:index/getAccessTokenSettings:getAccessTokenSettings": { "description": "## # cyral.AccessTokenSettings (Data Source)\n\nRetrieves the access token settings. See also the resource `cyral.AccessTokenSettings`.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst tokenSettings = cyral.getAccessTokenSettings({});\nexport const maxValidity = tokenSettings.then(tokenSettings =\u003e tokenSettings.maxValidity);\nexport const defaultValidity = tokenSettings.then(tokenSettings =\u003e tokenSettings.defaultValidity);\nexport const maxNumberOfTokensPerUser = tokenSettings.then(tokenSettings =\u003e tokenSettings.maxNumberOfTokensPerUser);\nexport const offlineTokenValidation = tokenSettings.then(tokenSettings =\u003e tokenSettings.offlineTokenValidation);\nexport const tokenLength = tokenSettings.then(tokenSettings =\u003e tokenSettings.tokenLength);\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\ntoken_settings = cyral.get_access_token_settings()\npulumi.export(\"maxValidity\", token_settings.max_validity)\npulumi.export(\"defaultValidity\", token_settings.default_validity)\npulumi.export(\"maxNumberOfTokensPerUser\", token_settings.max_number_of_tokens_per_user)\npulumi.export(\"offlineTokenValidation\", token_settings.offline_token_validation)\npulumi.export(\"tokenLength\", token_settings.token_length)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var tokenSettings = Cyral.GetAccessTokenSettings.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"maxValidity\"] = tokenSettings.Apply(getAccessTokenSettingsResult =\u003e getAccessTokenSettingsResult.MaxValidity),\n [\"defaultValidity\"] = tokenSettings.Apply(getAccessTokenSettingsResult =\u003e getAccessTokenSettingsResult.DefaultValidity),\n [\"maxNumberOfTokensPerUser\"] = tokenSettings.Apply(getAccessTokenSettingsResult =\u003e getAccessTokenSettingsResult.MaxNumberOfTokensPerUser),\n [\"offlineTokenValidation\"] = tokenSettings.Apply(getAccessTokenSettingsResult =\u003e getAccessTokenSettingsResult.OfflineTokenValidation),\n [\"tokenLength\"] = tokenSettings.Apply(getAccessTokenSettingsResult =\u003e getAccessTokenSettingsResult.TokenLength),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttokenSettings, err := cyral.LookupAccessTokenSettings(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"maxValidity\", tokenSettings.MaxValidity)\n\t\tctx.Export(\"defaultValidity\", tokenSettings.DefaultValidity)\n\t\tctx.Export(\"maxNumberOfTokensPerUser\", tokenSettings.MaxNumberOfTokensPerUser)\n\t\tctx.Export(\"offlineTokenValidation\", tokenSettings.OfflineTokenValidation)\n\t\tctx.Export(\"tokenLength\", tokenSettings.TokenLength)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.CyralFunctions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var tokenSettings = CyralFunctions.getAccessTokenSettings();\n\n ctx.export(\"maxValidity\", tokenSettings.applyValue(getAccessTokenSettingsResult -\u003e getAccessTokenSettingsResult.maxValidity()));\n ctx.export(\"defaultValidity\", tokenSettings.applyValue(getAccessTokenSettingsResult -\u003e getAccessTokenSettingsResult.defaultValidity()));\n ctx.export(\"maxNumberOfTokensPerUser\", tokenSettings.applyValue(getAccessTokenSettingsResult -\u003e getAccessTokenSettingsResult.maxNumberOfTokensPerUser()));\n ctx.export(\"offlineTokenValidation\", tokenSettings.applyValue(getAccessTokenSettingsResult -\u003e getAccessTokenSettingsResult.offlineTokenValidation()));\n ctx.export(\"tokenLength\", tokenSettings.applyValue(getAccessTokenSettingsResult -\u003e getAccessTokenSettingsResult.tokenLength()));\n }\n}\n```\n```yaml\nvariables:\n tokenSettings:\n fn::invoke:\n function: cyral:getAccessTokenSettings\n arguments: {}\noutputs:\n maxValidity: ${tokenSettings.maxValidity}\n defaultValidity: ${tokenSettings.defaultValidity}\n maxNumberOfTokensPerUser: ${tokenSettings.maxNumberOfTokensPerUser}\n offlineTokenValidation: ${tokenSettings.offlineTokenValidation}\n tokenLength: ${tokenSettings.tokenLength}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "outputs": { "description": "A collection of values returned by getAccessTokenSettings.\n", "properties": { "defaultValidity": { "description": "The default duration used for access token validity. Defaults to `36000s`. Should follow the protobuf duration string format, which corresponds to a sequence of decimal numbers suffixed by a 's' at the end, representing the duration in seconds. For example: `300s`, `60s`, `10.50s`, etc.\n", "type": "string" }, "id": { "description": "The data source identifier. It's set as `settings/access_token`.\n", "type": "string" }, "maxNumberOfTokensPerUser": { "description": "The maximum number of access tokens that a user can have at the same time. Must be between `1` and `5` (inclusive). Defaults to `3`.\n", "type": "number" }, "maxValidity": { "description": "The maximum duration that a user can request for access token validity. Defaults to `36000s`. Should follow the protobuf duration string format, which corresponds to a sequence of decimal numbers suffixed by a 's' at the end, representing the duration in seconds. For example: `300s`, `60s`, `10.50s`, etc.\n", "type": "string" }, "offlineTokenValidation": { "description": "The configuration that determines if the sidecar should perform access token validation independently using cached token values. If this is `true`, the sidecar will be able to validate and authenticate database access even when it cannot reach the Control Plane. Defaults to `true`.\n", "type": "boolean" }, "tokenLength": { "description": "The number of characters of the access token plaintext value. Valid values are `8`, `12` and `16`. Defaults to `16`.\n", "type": "number" } }, "required": [ "defaultValidity", "id", "maxNumberOfTokensPerUser", "maxValidity", "offlineTokenValidation", "tokenLength" ], "type": "object" } }, "cyral:index/getDatalabel:getDatalabel": { "description": "Retrieve and filter data labels. See also resource `cyral.Datalabel`.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst someDataSourceName = cyral.getDatalabel({\n name: \"\",\n type: \"UNKNOWN\",\n});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsome_data_source_name = cyral.get_datalabel(name=\"\",\n type=\"UNKNOWN\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var someDataSourceName = Cyral.GetDatalabel.Invoke(new()\n {\n Name = \"\",\n Type = \"UNKNOWN\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cyral.LookupDatalabel(ctx, \u0026cyral.LookupDatalabelArgs{\n\t\t\tName: pulumi.StringRef(\"\"),\n\t\t\tType: pulumi.StringRef(\"UNKNOWN\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.CyralFunctions;\nimport com.pulumi.cyral.inputs.GetDatalabelArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var someDataSourceName = CyralFunctions.getDatalabel(GetDatalabelArgs.builder()\n .name(\"\")\n .type(\"UNKNOWN\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n someDataSourceName:\n fn::invoke:\n function: cyral:getDatalabel\n arguments:\n name: \"\"\n type: UNKNOWN\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getDatalabel.\n", "properties": { "id": { "type": "string" }, "name": { "type": "string" }, "type": { "type": "string" } }, "type": "object" }, "outputs": { "description": "A collection of values returned by getDatalabel.\n", "properties": { "datalabelLists": { "items": { "$ref": "#/types/cyral:index%2FgetDatalabelDatalabelList:getDatalabelDatalabelList" }, "type": "array" }, "id": { "type": "string" }, "name": { "type": "string" }, "type": { "type": "string" } }, "required": [ "datalabelLists", "id" ], "type": "object" } }, "cyral:index/getIntegrationIdp:getIntegrationIdp": { "description": "\u003e **DEPRECATED** Use resource and data source `cyral.IntegrationIdpSaml` instead.\n", "inputs": { "description": "A collection of arguments for invoking getIntegrationIdp.\n", "properties": { "displayName": { "type": "string", "description": "Filter results by the name of an existing IdP integration.\n" }, "id": { "type": "string", "description": "The ID of this resource.\n" }, "type": { "type": "string", "description": "Filter results by the IdP integration type.\n" } }, "type": "object" }, "outputs": { "description": "A collection of values returned by getIntegrationIdp.\n", "properties": { "displayName": { "description": "Filter results by the name of an existing IdP integration.\n", "type": "string" }, "id": { "description": "The ID of this resource.\n", "type": "string" }, "idpLists": { "description": "List of existing IdP integrations for the given filter criteria.\n", "items": { "$ref": "#/types/cyral:index%2FgetIntegrationIdpIdpList:getIntegrationIdpIdpList" }, "type": "array" }, "type": { "description": "Filter results by the IdP integration type.\n", "type": "string" } }, "required": [ "id", "idpLists" ], "type": "object" } }, "cyral:index/getIntegrationIdpSaml:getIntegrationIdpSaml": { "description": "Retrieve and filter SAML IdP integrations.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst someDataSourceName = cyral.getIntegrationIdpSaml({\n displayName: \"\",\n idpType: \"\",\n});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsome_data_source_name = cyral.get_integration_idp_saml(display_name=\"\",\n idp_type=\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var someDataSourceName = Cyral.GetIntegrationIdpSaml.Invoke(new()\n {\n DisplayName = \"\",\n IdpType = \"\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cyral.LookupIntegrationIdpSaml(ctx, \u0026cyral.LookupIntegrationIdpSamlArgs{\n\t\t\tDisplayName: pulumi.StringRef(\"\"),\n\t\t\tIdpType: pulumi.StringRef(\"\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.CyralFunctions;\nimport com.pulumi.cyral.inputs.GetIntegrationIdpSamlArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var someDataSourceName = CyralFunctions.getIntegrationIdpSaml(GetIntegrationIdpSamlArgs.builder()\n .displayName(\"\")\n .idpType(\"\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n someDataSourceName:\n fn::invoke:\n function: cyral:getIntegrationIdpSaml\n arguments:\n displayName: \"\"\n idpType: \"\"\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getIntegrationIdpSaml.\n", "properties": { "displayName": { "type": "string", "description": "Filter results by the display name (as seen in the control plane UI) of existing SAML IdP integrations.\n" }, "id": { "type": "string", "description": "The ID of this resource.\n" }, "idpType": { "type": "string", "description": "Filter results by the SAML IdP integration type.\n" } }, "type": "object" }, "outputs": { "description": "A collection of values returned by getIntegrationIdpSaml.\n", "properties": { "displayName": { "description": "Filter results by the display name (as seen in the control plane UI) of existing SAML IdP integrations.\n", "type": "string" }, "id": { "description": "The ID of this resource.\n", "type": "string" }, "idpLists": { "description": "List of existing SAML IdP integrations that match the given filter criteria.\n", "items": { "$ref": "#/types/cyral:index%2FgetIntegrationIdpSamlIdpList:getIntegrationIdpSamlIdpList" }, "type": "array" }, "idpType": { "description": "Filter results by the SAML IdP integration type.\n", "type": "string" } }, "required": [ "id", "idpLists" ], "type": "object" } }, "cyral:index/getIntegrationLogging:getIntegrationLogging": { "description": "## # cyral.IntegrationLogging (Data Source)\n\nRetrieve and filter logging integrations.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst someDataSourceName = cyral.getIntegrationLogging({\n type: \"CLOUDWATCH\",\n});\nconst anotherDataSourceName = cyral.getIntegrationLogging({});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsome_data_source_name = cyral.get_integration_logging(type=\"CLOUDWATCH\")\nanother_data_source_name = cyral.get_integration_logging()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var someDataSourceName = Cyral.GetIntegrationLogging.Invoke(new()\n {\n Type = \"CLOUDWATCH\",\n });\n\n var anotherDataSourceName = Cyral.GetIntegrationLogging.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cyral.LookupIntegrationLogging(ctx, \u0026cyral.LookupIntegrationLoggingArgs{\n\t\t\tType: pulumi.StringRef(\"CLOUDWATCH\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cyral.LookupIntegrationLogging(ctx, \u0026cyral.LookupIntegrationLoggingArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.CyralFunctions;\nimport com.pulumi.cyral.inputs.GetIntegrationLoggingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var someDataSourceName = CyralFunctions.getIntegrationLogging(GetIntegrationLoggingArgs.builder()\n .type(\"CLOUDWATCH\")\n .build());\n\n final var anotherDataSourceName = CyralFunctions.getIntegrationLogging();\n\n }\n}\n```\n```yaml\nvariables:\n someDataSourceName:\n fn::invoke:\n function: cyral:getIntegrationLogging\n arguments:\n type: CLOUDWATCH\n anotherDataSourceName:\n fn::invoke:\n function: cyral:getIntegrationLogging\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getIntegrationLogging.\n", "properties": { "id": { "type": "string", "description": "The ID of this resource.\n" }, "type": { "type": "string", "description": "The type of logging integration config to filter by.\n" } }, "type": "object" }, "outputs": { "description": "A collection of values returned by getIntegrationLogging.\n", "properties": { "id": { "description": "The ID of this resource.\n", "type": "string" }, "integrations": { "description": "List of existing integration configs for the given filter criteria.\n", "items": { "$ref": "#/types/cyral:index%2FgetIntegrationLoggingIntegration:getIntegrationLoggingIntegration" }, "type": "array" }, "type": { "description": "The type of logging integration config to filter by.\n", "type": "string" } }, "required": [ "id", "integrations" ], "type": "object" } }, "cyral:index/getPermission:getPermission": { "description": "Retrieve all Cyral permissions. See also resource `cyral.ServiceAccount`.\n", "outputs": { "description": "A collection of values returned by getPermission.\n", "properties": { "id": { "description": "The data source identifier.\n", "type": "string" }, "permissionLists": { "description": "List of all existing Cyral permissions.\n", "items": { "$ref": "#/types/cyral:index%2FgetPermissionPermissionList:getPermissionPermissionList" }, "type": "array" } }, "required": [ "id", "permissionLists" ], "type": "object" } }, "cyral:index/getPolicySet:getPolicySet": { "description": "This data source provides information about a policy set.\n", "inputs": { "description": "A collection of arguments for invoking getPolicySet.\n", "properties": { "id": { "type": "string", "description": "Identifier for the policy set.\n" } }, "type": "object", "required": [ "id" ] }, "outputs": { "description": "A collection of values returned by getPolicySet.\n", "properties": { "created": { "additionalProperties": { "type": "string" }, "description": "Information about when and by whom the policy set was created.\n", "type": "object" }, "description": { "description": "Description of the policy set.\n", "type": "string" }, "enabled": { "description": "Indicates if the policy set is enabled.\n", "type": "boolean" }, "id": { "description": "Identifier for the policy set.\n", "type": "string" }, "lastUpdated": { "additionalProperties": { "type": "string" }, "description": "Information about when and by whom the policy set was last updated.\n", "type": "object" }, "name": { "description": "Name of the policy set.\n", "type": "string" }, "policies": { "description": "List of policies that comprise the policy set.\n", "items": { "$ref": "#/types/cyral:index%2FgetPolicySetPolicy:getPolicySetPolicy" }, "type": "array" }, "scopes": { "description": "Scope of the policy set.\n", "items": { "$ref": "#/types/cyral:index%2FgetPolicySetScope:getPolicySetScope" }, "type": "array" }, "tags": { "description": "Tags associated with the policy set.\n", "items": { "type": "string" }, "type": "array" }, "wizardId": { "description": "The ID of the policy wizard used to create this policy set.\n", "type": "string" }, "wizardParameters": { "description": "Parameters passed to the wizard while creating the policy set.\n", "type": "string" } }, "required": [ "created", "description", "enabled", "id", "lastUpdated", "name", "policies", "scopes", "tags", "wizardId", "wizardParameters" ], "type": "object" } }, "cyral:index/getPolicyV2:getPolicyV2": { "description": "This data source provides information about a policy.\n", "inputs": { "description": "A collection of arguments for invoking getPolicyV2.\n", "properties": { "id": { "type": "string", "description": "Identifier for the policy, unique within the policy type.\n" }, "type": { "type": "string", "description": "Type of the policy, one of [`local`, `global`]\n" } }, "type": "object", "required": [ "id", "type" ] }, "outputs": { "description": "A collection of values returned by getPolicyV2.\n", "properties": { "created": { "additionalProperties": { "type": "string" }, "description": "Information about when and by whom the policy was created.\n", "type": "object" }, "description": { "description": "Description of the policy.\n", "type": "string" }, "document": { "description": "The actual policy document in JSON format. It must conform to the schema for the policy type.\n", "type": "string" }, "enabled": { "description": "Indicates if the policy is enabled.\n", "type": "boolean" }, "enforced": { "description": "Indicates if the policy is enforced. If not enforced, no action is taken based on the policy, but alerts are triggered for violations.\n", "type": "boolean" }, "id": { "description": "Identifier for the policy, unique within the policy type.\n", "type": "string" }, "lastUpdated": { "additionalProperties": { "type": "string" }, "description": "Information about when and by whom the policy was last updated.\n", "type": "object" }, "name": { "description": "Name of the policy.\n", "type": "string" }, "scopes": { "description": "Scope of the policy. If empty or omitted, all repositories are in scope.\n", "items": { "$ref": "#/types/cyral:index%2FgetPolicyV2Scope:getPolicyV2Scope" }, "type": "array" }, "tags": { "description": "Tags associated with the policy for categorization.\n", "items": { "type": "string" }, "type": "array" }, "type": { "description": "Type of the policy, one of [`local`, `global`]\n", "type": "string" }, "validFrom": { "description": "Time when the policy comes into effect. If omitted, the policy is in effect immediately.\n", "type": "string" }, "validUntil": { "description": "Time after which the policy is no longer in effect. If omitted, the policy is in effect indefinitely.\n", "type": "string" } }, "required": [ "created", "description", "document", "enabled", "enforced", "id", "lastUpdated", "name", "scopes", "tags", "type", "validFrom", "validUntil" ], "type": "object" } }, "cyral:index/getPolicyWizards:getPolicyWizards": { "description": "This data source provides information policy wizards\n", "inputs": { "description": "A collection of arguments for invoking getPolicyWizards.\n", "properties": { "id": { "type": "string", "description": "The ID of this resource.\n" }, "wizardId": { "type": "string", "description": "id of the policy wizard of interest.\n" } }, "type": "object" }, "outputs": { "description": "A collection of values returned by getPolicyWizards.\n", "properties": { "id": { "description": "The ID of this resource.\n", "type": "string" }, "wizardId": { "description": "id of the policy wizard of interest.\n", "type": "string" }, "wizards": { "description": "Set of supported policy wizards.\n", "items": { "$ref": "#/types/cyral:index%2FgetPolicyWizardsWizard:getPolicyWizardsWizard" }, "type": "array" } }, "required": [ "id", "wizards" ], "type": "object" } }, "cyral:index/getRepository:getRepository": { "description": "## # cyral.Repository (Data Source)\n\nRetrieves a list of repositories. See `repository_list`.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst mongo_repository = new cyral.Repository(\"mongo-repository\", {\n type: \"mongodb\",\n repoNodes: [{\n host: \"mongodb.cyral.com\",\n port: 27017,\n }],\n mongodbSettings: {\n serverType: \"standalone\",\n },\n});\nconst mysql_repository1 = new cyral.Repository(\"mysql-repository1\", {\n type: \"mysql\",\n repoNodes: [{\n host: \"mysql.com\",\n port: 3306,\n }],\n});\nconst mysql_repository2 = new cyral.Repository(\"mysql-repository2\", {\n type: \"mysql\",\n repoNodes: [{\n host: \"mysql2.com\",\n port: 3306,\n }],\n});\nconst specific_mysql_repo = cyral.getRepository({\n name: \"tf-provider-mysql-repository1\",\n type: \"mysql\",\n});\nconst all_mysql_repos = cyral.getRepository({\n type: \"mysql\",\n});\nexport const mysql1RepoId = specific_mysql_repo.then(specific_mysql_repo =\u003e specific_mysql_repo.repositoryLists?.[0]?.id);\nexport const allMysqlRepoIds = all_mysql_repos.then(all_mysql_repos =\u003e all_mysql_repos.repositoryLists);\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nmongo_repository = cyral.Repository(\"mongo-repository\",\n type=\"mongodb\",\n repo_nodes=[{\n \"host\": \"mongodb.cyral.com\",\n \"port\": 27017,\n }],\n mongodb_settings={\n \"server_type\": \"standalone\",\n })\nmysql_repository1 = cyral.Repository(\"mysql-repository1\",\n type=\"mysql\",\n repo_nodes=[{\n \"host\": \"mysql.com\",\n \"port\": 3306,\n }])\nmysql_repository2 = cyral.Repository(\"mysql-repository2\",\n type=\"mysql\",\n repo_nodes=[{\n \"host\": \"mysql2.com\",\n \"port\": 3306,\n }])\nspecific_mysql_repo = cyral.get_repository(name=\"tf-provider-mysql-repository1\",\n type=\"mysql\")\nall_mysql_repos = cyral.get_repository(type=\"mysql\")\npulumi.export(\"mysql1RepoId\", specific_mysql_repo.repository_lists[0].id)\npulumi.export(\"allMysqlRepoIds\", all_mysql_repos.repository_lists)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var mongo_repository = new Cyral.Repository(\"mongo-repository\", new()\n {\n Type = \"mongodb\",\n RepoNodes = new[]\n {\n new Cyral.Inputs.RepositoryRepoNodeArgs\n {\n Host = \"mongodb.cyral.com\",\n Port = 27017,\n },\n },\n MongodbSettings = new Cyral.Inputs.RepositoryMongodbSettingsArgs\n {\n ServerType = \"standalone\",\n },\n });\n\n var mysql_repository1 = new Cyral.Repository(\"mysql-repository1\", new()\n {\n Type = \"mysql\",\n RepoNodes = new[]\n {\n new Cyral.Inputs.RepositoryRepoNodeArgs\n {\n Host = \"mysql.com\",\n Port = 3306,\n },\n },\n });\n\n var mysql_repository2 = new Cyral.Repository(\"mysql-repository2\", new()\n {\n Type = \"mysql\",\n RepoNodes = new[]\n {\n new Cyral.Inputs.RepositoryRepoNodeArgs\n {\n Host = \"mysql2.com\",\n Port = 3306,\n },\n },\n });\n\n var specific_mysql_repo = Cyral.GetRepository.Invoke(new()\n {\n Name = \"tf-provider-mysql-repository1\",\n Type = \"mysql\",\n });\n\n var all_mysql_repos = Cyral.GetRepository.Invoke(new()\n {\n Type = \"mysql\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"mysql1RepoId\"] = specific_mysql_repo.Apply(specific_mysql_repo =\u003e specific_mysql_repo.Apply(getRepositoryResult =\u003e getRepositoryResult.RepositoryLists[0]?.Id)),\n [\"allMysqlRepoIds\"] = all_mysql_repos.Apply(all_mysql_repos =\u003e all_mysql_repos.Apply(getRepositoryResult =\u003e getRepositoryResult.RepositoryLists)),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cyral.NewRepository(ctx, \"mongo-repository\", \u0026cyral.RepositoryArgs{\n\t\t\tType: pulumi.String(\"mongodb\"),\n\t\t\tRepoNodes: cyral.RepositoryRepoNodeArray{\n\t\t\t\t\u0026cyral.RepositoryRepoNodeArgs{\n\t\t\t\t\tHost: pulumi.String(\"mongodb.cyral.com\"),\n\t\t\t\t\tPort: pulumi.Float64(27017),\n\t\t\t\t},\n\t\t\t},\n\t\t\tMongodbSettings: \u0026cyral.RepositoryMongodbSettingsArgs{\n\t\t\t\tServerType: pulumi.String(\"standalone\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cyral.NewRepository(ctx, \"mysql-repository1\", \u0026cyral.RepositoryArgs{\n\t\t\tType: pulumi.String(\"mysql\"),\n\t\t\tRepoNodes: cyral.RepositoryRepoNodeArray{\n\t\t\t\t\u0026cyral.RepositoryRepoNodeArgs{\n\t\t\t\t\tHost: pulumi.String(\"mysql.com\"),\n\t\t\t\t\tPort: pulumi.Float64(3306),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cyral.NewRepository(ctx, \"mysql-repository2\", \u0026cyral.RepositoryArgs{\n\t\t\tType: pulumi.String(\"mysql\"),\n\t\t\tRepoNodes: cyral.RepositoryRepoNodeArray{\n\t\t\t\t\u0026cyral.RepositoryRepoNodeArgs{\n\t\t\t\t\tHost: pulumi.String(\"mysql2.com\"),\n\t\t\t\t\tPort: pulumi.Float64(3306),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tspecific_mysql_repo, err := cyral.LookupRepository(ctx, \u0026cyral.LookupRepositoryArgs{\n\t\t\tName: pulumi.StringRef(\"tf-provider-mysql-repository1\"),\n\t\t\tType: pulumi.StringRef(\"mysql\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tall_mysql_repos, err := cyral.LookupRepository(ctx, \u0026cyral.LookupRepositoryArgs{\n\t\t\tType: pulumi.StringRef(\"mysql\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"mysql1RepoId\", specific_mysql_repo.RepositoryLists[0].Id)\n\t\tctx.Export(\"allMysqlRepoIds\", all_mysql_repos.RepositoryLists)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.Repository;\nimport com.pulumi.cyral.RepositoryArgs;\nimport com.pulumi.cyral.inputs.RepositoryRepoNodeArgs;\nimport com.pulumi.cyral.inputs.RepositoryMongodbSettingsArgs;\nimport com.pulumi.cyral.CyralFunctions;\nimport com.pulumi.cyral.inputs.GetRepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var mongo_repository = new Repository(\"mongo-repository\", RepositoryArgs.builder()\n .type(\"mongodb\")\n .repoNodes(RepositoryRepoNodeArgs.builder()\n .host(\"mongodb.cyral.com\")\n .port(27017)\n .build())\n .mongodbSettings(RepositoryMongodbSettingsArgs.builder()\n .serverType(\"standalone\")\n .build())\n .build());\n\n var mysql_repository1 = new Repository(\"mysql-repository1\", RepositoryArgs.builder()\n .type(\"mysql\")\n .repoNodes(RepositoryRepoNodeArgs.builder()\n .host(\"mysql.com\")\n .port(3306)\n .build())\n .build());\n\n var mysql_repository2 = new Repository(\"mysql-repository2\", RepositoryArgs.builder()\n .type(\"mysql\")\n .repoNodes(RepositoryRepoNodeArgs.builder()\n .host(\"mysql2.com\")\n .port(3306)\n .build())\n .build());\n\n final var specific-mysql-repo = CyralFunctions.getRepository(GetRepositoryArgs.builder()\n .name(\"tf-provider-mysql-repository1\")\n .type(\"mysql\")\n .build());\n\n final var all-mysql-repos = CyralFunctions.getRepository(GetRepositoryArgs.builder()\n .type(\"mysql\")\n .build());\n\n ctx.export(\"mysql1RepoId\", specific_mysql_repo.repositoryLists()[0].id());\n ctx.export(\"allMysqlRepoIds\", all_mysql_repos.repositoryLists());\n }\n}\n```\n```yaml\nresources:\n mongo-repository:\n type: cyral:Repository\n properties:\n type: mongodb\n repoNodes:\n - host: mongodb.cyral.com\n port: 27017\n mongodbSettings:\n serverType: standalone\n mysql-repository1:\n type: cyral:Repository\n properties:\n type: mysql\n repoNodes:\n - host: mysql.com\n port: 3306\n mysql-repository2:\n type: cyral:Repository\n properties:\n type: mysql\n repoNodes:\n - host: mysql2.com\n port: 3306\nvariables:\n specific-mysql-repo:\n fn::invoke:\n function: cyral:getRepository\n arguments:\n name: tf-provider-mysql-repository1\n type: mysql\n all-mysql-repos:\n fn::invoke:\n function: cyral:getRepository\n arguments:\n type: mysql\noutputs:\n mysql1RepoId: ${[\"specific-mysql-repo\"].repositoryLists[0].id}\n allMysqlRepoIds: ${[\"all-mysql-repos\"].repositoryLists}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getRepository.\n", "properties": { "id": { "type": "string" }, "name": { "type": "string" }, "type": { "type": "string" } }, "type": "object" }, "outputs": { "description": "A collection of values returned by getRepository.\n", "properties": { "id": { "type": "string" }, "name": { "type": "string" }, "repositoryLists": { "items": { "$ref": "#/types/cyral:index%2FgetRepositoryRepositoryList:getRepositoryRepositoryList" }, "type": "array" }, "type": { "type": "string" } }, "required": [ "id", "repositoryLists" ], "type": "object" } }, "cyral:index/getRole:getRole": { "description": "Retrieve and filter [roles](https://cyral.com/docs/user-administration/manage-cyral-roles/) that exist in the Cyral Control Plane.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst adminRoles = cyral.getRole({\n name: \"^.*Admin$\",\n});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nadmin_roles = cyral.get_role(name=\"^.*Admin$\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var adminRoles = Cyral.GetRole.Invoke(new()\n {\n Name = \"^.*Admin$\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cyral.LookupRole(ctx, \u0026cyral.LookupRoleArgs{\n\t\t\tName: pulumi.StringRef(\"^.*Admin$\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.CyralFunctions;\nimport com.pulumi.cyral.inputs.GetRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var adminRoles = CyralFunctions.getRole(GetRoleArgs.builder()\n .name(\"^.*Admin$\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n adminRoles:\n fn::invoke:\n function: cyral:getRole\n arguments:\n name: ^.*Admin$\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getRole.\n", "properties": { "id": { "type": "string", "description": "The ID of this resource.\n" }, "name": { "type": "string", "description": "Filter the results by a regular expression (regex) that matches names of existing roles.\n" } }, "type": "object" }, "outputs": { "description": "A collection of values returned by getRole.\n", "properties": { "id": { "description": "The ID of this resource.\n", "type": "string" }, "name": { "description": "Filter the results by a regular expression (regex) that matches names of existing roles.\n", "type": "string" }, "roleLists": { "description": "List of existing roles satisfying the filter criteria.\n", "items": { "$ref": "#/types/cyral:index%2FgetRoleRoleList:getRoleRoleList" }, "type": "array" } }, "required": [ "id", "roleLists" ], "type": "object" } }, "cyral:index/getSamlCertificate:getSamlCertificate": { "description": "Retrieves a X.509 certificate used for signing SAML requests.\n\nSee also the remaining SAML-related resources and data sources.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst someDataSourceName = cyral.getSamlCertificate({});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsome_data_source_name = cyral.get_saml_certificate()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var someDataSourceName = Cyral.GetSamlCertificate.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cyral.GetSamlCertificate(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.CyralFunctions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var someDataSourceName = CyralFunctions.getSamlCertificate();\n\n }\n}\n```\n```yaml\nvariables:\n someDataSourceName:\n fn::invoke:\n function: cyral:getSamlCertificate\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "outputs": { "description": "A collection of values returned by getSamlCertificate.\n", "properties": { "certificate": { "description": "The X.509 certificate used for signing SAML requests.\n", "type": "string" }, "id": { "type": "string" } }, "required": [ "certificate", "id" ], "type": "object" } }, "cyral:index/getSamlConfiguration:getSamlConfiguration": { "description": "\u003e **DEPRECATED** This data source has been deprecated. It will be removed in the next major version of the provider.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst someDataSourceName = cyral.getSamlConfiguration({\n samlMetadataUrl: \"some_metadata_url\",\n});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsome_data_source_name = cyral.get_saml_configuration(saml_metadata_url=\"some_metadata_url\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var someDataSourceName = Cyral.GetSamlConfiguration.Invoke(new()\n {\n SamlMetadataUrl = \"some_metadata_url\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cyral.GetSamlConfiguration(ctx, \u0026cyral.GetSamlConfigurationArgs{\n\t\t\tSamlMetadataUrl: pulumi.StringRef(\"some_metadata_url\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.CyralFunctions;\nimport com.pulumi.cyral.inputs.GetSamlConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var someDataSourceName = CyralFunctions.getSamlConfiguration(GetSamlConfigurationArgs.builder()\n .samlMetadataUrl(\"some_metadata_url\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n someDataSourceName:\n fn::invoke:\n function: cyral:getSamlConfiguration\n arguments:\n samlMetadataUrl: some_metadata_url\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getSamlConfiguration.\n", "properties": { "base64SamlMetadataDocument": { "type": "string", "description": "(Required unless using `saml_metadata_url`) This is the full SAML metadata document that should be used to parse a SAML configuration, Base64 encoded.\n" }, "samlMetadataUrl": { "type": "string", "description": "(Required unless using `base_64_saml_metadata_document`) This is the full SAML metadata URL we should use to parse to a SAML configuration.\n" } }, "type": "object" }, "outputs": { "description": "A collection of values returned by getSamlConfiguration.\n", "properties": { "allowedClockSkew": { "description": "Clock skew in seconds that is tolerated when validating identity provider tokens. Default value is `0`.\n", "type": "number" }, "backChannelSupported": { "description": "Defaults to `false` if unset.\n", "type": "boolean" }, "base64SamlMetadataDocument": { "description": "(Required unless using `saml_metadata_url`) This is the full SAML metadata document that should be used to parse a SAML configuration, Base64 encoded.\n", "type": "string" }, "disableForceAuthentication": { "description": "Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context.\n", "type": "boolean" }, "disablePostBindingAuthnRequest": { "description": "Indicates whether the AuthnRequest must be sent using `HTTP-POST` binding. If `true`, `HTTP-REDIRECT` binding will be used.\n", "type": "boolean" }, "disablePostBindingLogout": { "description": "Indicates whether to respond to requests using `HTTP-POST` binding. If `true`, `HTTP-REDIRECT` binding will be used.\n", "type": "boolean" }, "disablePostBindingResponse": { "description": "Indicates whether to respond to requests using `HTTP-POST` binding. If `true`, `HTTP-REDIRECT` binding will be used.\n", "type": "boolean" }, "disableUsingJwksUrl": { "description": "By default, the jwks URL is used for all SAML connections.\n", "type": "boolean" }, "disableValidateSignature": { "description": "Enable/Disable signature validation of SAML responses. Highly recommended for minimum security.\n", "type": "boolean" }, "disableWantAssertionsSigned": { "description": "Indicates whether the service provider expects a signed Assertion.\n", "type": "boolean" }, "disableWantAuthnRequestsSigned": { "description": "Indicates whether the identity provider expects a signed AuthnRequest.\n", "type": "boolean" }, "guiOrder": { "description": "GUI order.\n", "type": "string" }, "hideOnLoginPage": { "description": "Defaults to `false` if unset.\n", "type": "boolean" }, "id": { "type": "string" }, "ldapGroupAttribute": { "description": "Type of `LDAP Group RDN` that identifies the name of a group within a DN. For example, if an LDAP DN sent in a SAML assertion is `cn=Everyone`, `ou=groups`, `dc=openam`, `dc=forgerock`, `dc=org` and the `LDAP Group RDN` Type is `cn` Cyral will interpret `Everyone` as the group name.\n", "type": "string" }, "nameIdPolicyFormat": { "description": "Defaults to `urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified` if unset.\n", "type": "string" }, "principalType": { "description": "Defaults to `SUBJECT` if unset.\n", "type": "string" }, "samlMetadataUrl": { "description": "(Required unless using `base_64_saml_metadata_document`) This is the full SAML metadata URL we should use to parse to a SAML configuration.\n", "type": "string" }, "samlXmlKeyNameTranformer": { "description": "Defaults to `KEY_ID` if unset.\n", "type": "string" }, "signatureType": { "description": "Defaults to `RSA_SHA256` if unset.\n", "type": "string" }, "signingCertificate": { "description": "Signing certificate used to validate signatures. Required if signature validation is enabled.\n", "type": "string" }, "singleLogoutServiceUrl": { "description": "URL that must be used to send logout requests.\n", "type": "string" }, "singleSignOnServiceUrl": { "description": "URL that must be used to send authentication requests (SAML AuthnRequest).\n", "type": "string" }, "syncMode": { "description": "Defaults to `FORCE` if unset.\n", "type": "string" }, "wantAssertionsEncrypted": { "description": "Indicates whether the service provider expects an encrypted Assertion.\n", "type": "boolean" }, "xmlSigKeyInfoKeyNameTransformer": { "description": "Defaults to `KEY_ID` if unset.\n", "type": "string" } }, "required": [ "allowedClockSkew", "backChannelSupported", "disableForceAuthentication", "disablePostBindingAuthnRequest", "disablePostBindingLogout", "disablePostBindingResponse", "disableUsingJwksUrl", "disableValidateSignature", "disableWantAssertionsSigned", "disableWantAuthnRequestsSigned", "guiOrder", "hideOnLoginPage", "id", "ldapGroupAttribute", "nameIdPolicyFormat", "principalType", "samlXmlKeyNameTranformer", "signatureType", "signingCertificate", "singleLogoutServiceUrl", "singleSignOnServiceUrl", "syncMode", "wantAssertionsEncrypted", "xmlSigKeyInfoKeyNameTransformer" ], "type": "object" } }, "cyral:index/getSidecarBoundPorts:getSidecarBoundPorts": { "description": "## # cyral.getSidecarBoundPorts (Data Source)\n\nRetrieves all the ports of a given sidecar that are currently bound to repositories.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst sidecar = new cyral.Sidecar(\"sidecar\", {deploymentMethod: \"docker\"});\nconst repo_1 = new cyral.Repository(\"repo-1\", {\n type: \"mongodb\",\n repoNodes: [{\n host: \"mongodb.cyral.com\",\n port: 27017,\n }],\n});\nconst listener_1 = new cyral.SidecarListener(\"listener-1\", {\n sidecarId: sidecar.id,\n repoTypes: [\"mongodb\"],\n networkAddress: {\n host: \"mongodb.cyral.com\",\n port: 27017,\n },\n});\nconst binding_1 = new cyral.RepositoryBinding(\"binding-1\", {\n sidecarId: sidecar.id,\n repositoryId: repo_1.id,\n enabled: true,\n listenerBindings: [{\n listenerId: listener_1.listenerId,\n nodeIndex: 0,\n }],\n});\nconst repo_2 = new cyral.Repository(\"repo-2\", {\n type: \"mongodb\",\n repoNodes: [{\n host: \"mongodb.cyral.com\",\n port: 27018,\n }],\n});\nconst listener_2 = new cyral.SidecarListener(\"listener-2\", {\n sidecarId: sidecar.id,\n repoTypes: [\"mongodb\"],\n networkAddress: {\n host: \"mongodb.cyral.com\",\n port: 27017,\n },\n});\nconst binding_2 = new cyral.RepositoryBinding(\"binding-2\", {\n sidecarId: sidecar.id,\n repositoryId: repo_2.id,\n enabled: true,\n listenerBindings: [{\n listenerId: listener_2.listenerId,\n nodeIndex: 0,\n }],\n});\nconst _this = cyral.getSidecarBoundPortsOutput({\n sidecarId: sidecar.id,\n});\nexport const sidecarBoundPorts = _this.apply(_this =\u003e _this.boundPorts);\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsidecar = cyral.Sidecar(\"sidecar\", deployment_method=\"docker\")\nrepo_1 = cyral.Repository(\"repo-1\",\n type=\"mongodb\",\n repo_nodes=[{\n \"host\": \"mongodb.cyral.com\",\n \"port\": 27017,\n }])\nlistener_1 = cyral.SidecarListener(\"listener-1\",\n sidecar_id=sidecar.id,\n repo_types=[\"mongodb\"],\n network_address={\n \"host\": \"mongodb.cyral.com\",\n \"port\": 27017,\n })\nbinding_1 = cyral.RepositoryBinding(\"binding-1\",\n sidecar_id=sidecar.id,\n repository_id=repo_1.id,\n enabled=True,\n listener_bindings=[{\n \"listener_id\": listener_1.listener_id,\n \"node_index\": 0,\n }])\nrepo_2 = cyral.Repository(\"repo-2\",\n type=\"mongodb\",\n repo_nodes=[{\n \"host\": \"mongodb.cyral.com\",\n \"port\": 27018,\n }])\nlistener_2 = cyral.SidecarListener(\"listener-2\",\n sidecar_id=sidecar.id,\n repo_types=[\"mongodb\"],\n network_address={\n \"host\": \"mongodb.cyral.com\",\n \"port\": 27017,\n })\nbinding_2 = cyral.RepositoryBinding(\"binding-2\",\n sidecar_id=sidecar.id,\n repository_id=repo_2.id,\n enabled=True,\n listener_bindings=[{\n \"listener_id\": listener_2.listener_id,\n \"node_index\": 0,\n }])\nthis = cyral.get_sidecar_bound_ports_output(sidecar_id=sidecar.id)\npulumi.export(\"sidecarBoundPorts\", this.bound_ports)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sidecar = new Cyral.Sidecar(\"sidecar\", new()\n {\n DeploymentMethod = \"docker\",\n });\n\n var repo_1 = new Cyral.Repository(\"repo-1\", new()\n {\n Type = \"mongodb\",\n RepoNodes = new[]\n {\n new Cyral.Inputs.RepositoryRepoNodeArgs\n {\n Host = \"mongodb.cyral.com\",\n Port = 27017,\n },\n },\n });\n\n var listener_1 = new Cyral.SidecarListener(\"listener-1\", new()\n {\n SidecarId = sidecar.Id,\n RepoTypes = new[]\n {\n \"mongodb\",\n },\n NetworkAddress = new Cyral.Inputs.SidecarListenerNetworkAddressArgs\n {\n Host = \"mongodb.cyral.com\",\n Port = 27017,\n },\n });\n\n var binding_1 = new Cyral.RepositoryBinding(\"binding-1\", new()\n {\n SidecarId = sidecar.Id,\n RepositoryId = repo_1.Id,\n Enabled = true,\n ListenerBindings = new[]\n {\n new Cyral.Inputs.RepositoryBindingListenerBindingArgs\n {\n ListenerId = listener_1.ListenerId,\n NodeIndex = 0,\n },\n },\n });\n\n var repo_2 = new Cyral.Repository(\"repo-2\", new()\n {\n Type = \"mongodb\",\n RepoNodes = new[]\n {\n new Cyral.Inputs.RepositoryRepoNodeArgs\n {\n Host = \"mongodb.cyral.com\",\n Port = 27018,\n },\n },\n });\n\n var listener_2 = new Cyral.SidecarListener(\"listener-2\", new()\n {\n SidecarId = sidecar.Id,\n RepoTypes = new[]\n {\n \"mongodb\",\n },\n NetworkAddress = new Cyral.Inputs.SidecarListenerNetworkAddressArgs\n {\n Host = \"mongodb.cyral.com\",\n Port = 27017,\n },\n });\n\n var binding_2 = new Cyral.RepositoryBinding(\"binding-2\", new()\n {\n SidecarId = sidecar.Id,\n RepositoryId = repo_2.Id,\n Enabled = true,\n ListenerBindings = new[]\n {\n new Cyral.Inputs.RepositoryBindingListenerBindingArgs\n {\n ListenerId = listener_2.ListenerId,\n NodeIndex = 0,\n },\n },\n });\n\n var @this = Cyral.GetSidecarBoundPorts.Invoke(new()\n {\n SidecarId = sidecar.Id,\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"sidecarBoundPorts\"] = @this.Apply(@this =\u003e @this.Apply(getSidecarBoundPortsResult =\u003e getSidecarBoundPortsResult.BoundPorts)),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nsidecar, err := cyral.NewSidecar(ctx, \"sidecar\", \u0026cyral.SidecarArgs{\nDeploymentMethod: pulumi.String(\"docker\"),\n})\nif err != nil {\nreturn err\n}\nrepo_1, err := cyral.NewRepository(ctx, \"repo-1\", \u0026cyral.RepositoryArgs{\nType: pulumi.String(\"mongodb\"),\nRepoNodes: cyral.RepositoryRepoNodeArray{\n\u0026cyral.RepositoryRepoNodeArgs{\nHost: pulumi.String(\"mongodb.cyral.com\"),\nPort: pulumi.Float64(27017),\n},\n},\n})\nif err != nil {\nreturn err\n}\nlistener_1, err := cyral.NewSidecarListener(ctx, \"listener-1\", \u0026cyral.SidecarListenerArgs{\nSidecarId: sidecar.ID(),\nRepoTypes: pulumi.StringArray{\npulumi.String(\"mongodb\"),\n},\nNetworkAddress: \u0026cyral.SidecarListenerNetworkAddressArgs{\nHost: pulumi.String(\"mongodb.cyral.com\"),\nPort: pulumi.Float64(27017),\n},\n})\nif err != nil {\nreturn err\n}\n_, err = cyral.NewRepositoryBinding(ctx, \"binding-1\", \u0026cyral.RepositoryBindingArgs{\nSidecarId: sidecar.ID(),\nRepositoryId: repo_1.ID(),\nEnabled: pulumi.Bool(true),\nListenerBindings: cyral.RepositoryBindingListenerBindingArray{\n\u0026cyral.RepositoryBindingListenerBindingArgs{\nListenerId: listener_1.ListenerId,\nNodeIndex: pulumi.Float64(0),\n},\n},\n})\nif err != nil {\nreturn err\n}\nrepo_2, err := cyral.NewRepository(ctx, \"repo-2\", \u0026cyral.RepositoryArgs{\nType: pulumi.String(\"mongodb\"),\nRepoNodes: cyral.RepositoryRepoNodeArray{\n\u0026cyral.RepositoryRepoNodeArgs{\nHost: pulumi.String(\"mongodb.cyral.com\"),\nPort: pulumi.Float64(27018),\n},\n},\n})\nif err != nil {\nreturn err\n}\nlistener_2, err := cyral.NewSidecarListener(ctx, \"listener-2\", \u0026cyral.SidecarListenerArgs{\nSidecarId: sidecar.ID(),\nRepoTypes: pulumi.StringArray{\npulumi.String(\"mongodb\"),\n},\nNetworkAddress: \u0026cyral.SidecarListenerNetworkAddressArgs{\nHost: pulumi.String(\"mongodb.cyral.com\"),\nPort: pulumi.Float64(27017),\n},\n})\nif err != nil {\nreturn err\n}\n_, err = cyral.NewRepositoryBinding(ctx, \"binding-2\", \u0026cyral.RepositoryBindingArgs{\nSidecarId: sidecar.ID(),\nRepositoryId: repo_2.ID(),\nEnabled: pulumi.Bool(true),\nListenerBindings: cyral.RepositoryBindingListenerBindingArray{\n\u0026cyral.RepositoryBindingListenerBindingArgs{\nListenerId: listener_2.ListenerId,\nNodeIndex: pulumi.Float64(0),\n},\n},\n})\nif err != nil {\nreturn err\n}\nthis := cyral.GetSidecarBoundPortsOutput(ctx, cyral.GetSidecarBoundPortsOutputArgs{\nSidecarId: sidecar.ID(),\n}, nil);\nctx.Export(\"sidecarBoundPorts\", this.ApplyT(func(this cyral.GetSidecarBoundPortsResult) (interface{}, error) {\nreturn this.BoundPorts, nil\n}).(pulumi.Interface{}Output))\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.Sidecar;\nimport com.pulumi.cyral.SidecarArgs;\nimport com.pulumi.cyral.Repository;\nimport com.pulumi.cyral.RepositoryArgs;\nimport com.pulumi.cyral.inputs.RepositoryRepoNodeArgs;\nimport com.pulumi.cyral.SidecarListener;\nimport com.pulumi.cyral.SidecarListenerArgs;\nimport com.pulumi.cyral.inputs.SidecarListenerNetworkAddressArgs;\nimport com.pulumi.cyral.RepositoryBinding;\nimport com.pulumi.cyral.RepositoryBindingArgs;\nimport com.pulumi.cyral.inputs.RepositoryBindingListenerBindingArgs;\nimport com.pulumi.cyral.CyralFunctions;\nimport com.pulumi.cyral.inputs.GetSidecarBoundPortsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sidecar = new Sidecar(\"sidecar\", SidecarArgs.builder()\n .deploymentMethod(\"docker\")\n .build());\n\n var repo_1 = new Repository(\"repo-1\", RepositoryArgs.builder()\n .type(\"mongodb\")\n .repoNodes(RepositoryRepoNodeArgs.builder()\n .host(\"mongodb.cyral.com\")\n .port(27017)\n .build())\n .build());\n\n var listener_1 = new SidecarListener(\"listener-1\", SidecarListenerArgs.builder()\n .sidecarId(sidecar.id())\n .repoTypes(\"mongodb\")\n .networkAddress(SidecarListenerNetworkAddressArgs.builder()\n .host(\"mongodb.cyral.com\")\n .port(27017)\n .build())\n .build());\n\n var binding_1 = new RepositoryBinding(\"binding-1\", RepositoryBindingArgs.builder()\n .sidecarId(sidecar.id())\n .repositoryId(repo_1.id())\n .enabled(true)\n .listenerBindings(RepositoryBindingListenerBindingArgs.builder()\n .listenerId(listener_1.listenerId())\n .nodeIndex(0)\n .build())\n .build());\n\n var repo_2 = new Repository(\"repo-2\", RepositoryArgs.builder()\n .type(\"mongodb\")\n .repoNodes(RepositoryRepoNodeArgs.builder()\n .host(\"mongodb.cyral.com\")\n .port(27018)\n .build())\n .build());\n\n var listener_2 = new SidecarListener(\"listener-2\", SidecarListenerArgs.builder()\n .sidecarId(sidecar.id())\n .repoTypes(\"mongodb\")\n .networkAddress(SidecarListenerNetworkAddressArgs.builder()\n .host(\"mongodb.cyral.com\")\n .port(27017)\n .build())\n .build());\n\n var binding_2 = new RepositoryBinding(\"binding-2\", RepositoryBindingArgs.builder()\n .sidecarId(sidecar.id())\n .repositoryId(repo_2.id())\n .enabled(true)\n .listenerBindings(RepositoryBindingListenerBindingArgs.builder()\n .listenerId(listener_2.listenerId())\n .nodeIndex(0)\n .build())\n .build());\n\n final var this = CyralFunctions.getSidecarBoundPorts(GetSidecarBoundPortsArgs.builder()\n .sidecarId(sidecar.id())\n .build());\n\n ctx.export(\"sidecarBoundPorts\", this_.applyValue(this_ -\u003e this_.boundPorts()));\n }\n}\n```\n```yaml\nresources:\n sidecar:\n type: cyral:Sidecar\n properties:\n deploymentMethod: docker\n repo-1:\n type: cyral:Repository\n properties:\n type: mongodb\n repoNodes:\n - host: mongodb.cyral.com\n port: 27017\n listener-1:\n type: cyral:SidecarListener\n properties:\n sidecarId: ${sidecar.id}\n repoTypes:\n - mongodb\n networkAddress:\n host: mongodb.cyral.com\n port: 27017\n binding-1:\n type: cyral:RepositoryBinding\n properties:\n sidecarId: ${sidecar.id}\n repositoryId: ${[\"repo-1\"].id}\n enabled: true\n listenerBindings:\n - listenerId: ${[\"listener-1\"].listenerId}\n nodeIndex: 0\n repo-2:\n type: cyral:Repository\n properties:\n type: mongodb\n repoNodes:\n - host: mongodb.cyral.com\n port: 27018\n listener-2:\n type: cyral:SidecarListener\n properties:\n sidecarId: ${sidecar.id}\n repoTypes:\n - mongodb\n networkAddress:\n host: mongodb.cyral.com\n port: 27017\n binding-2:\n type: cyral:RepositoryBinding\n properties:\n sidecarId: ${sidecar.id}\n repositoryId: ${[\"repo-2\"].id}\n enabled: true\n listenerBindings:\n - listenerId: ${[\"listener-2\"].listenerId}\n nodeIndex: 0\nvariables:\n this:\n fn::invoke:\n function: cyral:getSidecarBoundPorts\n arguments:\n sidecarId: ${sidecar.id}\noutputs:\n sidecarBoundPorts: ${this.boundPorts}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getSidecarBoundPorts.\n", "properties": { "sidecarId": { "type": "string", "description": "The ID of the sidecar.\n" } }, "type": "object", "required": [ "sidecarId" ] }, "outputs": { "description": "A collection of values returned by getSidecarBoundPorts.\n", "properties": { "boundPorts": { "description": "All the sidecar ports that are currently bound to repositories.\n", "items": { "type": "number" }, "type": "array" }, "id": { "type": "string" }, "sidecarId": { "description": "The ID of the sidecar.\n", "type": "string" } }, "required": [ "boundPorts", "id", "sidecarId" ], "type": "object" } }, "cyral:index/getSidecarCftTemplate:getSidecarCftTemplate": { "description": "## # cyral.getSidecarCftTemplate (Data Source)\n\n\u003e **DEPRECATED** This data source has been deprecated. It will be removed in the next major version of the provider and no longer works for control planes `v4.13` and later.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst someDataSourceName = cyral.getSidecarCftTemplate({\n sidecarId: cyral_sidecar.SOME_SIDECAR_RESOURCE_NAME.id,\n logIntegrationId: SOME_CYRAL_INTEGRATION.SOME_INTEGRATION_NAME.id,\n metricsIntegrationId: SOME_CYRAL_INTEGRATION.SOME_INTEGRATION_NAME.id,\n awsConfigurations: [{\n publiclyAccessible: false,\n keyName: \"some-ec2-key-name\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsome_data_source_name = cyral.get_sidecar_cft_template(sidecar_id=cyral_sidecar[\"SOME_SIDECAR_RESOURCE_NAME\"][\"id\"],\n log_integration_id=som_e__cyra_l__integration[\"SOME_INTEGRATION_NAME\"][\"id\"],\n metrics_integration_id=som_e__cyra_l__integration[\"SOME_INTEGRATION_NAME\"][\"id\"],\n aws_configurations=[{\n \"publicly_accessible\": False,\n \"key_name\": \"some-ec2-key-name\",\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var someDataSourceName = Cyral.GetSidecarCftTemplate.Invoke(new()\n {\n SidecarId = cyral_sidecar.SOME_SIDECAR_RESOURCE_NAME.Id,\n LogIntegrationId = SOME_CYRAL_INTEGRATION.SOME_INTEGRATION_NAME.Id,\n MetricsIntegrationId = SOME_CYRAL_INTEGRATION.SOME_INTEGRATION_NAME.Id,\n AwsConfigurations = new[]\n {\n new Cyral.Inputs.GetSidecarCftTemplateAwsConfigurationInputArgs\n {\n PubliclyAccessible = false,\n KeyName = \"some-ec2-key-name\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cyral.GetSidecarCftTemplate(ctx, \u0026cyral.GetSidecarCftTemplateArgs{\n\t\t\tSidecarId: cyral_sidecar.SOME_SIDECAR_RESOURCE_NAME.Id,\n\t\t\tLogIntegrationId: pulumi.StringRef(SOME_CYRAL_INTEGRATION.SOME_INTEGRATION_NAME.Id),\n\t\t\tMetricsIntegrationId: pulumi.StringRef(SOME_CYRAL_INTEGRATION.SOME_INTEGRATION_NAME.Id),\n\t\t\tAwsConfigurations: []cyral.GetSidecarCftTemplateAwsConfiguration{\n\t\t\t\t{\n\t\t\t\t\tPubliclyAccessible: false,\n\t\t\t\t\tKeyName: pulumi.StringRef(\"some-ec2-key-name\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.CyralFunctions;\nimport com.pulumi.cyral.inputs.GetSidecarCftTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var someDataSourceName = CyralFunctions.getSidecarCftTemplate(GetSidecarCftTemplateArgs.builder()\n .sidecarId(cyral_sidecar.SOME_SIDECAR_RESOURCE_NAME().id())\n .logIntegrationId(SOME_CYRAL_INTEGRATION.SOME_INTEGRATION_NAME().id())\n .metricsIntegrationId(SOME_CYRAL_INTEGRATION.SOME_INTEGRATION_NAME().id())\n .awsConfigurations(GetSidecarCftTemplateAwsConfigurationArgs.builder()\n .publiclyAccessible(false)\n .keyName(\"some-ec2-key-name\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n someDataSourceName:\n fn::invoke:\n function: cyral:getSidecarCftTemplate\n arguments:\n sidecarId: ${cyral_sidecar.SOME_SIDECAR_RESOURCE_NAME.id}\n logIntegrationId: ${SOME_CYRAL_INTEGRATION.SOME_INTEGRATION_NAME.id}\n metricsIntegrationId: ${SOME_CYRAL_INTEGRATION.SOME_INTEGRATION_NAME.id}\n awsConfigurations:\n - publiclyAccessible: false\n keyName: some-ec2-key-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003e To configure credentials for the parameters `SidecarClientID` and `SidecarClientSecret` of the template, see the Sidecar Credentials Resource.\n", "inputs": { "description": "A collection of arguments for invoking getSidecarCftTemplate.\n", "properties": { "awsConfigurations": { "type": "array", "items": { "$ref": "#/types/cyral:index%2FgetSidecarCftTemplateAwsConfiguration:getSidecarCftTemplateAwsConfiguration" }, "description": "AWS parameters for `cft-ec2` deployment method.\n" }, "logIntegrationId": { "type": "string", "description": "ID of the log integration that will be used by this template.\n" }, "metricsIntegrationId": { "type": "string", "description": "ID of the metrics integration that will be used by this template.\n" }, "sidecarId": { "type": "string", "description": "ID of the sidecar which the template will be generated.\n" }, "template": { "type": "string", "description": "Output variable with the template.\n" } }, "type": "object", "required": [ "awsConfigurations", "sidecarId" ] }, "outputs": { "description": "A collection of values returned by getSidecarCftTemplate.\n", "properties": { "awsConfigurations": { "description": "AWS parameters for `cft-ec2` deployment method.\n", "items": { "$ref": "#/types/cyral:index%2FgetSidecarCftTemplateAwsConfiguration:getSidecarCftTemplateAwsConfiguration" }, "type": "array" }, "id": { "description": "Same as `sidecar_id`.\n", "type": "string" }, "logIntegrationId": { "description": "ID of the log integration that will be used by this template.\n", "type": "string" }, "metricsIntegrationId": { "description": "ID of the metrics integration that will be used by this template.\n", "type": "string" }, "sidecarId": { "description": "ID of the sidecar which the template will be generated.\n", "type": "string" }, "template": { "description": "Output variable with the template.\n", "type": "string" } }, "required": [ "awsConfigurations", "id", "sidecarId", "template" ], "type": "object" } }, "cyral:index/getSidecarHealth:getSidecarHealth": { "description": "Retrieve aggregated information about the [sidecar's health](https://cyral.com/docs/sidecars/manage/#check-sidecar-cluster-status), considering all instances of the sidecar.\n", "inputs": { "description": "A collection of arguments for invoking getSidecarHealth.\n", "properties": { "sidecarId": { "type": "string", "description": "ID of the Sidecar that will be used to retrieve health information.\n" } }, "type": "object", "required": [ "sidecarId" ] }, "outputs": { "description": "A collection of values returned by getSidecarHealth.\n", "properties": { "id": { "description": "Data source identifier.\n", "type": "string" }, "sidecarId": { "description": "ID of the Sidecar that will be used to retrieve health information.\n", "type": "string" }, "status": { "description": "Sidecar health status. Possible values are: `HEALTHY`, `DEGRADED`, `UNHEALTHY` and `UNKNOWN`. For more information, see [Sidecar Status](https://cyral.com/docs/sidecars/manage/#check-sidecar-cluster-status).\n", "type": "string" } }, "required": [ "id", "sidecarId", "status" ], "type": "object" } }, "cyral:index/getSidecarId:getSidecarId": { "description": "Given a sidecar name, retrieves the respective sidecar ID.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst sidecar1 = new cyral.Sidecar(\"sidecar1\", {deploymentMethod: \"cloudFormation\"});\nconst _this = cyral.getSidecarIdOutput({\n sidecarName: sidecar1.name,\n});\nexport const sidecarId = _this.apply(_this =\u003e _this.id);\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nsidecar1 = cyral.Sidecar(\"sidecar1\", deployment_method=\"cloudFormation\")\nthis = cyral.get_sidecar_id_output(sidecar_name=sidecar1.name)\npulumi.export(\"sidecarId\", this.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sidecar1 = new Cyral.Sidecar(\"sidecar1\", new()\n {\n DeploymentMethod = \"cloudFormation\",\n });\n\n var @this = Cyral.GetSidecarId.Invoke(new()\n {\n SidecarName = sidecar1.Name,\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"sidecarId\"] = @this.Apply(@this =\u003e @this.Apply(getSidecarIdResult =\u003e getSidecarIdResult.Id)),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsidecar1, err := cyral.NewSidecar(ctx, \"sidecar1\", \u0026cyral.SidecarArgs{\n\t\t\tDeploymentMethod: pulumi.String(\"cloudFormation\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tthis := cyral.GetSidecarIdOutput(ctx, cyral.GetSidecarIdOutputArgs{\n\t\t\tSidecarName: sidecar1.Name,\n\t\t}, nil)\n\t\tctx.Export(\"sidecarId\", this.ApplyT(func(this cyral.GetSidecarIdResult) (*string, error) {\n\t\t\treturn \u0026this.Id, nil\n\t\t}).(pulumi.StringPtrOutput))\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.Sidecar;\nimport com.pulumi.cyral.SidecarArgs;\nimport com.pulumi.cyral.CyralFunctions;\nimport com.pulumi.cyral.inputs.GetSidecarIdArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sidecar1 = new Sidecar(\"sidecar1\", SidecarArgs.builder()\n .deploymentMethod(\"cloudFormation\")\n .build());\n\n final var this = CyralFunctions.getSidecarId(GetSidecarIdArgs.builder()\n .sidecarName(sidecar1.name())\n .build());\n\n ctx.export(\"sidecarId\", this_.applyValue(this_ -\u003e this_.id()));\n }\n}\n```\n```yaml\nresources:\n sidecar1:\n type: cyral:Sidecar\n properties:\n deploymentMethod: cloudFormation\nvariables:\n this:\n fn::invoke:\n function: cyral:getSidecarId\n arguments:\n sidecarName: ${sidecar1.name}\noutputs:\n sidecarId: ${this.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getSidecarId.\n", "properties": { "sidecarName": { "type": "string", "description": "The name of the sidecar.\n" } }, "type": "object", "required": [ "sidecarName" ] }, "outputs": { "description": "A collection of values returned by getSidecarId.\n", "properties": { "id": { "description": "The ID of the sidecar.\n", "type": "string" }, "sidecarName": { "description": "The name of the sidecar.\n", "type": "string" } }, "required": [ "id", "sidecarName" ], "type": "object" } }, "cyral:index/getSidecarInstance:getSidecarInstance": { "description": "## # cyral.getSidecarInstance (Data Source)\n\nRetrieve sidecar instances.\n", "inputs": { "description": "A collection of arguments for invoking getSidecarInstance.\n", "properties": { "sidecarId": { "type": "string", "description": "Sidecar identifier.\n" } }, "type": "object", "required": [ "sidecarId" ] }, "outputs": { "description": "A collection of values returned by getSidecarInstance.\n", "properties": { "id": { "description": "Data source identifier.\n", "type": "string" }, "instanceLists": { "description": "List of existing sidecar instances.\n", "items": { "$ref": "#/types/cyral:index%2FgetSidecarInstanceInstanceList:getSidecarInstanceInstanceList" }, "type": "array" }, "sidecarId": { "description": "Sidecar identifier.\n", "type": "string" } }, "required": [ "id", "instanceLists", "sidecarId" ], "type": "object" } }, "cyral:index/getSidecarInstanceIds:getSidecarInstanceIds": { "description": "\u003e **DEPRECATED** This data source has been deprecated. It will be removed in the next major version of the provider. Use the data source `cyral.getSidecarInstance` instead\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cyral from \"@pulumi/cyral\";\n\nconst _this = cyral.getSidecarInstanceIds({\n sidecarId: cyral_sidecar.some_sidecar_resource.id,\n});\nexport const sidecarInstanceIds = _this.then(_this =\u003e _this.instanceIds);\n```\n```python\nimport pulumi\nimport pulumi_cyral as cyral\n\nthis = cyral.get_sidecar_instance_ids(sidecar_id=cyral_sidecar[\"some_sidecar_resource\"][\"id\"])\npulumi.export(\"sidecarInstanceIds\", this.instance_ids)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cyral = Pulumi.Cyral;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @this = Cyral.GetSidecarInstanceIds.Invoke(new()\n {\n SidecarId = cyral_sidecar.Some_sidecar_resource.Id,\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"sidecarInstanceIds\"] = @this.Apply(@this =\u003e @this.Apply(getSidecarInstanceIdsResult =\u003e getSidecarInstanceIdsResult.InstanceIds)),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tthis, err := cyral.GetSidecarInstanceIds(ctx, \u0026cyral.GetSidecarInstanceIdsArgs{\n\t\t\tSidecarId: cyral_sidecar.Some_sidecar_resource.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"sidecarInstanceIds\", this.InstanceIds)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cyral.CyralFunctions;\nimport com.pulumi.cyral.inputs.GetSidecarInstanceIdsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var this = CyralFunctions.getSidecarInstanceIds(GetSidecarInstanceIdsArgs.builder()\n .sidecarId(cyral_sidecar.some_sidecar_resource().id())\n .build());\n\n ctx.export(\"sidecarInstanceIds\", this_.instanceIds());\n }\n}\n```\n```yaml\nvariables:\n this:\n fn::invoke:\n function: cyral:getSidecarInstanceIds\n arguments:\n sidecarId: ${cyral_sidecar.some_sidecar_resource.id}\noutputs:\n sidecarInstanceIds: ${this.instanceIds}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getSidecarInstanceIds.\n", "properties": { "sidecarId": { "type": "string", "description": "The ID of the sidecar.\n" } }, "type": "object", "required": [ "sidecarId" ] }, "outputs": { "description": "A collection of values returned by getSidecarInstanceIds.\n", "properties": { "id": { "type": "string" }, "instanceIds": { "description": "All the current instance IDs of the sidecar.\n", "items": { "type": "string" }, "type": "array" }, "sidecarId": { "description": "The ID of the sidecar.\n", "type": "string" } }, "required": [ "id", "instanceIds", "sidecarId" ], "type": "object" } }, "cyral:index/getSidecarInstanceStats:getSidecarInstanceStats": { "description": "Retrieve sidecar instance statistics. See also data source `cyral.getSidecarInstance`.\n", "inputs": { "description": "A collection of arguments for invoking getSidecarInstanceStats.\n", "properties": { "instanceId": { "type": "string", "description": "Sidecar instance identifier. See also data source `cyral.getSidecarInstance`.\n" }, "sidecarId": { "type": "string", "description": "Sidecar identifier.\n" } }, "type": "object", "required": [ "instanceId", "sidecarId" ] }, "outputs": { "description": "A collection of values returned by getSidecarInstanceStats.\n", "properties": { "activeConnections": { "description": "Number of active connections.\n", "type": "number" }, "id": { "description": "Data source identifier. It's equal to `instance_id`.\n", "type": "string" }, "instanceId": { "description": "Sidecar instance identifier. See also data source `cyral.getSidecarInstance`.\n", "type": "string" }, "queriesPerSecond": { "description": "Amount of queries that the sidecar instance receives per second.\n", "type": "number" }, "sidecarId": { "description": "Sidecar identifier.\n", "type": "string" } }, "required": [ "activeConnections", "id", "instanceId", "queriesPerSecond", "sidecarId" ], "type": "object" } }, "cyral:index/getSidecarListener:getSidecarListener": { "description": "Retrieve and filter sidecar listeners.\n", "inputs": { "description": "A collection of arguments for invoking getSidecarListener.\n", "properties": { "id": { "type": "string" }, "port": { "type": "number" }, "repoType": { "type": "string" }, "sidecarId": { "type": "string" } }, "type": "object", "required": [ "sidecarId" ] }, "outputs": { "description": "A collection of values returned by getSidecarListener.\n", "properties": { "id": { "type": "string" }, "listenerLists": { "items": { "$ref": "#/types/cyral:index%2FgetSidecarListenerListenerList:getSidecarListenerListenerList" }, "type": "array" }, "port": { "type": "number" }, "repoType": { "type": "string" }, "sidecarId": { "type": "string" } }, "required": [ "id", "listenerLists", "sidecarId" ], "type": "object" } }, "cyral:index/getSystemInfo:getSystemInfo": { "description": "Retrieve information from Cyral system.\n", "outputs": { "description": "A collection of values returned by getSystemInfo.\n", "properties": { "controlPlaneVersion": { "description": "Control Plane version.\n", "type": "string" }, "id": { "description": "Data source identifier.\n", "type": "string" }, "sidecarLatestVersion": { "description": "Latest Sidecar version available to this Control Plane.\n", "type": "string" } }, "required": [ "controlPlaneVersion", "id", "sidecarLatestVersion" ], "type": "object" } } }, "parameterization": { "baseProvider": { "name": "terraform-provider", "version": "0.10.0" }, "parameter": "eyJyZW1vdGUiOnsidXJsIjoicmVnaXN0cnkub3BlbnRvZnUub3JnL2N5cmFsaW5jL2N5cmFsIiwidmVyc2lvbiI6IjQuMTYuMyJ9fQ==" } }